CVE-2015-8812
published 2016-04-27CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute…
PriorityP357critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
14.28%
96.2th percentile
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | linux | < linux 4.4.2-1 (bookworm) | linux 4.4.2-1 (bookworm) |
| linux | linux_kernel | < 3.2.78 | 3.2.78 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 4.4.2-1 | 4.4.2-1 |
| linux | linux_kernel | >= 0 < 3.13.0-85.129 | 3.13.0-85.129 |
| linux | linux_kernel | >= 3.11 < 3.12.56 | 3.12.56 |
| linux | linux_kernel | >= 3.13 < 3.14.63 | 3.14.63 |
| linux | linux_kernel | >= 3.15 < 3.16.35 | 3.16.35 |
| linux | linux_kernel | >= 3.17 < 3.18.31 | 3.18.31 |
| linux | linux_kernel | >= 3.19 < 4.1.22 | 4.1.22 |
| linux | linux_kernel | >= 3.3 < 3.10.99 | 3.10.99 |
| linux | linux_kernel | >= 4.2.0 < 4.4.4 | 4.4.4 |
| novell | suse_linux_enterprise_real_time_extension | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c8fc-wc9r-j8c3: drivers/infiniband/hw/cxgb3/iwch_cm
ghsa_unreviewed·2022-05-14
CVE-2015-8812 [CRITICAL] GHSA-c8fc-wc9r-j8c3: drivers/infiniband/hw/cxgb3/iwch_cm
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
OSV
CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm
osv·2016-04-27·CVSS 9.8
CVE-2015-8812 [CRITICAL] CVE-2015-8812: drivers/infiniband/hw/cxgb3/iwch_cm
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
OSV
linux-lts-utopic regression
osv·2016-04-11·CVSS 4.6
[MEDIUM] linux-lts-utopic regression
linux-lts-utopic regression
USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel
backported to Ubuntu 14.04 LTS. An incorrect reference counting
fix in the radeon driver introduced a regression that could cause a
system crash. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)
Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly validate the interfaces and endpoints reported by the
device. An attacker with physical access could cause a denial of service
OSV
linux vulnerabilities
osv·2016-04-06·CVSS 9.8
CVE-2015-8812 [CRITICAL] linux vulnerabilities
linux vulnerabilities
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel's CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
David Herrmann discovered that the Linux kernel incorrectly accounted file
descriptors to the original opener for in-flight file descriptors sent over
a unix domain socket. A local attacker could use this to cause a denial of
service (resource exhaustion). (CVE-2016-2550)
It was discovered that the Linux kernel did not enforce limits on the
amount of data allocated
OSV
linux-lts-utopic vulnerabilities
osv·2016-04-06·CVSS 4.6
CVE-2015-7566 [MEDIUM] linux-lts-utopic vulnerabilities
linux-lts-utopic vulnerabilities
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)
Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly validate the interfaces and endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7833)
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel's CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
It was discovered that a race condition existe
OSV
linux-lts-wily vulnerabilities
osv·2016-04-06·CVSS 4.9
CVE-2015-7833 [MEDIUM] linux-lts-wily vulnerabilities
linux-lts-wily vulnerabilities
Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly validate the interfaces and endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7833)
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel's CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
It was discovered that the extended Berkeley Packet Filter (eBPF)
implementation in the Linux kernel did not c
OSV
linux-lts-vivid vulnerabilities
osv·2016-04-06·CVSS 9.8
CVE-2015-8812 [CRITICAL] linux-lts-vivid vulnerabilities
linux-lts-vivid vulnerabilities
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel's CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
David Herrmann discovered that the Linux kernel incorrectly accounted file
descriptors to the original opener for in-flight file descriptors sent over
a unix domain socket. A local attacker could use this to cause a denial of
service (resource exhaustion). (CVE-2016-2550)
It was discovered that the Linux kernel did not enforce limits on the
amount of data
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 6.2
CVE-2013-4312 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)
Ral
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2016-05-09·CVSS 6.2
CVE-2013-4312 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
It was discovered that the Linux kernel did not properly enforce rlimits
for file descriptors sent over UNIX domain sockets. A local attacker could
use this to cause a denial of service. (CVE-2013-4312)
Ralf Spenneberg discovered that the Aiptek Tablet USB device driver in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7515)
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-75
Ubuntu
Linux kernel (Utopic HWE) regression
vendor_ubuntu·2016-04-11·CVSS 4.6
[MEDIUM] Linux kernel (Utopic HWE) regression
Title: Linux kernel (Utopic HWE) regression
Summary: USN 2948-1 introduced a regression in the Ubuntu 14.10 Linux kernel
backported to Ubuntu 14.04 LTS.
USN-2948-1 fixed vulnerabilities in the Ubuntu 14.10 Linux kernel
backported to Ubuntu 14.04 LTS. An incorrect reference counting
fix in the radeon driver introduced a regression that could cause a
system crash. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)
Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly
Ubuntu
Linux kernel (Trusty HWE) vulnerabilities
vendor_ubuntu·2016-04-06·CVSS 9.8
CVE-2015-8812 [CRITICAL] Linux kernel (Trusty HWE) vulnerabilities
Title: Linux kernel (Trusty HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel's CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
David Herrmann discovered that the Linux kernel incorrectly accounted file
descriptors to the original opener for in-flight file descriptors sent over
a unix domain socket. A local attacker could use this to cause a denial of
service (resource exhaustion). (CVE-2016-2550)
It was d
Ubuntu
Linux kernel (Wily HWE) vulnerabilities
vendor_ubuntu·2016-04-06·CVSS 4.9
CVE-2015-7833 [MEDIUM] Linux kernel (Wily HWE) vulnerabilities
Title: Linux kernel (Wily HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly validate the interfaces and endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7833)
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel's CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
It was discovered that the extende
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-04-06·CVSS 9.8
CVE-2015-8812 [CRITICAL] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel's CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
David Herrmann discovered that the Linux kernel incorrectly accounted file
descriptors to the original opener for in-flight file descriptors sent over
a unix domain socket. A local attacker could use this to cause a denial of
service (resource exhaustion). (CVE-2016-2550)
It was discovered tha
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2016-04-06·CVSS 4.9
CVE-2015-7833 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly validate the interfaces and endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7833)
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel's CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
It was discovered that the extended Berkeley
Ubuntu
Linux kernel (Raspberry Pi 2) vulnerabilities
vendor_ubuntu·2016-04-06·CVSS 4.9
CVE-2015-7833 [MEDIUM] Linux kernel (Raspberry Pi 2) vulnerabilities
Title: Linux kernel (Raspberry Pi 2) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly validate the interfaces and endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7833)
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel's CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
It was discovered that the e
Ubuntu
Linux kernel (Vivid HWE) vulnerabilities
vendor_ubuntu·2016-04-06·CVSS 9.8
CVE-2015-8812 [CRITICAL] Linux kernel (Vivid HWE) vulnerabilities
Title: Linux kernel (Vivid HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel's CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arbitrary code. (CVE-2015-8812)
Xiaofei Rex Guo discovered a timing side channel vulnerability in the Linux
Extended Verification Module (EVM). An attacker could use this to affect
system integrity. (CVE-2016-2085)
David Herrmann discovered that the Linux kernel incorrectly accounted file
descriptors to the original opener for in-flight file descriptors sent over
a unix domain socket. A local attacker could use this to cause a denial of
service (resource exhaustion). (CVE-2016-2550)
It was di
Ubuntu
Linux kernel (Utopic HWE) vulnerabilities
vendor_ubuntu·2016-04-06·CVSS 4.6
CVE-2015-7566 [MEDIUM] Linux kernel (Utopic HWE) vulnerabilities
Title: Linux kernel (Utopic HWE) vulnerabilities
Summary: Several security issues were fixed in the kernel.
Ralf Spenneberg discovered that the USB driver for Clie devices in the
Linux kernel did not properly validate the endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7566)
Ralf Spenneberg discovered that the usbvision driver in the Linux kernel
did not properly validate the interfaces and endpoints reported by the
device. An attacker with physical access could cause a denial of service
(system crash). (CVE-2015-7833)
Venkatesh Pottem discovered a use-after-free vulnerability in the Linux
kernel's CXGB3 driver. A local attacker could use this to cause a denial of
service (system crash) or possibly execute arb
Red Hat
kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic.
vendor_redhat·2016-02-11·CVSS 9.8
CVE-2015-8812 [CRITICAL] CWE-416 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic.
kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic.
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
A use-after-free flaw was found in the CXGB3 kernel driver when the network was considered to be congested. The kernel incorrectly misinterpreted the congestion as an error condition and incorrectly freed or cleaned up the socket buffer (skb). When the device then sent the skb's queued data, these structures were referenced. A local attacker could use this flaw to panic the system (denial of service) or, with a local account, escalate
Debian
CVE-2015-8812: linux - drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not pr...
vendor_debian·2015·CVSS 9.8
CVE-2015-8812 [CRITICAL] CVE-2015-8812: linux - drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not pr...
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted packets.
Scope: local
bookworm: resolved (fixed in 4.4.2-1)
bullseye: resolved (fixed in 4.4.2-1)
forky: resolved (fixed in 4.4.2-1)
sid: resolved (fixed in 4.4.2-1)
trixie: resolved (fixed in 4.4.2-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic. [fedora-all]
bugzilla·2016-02-18·CVSS 9.8
CVE-2015-8812 [CRITICAL] CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic. [fedora-all]
CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic. [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg co
Bugzilla
CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic.
bugzilla·2016-02-01·CVSS 9.8
CVE-2015-8812 [CRITICAL] CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic.
CVE-2015-8812 kernel: CXGB3: Logic bug in return code handling prematurely frees key structures causing Use after free or kernel panic.
A flaw was found in the CXGB3 kernel driver when the network was considered congested. The kernel would incorrectly misinterpret the congestion as an error condition and incorrectly free/clean up the skb. When the device would then send the skb's queued, these structures would be referenced and may panic the system or allow an attacker to escalate privileges in a use-after-free scenario.
From the patch:
----
The cxgb3_*_send() functions return NET_XMIT_ values, which are
positive integers values. So don't treat positive return values
as an error.
----
Upstream commit:
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2574.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2584.htmlhttp://www.debian.org/security/2016/dsa-3503http://www.openwall.com/lists/oss-security/2016/02/11/1http://www.securityfocus.com/bid/83218http://www.ubuntu.com/usn/USN-2946-1http://www.ubuntu.com/usn/USN-2946-2http://www.ubuntu.com/usn/USN-2947-1http://www.ubuntu.com/usn/USN-2947-2http://www.ubuntu.com/usn/USN-2947-3http://www.ubuntu.com/usn/USN-2948-1http://www.ubuntu.com/usn/USN-2948-2http://www.ubuntu.com/usn/USN-2949-1http://www.ubuntu.com/usn/USN-2967-1http://www.ubuntu.com/usn/USN-2967-2https://bugzilla.redhat.com/show_bug.cgi?id=1303532https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00094.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00015.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00019.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00025.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00026.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00027.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00028.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00029.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00030.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00031.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00032.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00033.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00034.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00036.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00037.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-04/msg00045.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-07/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00038.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2574.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2584.htmlhttp://www.debian.org/security/2016/dsa-3503http://www.openwall.com/lists/oss-security/2016/02/11/1http://www.securityfocus.com/bid/83218http://www.ubuntu.com/usn/USN-2946-1http://www.ubuntu.com/usn/USN-2946-2http://www.ubuntu.com/usn/USN-2947-1http://www.ubuntu.com/usn/USN-2947-2http://www.ubuntu.com/usn/USN-2947-3http://www.ubuntu.com/usn/USN-2948-1http://www.ubuntu.com/usn/USN-2948-2http://www.ubuntu.com/usn/USN-2949-1http://www.ubuntu.com/usn/USN-2967-1http://www.ubuntu.com/usn/USN-2967-2https://bugzilla.redhat.com/show_bug.cgi?id=1303532https://github.com/torvalds/linux/commit/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3
2016-04-27
Published