Novell Suse Linux Enterprise Real Time Extension vulnerabilities

CVE-2016-3672 [HIGH] CWE-254 CVE-2016-3672: The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption res

CVE-2016-3134 [HIGH] CWE-119 CVE-2016-3134: The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, w The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.

CVE-2016-2847 [MEDIUM] CWE-399 CVE-2016-2847: fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which al fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with non-default sizes.

CVE-2015-1339 [MEDIUM] CWE-399 CVE-2015-1339: Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 al Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in the Linux kernel before 4.4 allows local users to cause a denial of service (memory consumption) or possibly have unspecified other impact by opening /dev/cuse many times.

CVE-2016-2384 [MEDIUM] CVE-2016-2384: Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (panic) or possibly have unspecified other impact via vectors involving an invalid USB descriptor.

CVE-2016-2184 [MEDIUM] CVE-2016-2184: The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linu The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.

CVE-2016-3139 [MEDIUM] CVE-2016-3139: The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.

CVE-2015-8816 [MEDIUM] CVE-2015-8816: The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not proper The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service (invalid memory access and system crash) or possibly have unspecified other impact by unplugging a USB hub device.

CVE-2016-3156 [MEDIUM] CWE-399 CVE-2016-3156: The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, w The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging for a large number of IP addresses.

CVE-2015-8550 [HIGH] CWE-284 CVE-2015-8550: Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a de Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain privileges by writing to memory shared between the frontend and backend, aka a double fetch vulnerability.

CVE-2015-8552 [MEDIUM] CWE-20 CVE-2015-8552: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to generate a continuous stream of WARN messages and cause a denial of service (disk consumption) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and XEN_

CVE-2015-7566 [MEDIUM] CVE-2015-7566: The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows ph The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.

CVE-2015-7833 [MEDIUM] CWE-17 CVE-2015-7833: The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1 allows physically proximate attackers to cause a denial of service (panic) via a nonzero bInterfaceNumber value in a USB device descriptor.