Vulnerability from csaf_suse
Published
2017-02-06 14:41
Modified
2017-02-06 14:41
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) (bnc#1010501).
- CVE-2015-8963: Fixed a race condition in kernel/events/core.c that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010502).
- CVE-2015-8964: Fixed a bug in the tty_set_termios_ldisc function that allowed local users to obtain sensitive information from kernel memory (bnc#1010507).
- CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1017710).
- CVE-2016-7910: Fixed a use-after-free vulnerability in the block subsystem that allowed local users to gain privileges (bnc#1010716).
- CVE-2016-7911: Fixed a race condition in the get_task_ioprio function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010711).
- CVE-2016-7913: Fixed a bug in the xc2028_set_config function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010478).
- CVE-2016-7914: The assoc_array_insert_into_terminal_node function did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) (bnc#1010475).
- CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could have enabled a local malicious application to execute arbitrary code within the context of the kernel. (bnc#1014746).
- CVE-2016-8632: The net subsystem did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) (bnc#1008831).
- CVE-2016-8633: The firewire subsystem allowed remote attackers to execute arbitrary code via crafted fragmented packets in certain unusual hardware configurations (bnc#1008833).
- CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) (bnc#1009969).
- CVE-2016-8655: Fixed a race condition in the network subsystem that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1012754).
- CVE-2016-9083: The PCI subsystem local users to bypass integer overflow checks and cause a denial of service (memory corruption) or have unspecified other impact (bnc#1007197).
- CVE-2016-9084: The PCI subsystem misused the kzalloc() function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact (bnc#1007197).
- CVE-2016-9555: Fixed a bug in the network subsystem that allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).
- CVE-2016-9576: The block subsystem did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1013604).
- CVE-2016-9756: The kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory (bnc#1013038).
- CVE-2016-9793: The net subsystem mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact (bnc#1013531).
- CVE-2016-9794: Fixed a race condition in the ALSA subsystem that allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1013533).
- CVE-2016-9806: Fixed a race condition in the netlink_dump() function which could have allowed local users to cause a denial of service (double free) or possibly have unspecified other impact (bnc#1013540).
- CVE-2017-2583: kvm: x86: fixed emulation of 'MOV SS, null selector' (bsc#1020602).
- CVE-2017-2584: arch: x86: kvm: fixed a bug that could have allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) (bnc#1019851).
- CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set setgid bits on files they don't down. (bsc#1021258, CVE-2017-5551).
The following non-security bugs were fixed:
- 8250_pci: Fix potential use-after-free in error path (bsc#1013001).
- block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557).
- bna: Add synchronization for tx ring (bsc#993739).
- bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052 bsc#922056).
- bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).
- bnx2x: fix lockdep splat (bsc#922052 bsc#922056).
- btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666).
- btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087).
- btrfs: Revert 'do not delay inode ref updates during log replay' (bsc#987192).
- btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl (bsc#1018100).
- btrfs: do not delay inode ref updates during log replay (bsc#987192).
- btrfs: fix incremental send failure caused by balance (bsc#985850).
- btrfs: fix relocation incorrectly dropping data references (bsc#990384).
- btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709).
- btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087).
- btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709).
- btrfs: send, do not bug on inconsistent snapshots (bsc#985850).
- cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL) (bsc#1008876).
- cpuset: fix sched_load_balance that was accidentally broken in a previous update (bsc#1010294).
- ext4: fix data exposure after a crash (bsc#1012985).
- fs/dcache: move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194).
- fuse: do not use iocb after it may have been freed (bsc#1012985).
- hpilo: Add support for iLO5 (bsc#999101).
- ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381 bsc#921338).
- ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036).
- ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727).
- ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727).
- ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036).
- ibmveth: calculate gso_segs for large packets (bsc#1019148).
- ibmveth: check return of skb_linearize in ibmveth_start_xmit (bsc#1019148).
- ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).
- ibmveth: set correct gso_size and gso_type (bsc#1019148).
- igb: Fix oops caused by missing queue pairing (bnc#857394).
- ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062).
- ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961).
- ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963).
- kabi: protect __sk_mem_reclaim (kabi).
- kabi: protect struct perf_event_context (kabi).
- kabi: reintroduce sk_filter (kabi).
- kernel: remove broken memory detection sanity check (bnc#1008567, LTC#148072).
- kgr: ignore zombie tasks during the patching (bnc#1008979).
- kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612).
- kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410).
- net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727).
- net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036).
- net/mlx5e: Do not modify CQ before it was created (bnc#923036).
- net/mlx5e: Do not try to modify CQ moderation if it is not supported (bnc#923036).
- net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036).
- net/mlx5e: Remove wrong poll CQ optimization (bnc#923036).
- netback: correct array index (bsc#983348).
- nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410).
- nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).
- nfsv4: Fix 'NFS Lock reclaim failed' errors (bsc#1014410).
- ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).
- posix_acl: Fixup acl reference leak and missing conversions in ext3, gfs2, jfs, hfsplus.
- powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813).
- proc: avoid including 'mountproto=' with no protocol in /proc/mounts (bsc#1019260).
- raid1: ignore discard error (bsc#1017164).
- reiserfs: fix race in prealloc discard (bsc#987576).
- rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
- rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060)
- rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)
- serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001).
- sfc: clear napi_hash state when copying channels (bsc#923037).
- sfc: fix potential stack corruption from running past stat bitmask (bsc#923037).
- sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380).
- sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917).
- sunrpc: Fix reconnection timeouts (bsc#1014410).
- sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410).
- target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE (bsc#991273).
- target: add XCOPY target/segment desc sense codes (bsc#991273).
- target: bounds check XCOPY segment descriptor list (bsc#991273).
- target: bounds check XCOPY total descriptor list length (bsc#991273).
- target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).
- target: check for XCOPY parameter truncation (bsc#991273).
- target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense (bsc#991273).
- target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).
- target: support XCOPY requests without parameters (bsc#991273).
- target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).
- target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).
- tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#921778).
- tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).
- x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479).
- xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419).
- xenbus: correctly signal errors from xenstored_local_init() (luckily none so far).
- xfs: allow lazy sb counter sync during filesystem freeze sequence (bsc#980560).
- xfs: refactor xlog_recover_process_data() (bsc#1019300).
Patchnames
SUSE-SLE-RT-12-SP1-2017-202
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) (bnc#1010501).\n- CVE-2015-8963: Fixed a race condition in kernel/events/core.c that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010502).\n- CVE-2015-8964: Fixed a bug in the tty_set_termios_ldisc function that allowed local users to obtain sensitive information from kernel memory (bnc#1010507).\n- CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1017710).\n- CVE-2016-7910: Fixed a use-after-free vulnerability in the block subsystem that allowed local users to gain privileges (bnc#1010716).\n- CVE-2016-7911: Fixed a race condition in the get_task_ioprio function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010711).\n- CVE-2016-7913: Fixed a bug in the xc2028_set_config function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010478).\n- CVE-2016-7914: The assoc_array_insert_into_terminal_node function did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) (bnc#1010475).\n- CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could have enabled a local malicious application to execute arbitrary code within the context of the kernel. (bnc#1014746).\n- CVE-2016-8632: The net subsystem did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) (bnc#1008831).\n- CVE-2016-8633: The firewire subsystem allowed remote attackers to execute arbitrary code via crafted fragmented packets in certain unusual hardware configurations (bnc#1008833).\n- CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) (bnc#1009969).\n- CVE-2016-8655: Fixed a race condition in the network subsystem that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1012754).\n- CVE-2016-9083: The PCI subsystem local users to bypass integer overflow checks and cause a denial of service (memory corruption) or have unspecified other impact (bnc#1007197).\n- CVE-2016-9084: The PCI subsystem misused the kzalloc() function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact (bnc#1007197).\n- CVE-2016-9555: Fixed a bug in the network subsystem that allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).\n- CVE-2016-9576: The block subsystem did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1013604).\n- CVE-2016-9756: The kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory (bnc#1013038).\n- CVE-2016-9793: The net subsystem mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact (bnc#1013531).\n- CVE-2016-9794: Fixed a race condition in the ALSA subsystem that allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1013533).\n- CVE-2016-9806: Fixed a race condition in the netlink_dump() function which could have allowed local users to cause a denial of service (double free) or possibly have unspecified other impact (bnc#1013540).\n- CVE-2017-2583: kvm: x86: fixed emulation of 'MOV SS, null selector' (bsc#1020602).\n- CVE-2017-2584: arch: x86: kvm: fixed a bug that could have allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) (bnc#1019851).\n- CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set setgid bits on files they don't down. (bsc#1021258, CVE-2017-5551).\n\nThe following non-security bugs were fixed:\n\n- 8250_pci: Fix potential use-after-free in error path (bsc#1013001).\n- block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557).\n- bna: Add synchronization for tx ring (bsc#993739).\n- bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052 bsc#922056).\n- bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).\n- bnx2x: fix lockdep splat (bsc#922052 bsc#922056).\n- btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666).\n- btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087).\n- btrfs: Revert 'do not delay inode ref updates during log replay' (bsc#987192).\n- btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl (bsc#1018100).\n- btrfs: do not delay inode ref updates during log replay (bsc#987192).\n- btrfs: fix incremental send failure caused by balance (bsc#985850).\n- btrfs: fix relocation incorrectly dropping data references (bsc#990384).\n- btrfs: increment ctx->pos for every emitted or skipped dirent in readdir (bsc#981709).\n- btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087).\n- btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709).\n- btrfs: send, do not bug on inconsistent snapshots (bsc#985850).\n- cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL) (bsc#1008876).\n- cpuset: fix sched_load_balance that was accidentally broken in a previous update (bsc#1010294).\n- ext4: fix data exposure after a crash (bsc#1012985).\n- fs/dcache: move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194).\n- fuse: do not use iocb after it may have been freed (bsc#1012985).\n- hpilo: Add support for iLO5 (bsc#999101).\n- ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381 bsc#921338).\n- ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036).\n- ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727).\n- ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727).\n- ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036).\n- ibmveth: calculate gso_segs for large packets (bsc#1019148).\n- ibmveth: check return of skb_linearize in ibmveth_start_xmit (bsc#1019148).\n- ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).\n- ibmveth: set correct gso_size and gso_type (bsc#1019148).\n- igb: Fix oops caused by missing queue pairing (bnc#857394).\n- ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062).\n- ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961).\n- ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963).\n- kabi: protect __sk_mem_reclaim (kabi).\n- kabi: protect struct perf_event_context (kabi).\n- kabi: reintroduce sk_filter (kabi).\n- kernel: remove broken memory detection sanity check (bnc#1008567, LTC#148072).\n- kgr: ignore zombie tasks during the patching (bnc#1008979).\n- kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612).\n- kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410).\n- net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727).\n- net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036).\n- net/mlx5e: Do not modify CQ before it was created (bnc#923036).\n- net/mlx5e: Do not try to modify CQ moderation if it is not supported (bnc#923036).\n- net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036).\n- net/mlx5e: Remove wrong poll CQ optimization (bnc#923036).\n- netback: correct array index (bsc#983348).\n- nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410).\n- nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).\n- nfsv4: Fix 'NFS Lock reclaim failed' errors (bsc#1014410).\n- ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).\n- posix_acl: Fixup acl reference leak and missing conversions in ext3, gfs2, jfs, hfsplus.\n- powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813).\n- proc: avoid including 'mountproto=' with no protocol in /proc/mounts (bsc#1019260).\n- raid1: ignore discard error (bsc#1017164).\n- reiserfs: fix race in prealloc discard (bsc#987576).\n- rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)\n- rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060)\n- rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)\n- serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001).\n- sfc: clear napi_hash state when copying channels (bsc#923037).\n- sfc: fix potential stack corruption from running past stat bitmask (bsc#923037).\n- sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380).\n- sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917).\n- sunrpc: Fix reconnection timeouts (bsc#1014410).\n- sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410).\n- target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE (bsc#991273).\n- target: add XCOPY target/segment desc sense codes (bsc#991273).\n- target: bounds check XCOPY segment descriptor list (bsc#991273).\n- target: bounds check XCOPY total descriptor list length (bsc#991273).\n- target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).\n- target: check for XCOPY parameter truncation (bsc#991273).\n- target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense (bsc#991273).\n- target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).\n- target: support XCOPY requests without parameters (bsc#991273).\n- target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).\n- target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).\n- tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#921778).\n- tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).\n- x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479).\n- xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419).\n- xenbus: correctly signal errors from xenstored_local_init() (luckily none so far).\n- xfs: allow lazy sb counter sync during filesystem freeze sequence (bsc#980560).\n- xfs: refactor xlog_recover_process_data() (bsc#1019300).\n", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-RT-12-SP1-2017-202", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0407-1.json", }, { category: "self", summary: "URL for SUSE-SU-2017:0407-1", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20170407-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2017:0407-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2017-February/002626.html", }, { category: "self", summary: "SUSE Bug 1003813", url: "https://bugzilla.suse.com/1003813", }, { category: "self", summary: "SUSE Bug 1005666", url: "https://bugzilla.suse.com/1005666", }, { category: "self", summary: "SUSE Bug 1007197", url: "https://bugzilla.suse.com/1007197", }, { category: "self", summary: "SUSE Bug 1008557", url: "https://bugzilla.suse.com/1008557", }, { category: "self", summary: "SUSE Bug 1008567", url: "https://bugzilla.suse.com/1008567", }, { category: "self", summary: "SUSE Bug 1008831", url: "https://bugzilla.suse.com/1008831", }, { category: "self", summary: "SUSE Bug 1008833", url: "https://bugzilla.suse.com/1008833", }, { category: "self", summary: "SUSE Bug 1008876", url: "https://bugzilla.suse.com/1008876", }, { category: "self", summary: "SUSE Bug 1008979", url: "https://bugzilla.suse.com/1008979", }, { category: "self", summary: "SUSE Bug 1009062", url: "https://bugzilla.suse.com/1009062", }, { category: "self", summary: "SUSE Bug 1009969", url: "https://bugzilla.suse.com/1009969", }, { category: "self", summary: "SUSE Bug 1010040", url: "https://bugzilla.suse.com/1010040", }, { category: "self", summary: "SUSE Bug 1010213", url: "https://bugzilla.suse.com/1010213", }, { category: "self", summary: "SUSE Bug 1010294", url: "https://bugzilla.suse.com/1010294", }, { category: "self", summary: "SUSE Bug 1010475", url: "https://bugzilla.suse.com/1010475", }, { category: "self", summary: "SUSE Bug 1010478", url: "https://bugzilla.suse.com/1010478", }, { category: "self", summary: "SUSE Bug 1010501", url: "https://bugzilla.suse.com/1010501", }, { category: "self", summary: "SUSE Bug 1010502", url: "https://bugzilla.suse.com/1010502", }, { category: "self", summary: "SUSE Bug 1010507", url: "https://bugzilla.suse.com/1010507", }, { category: "self", summary: "SUSE Bug 1010612", url: "https://bugzilla.suse.com/1010612", }, { category: "self", summary: "SUSE Bug 1010711", url: "https://bugzilla.suse.com/1010711", }, { category: "self", summary: "SUSE Bug 1010716", url: "https://bugzilla.suse.com/1010716", }, { category: "self", summary: "SUSE Bug 1011685", url: "https://bugzilla.suse.com/1011685", }, { category: "self", summary: "SUSE Bug 1012060", url: "https://bugzilla.suse.com/1012060", }, { category: "self", summary: "SUSE Bug 1012422", url: "https://bugzilla.suse.com/1012422", }, { category: "self", summary: "SUSE Bug 1012754", url: "https://bugzilla.suse.com/1012754", }, { category: "self", summary: "SUSE Bug 1012917", url: "https://bugzilla.suse.com/1012917", }, { category: "self", summary: "SUSE Bug 1012985", url: "https://bugzilla.suse.com/1012985", }, { category: "self", summary: "SUSE Bug 1013001", url: "https://bugzilla.suse.com/1013001", }, { category: "self", summary: "SUSE Bug 1013038", url: "https://bugzilla.suse.com/1013038", }, { category: "self", summary: "SUSE Bug 1013479", url: "https://bugzilla.suse.com/1013479", }, { category: "self", summary: "SUSE Bug 1013531", url: "https://bugzilla.suse.com/1013531", }, { category: "self", summary: "SUSE Bug 1013533", url: "https://bugzilla.suse.com/1013533", }, { category: "self", summary: "SUSE Bug 1013540", url: "https://bugzilla.suse.com/1013540", }, { category: "self", summary: "SUSE Bug 1013604", url: "https://bugzilla.suse.com/1013604", }, { category: "self", summary: "SUSE Bug 1014410", url: "https://bugzilla.suse.com/1014410", }, { category: "self", summary: "SUSE Bug 1014746", url: "https://bugzilla.suse.com/1014746", }, { category: "self", summary: "SUSE Bug 1016713", url: "https://bugzilla.suse.com/1016713", }, { category: "self", summary: "SUSE Bug 1016725", url: "https://bugzilla.suse.com/1016725", }, { category: "self", summary: "SUSE Bug 1016961", url: "https://bugzilla.suse.com/1016961", }, { category: "self", summary: "SUSE Bug 1017164", url: "https://bugzilla.suse.com/1017164", }, { category: "self", summary: "SUSE Bug 1017170", url: "https://bugzilla.suse.com/1017170", }, { category: "self", summary: "SUSE Bug 1017410", url: "https://bugzilla.suse.com/1017410", }, { category: "self", summary: "SUSE Bug 1017710", url: "https://bugzilla.suse.com/1017710", }, { category: "self", summary: "SUSE Bug 1018100", url: "https://bugzilla.suse.com/1018100", }, { category: "self", summary: "SUSE Bug 1019032", url: "https://bugzilla.suse.com/1019032", }, { category: "self", summary: "SUSE Bug 1019148", url: "https://bugzilla.suse.com/1019148", }, { category: "self", summary: "SUSE Bug 1019260", url: "https://bugzilla.suse.com/1019260", }, { category: "self", summary: "SUSE Bug 1019300", url: "https://bugzilla.suse.com/1019300", }, { category: "self", summary: "SUSE Bug 1019783", url: "https://bugzilla.suse.com/1019783", }, { category: "self", summary: "SUSE Bug 1019851", url: "https://bugzilla.suse.com/1019851", }, { category: "self", summary: "SUSE Bug 1020214", url: "https://bugzilla.suse.com/1020214", }, { category: "self", summary: "SUSE Bug 1020602", url: "https://bugzilla.suse.com/1020602", }, { category: "self", summary: "SUSE Bug 1021258", url: "https://bugzilla.suse.com/1021258", }, { category: "self", summary: "SUSE Bug 856380", url: "https://bugzilla.suse.com/856380", }, { category: "self", summary: "SUSE Bug 857394", url: "https://bugzilla.suse.com/857394", }, { category: "self", summary: "SUSE Bug 858727", url: "https://bugzilla.suse.com/858727", }, { category: "self", summary: "SUSE Bug 921338", url: "https://bugzilla.suse.com/921338", }, { category: "self", summary: "SUSE Bug 921778", url: "https://bugzilla.suse.com/921778", }, { category: "self", summary: "SUSE Bug 922052", url: "https://bugzilla.suse.com/922052", }, { category: "self", summary: "SUSE Bug 922056", url: "https://bugzilla.suse.com/922056", }, { category: "self", summary: "SUSE Bug 923036", url: "https://bugzilla.suse.com/923036", }, { category: "self", summary: "SUSE Bug 923037", url: "https://bugzilla.suse.com/923037", }, { category: "self", summary: "SUSE Bug 924381", url: "https://bugzilla.suse.com/924381", }, { category: "self", summary: "SUSE Bug 938963", url: "https://bugzilla.suse.com/938963", }, { category: "self", summary: "SUSE Bug 972993", url: "https://bugzilla.suse.com/972993", }, { category: "self", summary: "SUSE Bug 980560", url: "https://bugzilla.suse.com/980560", }, { category: "self", summary: "SUSE Bug 981709", url: "https://bugzilla.suse.com/981709", }, { category: "self", summary: "SUSE Bug 983087", url: "https://bugzilla.suse.com/983087", }, { category: "self", summary: "SUSE Bug 983348", url: "https://bugzilla.suse.com/983348", }, { category: "self", summary: "SUSE Bug 984194", url: "https://bugzilla.suse.com/984194", }, { category: "self", summary: "SUSE Bug 984419", url: "https://bugzilla.suse.com/984419", }, { category: "self", summary: "SUSE Bug 985850", url: "https://bugzilla.suse.com/985850", }, { category: "self", summary: "SUSE Bug 987192", url: "https://bugzilla.suse.com/987192", }, { category: "self", summary: "SUSE Bug 987576", url: "https://bugzilla.suse.com/987576", }, { category: "self", summary: "SUSE Bug 990384", url: "https://bugzilla.suse.com/990384", }, { category: "self", summary: "SUSE Bug 991273", url: "https://bugzilla.suse.com/991273", }, { category: "self", summary: "SUSE Bug 993739", url: "https://bugzilla.suse.com/993739", }, { category: "self", summary: "SUSE Bug 997807", url: "https://bugzilla.suse.com/997807", }, { category: "self", summary: "SUSE Bug 999101", url: "https://bugzilla.suse.com/999101", }, { category: "self", summary: "SUSE CVE CVE-2015-8962 page", url: "https://www.suse.com/security/cve/CVE-2015-8962/", }, { category: "self", summary: "SUSE CVE CVE-2015-8963 page", url: "https://www.suse.com/security/cve/CVE-2015-8963/", }, { category: "self", summary: "SUSE CVE CVE-2015-8964 page", url: "https://www.suse.com/security/cve/CVE-2015-8964/", }, { category: "self", summary: "SUSE CVE CVE-2016-10088 page", url: "https://www.suse.com/security/cve/CVE-2016-10088/", }, { category: "self", summary: "SUSE CVE CVE-2016-7910 page", url: "https://www.suse.com/security/cve/CVE-2016-7910/", }, { category: "self", summary: "SUSE CVE CVE-2016-7911 page", url: "https://www.suse.com/security/cve/CVE-2016-7911/", }, { category: "self", summary: "SUSE CVE CVE-2016-7913 page", url: "https://www.suse.com/security/cve/CVE-2016-7913/", }, { category: "self", summary: "SUSE CVE CVE-2016-7914 page", url: "https://www.suse.com/security/cve/CVE-2016-7914/", }, { category: "self", summary: "SUSE CVE CVE-2016-8399 page", url: "https://www.suse.com/security/cve/CVE-2016-8399/", }, { category: "self", summary: "SUSE CVE CVE-2016-8632 page", url: "https://www.suse.com/security/cve/CVE-2016-8632/", }, { category: "self", summary: "SUSE CVE CVE-2016-8633 page", url: "https://www.suse.com/security/cve/CVE-2016-8633/", }, { category: "self", summary: "SUSE CVE CVE-2016-8645 page", url: "https://www.suse.com/security/cve/CVE-2016-8645/", }, { category: "self", summary: "SUSE CVE CVE-2016-8655 page", url: "https://www.suse.com/security/cve/CVE-2016-8655/", }, { category: "self", summary: "SUSE CVE CVE-2016-9083 page", url: "https://www.suse.com/security/cve/CVE-2016-9083/", }, { category: "self", summary: "SUSE CVE CVE-2016-9084 page", url: "https://www.suse.com/security/cve/CVE-2016-9084/", }, { category: "self", summary: "SUSE CVE CVE-2016-9555 page", url: "https://www.suse.com/security/cve/CVE-2016-9555/", }, { category: "self", summary: "SUSE CVE CVE-2016-9576 page", url: "https://www.suse.com/security/cve/CVE-2016-9576/", }, { category: "self", summary: "SUSE CVE CVE-2016-9756 page", url: "https://www.suse.com/security/cve/CVE-2016-9756/", }, { category: "self", summary: "SUSE CVE CVE-2016-9793 page", url: "https://www.suse.com/security/cve/CVE-2016-9793/", }, { category: "self", summary: "SUSE CVE CVE-2016-9794 page", url: "https://www.suse.com/security/cve/CVE-2016-9794/", }, { category: "self", summary: "SUSE CVE CVE-2016-9806 page", url: "https://www.suse.com/security/cve/CVE-2016-9806/", }, { category: "self", summary: "SUSE CVE CVE-2017-2583 page", url: "https://www.suse.com/security/cve/CVE-2017-2583/", }, { category: "self", summary: "SUSE CVE CVE-2017-2584 page", url: "https://www.suse.com/security/cve/CVE-2017-2584/", }, { category: "self", summary: "SUSE CVE CVE-2017-5551 page", url: "https://www.suse.com/security/cve/CVE-2017-5551/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2017-02-06T14:41:53Z", generator: { date: "2017-02-06T14:41:53Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2017:0407-1", initial_release_date: "2017-02-06T14:41:53Z", revision_history: [ { date: "2017-02-06T14:41:53Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-devel-rt-3.12.69-60.30.1.noarch", product: { name: "kernel-devel-rt-3.12.69-60.30.1.noarch", product_id: "kernel-devel-rt-3.12.69-60.30.1.noarch", }, }, { category: "product_version", name: "kernel-source-rt-3.12.69-60.30.1.noarch", product: { name: "kernel-source-rt-3.12.69-60.30.1.noarch", product_id: "kernel-source-rt-3.12.69-60.30.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "kernel-compute-3.12.69-60.30.1.x86_64", product: { name: "kernel-compute-3.12.69-60.30.1.x86_64", product_id: "kernel-compute-3.12.69-60.30.1.x86_64", }, }, { category: "product_version", name: "kernel-compute-base-3.12.69-60.30.1.x86_64", product: { name: "kernel-compute-base-3.12.69-60.30.1.x86_64", product_id: "kernel-compute-base-3.12.69-60.30.1.x86_64", }, }, { category: "product_version", name: "kernel-compute-devel-3.12.69-60.30.1.x86_64", product: { name: "kernel-compute-devel-3.12.69-60.30.1.x86_64", product_id: "kernel-compute-devel-3.12.69-60.30.1.x86_64", }, }, { category: "product_version", name: "kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", product: { name: "kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", product_id: "kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-3.12.69-60.30.1.x86_64", product: { name: "kernel-rt-3.12.69-60.30.1.x86_64", product_id: "kernel-rt-3.12.69-60.30.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-base-3.12.69-60.30.1.x86_64", product: { name: "kernel-rt-base-3.12.69-60.30.1.x86_64", product_id: "kernel-rt-base-3.12.69-60.30.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-devel-3.12.69-60.30.1.x86_64", product: { name: "kernel-rt-devel-3.12.69-60.30.1.x86_64", product_id: "kernel-rt-devel-3.12.69-60.30.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", product: { name: "kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", product_id: "kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-rt-3.12.69-60.30.1.x86_64", product: { name: "kernel-syms-rt-3.12.69-60.30.1.x86_64", product_id: "kernel-syms-rt-3.12.69-60.30.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Real Time 12 SP1", product: { name: "SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1", }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-compute-3.12.69-60.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", }, product_reference: "kernel-compute-3.12.69-60.30.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP1", }, { category: "default_component_of", full_product_name: { name: "kernel-compute-base-3.12.69-60.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", }, product_reference: "kernel-compute-base-3.12.69-60.30.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP1", }, { category: "default_component_of", full_product_name: { name: "kernel-compute-devel-3.12.69-60.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", }, product_reference: "kernel-compute-devel-3.12.69-60.30.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP1", }, { category: "default_component_of", full_product_name: { name: "kernel-compute_debug-devel-3.12.69-60.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", }, product_reference: "kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP1", }, { category: "default_component_of", full_product_name: { name: "kernel-devel-rt-3.12.69-60.30.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", }, product_reference: "kernel-devel-rt-3.12.69-60.30.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP1", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-3.12.69-60.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", }, product_reference: "kernel-rt-3.12.69-60.30.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP1", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-base-3.12.69-60.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", }, product_reference: "kernel-rt-base-3.12.69-60.30.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP1", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-3.12.69-60.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", }, product_reference: "kernel-rt-devel-3.12.69-60.30.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP1", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_debug-devel-3.12.69-60.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", }, product_reference: "kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP1", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-3.12.69-60.30.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", }, product_reference: "kernel-source-rt-3.12.69-60.30.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP1", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-rt-3.12.69-60.30.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP1", product_id: "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", }, product_reference: "kernel-syms-rt-3.12.69-60.30.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 12 SP1", }, ], }, vulnerabilities: [ { cve: "CVE-2015-8962", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8962", }, ], notes: [ { category: "general", text: "Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8962", url: "https://www.suse.com/security/cve/CVE-2015-8962", }, { category: "external", summary: "SUSE Bug 1010501 for CVE-2015-8962", url: "https://bugzilla.suse.com/1010501", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2015-8962", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2015-8962", }, { cve: "CVE-2015-8963", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8963", }, ], notes: [ { category: "general", text: "Race condition in kernel/events/core.c in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8963", url: "https://www.suse.com/security/cve/CVE-2015-8963", }, { category: "external", summary: "SUSE Bug 1010502 for CVE-2015-8963", url: "https://bugzilla.suse.com/1010502", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2015-8963", }, { cve: "CVE-2015-8964", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2015-8964", }, ], notes: [ { category: "general", text: "The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive information from kernel memory by reading a tty data structure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2015-8964", url: "https://www.suse.com/security/cve/CVE-2015-8964", }, { category: "external", summary: "SUSE Bug 1010507 for CVE-2015-8964", url: "https://bugzilla.suse.com/1010507", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2015-8964", }, { cve: "CVE-2016-10088", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-10088", }, ], notes: [ { category: "general", text: "The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-10088", url: "https://www.suse.com/security/cve/CVE-2016-10088", }, { category: "external", summary: "SUSE Bug 1013604 for CVE-2016-10088", url: "https://bugzilla.suse.com/1013604", }, { category: "external", summary: "SUSE Bug 1014271 for CVE-2016-10088", url: "https://bugzilla.suse.com/1014271", }, { category: "external", summary: "SUSE Bug 1017710 for CVE-2016-10088", url: "https://bugzilla.suse.com/1017710", }, { category: "external", summary: "SUSE Bug 1019079 for CVE-2016-10088", url: "https://bugzilla.suse.com/1019079", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-10088", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "important", }, ], title: "CVE-2016-10088", }, { cve: "CVE-2016-7910", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7910", }, ], notes: [ { category: "general", text: "Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7910", url: "https://www.suse.com/security/cve/CVE-2016-7910", }, { category: "external", summary: "SUSE Bug 1010716 for CVE-2016-7910", url: "https://bugzilla.suse.com/1010716", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-7910", url: "https://bugzilla.suse.com/1115893", }, { category: "external", summary: "SUSE Bug 1196722 for CVE-2016-7910", url: "https://bugzilla.suse.com/1196722", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2016-7910", }, { cve: "CVE-2016-7911", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7911", }, ], notes: [ { category: "general", text: "Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7911", url: "https://www.suse.com/security/cve/CVE-2016-7911", }, { category: "external", summary: "SUSE Bug 1010711 for CVE-2016-7911", url: "https://bugzilla.suse.com/1010711", }, { category: "external", summary: "SUSE Bug 1010713 for CVE-2016-7911", url: "https://bugzilla.suse.com/1010713", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-7911", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2016-7911", }, { cve: "CVE-2016-7913", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7913", }, ], notes: [ { category: "general", text: "The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel before 4.6 allows local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7913", url: "https://www.suse.com/security/cve/CVE-2016-7913", }, { category: "external", summary: "SUSE Bug 1010478 for CVE-2016-7913", url: "https://bugzilla.suse.com/1010478", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "important", }, ], title: "CVE-2016-7913", }, { cve: "CVE-2016-7914", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-7914", }, ], notes: [ { category: "general", text: "The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.5.3 does not check whether a slot is a leaf, which allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-7914", url: "https://www.suse.com/security/cve/CVE-2016-7914", }, { category: "external", summary: "SUSE Bug 1010475 for CVE-2016-7914", url: "https://bugzilla.suse.com/1010475", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.2, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2016-7914", }, { cve: "CVE-2016-8399", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8399", }, ], notes: [ { category: "general", text: "An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8399", url: "https://www.suse.com/security/cve/CVE-2016-8399", }, { category: "external", summary: "SUSE Bug 1014746 for CVE-2016-8399", url: "https://bugzilla.suse.com/1014746", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-8399", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2016-8399", }, { cve: "CVE-2016-8632", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8632", }, ], notes: [ { category: "general", text: "The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8632", url: "https://www.suse.com/security/cve/CVE-2016-8632", }, { category: "external", summary: "SUSE Bug 1008831 for CVE-2016-8632", url: "https://bugzilla.suse.com/1008831", }, { category: "external", summary: "SUSE Bug 1012852 for CVE-2016-8632", url: "https://bugzilla.suse.com/1012852", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-8632", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2016-8632", }, { cve: "CVE-2016-8633", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8633", }, ], notes: [ { category: "general", text: "drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8633", url: "https://www.suse.com/security/cve/CVE-2016-8633", }, { category: "external", summary: "SUSE Bug 1008833 for CVE-2016-8633", url: "https://bugzilla.suse.com/1008833", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.8, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2016-8633", }, { cve: "CVE-2016-8645", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8645", }, ], notes: [ { category: "general", text: "The TCP stack in the Linux kernel before 4.8.10 mishandles skb truncation, which allows local users to cause a denial of service (system crash) via a crafted application that makes sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8645", url: "https://www.suse.com/security/cve/CVE-2016-8645", }, { category: "external", summary: "SUSE Bug 1009969 for CVE-2016-8645", url: "https://bugzilla.suse.com/1009969", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2016-8645", }, { cve: "CVE-2016-8655", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-8655", }, ], notes: [ { category: "general", text: "Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-8655", url: "https://www.suse.com/security/cve/CVE-2016-8655", }, { category: "external", summary: "SUSE Bug 1012754 for CVE-2016-8655", url: "https://bugzilla.suse.com/1012754", }, { category: "external", summary: "SUSE Bug 1012759 for CVE-2016-8655", url: "https://bugzilla.suse.com/1012759", }, { category: "external", summary: "SUSE Bug 1013822 for CVE-2016-8655", url: "https://bugzilla.suse.com/1013822", }, { category: "external", summary: "SUSE Bug 1052365 for CVE-2016-8655", url: "https://bugzilla.suse.com/1052365", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2016-8655", }, { cve: "CVE-2016-9083", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9083", }, ], notes: [ { category: "general", text: "drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a \"state machine confusion bug.\"", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9083", url: "https://www.suse.com/security/cve/CVE-2016-9083", }, { category: "external", summary: "SUSE Bug 1007197 for CVE-2016-9083", url: "https://bugzilla.suse.com/1007197", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "low", }, ], title: "CVE-2016-9083", }, { cve: "CVE-2016-9084", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9084", }, ], notes: [ { category: "general", text: "drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 misuses the kzalloc function, which allows local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9084", url: "https://www.suse.com/security/cve/CVE-2016-9084", }, { category: "external", summary: "SUSE Bug 1007197 for CVE-2016-9084", url: "https://bugzilla.suse.com/1007197", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "low", }, ], title: "CVE-2016-9084", }, { cve: "CVE-2016-9555", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9555", }, ], notes: [ { category: "general", text: "The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9555", url: "https://www.suse.com/security/cve/CVE-2016-9555", }, { category: "external", summary: "SUSE Bug 1011685 for CVE-2016-9555", url: "https://bugzilla.suse.com/1011685", }, { category: "external", summary: "SUSE Bug 1012183 for CVE-2016-9555", url: "https://bugzilla.suse.com/1012183", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-9555", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "important", }, ], title: "CVE-2016-9555", }, { cve: "CVE-2016-9576", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9576", }, ], notes: [ { category: "general", text: "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9576", url: "https://www.suse.com/security/cve/CVE-2016-9576", }, { category: "external", summary: "SUSE Bug 1013604 for CVE-2016-9576", url: "https://bugzilla.suse.com/1013604", }, { category: "external", summary: "SUSE Bug 1014271 for CVE-2016-9576", url: "https://bugzilla.suse.com/1014271", }, { category: "external", summary: "SUSE Bug 1017710 for CVE-2016-9576", url: "https://bugzilla.suse.com/1017710", }, { category: "external", summary: "SUSE Bug 1019079 for CVE-2016-9576", url: "https://bugzilla.suse.com/1019079", }, { category: "external", summary: "SUSE Bug 1019668 for CVE-2016-9576", url: "https://bugzilla.suse.com/1019668", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-9576", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "important", }, ], title: "CVE-2016-9576", }, { cve: "CVE-2016-9756", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9756", }, ], notes: [ { category: "general", text: "arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9756", url: "https://www.suse.com/security/cve/CVE-2016-9756", }, { category: "external", summary: "SUSE Bug 1013038 for CVE-2016-9756", url: "https://bugzilla.suse.com/1013038", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.1, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2016-9756", }, { cve: "CVE-2016-9793", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9793", }, ], notes: [ { category: "general", text: "The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9793", url: "https://www.suse.com/security/cve/CVE-2016-9793", }, { category: "external", summary: "SUSE Bug 1013531 for CVE-2016-9793", url: "https://bugzilla.suse.com/1013531", }, { category: "external", summary: "SUSE Bug 1013542 for CVE-2016-9793", url: "https://bugzilla.suse.com/1013542", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2016-9793", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2016-9793", }, { cve: "CVE-2016-9794", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9794", }, ], notes: [ { category: "general", text: "Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9794", url: "https://www.suse.com/security/cve/CVE-2016-9794", }, { category: "external", summary: "SUSE Bug 1013533 for CVE-2016-9794", url: "https://bugzilla.suse.com/1013533", }, { category: "external", summary: "SUSE Bug 1013543 for CVE-2016-9794", url: "https://bugzilla.suse.com/1013543", }, { category: "external", summary: "SUSE Bug 1013604 for CVE-2016-9794", url: "https://bugzilla.suse.com/1013604", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2016-9794", }, { cve: "CVE-2016-9806", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2016-9806", }, ], notes: [ { category: "general", text: "Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2016-9806", url: "https://www.suse.com/security/cve/CVE-2016-9806", }, { category: "external", summary: "SUSE Bug 1013540 for CVE-2016-9806", url: "https://bugzilla.suse.com/1013540", }, { category: "external", summary: "SUSE Bug 1017589 for CVE-2016-9806", url: "https://bugzilla.suse.com/1017589", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "important", }, ], title: "CVE-2016-9806", }, { cve: "CVE-2017-2583", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-2583", }, ], notes: [ { category: "general", text: "The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a \"MOV SS, NULL selector\" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-2583", url: "https://www.suse.com/security/cve/CVE-2017-2583", }, { category: "external", summary: "SUSE Bug 1020602 for CVE-2017-2583", url: "https://bugzilla.suse.com/1020602", }, { category: "external", summary: "SUSE Bug 1030573 for CVE-2017-2583", url: "https://bugzilla.suse.com/1030573", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2017-2583", url: "https://bugzilla.suse.com/1087082", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2017-2583", }, { cve: "CVE-2017-2584", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-2584", }, ], notes: [ { category: "general", text: "arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-2584", url: "https://www.suse.com/security/cve/CVE-2017-2584", }, { category: "external", summary: "SUSE Bug 1019851 for CVE-2017-2584", url: "https://bugzilla.suse.com/1019851", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2017-2584", url: "https://bugzilla.suse.com/1087082", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "moderate", }, ], title: "CVE-2017-2584", }, { cve: "CVE-2017-5551", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-5551", }, ], notes: [ { category: "general", text: "The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a tmpfs filesystem, which allows local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-7097.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-5551", url: "https://www.suse.com/security/cve/CVE-2017-5551", }, { category: "external", summary: "SUSE Bug 1021258 for CVE-2017-5551", url: "https://bugzilla.suse.com/1021258", }, { category: "external", summary: "SUSE Bug 995968 for CVE-2017-5551", url: "https://bugzilla.suse.com/995968", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 4.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, products: [ "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-compute_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-devel-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-base-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-rt_debug-devel-3.12.69-60.30.1.x86_64", "SUSE Linux Enterprise Real Time 12 SP1:kernel-source-rt-3.12.69-60.30.1.noarch", "SUSE Linux Enterprise Real Time 12 SP1:kernel-syms-rt-3.12.69-60.30.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-02-06T14:41:53Z", details: "low", }, ], title: "CVE-2017-5551", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.