Suse Linux Enterprise Real Time Extension vulnerabilities

CVE-2017-18017 [CRITICAL] CWE-416 CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.

CVE-2016-5244 [HIGH] CWE-200 CVE-2016-5244: The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initiali The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which allows remote attackers to obtain sensitive information from kernel stack memory by reading an RDS message.

CVE-2016-2782 [MEDIUM] CWE-476 CVE-2016-2782: The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physica The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.

CVE-2015-8551 [MEDIUM] CWE-476 CVE-2015-8551: The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest administrators to hit BUG conditions and cause a denial of service (NULL pointer dereference and host OS crash) by leveraging a system with access to a passed-through MSI or MSI-X capable physical PCI device and a cr

CVE-2015-8539 [HIGH] CWE-269 CVE-2015-8539: The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a d The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted keyctl commands that negatively instantiate a key, related to security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and security/keys/user_defined.c.

CVE-2015-8785 [MEDIUM] CWE-835 CVE-2015-8785: The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local use The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service (infinite loop) via a writev system call that triggers a zero length for the first segment of an iov.

CVE-2015-0272 [MEDIUM] CVE-2015-0272: GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.

CVE-2014-8160 [MEDIUM] CWE-20 CVE-2014-8160: net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect connt net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols, which allows remote attackers to bypass intended access restrictions via packets with disallowed port numbers.

CVE-2014-9584 [LOW] CWE-20 CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 do The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 does not validate a length value in the Extensions Reference (ER) System Use Field, which allows local users to obtain sensitive information from kernel memory via a crafted iso9660 image.

CVE-2014-9585 [LOW] CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly c The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 does not properly choose memory locations for the vDSO area, which makes it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD.

CVE-2014-8369 [HIGH] CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculate The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because

CVE-2014-3687 [HIGH] CWE-400 CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.

CVE-2014-8559 [MEDIUM] CWE-400 CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 does not properly maintain the semantics of rename_lock, which allows local users to cause a denial of service (deadlock and system hang) via a crafted application.

CVE-2014-3690 [MEDIUM] CWE-400 CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does n arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC

CVE-2014-3601 [MEDIUM] CWE-189 CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculate The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of s

CVE-2014-5077 [HIGH] CWE-476 CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an ea

CVE-2014-4608 [HIGH] CWE-190 CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. NOTE: the author of the LZO algorithms says "the Linux kernel is *not* affected; media h

CVE-2014-4667 [MEDIUM] CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does no The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

CVE-2014-4027 [LOW] CWE-200 CVE-2014-4027: The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.1 The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator.

CVE-2014-3153 [HIGH] CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.