SUSE-SU-2017:0293-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20170293-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:0293-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:0293-1
Related
Published
2017-01-26T16:02:57Z
Modified
2017-01-26T16:02:57Z
Summary
Security update for Linux Kernel Live Patch 2 for SLE 12 SP2
Details

This update for the Linux Kernel 4.4.21-84 fixes several issues.

The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNELDS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bsc#1019079). - CVE-2016-9794: Race condition in the sndpcmperiodelapsed function in sound/core/pcmlib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRVPCMTRIGGERSTART command (bsc#1013543). - CVE-2016-9576: The blkrqmapuseriov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271). before 4.8.14

References

Affected packages

SUSE:Linux Enterprise Live Patching 12 / kgraft-patch-SLE12-SP2_Update_2

Package

Name
kgraft-patch-SLE12-SP2_Update_2
Purl
pkg:rpm/suse/kgraft-patch-SLE12-SP2_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2-2.1

Ecosystem specific

{
    "binaries": [
        {
            "kgraft-patch-4_4_21-84-default": "2-2.1"
        }
    ]
}