The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter subsystem in the Linux kernel before 4.6 allows local users to cause a denial of service (out-of-bounds read) or possibly obtain sensitive information from kernel heap memory by leveraging in-container root access to provide a crafted offset value that leads to crossing a ruleset blob boundary.

ELSA-2017-3508: Unbreakable Enterprise kernel security update (IMPORTANT)

Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing.

ELSA-2016-3655: Unbreakable Enterprise kernel security update (IMPORTANT)

ELSA-2016-2962: kernel security and bug fix update (IMPORTANT)

ELSA-2016-2962-1: kernel security and bug fix update (IMPORTANT)

ELSA-2016-3619: Unbreakable Enterprise kernel security update (IMPORTANT)

Security update for the Linux Kernel

Security update for the Linux Kernel

ELSA-2016-3618: Unbreakable Enterprise kernel security update (IMPORTANT)

ELSA-2016-3617: Unbreakable Enterprise kernel security update (IMPORTANT)

ELSA-2016-1847: kernel security, bug fix, and enhancement update (IMPORTANT)

Security update for the Linux Kernel

ELSA-2016-3657: Unbreakable Enterprise kernel security update (IMPORTANT)

ELSA-2016-3656: Unbreakable Enterprise kernel security update (IMPORTANT)

Security update for the Linux Kernel

Security update for Linux Kernel Live Patch 10 for SLE 12

Security update for Linux Kernel Live Patch 11 for SLE 12

Security update for Linux Kernel Live Patch 12 for SLE 12

Security update for Linux Kernel Live Patch 9 for SLE 12