Vulnerability from csaf_suse
Published
2016-12-09 13:20
Modified
2016-12-09 13:20
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.
This feature was added:
- Support for the 2017 Intel Purley platform.
The following security bugs were fixed:
- CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418).
- CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759).
- CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566).
- CVE-2016-6828: Use after free in tcp_xmit_retransmit_queue or other tcp_ functions (bsc#994296)
- CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152)
- CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608)
- CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362).
- CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689).
- CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104).
- CVE-2016-7425: A buffer overflow in the Linux Kernel in arcmsr_iop_message_xfer() could have caused kernel heap corruption and arbitraty kernel code execution (bsc#999932)
The following non-security bugs were fixed:
- ahci: Order SATA device IDs for codename Lewisburg.
- AHCI: Remove obsolete Intel Lewisburg SATA RAID device IDs.
- ALSA: hda - Add Intel Lewisburg device IDs Audio.
- avoid dentry crash triggered by NFS (bsc#984194).
- blktap2: eliminate deadlock potential from shutdown path (bsc#909994).
- blktap2: eliminate race from deferred work queue handling (bsc#911687).
- bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687).
- bonding: fix bond_arp_rcv setting and arp validate desync state (bsc#977687).
- btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619).
- btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600).
- cdc-acm: added sanity checking for probe() (bsc#993891).
- cxgb4: Set VPD size so we can read both VPD structures (bsc#976867).
- Delete patches.fixes/net-fix-crash-due-to-wrong-dev-in-calling.patch. (bsc#979514)
- fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)
- fs/select: add vmalloc fallback for select(2) (bsc#1000189).
- fs/select: introduce SIZE_MAX (bsc#1000189).
- i2c: i801: add Intel Lewisburg device IDs.
- include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM performance -- git fixes).
- increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIG_NR_IRQS (bsc#998399)
- kabi, unix: properly account for FDs passed over unix sockets (bnc#839104).
- kaweth: fix firmware download (bsc#993890).
- kaweth: fix oops upon failed memory allocation (bsc#993890).
- KVM: x86: SYSENTER emulation is broken (bsc#994618).
- libfc: sanity check cpu number extracted from xid (bsc#988440).
- lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held (bsc#951392).
- md: lockless I/O submission for RAID1 (bsc#982783).
- mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445).
- mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).
- net: add pfmemalloc check in sk_add_backlog() (bnc#920016).
- netback: fix flipping mode (bsc#996664).
- nfs: Do not drop directory dentry which is in use (bsc#993127).
- nfs: Don't disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261).
- nfs: Don't write enable new pages while an invalidation is proceeding (bsc#999584).
- nfs: Fix a regression in the read() syscall (bsc#999584).
- nfs: Fix races in nfs_revalidate_mapping (bsc#999584).
- nfs: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#999584).
- nfs: Fix writeback performance issue on cache invalidation (bsc#999584).
- nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261).
- nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206).
- nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595).
- nfsv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl (bsc#982218).
- pci: Add pci_set_vpd_size() to set VPD size (bsc#976867).
- pciback: fix conf_space read/write overlap check.
- powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926).
- ppp: defer netns reference release for ppp channel (bsc#980371).
- random32: add prandom_u32_max (bsc#989152).
- rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays.
- s390/dasd: fix hanging device after clear subchannel (bnc#994436).
- sata: Adding Intel Lewisburg device IDs for SATA.
- sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419).
- sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165).
- sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329).
- scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760).
- scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#984102).
- scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).
- scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)
- scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).
- scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning (bnc#843236,bsc#989779).
- tmpfs: change final i_blocks BUG to WARNING (bsc#991923).
- Update patches.drivers/fcoe-0102-fcoe-ensure-that-skb-placed-on-the-fip_recv_list-are.patch (add bsc#732582 reference).
- USB: fix typo in wMaxPacketSize validation (bsc#991665).
- USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665).
- vlan: don't deliver frames for unknown vlans to protocols (bsc#979514).
- vlan: mask vlan prio bits (bsc#979514).
- xenbus: inspect the correct type in xenbus_dev_request_and_reply().
- xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).
- xfs: Avoid grabbing ilock when file size is not changed (bsc#983535).
- xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).
Patchnames
slertesp4-kernel-source-12880
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.\n\nThis feature was added:\n\n- Support for the 2017 Intel Purley platform. \n\nThe following security bugs were fixed:\n\n- CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418).\n- CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759).\n- CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566).\n- CVE-2016-6828: Use after free in tcp_xmit_retransmit_queue or other tcp_ functions (bsc#994296)\n- CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152)\n- CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608)\n- CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362).\n- CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689).\n- CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104).\n- CVE-2016-7425: A buffer overflow in the Linux Kernel in arcmsr_iop_message_xfer() could have caused kernel heap corruption and arbitraty kernel code execution (bsc#999932)\n\nThe following non-security bugs were fixed:\n\n- ahci: Order SATA device IDs for codename Lewisburg.\n- AHCI: Remove obsolete Intel Lewisburg SATA RAID device IDs.\n- ALSA: hda - Add Intel Lewisburg device IDs Audio.\n- avoid dentry crash triggered by NFS (bsc#984194).\n- blktap2: eliminate deadlock potential from shutdown path (bsc#909994).\n- blktap2: eliminate race from deferred work queue handling (bsc#911687).\n- bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687).\n- bonding: fix bond_arp_rcv setting and arp validate desync state (bsc#977687).\n- btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619).\n- btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600).\n- cdc-acm: added sanity checking for probe() (bsc#993891).\n- cxgb4: Set VPD size so we can read both VPD structures (bsc#976867).\n- Delete patches.fixes/net-fix-crash-due-to-wrong-dev-in-calling.patch. (bsc#979514)\n- fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)\n- fs/select: add vmalloc fallback for select(2) (bsc#1000189).\n- fs/select: introduce SIZE_MAX (bsc#1000189).\n- i2c: i801: add Intel Lewisburg device IDs.\n- include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM performance -- git fixes).\n- increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIG_NR_IRQS (bsc#998399)\n- kabi, unix: properly account for FDs passed over unix sockets (bnc#839104).\n- kaweth: fix firmware download (bsc#993890).\n- kaweth: fix oops upon failed memory allocation (bsc#993890).\n- KVM: x86: SYSENTER emulation is broken (bsc#994618).\n- libfc: sanity check cpu number extracted from xid (bsc#988440).\n- lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held (bsc#951392).\n- md: lockless I/O submission for RAID1 (bsc#982783).\n- mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445).\n- mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).\n- net: add pfmemalloc check in sk_add_backlog() (bnc#920016).\n- netback: fix flipping mode (bsc#996664).\n- nfs: Do not drop directory dentry which is in use (bsc#993127).\n- nfs: Don't disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261).\n- nfs: Don't write enable new pages while an invalidation is proceeding (bsc#999584).\n- nfs: Fix a regression in the read() syscall (bsc#999584).\n- nfs: Fix races in nfs_revalidate_mapping (bsc#999584).\n- nfs: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#999584).\n- nfs: Fix writeback performance issue on cache invalidation (bsc#999584).\n- nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261).\n- nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206).\n- nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595).\n- nfsv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl (bsc#982218).\n- pci: Add pci_set_vpd_size() to set VPD size (bsc#976867).\n- pciback: fix conf_space read/write overlap check.\n- powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926).\n- ppp: defer netns reference release for ppp channel (bsc#980371).\n- random32: add prandom_u32_max (bsc#989152).\n- rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays.\n- s390/dasd: fix hanging device after clear subchannel (bnc#994436).\n- sata: Adding Intel Lewisburg device IDs for SATA.\n- sched/core: Fix an SMP ordering race in try_to_wake_up() vs. schedule() (bnc#1001419).\n- sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165).\n- sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329).\n- scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760).\n- scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#984102).\n- scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).\n- scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)\n- scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).\n- scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning (bnc#843236,bsc#989779).\n- tmpfs: change final i_blocks BUG to WARNING (bsc#991923).\n- Update patches.drivers/fcoe-0102-fcoe-ensure-that-skb-placed-on-the-fip_recv_list-are.patch (add bsc#732582 reference).\n- USB: fix typo in wMaxPacketSize validation (bsc#991665).\n- USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665).\n- vlan: don't deliver frames for unknown vlans to protocols (bsc#979514).\n- vlan: mask vlan prio bits (bsc#979514).\n- xenbus: inspect the correct type in xenbus_dev_request_and_reply().\n- xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n- xfs: Avoid grabbing ilock when file size is not changed (bsc#983535).\n- xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).\n", title: "Description of the patch", }, { category: "details", text: "slertesp4-kernel-source-12880", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_3069-1.json", }, { category: "self", summary: "URL for SUSE-SU-2016:3069-1", url: "https://www.suse.com/support/update/announcement/2016/suse-su-20163069-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2016:3069-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2016-December/002461.html", }, { category: "self", summary: "SUSE Bug 1000189", url: "https://bugzilla.suse.com/1000189", }, { category: "self", summary: "SUSE Bug 1001419", url: "https://bugzilla.suse.com/1001419", }, { category: "self", summary: "SUSE Bug 1002165", url: "https://bugzilla.suse.com/1002165", }, { category: "self", summary: "SUSE Bug 1004418", url: "https://bugzilla.suse.com/1004418", }, { category: "self", summary: "SUSE Bug 732582", url: "https://bugzilla.suse.com/732582", }, { category: "self", summary: "SUSE Bug 839104", url: "https://bugzilla.suse.com/839104", }, { category: "self", summary: "SUSE Bug 843236", url: "https://bugzilla.suse.com/843236", }, { category: "self", summary: "SUSE Bug 909994", url: "https://bugzilla.suse.com/909994", }, { category: "self", summary: "SUSE Bug 911687", url: "https://bugzilla.suse.com/911687", }, { category: "self", summary: "SUSE Bug 915183", url: "https://bugzilla.suse.com/915183", }, { category: "self", summary: "SUSE Bug 920016", url: "https://bugzilla.suse.com/920016", }, { category: "self", summary: "SUSE Bug 934760", url: "https://bugzilla.suse.com/934760", }, { category: "self", summary: "SUSE Bug 951392", url: "https://bugzilla.suse.com/951392", }, { category: "self", summary: "SUSE Bug 956514", url: "https://bugzilla.suse.com/956514", }, { category: "self", summary: "SUSE Bug 960689", url: "https://bugzilla.suse.com/960689", }, { category: "self", summary: "SUSE Bug 963655", url: "https://bugzilla.suse.com/963655", }, { category: "self", summary: "SUSE Bug 971975", url: "https://bugzilla.suse.com/971975", }, { category: "self", summary: "SUSE Bug 971989", url: "https://bugzilla.suse.com/971989", }, { category: "self", summary: "SUSE Bug 974620", url: "https://bugzilla.suse.com/974620", }, { category: "self", summary: "SUSE Bug 976867", url: "https://bugzilla.suse.com/976867", }, { category: "self", summary: "SUSE Bug 977687", url: "https://bugzilla.suse.com/977687", }, { category: "self", summary: "SUSE Bug 979514", url: "https://bugzilla.suse.com/979514", }, { category: "self", summary: "SUSE Bug 979595", url: "https://bugzilla.suse.com/979595", }, { category: "self", summary: "SUSE Bug 979681", url: "https://bugzilla.suse.com/979681", }, { category: "self", summary: "SUSE Bug 980371", url: "https://bugzilla.suse.com/980371", }, { category: "self", summary: "SUSE Bug 982218", url: "https://bugzilla.suse.com/982218", }, { category: "self", summary: "SUSE Bug 982783", url: "https://bugzilla.suse.com/982783", }, { category: "self", summary: "SUSE Bug 983535", url: "https://bugzilla.suse.com/983535", }, { category: "self", summary: "SUSE Bug 983619", url: "https://bugzilla.suse.com/983619", }, { category: "self", summary: "SUSE Bug 984102", url: "https://bugzilla.suse.com/984102", }, { category: "self", summary: "SUSE Bug 984194", url: "https://bugzilla.suse.com/984194", }, { category: "self", summary: "SUSE Bug 984992", url: "https://bugzilla.suse.com/984992", }, { category: "self", summary: "SUSE Bug 985206", url: "https://bugzilla.suse.com/985206", }, { category: "self", summary: "SUSE Bug 986362", url: "https://bugzilla.suse.com/986362", }, { category: "self", summary: "SUSE Bug 986365", url: "https://bugzilla.suse.com/986365", }, { category: "self", summary: "SUSE Bug 986445", url: "https://bugzilla.suse.com/986445", }, { category: "self", summary: "SUSE Bug 987565", url: "https://bugzilla.suse.com/987565", }, { category: "self", summary: "SUSE Bug 988440", url: "https://bugzilla.suse.com/988440", }, { category: "self", summary: "SUSE Bug 989152", url: "https://bugzilla.suse.com/989152", }, { category: "self", summary: "SUSE Bug 989261", url: "https://bugzilla.suse.com/989261", }, { category: "self", summary: "SUSE Bug 989779", url: "https://bugzilla.suse.com/989779", }, { category: "self", summary: "SUSE Bug 991608", url: "https://bugzilla.suse.com/991608", }, { category: "self", summary: "SUSE Bug 991665", url: "https://bugzilla.suse.com/991665", }, { category: "self", summary: "SUSE Bug 991923", url: "https://bugzilla.suse.com/991923", }, { category: "self", summary: "SUSE Bug 992566", url: "https://bugzilla.suse.com/992566", }, { category: "self", summary: "SUSE Bug 993127", url: "https://bugzilla.suse.com/993127", }, { category: "self", summary: "SUSE Bug 993890", url: "https://bugzilla.suse.com/993890", }, { category: "self", summary: "SUSE Bug 993891", url: "https://bugzilla.suse.com/993891", }, { category: "self", summary: "SUSE Bug 994296", url: "https://bugzilla.suse.com/994296", }, { category: "self", summary: "SUSE Bug 994436", url: "https://bugzilla.suse.com/994436", }, { category: "self", summary: "SUSE Bug 994618", url: "https://bugzilla.suse.com/994618", }, { category: "self", summary: "SUSE Bug 994759", url: "https://bugzilla.suse.com/994759", }, { category: "self", summary: "SUSE Bug 994926", url: "https://bugzilla.suse.com/994926", }, { category: "self", summary: "SUSE Bug 996329", url: "https://bugzilla.suse.com/996329", }, { category: "self", summary: "SUSE Bug 996664", url: "https://bugzilla.suse.com/996664", }, { category: "self", summary: "SUSE Bug 997708", url: "https://bugzilla.suse.com/997708", }, { category: "self", summary: "SUSE Bug 998399", url: "https://bugzilla.suse.com/998399", }, { category: "self", summary: "SUSE Bug 999584", url: "https://bugzilla.suse.com/999584", }, { category: "self", summary: "SUSE Bug 999600", url: "https://bugzilla.suse.com/999600", }, { category: "self", summary: "SUSE Bug 999932", url: "https://bugzilla.suse.com/999932", }, { category: "self", summary: "SUSE CVE CVE-2013-4312 page", url: "https://www.suse.com/security/cve/CVE-2013-4312/", }, { category: "self", summary: "SUSE CVE CVE-2015-7513 page", url: "https://www.suse.com/security/cve/CVE-2015-7513/", }, { category: "self", summary: "SUSE CVE CVE-2016-0823 page", url: "https://www.suse.com/security/cve/CVE-2016-0823/", }, { category: "self", summary: "SUSE CVE CVE-2016-3841 page", url: "https://www.suse.com/security/cve/CVE-2016-3841/", }, { category: "self", summary: "SUSE CVE CVE-2016-4997 page", url: "https://www.suse.com/security/cve/CVE-2016-4997/", }, { category: "self", summary: "SUSE CVE CVE-2016-5195 page", url: "https://www.suse.com/security/cve/CVE-2016-5195/", }, { category: "self", summary: "SUSE CVE CVE-2016-5696 page", url: "https://www.suse.com/security/cve/CVE-2016-5696/", }, { category: "self", summary: "SUSE CVE CVE-2016-6480 page", url: "https://www.suse.com/security/cve/CVE-2016-6480/", }, { category: "self", summary: "SUSE CVE CVE-2016-6828 page", url: "https://www.suse.com/security/cve/CVE-2016-6828/", }, { category: "self", summary: "SUSE CVE CVE-2016-7425 page", url: "https://www.suse.com/security/cve/CVE-2016-7425/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2016-12-09T13:20:33Z", generator: { date: "2016-12-09T13:20:33Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2016:3069-1", initial_release_date: "2016-12-09T13:20:33Z", revision_history: [ { date: "2016-12-09T13:20:33Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-rt-3.0.101.rt130-65.1.x86_64", product: { name: "kernel-rt-3.0.101.rt130-65.1.x86_64", product_id: "kernel-rt-3.0.101.rt130-65.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-base-3.0.101.rt130-65.1.x86_64", product: { name: "kernel-rt-base-3.0.101.rt130-65.1.x86_64", product_id: "kernel-rt-base-3.0.101.rt130-65.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-devel-3.0.101.rt130-65.1.x86_64", product: { name: "kernel-rt-devel-3.0.101.rt130-65.1.x86_64", product_id: "kernel-rt-devel-3.0.101.rt130-65.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_trace-3.0.101.rt130-65.1.x86_64", product: { name: "kernel-rt_trace-3.0.101.rt130-65.1.x86_64", product_id: "kernel-rt_trace-3.0.101.rt130-65.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", product: { name: "kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", product_id: "kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", product: { name: "kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", product_id: "kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", }, }, { category: "product_version", name: "kernel-source-rt-3.0.101.rt130-65.1.x86_64", product: { name: "kernel-source-rt-3.0.101.rt130-65.1.x86_64", product_id: "kernel-source-rt-3.0.101.rt130-65.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-rt-3.0.101.rt130-65.1.x86_64", product: { name: "kernel-syms-rt-3.0.101.rt130-65.1.x86_64", product_id: "kernel-syms-rt-3.0.101.rt130-65.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Real Time 11 SP4", product: { name: "SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4", product_identification_helper: { cpe: "cpe:/a:suse:suse-linux-enterprise-rt:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-rt-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", }, product_reference: "kernel-rt-3.0.101.rt130-65.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-base-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", }, product_reference: "kernel-rt-base-3.0.101.rt130-65.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", }, product_reference: "kernel-rt-devel-3.0.101.rt130-65.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_trace-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", }, product_reference: "kernel-rt_trace-3.0.101.rt130-65.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", }, product_reference: "kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", }, product_reference: "kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", }, product_reference: "kernel-source-rt-3.0.101.rt130-65.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-rt-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", }, product_reference: "kernel-syms-rt-3.0.101.rt130-65.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, ], }, vulnerabilities: [ { cve: "CVE-2013-4312", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2013-4312", }, ], notes: [ { category: "general", text: "The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2013-4312", url: "https://www.suse.com/security/cve/CVE-2013-4312", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2013-4312", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 839104 for CVE-2013-4312", url: "https://bugzilla.suse.com/839104", }, { category: "external", summary: "SUSE Bug 922947 for CVE-2013-4312", url: "https://bugzilla.suse.com/922947", }, { category: "external", summary: "SUSE Bug 968014 for CVE-2013-4312", url: "https://bugzilla.suse.com/968014", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-09T13:20:33Z", details: "moderate", }, ], title: "CVE-2013-4312", }, { cve: "CVE-2015-7513", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-7513", }, ], notes: [ { category: "general", text: "arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-7513", url: "https://www.suse.com/security/cve/CVE-2015-7513", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2015-7513", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 960689 for CVE-2015-7513", url: "https://bugzilla.suse.com/960689", }, { category: "external", summary: "SUSE Bug 987709 for CVE-2015-7513", url: "https://bugzilla.suse.com/987709", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-09T13:20:33Z", details: "moderate", }, ], title: "CVE-2015-7513", }, { cve: "CVE-2016-0823", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-0823", }, ], notes: [ { category: "general", text: "The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-0823", url: "https://www.suse.com/security/cve/CVE-2016-0823", }, { category: "external", summary: "SUSE Bug 987709 for CVE-2016-0823", url: "https://bugzilla.suse.com/987709", }, { category: "external", summary: "SUSE Bug 994759 for CVE-2016-0823", url: "https://bugzilla.suse.com/994759", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-09T13:20:33Z", details: "moderate", }, ], title: "CVE-2016-0823", }, { cve: "CVE-2016-3841", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-3841", }, ], notes: [ { category: "general", text: "The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-3841", url: "https://www.suse.com/security/cve/CVE-2016-3841", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-3841", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-3841", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 992566 for CVE-2016-3841", url: "https://bugzilla.suse.com/992566", }, { category: "external", summary: "SUSE Bug 992569 for CVE-2016-3841", url: "https://bugzilla.suse.com/992569", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.3, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-09T13:20:33Z", details: "moderate", }, ], title: "CVE-2016-3841", }, { cve: "CVE-2016-4997", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-4997", }, ], notes: [ { category: "general", text: "The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-4997", url: "https://www.suse.com/security/cve/CVE-2016-4997", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-4997", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 986362 for CVE-2016-4997", url: "https://bugzilla.suse.com/986362", }, { category: "external", summary: "SUSE Bug 986365 for CVE-2016-4997", url: "https://bugzilla.suse.com/986365", }, { category: "external", summary: "SUSE Bug 986377 for CVE-2016-4997", url: "https://bugzilla.suse.com/986377", }, { category: "external", summary: "SUSE Bug 991651 for CVE-2016-4997", url: "https://bugzilla.suse.com/991651", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-09T13:20:33Z", details: "important", }, ], title: "CVE-2016-4997", }, { cve: "CVE-2016-5195", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5195", }, ], notes: [ { category: "general", text: "Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\"", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5195", url: "https://www.suse.com/security/cve/CVE-2016-5195", }, { category: "external", summary: "SUSE Bug 1004418 for CVE-2016-5195", url: "https://bugzilla.suse.com/1004418", }, { category: "external", summary: "SUSE Bug 1004419 for CVE-2016-5195", url: "https://bugzilla.suse.com/1004419", }, { category: "external", summary: "SUSE Bug 1004436 for CVE-2016-5195", url: "https://bugzilla.suse.com/1004436", }, { category: "external", summary: "SUSE Bug 1006323 for CVE-2016-5195", url: "https://bugzilla.suse.com/1006323", }, { category: "external", summary: "SUSE Bug 1006695 for CVE-2016-5195", url: "https://bugzilla.suse.com/1006695", }, { category: "external", summary: "SUSE Bug 1007291 for CVE-2016-5195", url: "https://bugzilla.suse.com/1007291", }, { category: "external", summary: "SUSE Bug 1008110 for CVE-2016-5195", url: "https://bugzilla.suse.com/1008110", }, { category: "external", summary: "SUSE Bug 1030118 for CVE-2016-5195", url: "https://bugzilla.suse.com/1030118", }, { category: "external", summary: "SUSE Bug 1046453 for CVE-2016-5195", url: "https://bugzilla.suse.com/1046453", }, { category: "external", summary: "SUSE Bug 1069496 for CVE-2016-5195", url: "https://bugzilla.suse.com/1069496", }, { category: "external", summary: "SUSE Bug 1149725 for CVE-2016-5195", url: "https://bugzilla.suse.com/1149725", }, { category: "external", summary: "SUSE Bug 870618 for CVE-2016-5195", url: "https://bugzilla.suse.com/870618", }, { category: "external", summary: "SUSE Bug 986445 for CVE-2016-5195", url: "https://bugzilla.suse.com/986445", }, { category: "external", summary: "SUSE Bug 998689 for CVE-2016-5195", url: "https://bugzilla.suse.com/998689", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-09T13:20:33Z", details: "important", }, ], title: "CVE-2016-5195", }, { cve: "CVE-2016-5696", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-5696", }, ], notes: [ { category: "general", text: "net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-5696", url: "https://www.suse.com/security/cve/CVE-2016-5696", }, { category: "external", summary: "SUSE Bug 1020452 for CVE-2016-5696", url: "https://bugzilla.suse.com/1020452", }, { category: "external", summary: "SUSE Bug 1175721 for CVE-2016-5696", url: "https://bugzilla.suse.com/1175721", }, { category: "external", summary: "SUSE Bug 989152 for CVE-2016-5696", url: "https://bugzilla.suse.com/989152", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-09T13:20:33Z", details: "moderate", }, ], title: "CVE-2016-5696", }, { cve: "CVE-2016-6480", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-6480", }, ], notes: [ { category: "general", text: "Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-6480", url: "https://www.suse.com/security/cve/CVE-2016-6480", }, { category: "external", summary: "SUSE Bug 1004418 for CVE-2016-6480", url: "https://bugzilla.suse.com/1004418", }, { category: "external", summary: "SUSE Bug 991608 for CVE-2016-6480", url: "https://bugzilla.suse.com/991608", }, { category: "external", summary: "SUSE Bug 991667 for CVE-2016-6480", url: "https://bugzilla.suse.com/991667", }, { category: "external", summary: "SUSE Bug 992568 for CVE-2016-6480", url: "https://bugzilla.suse.com/992568", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-09T13:20:33Z", details: "moderate", }, ], title: "CVE-2016-6480", }, { cve: "CVE-2016-6828", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-6828", }, ], notes: [ { category: "general", text: "The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-6828", url: "https://www.suse.com/security/cve/CVE-2016-6828", }, { category: "external", summary: "SUSE Bug 1052256 for CVE-2016-6828", url: "https://bugzilla.suse.com/1052256", }, { category: "external", summary: "SUSE Bug 994296 for CVE-2016-6828", url: "https://bugzilla.suse.com/994296", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-09T13:20:33Z", details: "moderate", }, ], title: "CVE-2016-6828", }, { cve: "CVE-2016-7425", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7425", }, ], notes: [ { category: "general", text: "The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7425", url: "https://www.suse.com/security/cve/CVE-2016-7425", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-7425", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 999932 for CVE-2016-7425", url: "https://bugzilla.suse.com/999932", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2016-12-09T13:20:33Z", details: "moderate", }, ], title: "CVE-2016-7425", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.