Vulnerability from csaf_suse
Published
2017-10-10 12:16
Modified
2017-10-10 12:16
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack
overflow vulnerability in the processing of L2CAP configuration responses
resulting in remote code execution in kernel space (bnc#1057389).
- CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h did not
verify that a filesystem has a realtime device, which allowed local users to
cause a denial of service (NULL pointer dereference and OOPS) via vectors
related to setting an RHINHERIT flag on a directory (bnc#1058524).
- CVE-2017-14140: The move_pages system call in mm/migrate.c did not check the
effective uid of the target process, enabling a local attacker to learn the
memory layout of a setuid executable despite ASLR (bnc#1057179).
- CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl
function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a
denial of service (memory corruption and system crash) by leveraging root
access (bnc#1056588).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain
privileges or cause a denial of service (list corruption or use-after-free) via
simultaneous file-descriptor operations that leverage improper might_cancel
queueing (bnc#1053152).
- CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer was
copied into a local buffer of constant size using strcpy without a length check
which can cause a buffer overflow (bnc#1053148).
- CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a
denial of service (out-of-bounds array access) or possibly have unspecified
other impact by changing a certain sequence-number value, aka a 'double fetch'
vulnerability (bnc#1037994).
- CVE-2017-1000112: Prevent race condition in net-packet code that could have
been exploited by unprivileged users to gain root access.(bnc#1052311).
The following non-security bugs were fixed:
- ALSA: Fix Lewisburg audio issue
- Drop commit 96234ae:kvm_io_bus_unregister_dev() should never fail (bsc#1055680)
- Fixup build warnings in drivers/scsi/scsi.c (bsc#1031358)
- NFS: Cache aggressively when file is open for writing (bsc#1053933).
- NFS: Do drop directory dentry when error clearly requires it (bsc#1051932).
- NFS: Do not flush caches for a getattr that races with writeback (bsc#1053933).
- NFS: Optimize fallocate by refreshing mapping when needed (bsc#1053933).
- NFS: invalidate file size when taking a lock (bsc#1053933).
- PCI: fix hotplug related issues (bnc#1054247).
- af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093).
- avoid deadlock in xenbus (bnc#1047523).
- blacklist 9754d45e9970 tpm: read burstcount from TPM_STS in one 32-bit transaction
- blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216).
- cx231xx-audio: fix NULL-deref at probe (bsc#1050431).
- cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
- fuse: do not use iocb after it may have been freed (bsc#1054706).
- fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706).
- fuse: fsync() did not return IO errors (bsc#1054076).
- fuse: fuse_flush must check mapping->flags for errors (bsc#1054706).
- gspca: konica: add missing endpoint sanity check (bsc#1050431).
- kabi/severities: Ignore zpci symbol changes (bsc#1054247)
- lib/mpi: mpi_read_raw_data(): fix nbits calculation
- media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl (bsc#1050431).
- net: Fix RCU splat in af_key (bsc#1054093).
- powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450).
- powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667).
- powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667).
- powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370).
- powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070).
- reiserfs: fix race in readdir (bsc#1039803).
- s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247).
- s390/pci: fix handling of PEC 306 (bnc#1054247).
- s390/pci: improve error handling during fmb (de)registration (bnc#1054247).
- s390/pci: improve error handling during interrupt deregistration (bnc#1054247).
- s390/pci: improve pci hotplug (bnc#1054247).
- s390/pci: improve unreg_ioat error handling (bnc#1054247).
- s390/pci: introduce clp_get_state (bnc#1054247).
- s390/pci: provide more debug information (bnc#1054247).
- scsi: avoid system stall due to host_busy race (bsc#1031358).
- scsi: close race when updating blocked counters (bsc#1031358).
- ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441).
- supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802).
- tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381).
- uwb: fix device quirk on big-endian hosts (bsc#1036629).
- xfs: fix inobt inode allocation search optimization (bsc#1013018).
Patchnames
slertesp4-linux-kernel-rt-13307
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "important", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for the Linux Kernel", title: "Title of the patch", }, { category: "description", text: "\nThe SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack\n overflow vulnerability in the processing of L2CAP configuration responses\n resulting in remote code execution in kernel space (bnc#1057389).\n- CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h did not\n verify that a filesystem has a realtime device, which allowed local users to\n cause a denial of service (NULL pointer dereference and OOPS) via vectors\n related to setting an RHINHERIT flag on a directory (bnc#1058524).\n- CVE-2017-14140: The move_pages system call in mm/migrate.c did not check the\n effective uid of the target process, enabling a local attacker to learn the\n memory layout of a setuid executable despite ASLR (bnc#1057179).\n- CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl\n function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a\n denial of service (memory corruption and system crash) by leveraging root\n access (bnc#1056588).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain\n privileges or cause a denial of service (list corruption or use-after-free) via\n simultaneous file-descriptor operations that leverage improper might_cancel\n queueing (bnc#1053152).\n- CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer was\n copied into a local buffer of constant size using strcpy without a length check\n which can cause a buffer overflow (bnc#1053148).\n- CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a\n denial of service (out-of-bounds array access) or possibly have unspecified\n other impact by changing a certain sequence-number value, aka a 'double fetch'\n vulnerability (bnc#1037994).\n- CVE-2017-1000112: Prevent race condition in net-packet code that could have\n been exploited by unprivileged users to gain root access.(bnc#1052311).\n\nThe following non-security bugs were fixed:\n\n- ALSA: Fix Lewisburg audio issue\n- Drop commit 96234ae:kvm_io_bus_unregister_dev() should never fail (bsc#1055680)\n- Fixup build warnings in drivers/scsi/scsi.c (bsc#1031358)\n- NFS: Cache aggressively when file is open for writing (bsc#1053933).\n- NFS: Do drop directory dentry when error clearly requires it (bsc#1051932).\n- NFS: Do not flush caches for a getattr that races with writeback (bsc#1053933).\n- NFS: Optimize fallocate by refreshing mapping when needed (bsc#1053933).\n- NFS: invalidate file size when taking a lock (bsc#1053933).\n- PCI: fix hotplug related issues (bnc#1054247).\n- af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093).\n- avoid deadlock in xenbus (bnc#1047523).\n- blacklist 9754d45e9970 tpm: read burstcount from TPM_STS in one 32-bit transaction\n- blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216).\n- cx231xx-audio: fix NULL-deref at probe (bsc#1050431).\n- cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n- fuse: do not use iocb after it may have been freed (bsc#1054706).\n- fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706).\n- fuse: fsync() did not return IO errors (bsc#1054076).\n- fuse: fuse_flush must check mapping->flags for errors (bsc#1054706).\n- gspca: konica: add missing endpoint sanity check (bsc#1050431).\n- kabi/severities: Ignore zpci symbol changes (bsc#1054247)\n- lib/mpi: mpi_read_raw_data(): fix nbits calculation\n- media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl (bsc#1050431).\n- net: Fix RCU splat in af_key (bsc#1054093).\n- powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450).\n- powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667).\n- powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667).\n- powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370).\n- powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070).\n- reiserfs: fix race in readdir (bsc#1039803).\n- s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247).\n- s390/pci: fix handling of PEC 306 (bnc#1054247).\n- s390/pci: improve error handling during fmb (de)registration (bnc#1054247).\n- s390/pci: improve error handling during interrupt deregistration (bnc#1054247).\n- s390/pci: improve pci hotplug (bnc#1054247).\n- s390/pci: improve unreg_ioat error handling (bnc#1054247).\n- s390/pci: introduce clp_get_state (bnc#1054247).\n- s390/pci: provide more debug information (bnc#1054247).\n- scsi: avoid system stall due to host_busy race (bsc#1031358).\n- scsi: close race when updating blocked counters (bsc#1031358).\n- ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441).\n- supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802).\n- tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381).\n- uwb: fix device quirk on big-endian hosts (bsc#1036629).\n- xfs: fix inobt inode allocation search optimization (bsc#1013018).\n", title: "Description of the patch", }, { category: "details", text: "slertesp4-linux-kernel-rt-13307", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2694-1.json", }, { category: "self", summary: "URL for SUSE-SU-2017:2694-1", url: "https://www.suse.com/support/update/announcement/2017/suse-su-20172694-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2017:2694-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2017-October/003284.html", }, { category: "self", summary: "SUSE Bug 1013018", url: "https://bugzilla.suse.com/1013018", }, { category: "self", summary: "SUSE Bug 1024450", url: "https://bugzilla.suse.com/1024450", }, { category: "self", summary: "SUSE Bug 1031358", url: "https://bugzilla.suse.com/1031358", }, { category: "self", summary: "SUSE Bug 1036629", url: "https://bugzilla.suse.com/1036629", }, { category: "self", summary: "SUSE Bug 1037441", url: "https://bugzilla.suse.com/1037441", }, { category: "self", summary: "SUSE Bug 1037667", url: "https://bugzilla.suse.com/1037667", }, { category: "self", summary: "SUSE Bug 1037669", url: "https://bugzilla.suse.com/1037669", }, { category: "self", summary: "SUSE Bug 1037994", url: "https://bugzilla.suse.com/1037994", }, { category: "self", summary: "SUSE Bug 1039803", url: "https://bugzilla.suse.com/1039803", }, { category: "self", summary: "SUSE Bug 1040609", url: "https://bugzilla.suse.com/1040609", }, { category: "self", summary: "SUSE Bug 1042863", url: "https://bugzilla.suse.com/1042863", }, { category: "self", summary: "SUSE Bug 1045154", url: "https://bugzilla.suse.com/1045154", }, { category: "self", summary: "SUSE Bug 1047523", url: "https://bugzilla.suse.com/1047523", }, { category: "self", summary: "SUSE Bug 1050381", url: "https://bugzilla.suse.com/1050381", }, { category: "self", summary: "SUSE Bug 1050431", url: "https://bugzilla.suse.com/1050431", }, { category: "self", summary: "SUSE Bug 1051932", url: "https://bugzilla.suse.com/1051932", }, { category: "self", summary: "SUSE Bug 1052311", url: "https://bugzilla.suse.com/1052311", }, { category: "self", summary: "SUSE Bug 1052370", url: "https://bugzilla.suse.com/1052370", }, { category: "self", summary: "SUSE Bug 1053148", url: "https://bugzilla.suse.com/1053148", }, { category: "self", summary: "SUSE Bug 1053152", url: "https://bugzilla.suse.com/1053152", }, { category: "self", summary: "SUSE Bug 1053802", url: "https://bugzilla.suse.com/1053802", }, { category: "self", summary: "SUSE Bug 1053933", url: "https://bugzilla.suse.com/1053933", }, { category: "self", summary: "SUSE Bug 1054070", url: "https://bugzilla.suse.com/1054070", }, { category: "self", summary: "SUSE Bug 1054076", url: "https://bugzilla.suse.com/1054076", }, { category: "self", summary: "SUSE Bug 1054093", url: "https://bugzilla.suse.com/1054093", }, { category: "self", summary: "SUSE Bug 1054247", url: "https://bugzilla.suse.com/1054247", }, { category: "self", summary: "SUSE Bug 1054706", url: "https://bugzilla.suse.com/1054706", }, { category: "self", summary: "SUSE Bug 1055680", url: "https://bugzilla.suse.com/1055680", }, { category: "self", summary: "SUSE Bug 1056588", url: "https://bugzilla.suse.com/1056588", }, { category: "self", summary: "SUSE Bug 1057179", url: "https://bugzilla.suse.com/1057179", }, { category: "self", summary: "SUSE Bug 1057389", url: "https://bugzilla.suse.com/1057389", }, { category: "self", summary: "SUSE Bug 1058524", url: "https://bugzilla.suse.com/1058524", }, { category: "self", summary: "SUSE Bug 984530", url: "https://bugzilla.suse.com/984530", }, { category: "self", summary: "SUSE CVE CVE-2017-1000112 page", url: "https://www.suse.com/security/cve/CVE-2017-1000112/", }, { category: "self", summary: "SUSE CVE CVE-2017-1000251 page", url: "https://www.suse.com/security/cve/CVE-2017-1000251/", }, { category: "self", summary: "SUSE CVE CVE-2017-10661 page", url: "https://www.suse.com/security/cve/CVE-2017-10661/", }, { category: "self", summary: "SUSE CVE CVE-2017-12762 page", url: "https://www.suse.com/security/cve/CVE-2017-12762/", }, { category: "self", summary: "SUSE CVE CVE-2017-14051 page", url: "https://www.suse.com/security/cve/CVE-2017-14051/", }, { category: "self", summary: "SUSE CVE CVE-2017-14140 page", url: "https://www.suse.com/security/cve/CVE-2017-14140/", }, { category: "self", summary: "SUSE CVE CVE-2017-14340 page", url: "https://www.suse.com/security/cve/CVE-2017-14340/", }, { category: "self", summary: "SUSE CVE CVE-2017-8831 page", url: "https://www.suse.com/security/cve/CVE-2017-8831/", }, ], title: "Security update for the Linux Kernel", tracking: { current_release_date: "2017-10-10T12:16:47Z", generator: { date: "2017-10-10T12:16:47Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2017:2694-1", initial_release_date: "2017-10-10T12:16:47Z", revision_history: [ { date: "2017-10-10T12:16:47Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "kernel-rt-3.0.101.rt130-69.8.1.x86_64", product: { name: "kernel-rt-3.0.101.rt130-69.8.1.x86_64", product_id: "kernel-rt-3.0.101.rt130-69.8.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", product: { name: "kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", product_id: "kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", }, }, { category: "product_version", name: "kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", product: { name: "kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", product_id: "kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", product: { name: "kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", product_id: "kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", product: { name: "kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", product_id: "kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", }, }, { category: "product_version", name: "kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", product: { name: "kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", product_id: "kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", }, }, { category: "product_version", name: "kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", product: { name: "kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", product_id: "kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", }, }, { category: "product_version", name: "kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", product: { name: "kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", product_id: "kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Real Time 11 SP4", product: { name: "SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4", product_identification_helper: { cpe: "cpe:/a:suse:suse-linux-enterprise-rt:11:sp4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "kernel-rt-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", }, product_reference: "kernel-rt-3.0.101.rt130-69.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-base-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", }, product_reference: "kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", }, product_reference: "kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", }, product_reference: "kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", }, product_reference: "kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", }, product_reference: "kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-source-rt-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", }, product_reference: "kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, { category: "default_component_of", full_product_name: { name: "kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4", product_id: "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", }, product_reference: "kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Real Time 11 SP4", }, ], }, vulnerabilities: [ { cve: "CVE-2017-1000112", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-1000112", }, ], notes: [ { category: "general", text: "Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 (\"[IPv4/IPv6]: UFO Scatter-gather approach\") on Oct 18 2005.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-1000112", url: "https://www.suse.com/security/cve/CVE-2017-1000112", }, { category: "external", summary: "SUSE Bug 1052311 for CVE-2017-1000112", url: "https://bugzilla.suse.com/1052311", }, { category: "external", summary: "SUSE Bug 1052365 for CVE-2017-1000112", url: "https://bugzilla.suse.com/1052365", }, { category: "external", summary: "SUSE Bug 1052368 for CVE-2017-1000112", url: "https://bugzilla.suse.com/1052368", }, { category: "external", summary: "SUSE Bug 1072117 for CVE-2017-1000112", url: "https://bugzilla.suse.com/1072117", }, { category: "external", summary: "SUSE Bug 1072162 for CVE-2017-1000112", url: "https://bugzilla.suse.com/1072162", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2017-1000112", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-10T12:16:47Z", details: "important", }, ], title: "CVE-2017-1000112", }, { cve: "CVE-2017-1000251", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-1000251", }, ], notes: [ { category: "general", text: "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-1000251", url: "https://www.suse.com/security/cve/CVE-2017-1000251", }, { category: "external", summary: "SUSE Bug 1057389 for CVE-2017-1000251", url: "https://bugzilla.suse.com/1057389", }, { category: "external", summary: "SUSE Bug 1057950 for CVE-2017-1000251", url: "https://bugzilla.suse.com/1057950", }, { category: "external", summary: "SUSE Bug 1070535 for CVE-2017-1000251", url: "https://bugzilla.suse.com/1070535", }, { category: "external", summary: "SUSE Bug 1072117 for CVE-2017-1000251", url: "https://bugzilla.suse.com/1072117", }, { category: "external", summary: "SUSE Bug 1072162 for CVE-2017-1000251", url: "https://bugzilla.suse.com/1072162", }, { category: "external", summary: "SUSE Bug 1120758 for CVE-2017-1000251", url: "https://bugzilla.suse.com/1120758", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 8.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-10T12:16:47Z", details: "important", }, ], title: "CVE-2017-1000251", }, { cve: "CVE-2017-10661", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-10661", }, ], notes: [ { category: "general", text: "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-10661", url: "https://www.suse.com/security/cve/CVE-2017-10661", }, { category: "external", summary: "SUSE Bug 1053152 for CVE-2017-10661", url: "https://bugzilla.suse.com/1053152", }, { category: "external", summary: "SUSE Bug 1053153 for CVE-2017-10661", url: "https://bugzilla.suse.com/1053153", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2017-10661", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.4, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-10T12:16:47Z", details: "important", }, ], title: "CVE-2017-10661", }, { cve: "CVE-2017-12762", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-12762", }, ], notes: [ { category: "general", text: "In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-12762", url: "https://www.suse.com/security/cve/CVE-2017-12762", }, { category: "external", summary: "SUSE Bug 1053148 for CVE-2017-12762", url: "https://bugzilla.suse.com/1053148", }, { category: "external", summary: "SUSE Bug 1053150 for CVE-2017-12762", url: "https://bugzilla.suse.com/1053150", }, { category: "external", summary: "SUSE Bug 1072117 for CVE-2017-12762", url: "https://bugzilla.suse.com/1072117", }, { category: "external", summary: "SUSE Bug 1072162 for CVE-2017-12762", url: "https://bugzilla.suse.com/1072162", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2017-12762", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 7.8, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-10T12:16:47Z", details: "important", }, ], title: "CVE-2017-12762", }, { cve: "CVE-2017-14051", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-14051", }, ], notes: [ { category: "general", text: "An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-14051", url: "https://www.suse.com/security/cve/CVE-2017-14051", }, { category: "external", summary: "SUSE Bug 1056588 for CVE-2017-14051", url: "https://bugzilla.suse.com/1056588", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.4, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-10T12:16:47Z", details: "moderate", }, ], title: "CVE-2017-14051", }, { cve: "CVE-2017-14140", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-14140", }, ], notes: [ { category: "general", text: "The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-14140", url: "https://www.suse.com/security/cve/CVE-2017-14140", }, { category: "external", summary: "SUSE Bug 1057179 for CVE-2017-14140", url: "https://bugzilla.suse.com/1057179", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 3.3, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-10T12:16:47Z", details: "low", }, ], title: "CVE-2017-14140", }, { cve: "CVE-2017-14340", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-14340", }, ], notes: [ { category: "general", text: "The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-14340", url: "https://www.suse.com/security/cve/CVE-2017-14340", }, { category: "external", summary: "SUSE Bug 1058524 for CVE-2017-14340", url: "https://bugzilla.suse.com/1058524", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.5, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-10T12:16:47Z", details: "moderate", }, ], title: "CVE-2017-14340", }, { cve: "CVE-2017-8831", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2017-8831", }, ], notes: [ { category: "general", text: "The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a \"double fetch\" vulnerability.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2017-8831", url: "https://www.suse.com/security/cve/CVE-2017-8831", }, { category: "external", summary: "SUSE Bug 1037994 for CVE-2017-8831", url: "https://bugzilla.suse.com/1037994", }, { category: "external", summary: "SUSE Bug 1061936 for CVE-2017-8831", url: "https://bugzilla.suse.com/1061936", }, { category: "external", summary: "SUSE Bug 1087082 for CVE-2017-8831", url: "https://bugzilla.suse.com/1087082", }, { category: "external", summary: "SUSE Bug 1115893 for CVE-2017-8831", url: "https://bugzilla.suse.com/1115893", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 6.7, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.8.1.x86_64", "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.8.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2017-10-10T12:16:47Z", details: "moderate", }, ], title: "CVE-2017-8831", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.