1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2017:0471-1

[SUSE-SU-2017:0471-1] Security update for the Linux Kernel

Severity Important
Affected Packages 21
CVEs 34
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to 3.12.61 to receive various security and bugfixes.

The following feature was implemented:

  • The ext2 filesystem got reenabled and supported to allow support for 'XIP' (Execute In Place) (FATE#320805).

The following security bugs were fixed:

  • CVE-2017-5551: The tmpfs filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bsc#1021258).
  • CVE-2016-7097: The filesystem implementation in the Linux kernel preserved the setgid bit during a setxattr call, which allowed local users to gain group privileges by leveraging the existence of a setgid program with restrictions on execute permissions (bnc#995968).
  • CVE-2017-2583: A Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support was vulnerable to an incorrect segment selector(SS) value error. A user/process inside guest could have used this flaw to crash the guest resulting in DoS or potentially escalate their privileges inside guest. (bsc#1020602).
  • CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bnc#1019851).
  • CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710).
  • CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).
  • CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31349935 (bnc#1014746).
  • CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540).
  • CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038).
  • CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531).
  • CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).
  • CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).
  • CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).
  • CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).
  • CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).
  • CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502).
  • CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475).
  • CVE-2016-8633: drivers/firewire/net.c in the Linux kernel allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).
  • CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug (bnc#1007197).
  • CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misused the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).
  • CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).
  • CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925).
  • CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462).
  • CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
  • CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748).
  • CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296).
  • CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for remote attackers to hijack TCP sessions via a blind in-window attack (bnc#989152).
  • CVE-2016-6130: Race condition in the sclp_ctl_ioctl_sccb function in drivers/s390/char/sclp_ctl.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by changing a certain length value, aka a 'double fetch' vulnerability (bnc#987542).
  • CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608).
  • CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary (bnc#986362 bnc#986365).
  • CVE-2016-5828: The start_thread function in arch/powerpc/kernel/process.c in the Linux kernel on powerpc platforms mishandled transactional state, which allowed local users to cause a denial of service (invalid process state or TM Bad Thing exception, and system crash) or possibly have unspecified other impact by starting and suspending a transaction before an exec system call (bnc#986569).
  • CVE-2014-9904: The snd_compress_check_input function in sound/core/compress_offload.c in the ALSA subsystem in the Linux kernel did not properly check for an integer overflow, which allowed local users to cause a denial of service (insufficient memory allocation) or possibly have unspecified other impact via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl call (bnc#986811).
  • CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bnc#986572).
  • CVE-2016-4470: The key_reject_and_link function in security/keys/key.c in the Linux kernel did not ensure that a certain data structure is initialized, which allowed local users to cause a denial of service (system crash) via vectors involving a crafted keyctl request2 command (bnc#984755).

The following non-security bugs were fixed:

  • base: make module_create_drivers_dir race-free (bnc#983977).
  • btrfs-8448-improve-performance-on-fsync-against-new-inode.patch: Disable (bsc#981597).
  • btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619).
  • btrfs: be more precise on errors when getting an inode from disk (bsc#981038).
  • btrfs: do not create or leak aliased root while cleaning up orphans (bsc#994881).
  • btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600).
  • btrfs: fix relocation incorrectly dropping data references (bsc#990384).
  • btrfs: handle quota reserve failure properly (bsc#1005666).
  • btrfs: improve performance on fsync against new inode after rename/unlink (bsc#981038).
  • btrfs: increment ctx->pos for every emitted or skipped dirent in XXXXXXX (bsc#981709).
  • btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709).
  • cdc-acm: added sanity checking for probe() (bsc#993891).
  • ext2: Enable ext2 driver in config files (bsc#976195, fate#320805)
  • ext4: Add parameter for tuning handling of ext2 (bsc#976195).
  • ext4: Fixup handling for custom configs in tuning.
  • ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419).
  • ipv6: Fix improper use or RCU in patches.kabi/ipv6-add-complete-rcu-protection-around-np-opt.kabi.patch. (bsc#961257)
  • ipv6: KABI workaround for ipv6: add complete rcu protection around np->opt.
  • kabi: prevent spurious modversion changes after bsc#982544 fix (bsc#982544).
  • kabi: reintroduce sk_filter (kabi).
  • kaweth: fix firmware download (bsc#993890).
  • kaweth: fix oops upon failed memory allocation (bsc#993890).
  • kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612, fate#313296).
  • kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410, fate#313296).
  • kgr: ignore zombie tasks during the patching (bnc#1008979).
  • mm/swap.c: flush lru pvecs on compound page arrival (bnc#983721).
  • mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445).
  • modsign: Print appropriate status message when accessing UEFI variable (bsc#958606).
  • mpi: Fix NULL ptr dereference in mpi_powm() ver #3.
  • mpt3sas: Fix panic when aer correct error occurred (bsc#997708, bsc#999943).
  • netfilter: allow logging fron non-init netns (bsc#970083).
  • netfilter: bridge: do not leak skb in error paths (bsc#982544).
  • netfilter: bridge: forward IPv6 fragmented packets (bsc#982544).
  • netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 (bsc#982544).
  • nfs: Do not write enable new pages while an invalidation is proceeding (bsc#999584).
  • nfs: Fix a regression in the read() syscall (bsc#999584).
  • pci/aer: Clear error status registers during enumeration and restore (bsc#985978).
  • ppp: defer netns reference release for ppp channel (bsc#980371).
  • reiserfs: fix race in prealloc discard (bsc#987576).
  • scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)
  • scsi: Increase REPORT_LUNS timeout (bsc#982282).
  • series.conf: move stray netfilter patches to the right section
  • squashfs3: properly handle dir_emit() failures (bsc#998795).
  • supported.conf: Add ext2
  • timers: Use proper base migration in add_timer_on() (bnc#993392).
  • tty: audit: Fix audit source (bsc#1016482).
  • tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).
  • usb: fix typo in wMaxPacketSize validation (bsc#991665).
  • usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665).
  • xen: Fix refcnt regression in xen netback introduced by changes made for bug#881008 (bnc#978094)
  • xfs: allow lazy sb counter sync during filesystem freeze sequence (bsc#980560).
  • xfs: fixed signedness of error code in xfs_inode_buf_verify (bsc#1003153).
  • xfs: fix premature enospc on inode allocation (bsc#984148).
  • xfs: get rid of XFS_IALLOC_BLOCKS macros (bsc#984148).
  • xfs: get rid of XFS_INODE_CLUSTER_SIZE macros (bsc#984148).
  • xfs: refactor xlog_recover_process_data() (bsc#1019300).
  • xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).
  • xhci: silence warnings in switch (bnc#991665).
Package Affected Version
pkg:rpm/suse/kgraft-patch-3_12_61-52_66-xen?arch=x86_64&distro=sles-12 < 1-2.1
pkg:rpm/suse/kgraft-patch-3_12_61-52_66-default?arch=x86_64&distro=sles-12 < 1-2.1
pkg:rpm/suse/kernel-xen?arch=x86_64&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-xen-devel?arch=x86_64&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-xen-base?arch=x86_64&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-12 < 3.12.61-52.66.1
pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-12 < 3.12.61-52.66.1
ID
SUSE-SU-2017:0471-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/
Published
2017-02-15T16:20:32
(7 years ago)
Modified
2017-02-15T16:20:32
(7 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_0471-1.json
Suse URL for SUSE-SU-2017:0471-1 https://www.suse.com/support/update/announcement/2017/suse-su-20170471-1/
Suse E-Mail link for SUSE-SU-2017:0471-1 https://lists.suse.com/pipermail/sle-security-updates/2017-February/002647.html
Bugzilla SUSE Bug 1003153 https://bugzilla.suse.com/1003153
Bugzilla SUSE Bug 1003925 https://bugzilla.suse.com/1003925
Bugzilla SUSE Bug 1004462 https://bugzilla.suse.com/1004462
Bugzilla SUSE Bug 1004517 https://bugzilla.suse.com/1004517
Bugzilla SUSE Bug 1005666 https://bugzilla.suse.com/1005666
Bugzilla SUSE Bug 1007197 https://bugzilla.suse.com/1007197
Bugzilla SUSE Bug 1008833 https://bugzilla.suse.com/1008833
Bugzilla SUSE Bug 1008979 https://bugzilla.suse.com/1008979
Bugzilla SUSE Bug 1009969 https://bugzilla.suse.com/1009969
Bugzilla SUSE Bug 1010040 https://bugzilla.suse.com/1010040
Bugzilla SUSE Bug 1010475 https://bugzilla.suse.com/1010475
Bugzilla SUSE Bug 1010478 https://bugzilla.suse.com/1010478
Bugzilla SUSE Bug 1010501 https://bugzilla.suse.com/1010501
Bugzilla SUSE Bug 1010502 https://bugzilla.suse.com/1010502
Bugzilla SUSE Bug 1010507 https://bugzilla.suse.com/1010507
Bugzilla SUSE Bug 1010612 https://bugzilla.suse.com/1010612
Bugzilla SUSE Bug 1010711 https://bugzilla.suse.com/1010711
Bugzilla SUSE Bug 1010716 https://bugzilla.suse.com/1010716
Bugzilla SUSE Bug 1011820 https://bugzilla.suse.com/1011820
Bugzilla SUSE Bug 1012422 https://bugzilla.suse.com/1012422
Bugzilla SUSE Bug 1013038 https://bugzilla.suse.com/1013038
Bugzilla SUSE Bug 1013531 https://bugzilla.suse.com/1013531
Bugzilla SUSE Bug 1013540 https://bugzilla.suse.com/1013540
Bugzilla SUSE Bug 1013542 https://bugzilla.suse.com/1013542
Bugzilla SUSE Bug 1014746 https://bugzilla.suse.com/1014746
Bugzilla SUSE Bug 1016482 https://bugzilla.suse.com/1016482
Bugzilla SUSE Bug 1017410 https://bugzilla.suse.com/1017410
Bugzilla SUSE Bug 1017589 https://bugzilla.suse.com/1017589
Bugzilla SUSE Bug 1017710 https://bugzilla.suse.com/1017710
Bugzilla SUSE Bug 1019300 https://bugzilla.suse.com/1019300
Bugzilla SUSE Bug 1019851 https://bugzilla.suse.com/1019851
Bugzilla SUSE Bug 1020602 https://bugzilla.suse.com/1020602
Bugzilla SUSE Bug 1021258 https://bugzilla.suse.com/1021258
Bugzilla SUSE Bug 881008 https://bugzilla.suse.com/881008
Bugzilla SUSE Bug 915183 https://bugzilla.suse.com/915183
Bugzilla SUSE Bug 958606 https://bugzilla.suse.com/958606
Bugzilla SUSE Bug 961257 https://bugzilla.suse.com/961257
Bugzilla SUSE Bug 970083 https://bugzilla.suse.com/970083
Bugzilla SUSE Bug 971989 https://bugzilla.suse.com/971989
Bugzilla SUSE Bug 976195 https://bugzilla.suse.com/976195
Bugzilla SUSE Bug 978094 https://bugzilla.suse.com/978094
Bugzilla SUSE Bug 980371 https://bugzilla.suse.com/980371
Bugzilla SUSE Bug 980560 https://bugzilla.suse.com/980560
Bugzilla SUSE Bug 981038 https://bugzilla.suse.com/981038
Bugzilla SUSE Bug 981597 https://bugzilla.suse.com/981597
Bugzilla SUSE Bug 981709 https://bugzilla.suse.com/981709
Bugzilla SUSE Bug 982282 https://bugzilla.suse.com/982282
Bugzilla SUSE Bug 982544 https://bugzilla.suse.com/982544
Bugzilla SUSE Bug 983619 https://bugzilla.suse.com/983619
Bugzilla SUSE Bug 983721 https://bugzilla.suse.com/983721
Bugzilla SUSE Bug 983977 https://bugzilla.suse.com/983977
Bugzilla SUSE Bug 984148 https://bugzilla.suse.com/984148
Bugzilla SUSE Bug 984419 https://bugzilla.suse.com/984419
Bugzilla SUSE Bug 984755 https://bugzilla.suse.com/984755
Bugzilla SUSE Bug 985978 https://bugzilla.suse.com/985978
Bugzilla SUSE Bug 986362 https://bugzilla.suse.com/986362
Bugzilla SUSE Bug 986365 https://bugzilla.suse.com/986365
Bugzilla SUSE Bug 986445 https://bugzilla.suse.com/986445
Bugzilla SUSE Bug 986569 https://bugzilla.suse.com/986569
Bugzilla SUSE Bug 986572 https://bugzilla.suse.com/986572
Bugzilla SUSE Bug 986811 https://bugzilla.suse.com/986811
Bugzilla SUSE Bug 986941 https://bugzilla.suse.com/986941
Bugzilla SUSE Bug 987542 https://bugzilla.suse.com/987542
Bugzilla SUSE Bug 987565 https://bugzilla.suse.com/987565
Bugzilla SUSE Bug 987576 https://bugzilla.suse.com/987576
Bugzilla SUSE Bug 989152 https://bugzilla.suse.com/989152
Bugzilla SUSE Bug 990384 https://bugzilla.suse.com/990384
Bugzilla SUSE Bug 991608 https://bugzilla.suse.com/991608
Bugzilla SUSE Bug 991665 https://bugzilla.suse.com/991665
Bugzilla SUSE Bug 993392 https://bugzilla.suse.com/993392
Bugzilla SUSE Bug 993890 https://bugzilla.suse.com/993890
Bugzilla SUSE Bug 993891 https://bugzilla.suse.com/993891
Bugzilla SUSE Bug 994296 https://bugzilla.suse.com/994296
Bugzilla SUSE Bug 994748 https://bugzilla.suse.com/994748
Bugzilla SUSE Bug 994881 https://bugzilla.suse.com/994881
Bugzilla SUSE Bug 995968 https://bugzilla.suse.com/995968
Bugzilla SUSE Bug 997708 https://bugzilla.suse.com/997708
Bugzilla SUSE Bug 998795 https://bugzilla.suse.com/998795
Bugzilla SUSE Bug 999584 https://bugzilla.suse.com/999584
Bugzilla SUSE Bug 999600 https://bugzilla.suse.com/999600
Bugzilla SUSE Bug 999932 https://bugzilla.suse.com/999932
Bugzilla SUSE Bug 999943 https://bugzilla.suse.com/999943
CVE SUSE CVE CVE-2014-9904 page https://www.suse.com/security/cve/CVE-2014-9904/
CVE SUSE CVE CVE-2015-8956 page https://www.suse.com/security/cve/CVE-2015-8956/
CVE SUSE CVE CVE-2015-8962 page https://www.suse.com/security/cve/CVE-2015-8962/
CVE SUSE CVE CVE-2015-8963 page https://www.suse.com/security/cve/CVE-2015-8963/
CVE SUSE CVE CVE-2015-8964 page https://www.suse.com/security/cve/CVE-2015-8964/
CVE SUSE CVE CVE-2016-10088 page https://www.suse.com/security/cve/CVE-2016-10088/
CVE SUSE CVE CVE-2016-4470 page https://www.suse.com/security/cve/CVE-2016-4470/
CVE SUSE CVE CVE-2016-4997 page https://www.suse.com/security/cve/CVE-2016-4997/
CVE SUSE CVE CVE-2016-5696 page https://www.suse.com/security/cve/CVE-2016-5696/
CVE SUSE CVE CVE-2016-5828 page https://www.suse.com/security/cve/CVE-2016-5828/
CVE SUSE CVE CVE-2016-5829 page https://www.suse.com/security/cve/CVE-2016-5829/
CVE SUSE CVE CVE-2016-6130 page https://www.suse.com/security/cve/CVE-2016-6130/
CVE SUSE CVE CVE-2016-6327 page https://www.suse.com/security/cve/CVE-2016-6327/
CVE SUSE CVE CVE-2016-6480 page https://www.suse.com/security/cve/CVE-2016-6480/
CVE SUSE CVE CVE-2016-6828 page https://www.suse.com/security/cve/CVE-2016-6828/
CVE SUSE CVE CVE-2016-7042 page https://www.suse.com/security/cve/CVE-2016-7042/
CVE SUSE CVE CVE-2016-7097 page https://www.suse.com/security/cve/CVE-2016-7097/
CVE SUSE CVE CVE-2016-7425 page https://www.suse.com/security/cve/CVE-2016-7425/
CVE SUSE CVE CVE-2016-7910 page https://www.suse.com/security/cve/CVE-2016-7910/
CVE SUSE CVE CVE-2016-7911 page https://www.suse.com/security/cve/CVE-2016-7911/
CVE SUSE CVE CVE-2016-7913 page https://www.suse.com/security/cve/CVE-2016-7913/
CVE SUSE CVE CVE-2016-7914 page https://www.suse.com/security/cve/CVE-2016-7914/
CVE SUSE CVE CVE-2016-8399 page https://www.suse.com/security/cve/CVE-2016-8399/
CVE SUSE CVE CVE-2016-8633 page https://www.suse.com/security/cve/CVE-2016-8633/
CVE SUSE CVE CVE-2016-8645 page https://www.suse.com/security/cve/CVE-2016-8645/
CVE SUSE CVE CVE-2016-8658 page https://www.suse.com/security/cve/CVE-2016-8658/
CVE SUSE CVE CVE-2016-9083 page https://www.suse.com/security/cve/CVE-2016-9083/
CVE SUSE CVE CVE-2016-9084 page https://www.suse.com/security/cve/CVE-2016-9084/
CVE SUSE CVE CVE-2016-9756 page https://www.suse.com/security/cve/CVE-2016-9756/
CVE SUSE CVE CVE-2016-9793 page https://www.suse.com/security/cve/CVE-2016-9793/
CVE SUSE CVE CVE-2016-9806 page https://www.suse.com/security/cve/CVE-2016-9806/
CVE SUSE CVE CVE-2017-2583 page https://www.suse.com/security/cve/CVE-2017-2583/
CVE SUSE CVE CVE-2017-2584 page https://www.suse.com/security/cve/CVE-2017-2584/
CVE SUSE CVE CVE-2017-5551 page https://www.suse.com/security/cve/CVE-2017-5551/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kgraft-patch-3_12_61-52_66-xen?arch=x86_64&distro=sles-12 suse kgraft-patch-3_12_61-52_66-xen < 1-2.1 sles-12 x86_64
Affected pkg:rpm/suse/kgraft-patch-3_12_61-52_66-default?arch=x86_64&distro=sles-12 suse kgraft-patch-3_12_61-52_66-default < 1-2.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-xen?arch=x86_64&distro=sles-12 suse kernel-xen < 3.12.61-52.66.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-xen-devel?arch=x86_64&distro=sles-12 suse kernel-xen-devel < 3.12.61-52.66.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-xen-base?arch=x86_64&distro=sles-12 suse kernel-xen-base < 3.12.61-52.66.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12 suse kernel-syms < 3.12.61-52.66.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-12 suse kernel-syms < 3.12.61-52.66.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-12 suse kernel-syms < 3.12.61-52.66.1 sles-12 ppc64le
Affected pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12 suse kernel-source < 3.12.61-52.66.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12 suse kernel-macros < 3.12.61-52.66.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12 suse kernel-devel < 3.12.61-52.66.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12 suse kernel-default < 3.12.61-52.66.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-12 suse kernel-default < 3.12.61-52.66.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-12 suse kernel-default < 3.12.61-52.66.1 sles-12 ppc64le
Affected pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-12 suse kernel-default-man < 3.12.61-52.66.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12 suse kernel-default-devel < 3.12.61-52.66.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-12 suse kernel-default-devel < 3.12.61-52.66.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-12 suse kernel-default-devel < 3.12.61-52.66.1 sles-12 ppc64le
Affected pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12 suse kernel-default-base < 3.12.61-52.66.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-12 suse kernel-default-base < 3.12.61-52.66.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-12 suse kernel-default-base < 3.12.61-52.66.1 sles-12 ppc64le
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date