Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-0861 (GCVE-0-2017-0861)
Vulnerability from cvelistv5 – Published: 2017-11-16 23:00 – Updated: 2024-09-16 19:09
VLAI
EPSS
Summary
Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
22 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android kernel
|
Date Public
2017-11-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:18:06.391Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:3083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3617-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3617-1/"
},
{
"name": "USN-3619-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3619-2/"
},
{
"name": "USN-3617-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3617-3/"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "USN-3632-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3632-1/"
},
{
"name": "RHSA-2018:2390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "[secure-testing-commits] 20171206 r58306 - data/CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "USN-3617-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3617-2/"
},
{
"name": "RHSA-2018:3096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3619-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3619-1/"
},
{
"name": "102329",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102329"
},
{
"name": "RHSA-2020:0036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0036"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0861"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android kernel"
}
]
}
],
"datePublic": "2017-11-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:55.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"name": "RHSA-2018:3083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "DSA-4187",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3617-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3617-1/"
},
{
"name": "USN-3619-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3619-2/"
},
{
"name": "USN-3617-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3617-3/"
},
{
"name": "USN-3583-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "USN-3632-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3632-1/"
},
{
"name": "RHSA-2018:2390",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name": "USN-3583-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "[secure-testing-commits] 20171206 r58306 - data/CVE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "USN-3617-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3617-2/"
},
{
"name": "RHSA-2018:3096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3619-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3619-1/"
},
{
"name": "102329",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102329"
},
{
"name": "RHSA-2020:0036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0036"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0861"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2017-11-06T00:00:00",
"ID": "CVE-2017-0861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android kernel"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "DSA-4187",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4187"
},
{
"name": "USN-3617-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-1/"
},
{
"name": "USN-3619-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-2/"
},
{
"name": "USN-3617-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-3/"
},
{
"name": "USN-3583-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-2/"
},
{
"name": "USN-3632-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3632-1/"
},
{
"name": "RHSA-2018:2390",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2390"
},
{
"name": "USN-3583-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3583-1/"
},
{
"name": "[secure-testing-commits] 20171206 r58306 - data/CVE",
"refsource": "MLIST",
"url": "http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html"
},
{
"name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
},
{
"name": "USN-3617-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3617-2/"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "USN-3619-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3619-1/"
},
{
"name": "102329",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102329"
},
{
"name": "RHSA-2020:0036",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0036"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"refsource": "CONFIRM",
"url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
},
{
"name": "https://source.android.com/security/bulletin/pixel/2017-11-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/pixel/2017-11-01"
},
{
"name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229",
"refsource": "CONFIRM",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2017-0861",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2017-0861"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0861",
"datePublished": "2017-11-16T23:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-09-16T19:09:26.250Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-0861",
"date": "2026-05-28",
"epss": "0.00085",
"percentile": "0.24574"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de uso de memoria previamente liberada en la funci\\u00f3n snd_pcm_info en el subsistema ALSA en el kernel de Linux permite que atacantes obtengan privilegios mediante vectores sin especificar.\"}]",
"id": "CVE-2017-0861",
"lastModified": "2024-11-21T03:03:46.970",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-11-16T23:29:01.320",
"references": "[{\"url\": \"http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html\", \"source\": \"security@android.com\"}, {\"url\": \"http://www.securityfocus.com/bid/102329\", \"source\": \"security@android.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2390\", \"source\": \"security@android.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3083\", \"source\": \"security@android.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3096\", \"source\": \"security@android.com\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0036\", \"source\": \"security@android.com\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229\", \"source\": \"security@android.com\"}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"source\": \"security@android.com\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html\", \"source\": \"security@android.com\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2017-0861\", \"source\": \"security@android.com\"}, {\"url\": \"https://source.android.com/security/bulletin/pixel/2017-11-01\", \"source\": \"security@android.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3583-1/\", \"source\": \"security@android.com\"}, {\"url\": \"https://usn.ubuntu.com/3583-2/\", \"source\": \"security@android.com\"}, {\"url\": \"https://usn.ubuntu.com/3617-1/\", \"source\": \"security@android.com\"}, {\"url\": \"https://usn.ubuntu.com/3617-2/\", \"source\": \"security@android.com\"}, {\"url\": \"https://usn.ubuntu.com/3617-3/\", \"source\": \"security@android.com\"}, {\"url\": \"https://usn.ubuntu.com/3619-1/\", \"source\": \"security@android.com\"}, {\"url\": \"https://usn.ubuntu.com/3619-2/\", \"source\": \"security@android.com\"}, {\"url\": \"https://usn.ubuntu.com/3632-1/\", \"source\": \"security@android.com\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4187\", \"source\": \"security@android.com\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"security@android.com\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"security@android.com\"}, {\"url\": \"http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/102329\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:2390\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3083\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3096\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2020:0036\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security-tracker.debian.org/tracker/CVE-2017-0861\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://source.android.com/security/bulletin/pixel/2017-11-01\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://usn.ubuntu.com/3583-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3583-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3617-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3617-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3617-3/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3619-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3619-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/3632-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2018/dsa-4187\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@android.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-0861\",\"sourceIdentifier\":\"security@android.com\",\"published\":\"2017-11-16T23:29:01.320\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de uso de memoria previamente liberada en la funci\u00f3n snd_pcm_info en el subsistema ALSA en el kernel de Linux permite que atacantes obtengan privilegios mediante vectores sin especificar.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26\"}]}]}],\"references\":[{\"url\":\"http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html\",\"source\":\"security@android.com\"},{\"url\":\"http://www.securityfocus.com/bid/102329\",\"source\":\"security@android.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2390\",\"source\":\"security@android.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3083\",\"source\":\"security@android.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3096\",\"source\":\"security@android.com\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0036\",\"source\":\"security@android.com\"},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229\",\"source\":\"security@android.com\"},{\"url\":\"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\",\"source\":\"security@android.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html\",\"source\":\"security@android.com\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2017-0861\",\"source\":\"security@android.com\"},{\"url\":\"https://source.android.com/security/bulletin/pixel/2017-11-01\",\"source\":\"security@android.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3583-1/\",\"source\":\"security@android.com\"},{\"url\":\"https://usn.ubuntu.com/3583-2/\",\"source\":\"security@android.com\"},{\"url\":\"https://usn.ubuntu.com/3617-1/\",\"source\":\"security@android.com\"},{\"url\":\"https://usn.ubuntu.com/3617-2/\",\"source\":\"security@android.com\"},{\"url\":\"https://usn.ubuntu.com/3617-3/\",\"source\":\"security@android.com\"},{\"url\":\"https://usn.ubuntu.com/3619-1/\",\"source\":\"security@android.com\"},{\"url\":\"https://usn.ubuntu.com/3619-2/\",\"source\":\"security@android.com\"},{\"url\":\"https://usn.ubuntu.com/3632-1/\",\"source\":\"security@android.com\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4187\",\"source\":\"security@android.com\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security@android.com\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"security@android.com\"},{\"url\":\"http://lists.alioth.debian.org/pipermail/secure-testing-commits/2017-December/059967.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/102329\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2390\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security-tracker.debian.org/tracker/CVE-2017-0861\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://source.android.com/security/bulletin/pixel/2017-11-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3583-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3583-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3617-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3617-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3617-3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3619-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3619-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3632-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2018/dsa-4187\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
SUSE-SU-2018:1250-1
Vulnerability from csaf_suse - Published: 2018-05-11 17:55 - Updated: 2018-05-11 17:55Summary
Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2)
Description of the patch: This update for the Linux Kernel 4.4.103-92_53 fixes several issues.
The following security issues were fixed:
- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).
- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).
Patchnames: SUSE-SLE-SAP-12-SP2-2018-877,SUSE-SLE-SERVER-12-SP2-2018-877
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.103-92_53 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). \n- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP2-2018-877,SUSE-SLE-SERVER-12-SP2-2018-877",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1250-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1250-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181250-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1250-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004027.html"
},
{
"category": "self",
"summary": "SUSE Bug 1088268",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "self",
"summary": "SUSE Bug 1090036",
"url": "https://bugzilla.suse.com/1090036"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-0861 page",
"url": "https://www.suse.com/security/cve/CVE-2017-0861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP2)",
"tracking": {
"current_release_date": "2018-05-11T17:55:03Z",
"generator": {
"date": "2018-05-11T17:55:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1250-1",
"initial_release_date": "2018-05-11T17:55:03Z",
"revision_history": [
{
"date": "2018-05-11T17:55:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64",
"product_id": "kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-0861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-0861"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-0861",
"url": "https://www.suse.com/security/cve/CVE-2017-0861"
},
{
"category": "external",
"summary": "SUSE Bug 1088260 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088260"
},
{
"category": "external",
"summary": "SUSE Bug 1088268 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:55:03Z",
"details": "moderate"
}
],
"title": "CVE-2017-0861"
},
{
"cve": "CVE-2018-1000199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000199"
}
],
"notes": [
{
"category": "general",
"text": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000199",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199"
},
{
"category": "external",
"summary": "SUSE Bug 1089895 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1089895"
},
{
"category": "external",
"summary": "SUSE Bug 1090036 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1090036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_53-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:55:03Z",
"details": "important"
}
],
"title": "CVE-2018-1000199"
}
]
}
SUSE-SU-2018:1251-1
Vulnerability from csaf_suse - Published: 2018-05-11 17:52 - Updated: 2018-05-11 17:52Summary
Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)
Description of the patch: This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues.
The following security issues were fixed:
- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).
- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).
Patchnames: SUSE-SLE-SAP-12-SP1-2018-867,SUSE-SLE-SERVER-12-SP1-2018-867
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). \n- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2018-867,SUSE-SLE-SERVER-12-SP1-2018-867",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1251-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1251-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181251-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1251-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004028.html"
},
{
"category": "self",
"summary": "SUSE Bug 1088268",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "self",
"summary": "SUSE Bug 1090036",
"url": "https://bugzilla.suse.com/1090036"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-0861 page",
"url": "https://www.suse.com/security/cve/CVE-2017-0861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)",
"tracking": {
"current_release_date": "2018-05-11T17:52:44Z",
"generator": {
"date": "2018-05-11T17:52:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1251-1",
"initial_release_date": "2018-05-11T17:52:44Z",
"revision_history": [
{
"date": "2018-05-11T17:52:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-0861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-0861"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-0861",
"url": "https://www.suse.com/security/cve/CVE-2017-0861"
},
{
"category": "external",
"summary": "SUSE Bug 1088260 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088260"
},
{
"category": "external",
"summary": "SUSE Bug 1088268 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:52:44Z",
"details": "moderate"
}
],
"title": "CVE-2017-0861"
},
{
"cve": "CVE-2018-1000199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000199"
}
],
"notes": [
{
"category": "general",
"text": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000199",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199"
},
{
"category": "external",
"summary": "SUSE Bug 1089895 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1089895"
},
{
"category": "external",
"summary": "SUSE Bug 1090036 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1090036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:52:44Z",
"details": "important"
}
],
"title": "CVE-2018-1000199"
}
]
}
SUSE-SU-2018:1252-1
Vulnerability from csaf_suse - Published: 2018-05-11 17:57 - Updated: 2018-05-11 17:57Summary
Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3)
Description of the patch: This update for the Linux Kernel 4.4.90-6_12 fixes several issues.
The following security issues were fixed:
- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).
- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).
Patchnames: SUSE-SLE-Live-Patching-12-SP3-2018-890
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.90-6_12 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). \n- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-SP3-2018-890",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1252-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1252-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181252-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1252-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004029.html"
},
{
"category": "self",
"summary": "SUSE Bug 1088268",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "self",
"summary": "SUSE Bug 1090036",
"url": "https://bugzilla.suse.com/1090036"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-0861 page",
"url": "https://www.suse.com/security/cve/CVE-2017-0861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP3)",
"tracking": {
"current_release_date": "2018-05-11T17:57:54Z",
"generator": {
"date": "2018-05-11T17:57:54Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1252-1",
"initial_release_date": "2018-05-11T17:57:54Z",
"revision_history": [
{
"date": "2018-05-11T17:57:54Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64",
"product": {
"name": "kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64",
"product_id": "kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64"
},
"product_reference": "kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-0861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-0861"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-0861",
"url": "https://www.suse.com/security/cve/CVE-2017-0861"
},
{
"category": "external",
"summary": "SUSE Bug 1088260 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088260"
},
{
"category": "external",
"summary": "SUSE Bug 1088268 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:57:54Z",
"details": "moderate"
}
],
"title": "CVE-2017-0861"
},
{
"cve": "CVE-2018-1000199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000199"
}
],
"notes": [
{
"category": "general",
"text": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000199",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199"
},
{
"category": "external",
"summary": "SUSE Bug 1089895 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1089895"
},
{
"category": "external",
"summary": "SUSE Bug 1090036 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1090036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-6-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:57:54Z",
"details": "important"
}
],
"title": "CVE-2018-1000199"
}
]
}
SUSE-SU-2018:1253-1
Vulnerability from csaf_suse - Published: 2018-05-11 17:55 - Updated: 2018-05-11 17:55Summary
Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2)
Description of the patch: This update for the Linux Kernel 4.4.74-92_29 fixes several issues.
The following security issues were fixed:
- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).
- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).
Patchnames: SUSE-SLE-SAP-12-SP2-2018-879,SUSE-SLE-SERVER-12-SP2-2018-879
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.74-92_29 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). \n- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP2-2018-879,SUSE-SLE-SERVER-12-SP2-2018-879",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1253-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1253-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181253-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1253-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004030.html"
},
{
"category": "self",
"summary": "SUSE Bug 1088268",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "self",
"summary": "SUSE Bug 1090036",
"url": "https://bugzilla.suse.com/1090036"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-0861 page",
"url": "https://www.suse.com/security/cve/CVE-2017-0861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2)",
"tracking": {
"current_release_date": "2018-05-11T17:55:56Z",
"generator": {
"date": "2018-05-11T17:55:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1253-1",
"initial_release_date": "2018-05-11T17:55:56Z",
"revision_history": [
{
"date": "2018-05-11T17:55:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64",
"product_id": "kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-0861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-0861"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-0861",
"url": "https://www.suse.com/security/cve/CVE-2017-0861"
},
{
"category": "external",
"summary": "SUSE Bug 1088260 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088260"
},
{
"category": "external",
"summary": "SUSE Bug 1088268 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:55:56Z",
"details": "moderate"
}
],
"title": "CVE-2017-0861"
},
{
"cve": "CVE-2018-1000199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000199"
}
],
"notes": [
{
"category": "general",
"text": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000199",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199"
},
{
"category": "external",
"summary": "SUSE Bug 1089895 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1089895"
},
{
"category": "external",
"summary": "SUSE Bug 1090036 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1090036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_74-92_29-default-10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:55:56Z",
"details": "important"
}
],
"title": "CVE-2018-1000199"
}
]
}
SUSE-SU-2018:1254-1
Vulnerability from csaf_suse - Published: 2018-05-11 17:53 - Updated: 2018-05-11 17:53Summary
Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1)
Description of the patch: This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues.
The following security issues were fixed:
- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).
- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).
Patchnames: SUSE-SLE-SAP-12-SP1-2018-871,SUSE-SLE-SERVER-12-SP1-2018-871
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). \n- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2018-871,SUSE-SLE-SERVER-12-SP1-2018-871",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1254-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1254-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181254-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1254-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004031.html"
},
{
"category": "self",
"summary": "SUSE Bug 1088268",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "self",
"summary": "SUSE Bug 1090036",
"url": "https://bugzilla.suse.com/1090036"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-0861 page",
"url": "https://www.suse.com/security/cve/CVE-2017-0861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1)",
"tracking": {
"current_release_date": "2018-05-11T17:53:57Z",
"generator": {
"date": "2018-05-11T17:53:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1254-1",
"initial_release_date": "2018-05-11T17:53:57Z",
"revision_history": [
{
"date": "2018-05-11T17:53:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-0861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-0861"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-0861",
"url": "https://www.suse.com/security/cve/CVE-2017-0861"
},
{
"category": "external",
"summary": "SUSE Bug 1088260 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088260"
},
{
"category": "external",
"summary": "SUSE Bug 1088268 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:53:57Z",
"details": "moderate"
}
],
"title": "CVE-2017-0861"
},
{
"cve": "CVE-2018-1000199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000199"
}
],
"notes": [
{
"category": "general",
"text": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000199",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199"
},
{
"category": "external",
"summary": "SUSE Bug 1089895 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1089895"
},
{
"category": "external",
"summary": "SUSE Bug 1090036 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1090036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-8-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:53:57Z",
"details": "important"
}
],
"title": "CVE-2018-1000199"
}
]
}
SUSE-SU-2018:1255-1
Vulnerability from csaf_suse - Published: 2018-05-11 17:50 - Updated: 2018-05-11 17:50Summary
Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1)
Description of the patch: This update for the Linux Kernel 3.12.74-60_64_85 fixes several issues.
The following security issues were fixed:
- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).
- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).
Patchnames: SUSE-SLE-SAP-12-SP1-2018-861,SUSE-SLE-SERVER-12-SP1-2018-861
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.74-60_64_85 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). \n- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2018-861,SUSE-SLE-SERVER-12-SP1-2018-861",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1255-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1255-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181255-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1255-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004032.html"
},
{
"category": "self",
"summary": "SUSE Bug 1088268",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "self",
"summary": "SUSE Bug 1090036",
"url": "https://bugzilla.suse.com/1090036"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-0861 page",
"url": "https://www.suse.com/security/cve/CVE-2017-0861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP1)",
"tracking": {
"current_release_date": "2018-05-11T17:50:57Z",
"generator": {
"date": "2018-05-11T17:50:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1255-1",
"initial_release_date": "2018-05-11T17:50:57Z",
"revision_history": [
{
"date": "2018-05-11T17:50:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-0861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-0861"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-0861",
"url": "https://www.suse.com/security/cve/CVE-2017-0861"
},
{
"category": "external",
"summary": "SUSE Bug 1088260 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088260"
},
{
"category": "external",
"summary": "SUSE Bug 1088268 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:50:57Z",
"details": "moderate"
}
],
"title": "CVE-2017-0861"
},
{
"cve": "CVE-2018-1000199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000199"
}
],
"notes": [
{
"category": "general",
"text": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000199",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199"
},
{
"category": "external",
"summary": "SUSE Bug 1089895 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1089895"
},
{
"category": "external",
"summary": "SUSE Bug 1090036 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1090036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-default-3-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_85-xen-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:50:57Z",
"details": "important"
}
],
"title": "CVE-2018-1000199"
}
]
}
SUSE-SU-2018:1256-1
Vulnerability from csaf_suse - Published: 2018-05-11 17:54 - Updated: 2018-05-11 17:54Summary
Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2)
Description of the patch: This update for the Linux Kernel 4.4.103-92_56 fixes several issues.
The following security issues were fixed:
- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).
- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).
Patchnames: SUSE-SLE-SAP-12-SP2-2018-876,SUSE-SLE-SERVER-12-SP2-2018-876
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.103-92_56 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). \n- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP2-2018-876,SUSE-SLE-SERVER-12-SP2-2018-876",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1256-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1256-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181256-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1256-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004033.html"
},
{
"category": "self",
"summary": "SUSE Bug 1088268",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "self",
"summary": "SUSE Bug 1090036",
"url": "https://bugzilla.suse.com/1090036"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-0861 page",
"url": "https://www.suse.com/security/cve/CVE-2017-0861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 17 for SLE 12 SP2)",
"tracking": {
"current_release_date": "2018-05-11T17:54:53Z",
"generator": {
"date": "2018-05-11T17:54:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1256-1",
"initial_release_date": "2018-05-11T17:54:53Z",
"revision_history": [
{
"date": "2018-05-11T17:54:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64",
"product_id": "kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-0861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-0861"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-0861",
"url": "https://www.suse.com/security/cve/CVE-2017-0861"
},
{
"category": "external",
"summary": "SUSE Bug 1088260 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088260"
},
{
"category": "external",
"summary": "SUSE Bug 1088268 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:54:53Z",
"details": "moderate"
}
],
"title": "CVE-2017-0861"
},
{
"cve": "CVE-2018-1000199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000199"
}
],
"notes": [
{
"category": "general",
"text": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000199",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199"
},
{
"category": "external",
"summary": "SUSE Bug 1089895 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1089895"
},
{
"category": "external",
"summary": "SUSE Bug 1090036 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1090036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP2:kgraft-patch-4_4_103-92_56-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:54:53Z",
"details": "important"
}
],
"title": "CVE-2018-1000199"
}
]
}
SUSE-SU-2018:1257-1
Vulnerability from csaf_suse - Published: 2018-05-11 17:48 - Updated: 2018-05-11 17:48Summary
Security update for the Linux Kernel (Live Patch 32 for SLE 12)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 32 for SLE 12)
Description of the patch: This update for the Linux Kernel 3.12.61-52_122 fixes several issues.
The following security issues were fixed:
- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).
- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).
Patchnames: SUSE-SLE-SERVER-12-2018-851
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 32 for SLE 12)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.61-52_122 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). \n- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-2018-851",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1257-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1257-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181257-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1257-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004034.html"
},
{
"category": "self",
"summary": "SUSE Bug 1088268",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "self",
"summary": "SUSE Bug 1090036",
"url": "https://bugzilla.suse.com/1090036"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-0861 page",
"url": "https://www.suse.com/security/cve/CVE-2017-0861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 32 for SLE 12)",
"tracking": {
"current_release_date": "2018-05-11T17:48:33Z",
"generator": {
"date": "2018-05-11T17:48:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1257-1",
"initial_release_date": "2018-05-11T17:48:33Z",
"revision_history": [
{
"date": "2018-05-11T17:48:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64",
"product_id": "kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64",
"product_id": "kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-0861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-0861"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-0861",
"url": "https://www.suse.com/security/cve/CVE-2017-0861"
},
{
"category": "external",
"summary": "SUSE Bug 1088260 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088260"
},
{
"category": "external",
"summary": "SUSE Bug 1088268 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:48:33Z",
"details": "moderate"
}
],
"title": "CVE-2017-0861"
},
{
"cve": "CVE-2018-1000199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000199"
}
],
"notes": [
{
"category": "general",
"text": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000199",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199"
},
{
"category": "external",
"summary": "SUSE Bug 1089895 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1089895"
},
{
"category": "external",
"summary": "SUSE Bug 1090036 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1090036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-default-4-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_122-xen-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:48:33Z",
"details": "important"
}
],
"title": "CVE-2018-1000199"
}
]
}
SUSE-SU-2018:1259-1
Vulnerability from csaf_suse - Published: 2018-05-11 17:54 - Updated: 2018-05-11 17:54Summary
Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1)
Description of the patch: This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues.
The following security issues were fixed:
- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).
- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).
Patchnames: SUSE-SLE-SAP-12-SP1-2018-872,SUSE-SLE-SERVER-12-SP1-2018-872
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). \n- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2018-872,SUSE-SLE-SERVER-12-SP1-2018-872",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1259-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1259-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181259-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1259-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004036.html"
},
{
"category": "self",
"summary": "SUSE Bug 1088268",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "self",
"summary": "SUSE Bug 1090036",
"url": "https://bugzilla.suse.com/1090036"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-0861 page",
"url": "https://www.suse.com/security/cve/CVE-2017-0861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1)",
"tracking": {
"current_release_date": "2018-05-11T17:54:13Z",
"generator": {
"date": "2018-05-11T17:54:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1259-1",
"initial_release_date": "2018-05-11T17:54:13Z",
"revision_history": [
{
"date": "2018-05-11T17:54:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-0861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-0861"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-0861",
"url": "https://www.suse.com/security/cve/CVE-2017-0861"
},
{
"category": "external",
"summary": "SUSE Bug 1088260 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088260"
},
{
"category": "external",
"summary": "SUSE Bug 1088268 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:54:13Z",
"details": "moderate"
}
],
"title": "CVE-2017-0861"
},
{
"cve": "CVE-2018-1000199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000199"
}
],
"notes": [
{
"category": "general",
"text": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000199",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199"
},
{
"category": "external",
"summary": "SUSE Bug 1089895 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1089895"
},
{
"category": "external",
"summary": "SUSE Bug 1090036 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1090036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-8-2.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-8-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:54:13Z",
"details": "important"
}
],
"title": "CVE-2018-1000199"
}
]
}
SUSE-SU-2018:1260-1
Vulnerability from csaf_suse - Published: 2018-05-11 17:57 - Updated: 2018-05-11 17:57Summary
Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)
Description of the patch: This update for the Linux Kernel 4.4.82-6_6 fixes several issues.
The following security issues were fixed:
- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036).
- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).
Patchnames: SUSE-SLE-Live-Patching-12-SP3-2018-889
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
16 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.82-6_6 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-1000199: A bug in x86 debug register handling of ptrace() could lead to memory corruption, possibly a denial of service or privilege escalation (bsc#1090036). \n- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allowed attackers to gain privileges via unspecified vectors (bsc#1088268).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-SP3-2018-889",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1260-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:1260-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181260-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:1260-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-May/004037.html"
},
{
"category": "self",
"summary": "SUSE Bug 1088268",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "self",
"summary": "SUSE Bug 1090036",
"url": "https://bugzilla.suse.com/1090036"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-0861 page",
"url": "https://www.suse.com/security/cve/CVE-2017-0861/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000199 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 2 for SLE 12 SP3)",
"tracking": {
"current_release_date": "2018-05-11T17:57:45Z",
"generator": {
"date": "2018-05-11T17:57:45Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:1260-1",
"initial_release_date": "2018-05-11T17:57:45Z",
"revision_history": [
{
"date": "2018-05-11T17:57:45Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64",
"product": {
"name": "kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64",
"product_id": "kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64"
},
"product_reference": "kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-0861",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-0861"
}
],
"notes": [
{
"category": "general",
"text": "Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-0861",
"url": "https://www.suse.com/security/cve/CVE-2017-0861"
},
{
"category": "external",
"summary": "SUSE Bug 1088260 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088260"
},
{
"category": "external",
"summary": "SUSE Bug 1088268 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1088268"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-0861",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:57:45Z",
"details": "moderate"
}
],
"title": "CVE-2017-0861"
},
{
"cve": "CVE-2018-1000199",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000199"
}
],
"notes": [
{
"category": "general",
"text": "The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modify_user_hw_breakpoint() that can result in crash and possibly memory corruption. This attack appear to be exploitable via local code execution and the ability to use ptrace. This vulnerability appears to have been fixed in git commit f67b15037a7a50c57f72e69a6d59941ad90a0f0f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000199",
"url": "https://www.suse.com/security/cve/CVE-2018-1000199"
},
{
"category": "external",
"summary": "SUSE Bug 1089895 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1089895"
},
{
"category": "external",
"summary": "SUSE Bug 1090036 for CVE-2018-1000199",
"url": "https://bugzilla.suse.com/1090036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_82-6_6-default-7-2.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-05-11T17:57:45Z",
"details": "important"
}
],
"title": "CVE-2018-1000199"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…