Vulnerability-Lookup

CVE-2014-7822 (GCVE-0-2014-7822)

Vulnerability from cvelistv5 – Published: 2015-03-16 10:00 – Updated: 2024-08-06 13:03

Summary

The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.

Severity

No CVSS data available.

CWE

Assigner

redhat

References

21 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1163792	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2544-1	vendor-advisoryx_refsource_UBUNTU
http://www.debian.org/security/2015/dsa-3170	vendor-advisoryx_refsource_DEBIAN
https://www.exploit-db.com/exploits/36743/	exploitx_refsource_EXPLOIT-DB
http://www.ubuntu.com/usn/USN-2542-1	vendor-advisoryx_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2015-0164.html	vendor-advisoryx_refsource_REDHAT
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/72347	vdb-entryx_refsource_BID
http://www.ubuntu.com/usn/USN-2541-1	vendor-advisoryx_refsource_UBUNTU
https://github.com/torvalds/linux/commit/8d020765…	x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-0694.html	vendor-advisoryx_refsource_REDHAT
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://www.osvdb.org/117810	vdb-entryx_refsource_OSVDB
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
http://git.kernel.org/?p=linux/kernel/git/torvald…	x_refsource_CONFIRM
http://www.ubuntu.com/usn/USN-2543-1	vendor-advisoryx_refsource_UBUNTU
http://rhn.redhat.com/errata/RHSA-2015-0102.html	vendor-advisoryx_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-0674.html	vendor-advisoryx_refsource_REDHAT

Date Public

2015-01-28 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:03:27.355Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163792"
          },
          {
            "name": "USN-2544-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2544-1"
          },
          {
            "name": "DSA-3170",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3170"
          },
          {
            "name": "36743",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/36743/"
          },
          {
            "name": "USN-2542-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2542-1"
          },
          {
            "name": "SUSE-SU-2015:1489",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
          },
          {
            "name": "SUSE-SU-2015:0736",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
          },
          {
            "name": "RHSA-2015:0164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0164.html"
          },
          {
            "name": "SUSE-SU-2015:1488",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
          },
          {
            "name": "72347",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/72347"
          },
          {
            "name": "USN-2541-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2541-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958"
          },
          {
            "name": "RHSA-2015:0694",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0694.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
          },
          {
            "name": "117810",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/117810"
          },
          {
            "name": "SUSE-SU-2015:0529",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
          },
          {
            "name": "openSUSE-SU-2015:0714",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958"
          },
          {
            "name": "USN-2543-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2543-1"
          },
          {
            "name": "RHSA-2015:0102",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0102.html"
          },
          {
            "name": "RHSA-2015:0674",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0674.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-01-28T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-30T16:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1163792"
        },
        {
          "name": "USN-2544-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2544-1"
        },
        {
          "name": "DSA-3170",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3170"
        },
        {
          "name": "36743",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/36743/"
        },
        {
          "name": "USN-2542-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2542-1"
        },
        {
          "name": "SUSE-SU-2015:1489",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html"
        },
        {
          "name": "SUSE-SU-2015:0736",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html"
        },
        {
          "name": "RHSA-2015:0164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0164.html"
        },
        {
          "name": "SUSE-SU-2015:1488",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html"
        },
        {
          "name": "72347",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/72347"
        },
        {
          "name": "USN-2541-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2541-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958"
        },
        {
          "name": "RHSA-2015:0694",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0694.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"
        },
        {
          "name": "117810",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/117810"
        },
        {
          "name": "SUSE-SU-2015:0529",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html"
        },
        {
          "name": "openSUSE-SU-2015:0714",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958"
        },
        {
          "name": "USN-2543-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2543-1"
        },
        {
          "name": "RHSA-2015:0102",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0102.html"
        },
        {
          "name": "RHSA-2015:0674",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0674.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-7822",
    "datePublished": "2015-03-16T10:00:00.000Z",
    "dateReserved": "2014-10-03T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:03:27.355Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2014-7822",
      "date": "2026-05-27",
      "epss": "0.00381",
      "percentile": "0.59685"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.15.8\", \"matchCriteriaId\": \"4DCF4B0B-59B3-48E5-A3B7-D0E4FE606AF4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.\"}, {\"lang\": \"es\", \"value\": \"La implementaci\\u00f3n de ciertas operaciones de archivo splice_write en el kernel de Linux anterior a 3.16 no fuerza una restricci\\u00f3n en el tama\\u00f1o m\\u00e1ximo de un archivo, lo que permite a usaurios locales causar una denegaci\\u00f3n de servicio (ca\\u00edda del sistema) o la posibilidad de tener otro impacto no especificado a trav\\u00e9s de llamadas anidadas al sistema modificadas, como se ha demostrado mediante el uso de un archivo descriptor asociado con sistemas de ficheros ext4.\"}]",
      "id": "CVE-2014-7822",
      "lastModified": "2024-11-21T02:18:04.763",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-03-16T10:59:00.070",
      "references": "[{\"url\": \"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0102.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0164.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0674.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0694.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3170\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.osvdb.org/117810\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/72347\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2541-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2542-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2543-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2544-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1163792\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://www.exploit-db.com/exploits/36743/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0102.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0164.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0674.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2015-0694.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2015/dsa-3170\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/117810\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/72347\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2541-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2542-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2543-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2544-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1163792\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.exploit-db.com/exploits/36743/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-264\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-7822\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-03-16T10:59:00.070\",\"lastModified\":\"2026-05-06T22:30:45.220\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.\"},{\"lang\":\"es\",\"value\":\"La implementaci\u00f3n de ciertas operaciones de archivo splice_write en el kernel de Linux anterior a 3.16 no fuerza una restricci\u00f3n en el tama\u00f1o m\u00e1ximo de un archivo, lo que permite a usaurios locales causar una denegaci\u00f3n de servicio (ca\u00edda del sistema) o la posibilidad de tener otro impacto no especificado a trav\u00e9s de llamadas anidadas al sistema modificadas, como se ha demostrado mediante el uso de un archivo descriptor asociado con sistemas de ficheros ext4.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.15.8\",\"matchCriteriaId\":\"4DCF4B0B-59B3-48E5-A3B7-D0E4FE606AF4\"}]}]}],\"references\":[{\"url\":\"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0102.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0164.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0674.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0694.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3170\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.osvdb.org/117810\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/72347\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2541-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2542-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2543-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2544-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1163792\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://www.exploit-db.com/exploits/36743/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8d0207652cbe27d1f962050737848e5ad4671958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00015.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00009.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0102.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0164.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0674.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2015-0694.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2015/dsa-3170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/117810\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/72347\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2541-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2542-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2543-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2544-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1163792\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/torvalds/linux/commit/8d0207652cbe27d1f962050737848e5ad4671958\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.exploit-db.com/exploits/36743/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

SUSE-SU-2015:1488-1

Vulnerability from csaf_suse - Published: 2015-08-14 09:23 - Updated: 2015-08-14 09:23

Summary

Live patch for the Linux Kernel

Severity

Important

Notes

Title of the patch: Live patch for the Linux Kernel

Description of the patch: This update contains a kernel live patch for the 3.12.36-38 SUSE Linux Enterprise Server 12 Kernel, fixing following security issues. - CVE-2015-3339: A race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bsc#939263 bsc#939044) - CVE-2015-1465: The IPv4 implementation in the Linux kernel did not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allowed remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. (bsc#939044 bsc#916225) - CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux kernel did not initialize a certain list data structure during an unhash operation, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. (bsc#939277) - CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood of UDP packets with invalid checksums were fixed that could be used by remote attackers to delay execution. (bsc#939276) - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel did not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allowed local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O vector array overrun.' (bsc#939270) - CVE-2015-4700: A BPF Jit optimization flaw could allow local users to panic the kernel. (bsc#939273) - CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly determine the memory locations used for encrypted data, which allowed context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bsc#939262) - CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bsc#939241) - CVE-2014-7822: The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. (bsc#939240)

Patchnames: SUSE-SLE-Live-Patching-12-2015-485

CVE-2014-7822

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2014-8159

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2015-1465

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact important

CVE-2015-1805

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact important

CVE-2015-3331

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2015-3339

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2015-3636

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2015-4700

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2015-5364

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2015-5366

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

69 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/916225	self
https://bugzilla.suse.com/939044	self
https://bugzilla.suse.com/939240	self
https://bugzilla.suse.com/939241	self
https://bugzilla.suse.com/939262	self
https://bugzilla.suse.com/939263	self
https://bugzilla.suse.com/939270	self
https://bugzilla.suse.com/939273	self
https://bugzilla.suse.com/939276	self
https://bugzilla.suse.com/939277	self
https://www.suse.com/security/cve/CVE-2014-7822/	self
https://www.suse.com/security/cve/CVE-2014-8159/	self
https://www.suse.com/security/cve/CVE-2015-1465/	self
https://www.suse.com/security/cve/CVE-2015-1805/	self
https://www.suse.com/security/cve/CVE-2015-3331/	self
https://www.suse.com/security/cve/CVE-2015-3339/	self
https://www.suse.com/security/cve/CVE-2015-3636/	self
https://www.suse.com/security/cve/CVE-2015-4700/	self
https://www.suse.com/security/cve/CVE-2015-5364/	self
https://www.suse.com/security/cve/CVE-2015-5366/	self
https://www.suse.com/security/cve/CVE-2014-7822	external
https://bugzilla.suse.com/1115893	external
https://bugzilla.suse.com/915322	external
https://bugzilla.suse.com/915517	external
https://bugzilla.suse.com/939240	external
https://www.suse.com/security/cve/CVE-2014-8159	external
https://bugzilla.suse.com/903967	external
https://bugzilla.suse.com/914742	external
https://bugzilla.suse.com/939241	external
https://www.suse.com/security/cve/CVE-2015-1465	external
https://bugzilla.suse.com/916225	external
https://bugzilla.suse.com/939044	external
https://www.suse.com/security/cve/CVE-2015-1805	external
https://bugzilla.suse.com/917839	external
https://bugzilla.suse.com/933429	external
https://bugzilla.suse.com/939270	external
https://bugzilla.suse.com/964730	external
https://bugzilla.suse.com/964732	external
https://www.suse.com/security/cve/CVE-2015-3331	external
https://bugzilla.suse.com/1115893	external
https://bugzilla.suse.com/927257	external
https://bugzilla.suse.com/931231	external
https://bugzilla.suse.com/939262	external
https://www.suse.com/security/cve/CVE-2015-3339	external
https://bugzilla.suse.com/903967	external
https://bugzilla.suse.com/928130	external
https://bugzilla.suse.com/939263	external
https://www.suse.com/security/cve/CVE-2015-3636	external
https://bugzilla.suse.com/929525	external
https://bugzilla.suse.com/939277	external
https://bugzilla.suse.com/994624	external
https://www.suse.com/security/cve/CVE-2015-4700	external
https://bugzilla.suse.com/935705	external
https://bugzilla.suse.com/939273	external
https://www.suse.com/security/cve/CVE-2015-5364	external
https://bugzilla.suse.com/1115893	external
https://bugzilla.suse.com/781018	external
https://bugzilla.suse.com/936831	external
https://bugzilla.suse.com/939276	external
https://bugzilla.suse.com/945112	external
https://www.suse.com/security/cve/CVE-2015-5366	external
https://bugzilla.suse.com/781018	external
https://bugzilla.suse.com/936831	external
https://bugzilla.suse.com/939276	external
https://bugzilla.suse.com/945112	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Live patch for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update contains a kernel live patch for the 3.12.36-38 SUSE Linux Enterprise\nServer 12 Kernel, fixing following security issues.\n\n- CVE-2015-3339: A race condition in the prepare_binprm function in\n  fs/exec.c in the Linux kernel allowed local users to gain privileges\n  by executing a setuid program at a time instant when a chown to root\n  is in progress, and the ownership is changed but the setuid bit is not\n  yet stripped. (bsc#939263 bsc#939044)\n\n- CVE-2015-1465: The IPv4 implementation in the Linux kernel did not\n  properly consider the length of the Read-Copy Update (RCU) grace period\n  for redirecting lookups in the absence of caching, which allowed remote\n  attackers to cause a denial of service (memory consumption or system\n  crash) via a flood of packets. (bsc#939044 bsc#916225)\n\n- CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the\n  Linux kernel did not initialize a certain list data structure during an\n  unhash operation, which allowed local users to gain privileges or cause\n  a denial of service (use-after-free and system crash) by leveraging the\n  ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP\n  or IPPROTO_ICMPV6 protocol, and then making a connect system call after\n  a disconnect. (bsc#939277)\n\n- CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood\n  of UDP packets with invalid checksums were fixed that could be used\n  by remote attackers to delay execution. (bsc#939276)\n\n- CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in\n  fs/pipe.c in the Linux kernel did not properly consider the side effects\n  of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls,\n  which allowed local users to cause a denial of service (system crash)\n  or possibly gain privileges via a crafted application, aka an \u0027I/O vector\n  array overrun.\u0027 (bsc#939270)\n\n- CVE-2015-4700: A BPF Jit optimization flaw could allow local users\n  to panic the kernel. (bsc#939273)\n\n- CVE-2015-3331: The __driver_rfc4106_decrypt function in\n  arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly\n  determine the memory locations used for encrypted data, which allowed\n  context-dependent attackers to cause a denial of service (buffer overflow\n  and system crash) or possibly execute arbitrary code by triggering a\n  crypto API call, as demonstrated by use of a libkcapi test program with\n  an AF_ALG(aead) socket. (bsc#939262)\n\n- CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel\n  did not properly restrict use of User Verbs for registration of memory\n  regions, which allowed local users to access arbitrary physical memory\n  locations, and consequently cause a denial of service (system crash)\n  or gain privileges, by leveraging permissions on a uverbs device under\n  /dev/infiniband/. (bsc#939241)\n\n- CVE-2014-7822: The implementation of certain splice_write file\n  operations in the Linux kernel before 3.16 does not enforce a restriction\n  on the maximum size of a single file, which allows local users to cause\n  a denial of service (system crash) or possibly have unspecified other\n  impact via a crafted splice system call, as demonstrated by use of a\n  file descriptor associated with an ext4 filesystem. (bsc#939240)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Live-Patching-12-2015-485",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1488-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2015:1488-1",
        "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151488-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2015:1488-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2015-September/001571.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 916225",
        "url": "https://bugzilla.suse.com/916225"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939044",
        "url": "https://bugzilla.suse.com/939044"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939240",
        "url": "https://bugzilla.suse.com/939240"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939241",
        "url": "https://bugzilla.suse.com/939241"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939262",
        "url": "https://bugzilla.suse.com/939262"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939263",
        "url": "https://bugzilla.suse.com/939263"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939270",
        "url": "https://bugzilla.suse.com/939270"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939273",
        "url": "https://bugzilla.suse.com/939273"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939276",
        "url": "https://bugzilla.suse.com/939276"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939277",
        "url": "https://bugzilla.suse.com/939277"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-7822 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-7822/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8159 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8159/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-1465 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-1465/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-1805 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-1805/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3331 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3331/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3339 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3339/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3636 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-4700 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-4700/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-5364 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-5364/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-5366 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-5366/"
      }
    ],
    "title": "Live patch for the Linux Kernel",
    "tracking": {
      "current_release_date": "2015-08-14T09:23:31Z",
      "generator": {
        "date": "2015-08-14T09:23:31Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2015:1488-1",
      "initial_release_date": "2015-08-14T09:23:31Z",
      "revision_history": [
        {
          "date": "2015-08-14T09:23:31Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_36-38-default-3-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_36-38-xen-3-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_36-38-xen-3-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12",
                  "product_id": "SUSE Linux Enterprise Live Patching 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_36-38-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
          "product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_36-38-xen-3-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
          "product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_36-38-xen-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-7822",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-7822"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-7822",
          "url": "https://www.suse.com/security/cve/CVE-2014-7822"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2014-7822",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 915322 for CVE-2014-7822",
          "url": "https://bugzilla.suse.com/915322"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 915517 for CVE-2014-7822",
          "url": "https://bugzilla.suse.com/915517"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939240 for CVE-2014-7822",
          "url": "https://bugzilla.suse.com/939240"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T09:23:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-7822"
    },
    {
      "cve": "CVE-2014-8159",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8159"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8159",
          "url": "https://www.suse.com/security/cve/CVE-2014-8159"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 903967 for CVE-2014-8159",
          "url": "https://bugzilla.suse.com/903967"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 914742 for CVE-2014-8159",
          "url": "https://bugzilla.suse.com/914742"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939241 for CVE-2014-8159",
          "url": "https://bugzilla.suse.com/939241"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T09:23:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-8159"
    },
    {
      "cve": "CVE-2015-1465",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-1465"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-1465",
          "url": "https://www.suse.com/security/cve/CVE-2015-1465"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 916225 for CVE-2015-1465",
          "url": "https://bugzilla.suse.com/916225"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939044 for CVE-2015-1465",
          "url": "https://bugzilla.suse.com/939044"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T09:23:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-1465"
    },
    {
      "cve": "CVE-2015-1805",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-1805"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\"",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-1805",
          "url": "https://www.suse.com/security/cve/CVE-2015-1805"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 917839 for CVE-2015-1805",
          "url": "https://bugzilla.suse.com/917839"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 933429 for CVE-2015-1805",
          "url": "https://bugzilla.suse.com/933429"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939270 for CVE-2015-1805",
          "url": "https://bugzilla.suse.com/939270"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 964730 for CVE-2015-1805",
          "url": "https://bugzilla.suse.com/964730"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 964732 for CVE-2015-1805",
          "url": "https://bugzilla.suse.com/964732"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T09:23:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-1805"
    },
    {
      "cve": "CVE-2015-3331",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3331"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3331",
          "url": "https://www.suse.com/security/cve/CVE-2015-3331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2015-3331",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 927257 for CVE-2015-3331",
          "url": "https://bugzilla.suse.com/927257"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 931231 for CVE-2015-3331",
          "url": "https://bugzilla.suse.com/931231"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939262 for CVE-2015-3331",
          "url": "https://bugzilla.suse.com/939262"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T09:23:31Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2015-3331"
    },
    {
      "cve": "CVE-2015-3339",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3339"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3339",
          "url": "https://www.suse.com/security/cve/CVE-2015-3339"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 903967 for CVE-2015-3339",
          "url": "https://bugzilla.suse.com/903967"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 928130 for CVE-2015-3339",
          "url": "https://bugzilla.suse.com/928130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939263 for CVE-2015-3339",
          "url": "https://bugzilla.suse.com/939263"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T09:23:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3339"
    },
    {
      "cve": "CVE-2015-3636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3636",
          "url": "https://www.suse.com/security/cve/CVE-2015-3636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 929525 for CVE-2015-3636",
          "url": "https://bugzilla.suse.com/929525"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939277 for CVE-2015-3636",
          "url": "https://bugzilla.suse.com/939277"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 994624 for CVE-2015-3636",
          "url": "https://bugzilla.suse.com/994624"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T09:23:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3636"
    },
    {
      "cve": "CVE-2015-4700",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-4700"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-4700",
          "url": "https://www.suse.com/security/cve/CVE-2015-4700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 935705 for CVE-2015-4700",
          "url": "https://bugzilla.suse.com/935705"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939273 for CVE-2015-4700",
          "url": "https://bugzilla.suse.com/939273"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T09:23:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-4700"
    },
    {
      "cve": "CVE-2015-5364",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-5364"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-5364",
          "url": "https://www.suse.com/security/cve/CVE-2015-5364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2015-5364",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 781018 for CVE-2015-5364",
          "url": "https://bugzilla.suse.com/781018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 936831 for CVE-2015-5364",
          "url": "https://bugzilla.suse.com/936831"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939276 for CVE-2015-5364",
          "url": "https://bugzilla.suse.com/939276"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 945112 for CVE-2015-5364",
          "url": "https://bugzilla.suse.com/945112"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T09:23:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-5364"
    },
    {
      "cve": "CVE-2015-5366",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-5366"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-5366",
          "url": "https://www.suse.com/security/cve/CVE-2015-5366"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 781018 for CVE-2015-5366",
          "url": "https://bugzilla.suse.com/781018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 936831 for CVE-2015-5366",
          "url": "https://bugzilla.suse.com/936831"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939276 for CVE-2015-5366",
          "url": "https://bugzilla.suse.com/939276"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 945112 for CVE-2015-5366",
          "url": "https://bugzilla.suse.com/945112"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_36-38-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T09:23:31Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-5366"
    }
  ]
}

SUSE-SU-2015:1489-1

Vulnerability from csaf_suse - Published: 2015-08-14 08:44 - Updated: 2015-08-14 08:44

Summary

Live patch for the Linux Kernel

Severity

Important

Notes

Title of the patch: Live patch for the Linux Kernel

Description of the patch: This update contains a kernel live patch for the 3.12.32-33 SUSE Linux Enterprise Server 12 Kernel, fixing following security issues. - CVE-2015-3339: A race condition in the prepare_binprm function in fs/exec.c in the Linux kernel allowed local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bsc#939263 bsc#939044) - CVE-2015-1465: The IPv4 implementation in the Linux kernel did not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allowed remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets. (bsc#939044 bsc#916225) - CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the Linux kernel did not initialize a certain list data structure during an unhash operation, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect. (bsc#939277) - CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood of UDP packets with invalid checksums were fixed that could be used by remote attackers to delay execution. (bsc#939276) - CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel did not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allowed local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an 'I/O vector array overrun.' (bsc#939270) - CVE-2015-4700: A BPF Jit optimization flaw could allow local users to panic the kernel. (bsc#939273) - CVE-2014-9710: The Btrfs implementation in the Linux kernel did not ensure that the visible xattr state is consistent with a requested replacement, which allowed local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit. (bsc#939260) - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. (bsc#902349 bsc#939044) - CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly determine the memory locations used for encrypted data, which allowed context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bsc#939262) - CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel did not properly restrict use of User Verbs for registration of memory regions, which allowed local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bsc#939241) - CVE-2014-7822: The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem. (bsc#939240)

Patchnames: SUSE-SLE-Live-Patching-12-2015-484

CVE-2014-3687

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact important

CVE-2014-7822

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2014-8159

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2014-9710

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2015-1465

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact important

CVE-2015-1805

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact important

CVE-2015-3331

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact critical

CVE-2015-3339

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2015-3636

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2015-4700

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2015-5364

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

CVE-2015-5366

Affected products

Recommended 2 products

Product	Identifier	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64		—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64		—	Vendor Fix

Threats

Impact moderate

References

81 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/902349	self
https://bugzilla.suse.com/916225	self
https://bugzilla.suse.com/939044	self
https://bugzilla.suse.com/939240	self
https://bugzilla.suse.com/939241	self
https://bugzilla.suse.com/939260	self
https://bugzilla.suse.com/939262	self
https://bugzilla.suse.com/939263	self
https://bugzilla.suse.com/939270	self
https://bugzilla.suse.com/939273	self
https://bugzilla.suse.com/939276	self
https://bugzilla.suse.com/939277	self
https://www.suse.com/security/cve/CVE-2014-3687/	self
https://www.suse.com/security/cve/CVE-2014-7822/	self
https://www.suse.com/security/cve/CVE-2014-8159/	self
https://www.suse.com/security/cve/CVE-2014-9710/	self
https://www.suse.com/security/cve/CVE-2015-1465/	self
https://www.suse.com/security/cve/CVE-2015-1805/	self
https://www.suse.com/security/cve/CVE-2015-3331/	self
https://www.suse.com/security/cve/CVE-2015-3339/	self
https://www.suse.com/security/cve/CVE-2015-3636/	self
https://www.suse.com/security/cve/CVE-2015-4700/	self
https://www.suse.com/security/cve/CVE-2015-5364/	self
https://www.suse.com/security/cve/CVE-2015-5366/	self
https://www.suse.com/security/cve/CVE-2014-3687	external
https://bugzilla.suse.com/1115893	external
https://bugzilla.suse.com/902349	external
https://bugzilla.suse.com/904899	external
https://bugzilla.suse.com/909208	external
https://www.suse.com/security/cve/CVE-2014-7822	external
https://bugzilla.suse.com/1115893	external
https://bugzilla.suse.com/915322	external
https://bugzilla.suse.com/915517	external
https://bugzilla.suse.com/939240	external
https://www.suse.com/security/cve/CVE-2014-8159	external
https://bugzilla.suse.com/903967	external
https://bugzilla.suse.com/914742	external
https://bugzilla.suse.com/939241	external
https://www.suse.com/security/cve/CVE-2014-9710	external
https://bugzilla.suse.com/923908	external
https://bugzilla.suse.com/939260	external
https://www.suse.com/security/cve/CVE-2015-1465	external
https://bugzilla.suse.com/916225	external
https://bugzilla.suse.com/939044	external
https://www.suse.com/security/cve/CVE-2015-1805	external
https://bugzilla.suse.com/917839	external
https://bugzilla.suse.com/933429	external
https://bugzilla.suse.com/939270	external
https://bugzilla.suse.com/964730	external
https://bugzilla.suse.com/964732	external
https://www.suse.com/security/cve/CVE-2015-3331	external
https://bugzilla.suse.com/1115893	external
https://bugzilla.suse.com/927257	external
https://bugzilla.suse.com/931231	external
https://bugzilla.suse.com/939262	external
https://www.suse.com/security/cve/CVE-2015-3339	external
https://bugzilla.suse.com/903967	external
https://bugzilla.suse.com/928130	external
https://bugzilla.suse.com/939263	external
https://www.suse.com/security/cve/CVE-2015-3636	external
https://bugzilla.suse.com/929525	external
https://bugzilla.suse.com/939277	external
https://bugzilla.suse.com/994624	external
https://www.suse.com/security/cve/CVE-2015-4700	external
https://bugzilla.suse.com/935705	external
https://bugzilla.suse.com/939273	external
https://www.suse.com/security/cve/CVE-2015-5364	external
https://bugzilla.suse.com/1115893	external
https://bugzilla.suse.com/781018	external
https://bugzilla.suse.com/936831	external
https://bugzilla.suse.com/939276	external
https://bugzilla.suse.com/945112	external
https://www.suse.com/security/cve/CVE-2015-5366	external
https://bugzilla.suse.com/781018	external
https://bugzilla.suse.com/936831	external
https://bugzilla.suse.com/939276	external
https://bugzilla.suse.com/945112	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Live patch for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThis update contains a kernel live patch for the 3.12.32-33 SUSE Linux Enterprise\nServer 12 Kernel, fixing following security issues.\n\n- CVE-2015-3339: A race condition in the prepare_binprm function in\n  fs/exec.c in the Linux kernel allowed local users to gain privileges\n  by executing a setuid program at a time instant when a chown to root\n  is in progress, and the ownership is changed but the setuid bit is not\n  yet stripped. (bsc#939263 bsc#939044)\n\n- CVE-2015-1465: The IPv4 implementation in the Linux kernel did not\n  properly consider the length of the Read-Copy Update (RCU) grace period\n  for redirecting lookups in the absence of caching, which allowed remote\n  attackers to cause a denial of service (memory consumption or system\n  crash) via a flood of packets. (bsc#939044 bsc#916225)\n\n- CVE-2015-3636: The ping_unhash function in net/ipv4/ping.c in the\n  Linux kernel did not initialize a certain list data structure during an\n  unhash operation, which allowed local users to gain privileges or cause\n  a denial of service (use-after-free and system crash) by leveraging the\n  ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP\n  or IPPROTO_ICMPV6 protocol, and then making a connect system call after\n  a disconnect. (bsc#939277)\n\n- CVE-2015-5364/CVE-2015-5366: Two denial of service attacks via a flood\n  of UDP packets with invalid checksums were fixed that could be used\n  by remote attackers to delay execution. (bsc#939276)\n\n- CVE-2015-1805: The (1) pipe_read and (2) pipe_write implementations in\n  fs/pipe.c in the Linux kernel did not properly consider the side effects\n  of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls,\n  which allowed local users to cause a denial of service (system crash)\n  or possibly gain privileges via a crafted application, aka an \u0027I/O vector\n  array overrun.\u0027 (bsc#939270)\n\n- CVE-2015-4700: A BPF Jit optimization flaw could allow local users\n  to panic the kernel. (bsc#939273)\n\n- CVE-2014-9710: The Btrfs implementation in the Linux kernel did not\n  ensure that the visible xattr state is consistent with a requested\n  replacement, which allowed local users to bypass intended ACL settings\n  and gain privileges via standard filesystem operations (1) during an\n  xattr-replacement time window, related to a race condition, or (2) after\n  an xattr-replacement attempt that fails because the data does not fit.\n  (bsc#939260)\n\n- CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n  net/sctp/associola.c in the SCTP implementation in the Linux kernel\n  allowed remote attackers to cause a denial of service (panic) via\n  duplicate ASCONF chunks that trigger an incorrect uncork within the\n  side-effect interpreter. (bsc#902349 bsc#939044)\n\n- CVE-2015-3331: The __driver_rfc4106_decrypt function in\n  arch/x86/crypto/aesni-intel_glue.c in the Linux kernel did not properly\n  determine the memory locations used for encrypted data, which allowed\n  context-dependent attackers to cause a denial of service (buffer overflow\n  and system crash) or possibly execute arbitrary code by triggering a\n  crypto API call, as demonstrated by use of a libkcapi test program with\n  an AF_ALG(aead) socket. (bsc#939262)\n\n- CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel\n  did not properly restrict use of User Verbs for registration of memory\n  regions, which allowed local users to access arbitrary physical memory\n  locations, and consequently cause a denial of service (system crash)\n  or gain privileges, by leveraging permissions on a uverbs device under\n  /dev/infiniband/. (bsc#939241)\n\n- CVE-2014-7822: The implementation of certain splice_write file\n  operations in the Linux kernel before 3.16 does not enforce a restriction\n  on the maximum size of a single file, which allows local users to cause\n  a denial of service (system crash) or possibly have unspecified other\n  impact via a crafted splice system call, as demonstrated by use of a\n  file descriptor associated with an ext4 filesystem. (bsc#939240)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Live-Patching-12-2015-484",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_1489-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2015:1489-1",
        "url": "https://www.suse.com/support/update/announcement/2015/suse-su-20151489-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2015:1489-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2015-September/001572.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 902349",
        "url": "https://bugzilla.suse.com/902349"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 916225",
        "url": "https://bugzilla.suse.com/916225"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939044",
        "url": "https://bugzilla.suse.com/939044"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939240",
        "url": "https://bugzilla.suse.com/939240"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939241",
        "url": "https://bugzilla.suse.com/939241"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939260",
        "url": "https://bugzilla.suse.com/939260"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939262",
        "url": "https://bugzilla.suse.com/939262"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939263",
        "url": "https://bugzilla.suse.com/939263"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939270",
        "url": "https://bugzilla.suse.com/939270"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939273",
        "url": "https://bugzilla.suse.com/939273"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939276",
        "url": "https://bugzilla.suse.com/939276"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 939277",
        "url": "https://bugzilla.suse.com/939277"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-3687 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-3687/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-7822 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-7822/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8159 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8159/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-9710 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-9710/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-1465 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-1465/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-1805 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-1805/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3331 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3331/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3339 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3339/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-3636 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-3636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-4700 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-4700/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-5364 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-5364/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2015-5366 page",
        "url": "https://www.suse.com/security/cve/CVE-2015-5366/"
      }
    ],
    "title": "Live patch for the Linux Kernel",
    "tracking": {
      "current_release_date": "2015-08-14T08:44:17Z",
      "generator": {
        "date": "2015-08-14T08:44:17Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2015:1489-1",
      "initial_release_date": "2015-08-14T08:44:17Z",
      "revision_history": [
        {
          "date": "2015-08-14T08:44:17Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_32-33-default-3-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_32-33-xen-3-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_32-33-xen-3-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12",
                  "product_id": "SUSE Linux Enterprise Live Patching 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_32-33-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
          "product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_32-33-xen-3-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
          "product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_32-33-xen-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-3687",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-3687"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allows remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-3687",
          "url": "https://www.suse.com/security/cve/CVE-2014-3687"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2014-3687",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 902349 for CVE-2014-3687",
          "url": "https://bugzilla.suse.com/902349"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 904899 for CVE-2014-3687",
          "url": "https://bugzilla.suse.com/904899"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 909208 for CVE-2014-3687",
          "url": "https://bugzilla.suse.com/909208"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2014-3687"
    },
    {
      "cve": "CVE-2014-7822",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-7822"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file, which allows local users to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted splice system call, as demonstrated by use of a file descriptor associated with an ext4 filesystem.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-7822",
          "url": "https://www.suse.com/security/cve/CVE-2014-7822"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2014-7822",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 915322 for CVE-2014-7822",
          "url": "https://bugzilla.suse.com/915322"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 915517 for CVE-2014-7822",
          "url": "https://bugzilla.suse.com/915517"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939240 for CVE-2014-7822",
          "url": "https://bugzilla.suse.com/939240"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-7822"
    },
    {
      "cve": "CVE-2014-8159",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8159"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The InfiniBand (IB) implementation in the Linux kernel package before 2.6.32-504.12.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8159",
          "url": "https://www.suse.com/security/cve/CVE-2014-8159"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 903967 for CVE-2014-8159",
          "url": "https://bugzilla.suse.com/903967"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 914742 for CVE-2014-8159",
          "url": "https://bugzilla.suse.com/914742"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939241 for CVE-2014-8159",
          "url": "https://bugzilla.suse.com/939241"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-8159"
    },
    {
      "cve": "CVE-2014-9710",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-9710"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time window, related to a race condition, or (2) after an xattr-replacement attempt that fails because the data does not fit.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-9710",
          "url": "https://www.suse.com/security/cve/CVE-2014-9710"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 923908 for CVE-2014-9710",
          "url": "https://bugzilla.suse.com/923908"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939260 for CVE-2014-9710",
          "url": "https://bugzilla.suse.com/939260"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2014-9710"
    },
    {
      "cve": "CVE-2015-1465",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-1465"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The IPv4 implementation in the Linux kernel before 3.18.8 does not properly consider the length of the Read-Copy Update (RCU) grace period for redirecting lookups in the absence of caching, which allows remote attackers to cause a denial of service (memory consumption or system crash) via a flood of packets.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-1465",
          "url": "https://www.suse.com/security/cve/CVE-2015-1465"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 916225 for CVE-2015-1465",
          "url": "https://bugzilla.suse.com/916225"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939044 for CVE-2015-1465",
          "url": "https://bugzilla.suse.com/939044"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-1465"
    },
    {
      "cve": "CVE-2015-1805",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-1805"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an \"I/O vector array overrun.\"",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-1805",
          "url": "https://www.suse.com/security/cve/CVE-2015-1805"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 917839 for CVE-2015-1805",
          "url": "https://bugzilla.suse.com/917839"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 933429 for CVE-2015-1805",
          "url": "https://bugzilla.suse.com/933429"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939270 for CVE-2015-1805",
          "url": "https://bugzilla.suse.com/939270"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 964730 for CVE-2015-1805",
          "url": "https://bugzilla.suse.com/964730"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 964732 for CVE-2015-1805",
          "url": "https://bugzilla.suse.com/964732"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "important"
        }
      ],
      "title": "CVE-2015-1805"
    },
    {
      "cve": "CVE-2015-3331",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3331"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3331",
          "url": "https://www.suse.com/security/cve/CVE-2015-3331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2015-3331",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 927257 for CVE-2015-3331",
          "url": "https://bugzilla.suse.com/927257"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 931231 for CVE-2015-3331",
          "url": "https://bugzilla.suse.com/931231"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939262 for CVE-2015-3331",
          "url": "https://bugzilla.suse.com/939262"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "critical"
        }
      ],
      "title": "CVE-2015-3331"
    },
    {
      "cve": "CVE-2015-3339",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3339"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3339",
          "url": "https://www.suse.com/security/cve/CVE-2015-3339"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 903967 for CVE-2015-3339",
          "url": "https://bugzilla.suse.com/903967"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 928130 for CVE-2015-3339",
          "url": "https://bugzilla.suse.com/928130"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939263 for CVE-2015-3339",
          "url": "https://bugzilla.suse.com/939263"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3339"
    },
    {
      "cve": "CVE-2015-3636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-3636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ping_unhash function in net/ipv4/ping.c in the Linux kernel before 4.0.3 does not initialize a certain list data structure during an unhash operation, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) by leveraging the ability to make a SOCK_DGRAM socket system call for the IPPROTO_ICMP or IPPROTO_ICMPV6 protocol, and then making a connect system call after a disconnect.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-3636",
          "url": "https://www.suse.com/security/cve/CVE-2015-3636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 929525 for CVE-2015-3636",
          "url": "https://bugzilla.suse.com/929525"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939277 for CVE-2015-3636",
          "url": "https://bugzilla.suse.com/939277"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 994624 for CVE-2015-3636",
          "url": "https://bugzilla.suse.com/994624"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-3636"
    },
    {
      "cve": "CVE-2015-4700",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-4700"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-4700",
          "url": "https://www.suse.com/security/cve/CVE-2015-4700"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 935705 for CVE-2015-4700",
          "url": "https://bugzilla.suse.com/935705"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939273 for CVE-2015-4700",
          "url": "https://bugzilla.suse.com/939273"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-4700"
    },
    {
      "cve": "CVE-2015-5364",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-5364"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-5364",
          "url": "https://www.suse.com/security/cve/CVE-2015-5364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2015-5364",
          "url": "https://bugzilla.suse.com/1115893"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 781018 for CVE-2015-5364",
          "url": "https://bugzilla.suse.com/781018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 936831 for CVE-2015-5364",
          "url": "https://bugzilla.suse.com/936831"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939276 for CVE-2015-5364",
          "url": "https://bugzilla.suse.com/939276"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 945112 for CVE-2015-5364",
          "url": "https://bugzilla.suse.com/945112"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-5364"
    },
    {
      "cve": "CVE-2015-5366",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2015-5366"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2015-5366",
          "url": "https://www.suse.com/security/cve/CVE-2015-5366"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 781018 for CVE-2015-5366",
          "url": "https://bugzilla.suse.com/781018"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 936831 for CVE-2015-5366",
          "url": "https://bugzilla.suse.com/936831"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 939276 for CVE-2015-5366",
          "url": "https://bugzilla.suse.com/939276"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 945112 for CVE-2015-5366",
          "url": "https://bugzilla.suse.com/945112"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12:kgraft-patch-3_12_32-33-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2015-08-14T08:44:17Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2015-5366"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-7822 (GCVE-0-2014-7822)

SUSE-SU-2015:1488-1

SUSE-SU-2015:1489-1

Tags

Sightings

Nomenclature