Описание
Security update for the openSUSE Leap 42.1 kernel.
The openSUSE Leap 42.1 kernel has been updated to fix a security issue:
- CVE-2016-9576: A use-after-free vulnerability in the SCSI generic driver allows users with write access to /dev/sg* or /dev/bsg* to elevate their privileges (bsc#1013604).
Список пакетов
openSUSE Leap 42.1
kernel-debug-4.1.36-41.1
kernel-debug-base-4.1.36-41.1
kernel-debug-devel-4.1.36-41.1
kernel-default-4.1.36-41.1
kernel-default-base-4.1.36-41.1
kernel-default-devel-4.1.36-41.1
kernel-devel-4.1.36-41.1
kernel-docs-4.1.36-41.2
kernel-docs-html-4.1.36-41.2
kernel-docs-pdf-4.1.36-41.2
kernel-ec2-4.1.36-41.1
kernel-ec2-base-4.1.36-41.1
kernel-ec2-devel-4.1.36-41.1
kernel-macros-4.1.36-41.1
kernel-obs-build-4.1.36-41.1
kernel-obs-qa-4.1.36-41.1
kernel-pae-4.1.36-41.1
kernel-pae-base-4.1.36-41.1
kernel-pae-devel-4.1.36-41.1
kernel-pv-4.1.36-41.1
kernel-pv-base-4.1.36-41.1
kernel-pv-devel-4.1.36-41.1
kernel-source-4.1.36-41.1
kernel-source-vanilla-4.1.36-41.1
kernel-syms-4.1.36-41.1
kernel-vanilla-4.1.36-41.1
kernel-vanilla-devel-4.1.36-41.1
kernel-xen-4.1.36-41.1
kernel-xen-base-4.1.36-41.1
kernel-xen-devel-4.1.36-41.1
Ссылки
- E-Mail link for openSUSE-SU-2016:3086-1
- SUSE Security Ratings
Описание
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.
Затронутые продукты
openSUSE Leap 42.1:kernel-debug-4.1.36-41.1
openSUSE Leap 42.1:kernel-debug-base-4.1.36-41.1
openSUSE Leap 42.1:kernel-debug-devel-4.1.36-41.1
openSUSE Leap 42.1:kernel-default-4.1.36-41.1
Ссылки
- CVE-2016-9576
- SUSE Bug 1013604
- SUSE Bug 1014271
- SUSE Bug 1017710
- SUSE Bug 1019079
- SUSE Bug 1019668