SUSE-SU-2017:0227-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20170227-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:0227-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:0227-1
Related
Published
2017-01-20T12:30:17Z
Modified
2017-01-20T12:30:17Z
Summary
Security update for Linux Kernel Live Patch 0 for SLE 12 SP2
Details

This update for the Linux Kernel 4.4.21-69 fixes several issues.

The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNELDS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bsc#1019079). - CVE-2016-9794: Race condition in the sndpcmperiodelapsed function in sound/core/pcmlib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRVPCMTRIGGERSTART command (bsc#1013543). - CVE-2016-8632: The tipcmsgbuild function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAPNETADMIN capability (bsc#1012852). - CVE-2016-9576: The blkrqmapuseriov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). before 4.8.14

References

Affected packages

SUSE:Linux Enterprise Live Patching 12 / kgraft-patch-SLE12-SP2_Update_0

Package

Name
kgraft-patch-SLE12-SP2_Update_0
Purl
purl:rpm/suse/kgraft-patch-SLE12-SP2_Update_0&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3-8.2

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-4_4_21-69-default": "3-8.2"
        }
    ]
}