SUSE Linux update for Linux kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 28 |
| CVE-ID | CVE-2015-1350 CVE-2016-2117 CVE-2016-3070 CVE-2017-2584 CVE-2017-5897 CVE-2017-5986 CVE-2017-6074 CVE-2017-7308 CVE-2017-7616 CVE-2016-10044 CVE-2016-10200 CVE-2016-10208 CVE-2016-5243 CVE-2016-7117 CVE-2016-9588 CVE-2017-2647 CVE-2017-2671 CVE-2017-5669 CVE-2017-6214 CVE-2017-6345 CVE-2017-6346 CVE-2017-6348 CVE-2017-6353 CVE-2017-7187 CVE-2017-7261 CVE-2017-7294 CVE-2017-7645 CVE-2017-8106 |
| CWE-ID | CWE-264 CWE-200 CWE-416 CWE-125 CWE-617 CWE-399 CWE-787 CWE-388 CWE-835 CWE-119 CWE-20 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #7 is available. Public exploit code for vulnerability #8 is available. Public exploit code for vulnerability #17 is available. |
| Vulnerable software Subscribe |
SUSE Linux Operating systems & Components / Operating system Linux kernel Operating systems & Components / Operating system linux_kernel (Debian package) Operating systems & Components / Operating system package or component |
| Vendor |
SUSE Linux Foundation Debian |
Security Bulletin
This security bulletin contains information about 28 vulnerabilities.
1) Denial of service
EUVDB-ID: #VU6551
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-1350
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS conditions on the target system.
The weakness exists due to underspecified removing of extended privilege attributes caused by incomplete set of requirements for setattr operations. A local can invoke chown or system call, trigger an error in notify_change for filesystem xattrs and cause the ping or Wireshark dumpcap program to crash.
Successful exploitation of the vulnerability results in denial of service.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU3824
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-2117
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to an error when checking scatter/gather IO by the atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c. A remote attacker can send a specially crafted packet and view arbitrary files from from kernel memory.
Successful exploitation of the vulnerability results in information disclosure.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) CVE-2016-3070
EUVDB-ID: #VU4070
Risk: Low
CVSSv3.1: 3.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-3070
CWE-ID: N/A
Exploit availability: No
DescriptionOracle VM Server for x86 Bulletin - October 2016
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free error
EUVDB-ID: #VU5182
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2584
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or obtain potentially sensitive information.
The weakness exists due to use-after-free error in the arch/x86/kvm/emulate.c script. A local attacker can use a specially crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt and cause the system to crash or read arbitrary file on the system.
Successful exploitation of the vulnerability results in denial of service.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU5675
Risk: Medium
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:H/E:U/RL:W/RC:C]
CVE-ID: CVE-2017-5897
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.
The vulnerability exists due to boundary error when processing GRE packets in ip6gre_err() function in net/ipv6/ip6_gre.c. A remote attacker can send specially crafted GRE packets to IPv6 interface, trigger out-of-bounds read and obtain memory contents or cause denial of service.Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information, stored in RAM, such as passwords, encryption keys, etc.
Mitigation
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Assertion failure
EUVDB-ID: #VU5868
Risk: Low
CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-5986
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to cause kernel panic.
The vulnerability exists due to a race condition in the sctp_wait_for_sndbuf() function in net/sctp/socket.c in the Linux kernel before 4.9.11. A local user can use userspace application to trigger a BUG_ON() system call if the socket tx buffer is full and cause kernel panic.
Successful exploitation of this vulnerability may result in denial of service condition.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Resource management error
EUVDB-ID: #VU5869
Risk: Low
CVSSv3.1: 6.4 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-6074
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to cause kernel panic.
The vulnerability exists due to invalid free in the dccp_rcv_state_process() function in net/dccp/input.c file in the Linux kernel through 4.9.11 when processing DCCP_PKT_REQUEST packet data structures in the LISTEN state. A local user can use userspace application to make an IPV6_RECVPKTINFO setsockopt system call and cause kernel panic.
Successful exploitation of this vulnerability may result in denial of service condition.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Heap-out-of-bounds write
EUVDB-ID: #VU6526
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2017-7308
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to cause DoS conditions.
The weakness exists due to improper validation of certain block-size data by the packet_set_ring function in net/packet/af_packet.c. A local attacker can provide specific parameters to the PACKET_RX_RING option on an AF_PACKET socket with a TPACKET_V3 ring buffer version enabled, trigger heap-out-of-bounds write and cause denial of service.
Successful exploitation of the vulnerability results in denial of service.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsLinux kernel: 4.0.1 - 4.10.6
linux_kernel (Debian package): 4.6.4-1 - 4.7.2-1
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.9.27:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.4.67:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.10.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.1.39:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.8.17:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.7.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.5.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.6.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.3.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.2.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.0.9:*:*:*:*:*:*:*
- cpe:2.3:o:debian:linux_kernel_debian_package:4.7.2-1:*:*:*:*:*:*:*
- cpe:2.3:o:debian:linux_kernel_debian_package:4.6.4-1:*:*:*:*:*:*:*
http://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
9) Information disclosure
EUVDB-ID: #VU6613
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7616
CWE-ID:
CWE-388 - Error Handling
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information from system memory
The weakness exists due to an error handling flaw in the set_mempolicy() and mbind compat() system calls in 'mm/mempolicy.c'. A local attacker can trigger a failure of a certain bitmap operation and obtain sensitive information from uninitialized stack data.
Successful exploitation of the vulnerability results in information disclosure.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) CVE-2016-10044
EUVDB-ID: #VU6642
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10044
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) CVE-2016-10200
EUVDB-ID: #VU6643
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10200
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds read
EUVDB-ID: #VU6644
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-10208
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target systsem.
The weakness exists due to memory corruption when validating meta block groups by the ext4_fill_super function. A local attacker can use a specially crafted EXT4 image to trigger an out-of-bounds read and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) CVE-2016-5243
EUVDB-ID: #VU6645
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-5243
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) CVE-2016-7117
EUVDB-ID: #VU6646
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-7117
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) CVE-2016-9588
EUVDB-ID: #VU6647
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-9588
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) CVE-2017-2647
EUVDB-ID: #VU6648
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-2647
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) CVE-2017-2671
EUVDB-ID: #VU6649
Risk: Medium
CVSSv3.1: 6.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-2671
CWE-ID: N/A
Exploit availability: Yes
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
18) Security restrictions bypass
EUVDB-ID: #VU6650
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-5669
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restriction on the target system.
The weakness exists in the do_shmat function in ipc/shm.c due to improper restriction of the address calculated by a certain rounding operation. A local attacker can map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Infinite loop
EUVDB-ID: #VU6651
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6214
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to an error in tcp_splice_read() function in net/ipv4/tcp.c in Linux kernel before 4.9.11. A remote attacker can send a specially crafted TCP packet with the URG flag and trigger infinite loop.
Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) CVE-2017-6345
EUVDB-ID: #VU6652
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6345
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Use-after-free error
EUVDB-ID: #VU6653
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6346
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to race condition in net/packet/af_packet.c. A local attacker can use a multithreaded application, make PACKET_FANOUT setsockopt system calls, trigger use-after-free error and cause the system to crash.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) CVE-2017-6348
EUVDB-ID: #VU6654
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6348
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) CVE-2017-6353
EUVDB-ID: #VU6655
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6353
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) CVE-2017-7187
EUVDB-ID: #VU6656
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7187
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) CVE-2017-7261
EUVDB-ID: #VU6657
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7261
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Memory corruption
EUVDB-ID: #VU6658
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7294
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.
The weakness exists in the vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c due to missing validation of addition of certain levels data. A local attacker can trigger integer overflow and out-of-bounds write, cause the service to crash or possibly gain root privileges via a crafted ioctl call for a /dev/dri/renderD* device.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Denial of service
EUVDB-ID: #VU6659
Risk: Medium
CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-7645
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The weakness exists due to a flaw in the NFSv2/NFSv3 server in the nfsd subsystem. A remote attacker can use a long RPC reply related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
The SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) CVE-2017-8106
EUVDB-ID: #VU6660
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-8106
CWE-ID: N/A
Exploit availability: No
MitigationThe SUSE Linux Enterprise 12 SP1 kernel was updated to version 3.12.74 to receive various security and bugfixes.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-05/msg00058.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
