Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:2175-1

Опубликовано: 29 авг. 2016
Источник: suse-cvrf

Описание

Security update for Linux Kernel Live Patch 6 for SLE 12 SP1

This update for the Linux Kernel 3.12.59-60_45 fixes several issues.

The following security bugs were fixed:

  • CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bsc#991667).
  • CVE-2016-5829: Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel allowed local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call (bsc#986573).

Список пакетов

SUSE Linux Enterprise Live Patching 12
kgraft-patch-3_12_59-60_45-default-3-2.1
kgraft-patch-3_12_59-60_45-xen-3-2.1

Ссылки

Описание

Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3 allow local users to cause a denial of service or possibly have unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call.

Затронутые продукты
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_59-60_45-default-3-2.1
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_59-60_45-xen-3-2.1
Ссылки

Описание

Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability.

Затронутые продукты
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_59-60_45-default-3-2.1
SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_59-60_45-xen-3-2.1
Ссылки