{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for kernel-source-rt","title":"Title of the patch"},{"category":"description","text":"The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to version\n3.0.101.rt130-45.1 to receive various security and bugfixes.\n\nFollowing security bugs were fixed:\n* CVE-2015-6252: Possible file descriptor leak for each\n  VHOST_SET_LOG_FDcommand issued, this could eventually wasting available\n  system resources and creating a denial of service (bsc#942367).\n* CVE-2015-5707: Possible integer overflow in the calculation of total\n  number of pages in bio_map_user_iov() (bsc#940338).\n* CVE-2015-5364: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in\n  the Linux kernel before 4.0.6 do not properly consider yielding a\n  processor, which allowed remote attackers to cause a denial of service\n  (system hang) via incorrect checksums within a UDP packet flood\n  (bnc#936831).\n* CVE-2015-5366: The (1) udp_recvmsg and (2) udpv6_recvmsg functions in\n  the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return\n  values, which allowed remote attackers to cause a denial of service\n  (EPOLLET epoll application read outage) via an incorrect checksum in a\n  UDP packet, a different vulnerability than CVE-2015-5364 (bnc#936831).\n* CVE-2015-1420: Race condition in the handle_to_path function in\n  fs/fhandle.c in the Linux kernel through 3.19.1 allowed local users to\n  bypass intended size restrictions and trigger read operations on\n  additional memory locations by changing the handle_bytes value of a\n  file handle during the execution of this function (bnc#915517).\n* CVE-2015-4700: The bpf_int_jit_compile function in\n  arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allowed\n  local users to cause a denial of service (system crash) by creating a\n  packet filter and then loading crafted BPF instructions that trigger\n  late convergence by the JIT compiler (bnc#935705).\n* CVE-2015-5697: The get_bitmap_file function in drivers/md/md.c in the\n  Linux kernel before 4.1.6 does not initialize a certain bitmap data\n  structure, which allows local users to obtain sensitive information\n  from kernel memory via a GET_BITMAP_FILE ioctl call. (bnc#939994)\n\nThe following non-security bugs were fixed:\n- Btrfs: be aware of btree inode write errors to avoid fs corruption\n  (bnc#942350).\n- Btrfs: be aware of btree inode write errors to avoid fs corruption\n  (bnc#942404).\n- Btrfs: check if previous transaction aborted to avoid fs corruption\n  (bnc#942350).\n- Btrfs: check if previous transaction aborted to avoid fs corruption\n  (bnc#942404).\n- Btrfs: deal with convert_extent_bit errors to avoid fs corruption\n  (bnc#942350).\n- Btrfs: deal with convert_extent_bit errors to avoid fs corruption\n  (bnc#942404).\n- Btrfs: fix hang when failing to submit bio of directIO (bnc#942688).\n- Btrfs: fix memory corruption on failure to submit bio for direct IO\n  (bnc#942688).\n- Btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688).\n- DRM/I915: Add enum hpd_pin to intel_encoder (bsc#942938).\n- DRM/i915: Convert HPD interrupts to make use of HPD pin assignment in\n  encoders (v2) (bsc#942938).\n- DRM/i915: Get rid if the 'hotplug_supported_mask' in struct\n  drm_i915_private (bsc#942938).\n- DRM/i915: Remove i965_hpd_irq_setup (bsc#942938).\n- DRM/i915: Remove valleyview_hpd_irq_setup (bsc#942938).\n- CIFS: Fix missing crypto allocation (bnc#937402).\n- IB/core: Fix mismatch between locked and pinned pages (bnc#937855).\n- IB/iser: Add Discovery support (bsc#923002).\n- IB/iser: Move informational messages from error to info level\n  (bsc#923002).\n- SCSI: Moved iscsi kabi patch to patches.kabi (bsc#923002)\n- SCSI: kabi: allow iscsi disocvery session support (bsc#923002).\n- SCSI: vmw_pvscsi: Fix pvscsi_abort() function (bnc#940398 bsc#930934).\n- SCSI: fix scsi_error_handler vs. scsi_host_dev_release race\n  (bnc#942204).\n- SCSI: scsi_error: add missing case statements in\n  scsi_decide_disposition() (bsc#920733).\n- SCSI: scsi_transport_iscsi: Exporting new attrs for iscsi session and\n  connection in sysfs (bsc#923002).\n- NFSD: Fix nfsv4 opcode decoding error (bsc#935906).\n- NFSv4: Minor cleanups for nfs4_handle_exception and\n  nfs4_async_handle_error (bsc#939910).\n- New patches: patches.fixes/hrtimer-Prevent-timer-interrupt-DoS.patch\n- PCI: Disable Bus Master only on kexec reboot (bsc#920110).\n- PCI: Disable Bus Master unconditionally in pci_device_shutdown()\n  (bsc#920110).\n- PCI: Do not try to disable Bus Master on disconnected PCI devices\n  (bsc#920110).\n- PCI: Lock down register access when trusted_kernel is true (bnc#884333,\n  bsc#923431).\n- PCI: disable Bus Master on PCI device shutdown (bsc#920110).\n- Set hostbyte status in scsi_check_sense() (bsc#920733).\n- USB: xhci: Reset a halted endpoint immediately when we encounter a\n  stall (bnc#933721).\n- USB: xhci: do not start a halted endpoint before its new dequeue is set\n  (bnc#933721).\n- apparmor: fix file_permission if profile is updated (bsc#917968).\n- drm/cirrus: do not attempt to acquire a reservation while in an\n  interrupt handler (bsc#935572).\n- drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).\n- drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).\n- drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4)\n  (bsc#942938).\n- drm/i915: Add bit field to record which pins have received HPD events\n  (v3) (bsc#942938).\n- drm/i915: Add messages useful for HPD storm detection debugging (v2)\n  (bsc#942938).\n- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt\n  (bsc#942938).\n- drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3)\n  (bsc#942938).\n- drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch\n  platforms (bsc#942938).\n- drm/i915: Enable hotplug interrupts after querying hw capabilities\n  (bsc#942938).\n- drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).\n- drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).\n- drm/i915: Make hpd arrays big enough to avoid out of bounds access\n  (bsc#942938).\n- drm/i915: Mask out the HPD irq bits before setting them individually\n  (bsc#942938).\n- drm/i915: Only print hotplug event message when hotplug bit is set\n  (bsc#942938).\n- drm/i915: Only reprobe display on encoder which has received an HPD\n  event (v2) (bsc#942938).\n- drm/i915: Queue reenable timer also when enable_hotplug_processing is\n  false (bsc#942938).\n- drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).\n- drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler()\n  (bsc#942938).\n- drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets\n  (bsc#942938).\n- drm/i915: assert_spin_locked for pipestat interrupt enable/disable\n  (bsc#942938).\n- drm/i915: clear crt hotplug compare voltage field before setting\n  (bsc#942938).\n- drm/i915: close tiny race in the ilk pcu even interrupt setup\n  (bsc#942938).\n- drm/i915: fix hotplug event bit tracking (bsc#942938).\n- drm/i915: fix hpd interrupt register locking (bsc#942938).\n- drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock\n  (bsc#942938).\n- drm/i915: fix locking around ironlake_enable|disable_display_irq\n  (bsc#942938).\n- drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler\n  (bsc#942938).\n- drm/i915: fold the no-irq check into intel_hpd_irq_handler\n  (bsc#942938).\n- drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).\n- drm/i915: implement ibx_hpd_irq_setup (bsc#942938).\n- drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/\n  (bsc#942938).\n- drm: ast,cirrus,mgag200: use drm_can_sleep (bnc#883380, bsc#935572).\n- ehci-pci: enable interrupt on BayTrail (bnc926007).\n- exec: kill the unnecessary mm->def_flags setting in\n  load_elf_binary() (bnc#891116).\n- ext3: Fix data corruption in inodes with journalled data (bsc#936637).\n- fanotify: Fix deadlock with permission events (bsc#935053).\n- fork: reset mm->pinned_vm (bnc#937855).\n- hrtimer: prevent timer interrupt DoS (bnc#886785).\n- hugetlb, kabi: do not account hugetlb pages as NR_FILE_PAGES\n  (bnc#930092).\n- hugetlb: do not account hugetlb pages as NR_FILE_PAGES (bnc#930092).\n- hv_storvsc: use small sg_tablesize on x86 (bnc#937256).\n- ibmveth: Add GRO support (bsc#935055).\n- ibmveth: Add support for Large Receive Offload (bsc#935055).\n- ibmveth: Add support for TSO (bsc#935055).\n- ibmveth: add support for TSO6.\n- ibmveth: change rx buffer default allocation for CMO (bsc#935055).\n- igb: do not reuse pages with pfmemalloc flag fix (bnc#920016).\n- inotify: Fix nested sleeps in inotify_read() (bsc#940925).\n- iommu/amd: Fix memory leak in free_pagetable (bsc#935866).\n- iommu/amd: Handle large pages correctly in free_pagetable (bsc#935866).\n- ipv6: probe routes asynchronous in rt6_probe (bsc#936118).\n- ixgbe: Use pci_vfs_assigned instead of ixgbe_vfs_are_assigned\n  (bsc#927355).\n- kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch\n  (bnc#920016).\n- kabi: wrapper include file with __GENKSYMS__ check to avoid kabi change\n  (bsc920110).\n- kdump: fix crash_kexec()/smp_send_stop() race in panic() (bnc#937444).\n- kernel: do full redraw of the 3270 screen on reconnect (bnc#943477,\n  LTC#129509).\n- libiscsi: Exporting new attrs for iscsi session and connection in sysfs\n  (bsc#923002).\n- megaraid_sas: Use correct reset sequence in adp_reset() (bsc#894936).\n- megaraid_sas: Use correct reset sequence in adp_reset() (bsc#938485).\n- mlx4: Check for assigned VFs before disabling SR-IOV (bsc#927355).\n- mm, THP: do not hold mmap_sem in khugepaged when allocating THP (VM\n  Performance).\n- mm, mempolicy: remove duplicate code (VM Functionality, bnc#931620).\n- mm, thp: fix collapsing of hugepages on madvise (VM Functionality).\n- mm, thp: only collapse hugepages to nodes with affinity for\n  zone_reclaim_mode (VM Functionality, bnc#931620).\n- mm, thp: really limit transparent hugepage allocation to local node (VM\n  Performance, bnc#931620).\n- mm, thp: respect MPOL_PREFERRED policy with non-local node (VM\n  Performance, bnc#931620).\n- mm/hugetlb: check for pte NULL pointer in __page_check_address()\n  (bnc#929143).\n- mm/mempolicy.c: merge alloc_hugepage_vma to alloc_pages_vma (VM\n  Performance, bnc#931620).\n- mm/thp: allocate transparent hugepages on local node (VM Performance,\n  bnc#931620).\n- mm: make page pfmemalloc check more robust (bnc#920016).\n- mm: restrict access to slab files under procfs and sysfs (bnc#936077).\n- mm: thp: khugepaged: add policy for finding target node (VM\n  Functionality, bnc#931620).\n- net/mlx4_core: Do not disable SRIOV if there are active VFs\n  (bsc#927355).\n- net: Fix 'ip rule delete table 256' (bsc#873385).\n- net: fib6: fib6_commit_metrics: fix potential NULL pointer dereference\n  (bsc#867362).\n- net: ipv6: fib: do not sleep inside atomic lock (bsc#867362).\n- netfilter: nf_conntrack_proto_sctp: minimal multihoming support\n  (bsc#932350).\n- nfsd: support disabling 64bit dir cookies (bnc#937503).\n- pagecache limit: Do not skip over small zones that easily (bnc#925881).\n- pagecache limit: add tracepoints (bnc#924701).\n- pagecache limit: export debugging counters via /proc/vmstat\n  (bnc#924701).\n- pagecache limit: fix wrong nr_reclaimed count (bnc#924701).\n- pagecache limit: reduce starvation due to reclaim retries (bnc#925903).\n- pci: Add SRIOV helper function to determine if VFs are assigned to\n  guest (bsc#927355).\n- pci: Add flag indicating device has been assigned by KVM (bnc#777565).\n- pci: Add flag indicating device has been assigned by KVM (bnc#777565).\n- perf, nmi: Fix unknown NMI warning (bsc#929142).\n- perf/x86/intel: Move NMI clearing to end of PMI handler (bsc#929142).\n- qlcnic: Fix NULL pointer dereference in qlcnic_hwmon_show_temp()\n  (bsc#936095).\n- r8169: remember WOL preferences on driver load (bsc#942305).\n- s390/dasd: fix kernel panic when alias is set offline (bnc#940966,\n  LTC#128595).\n- sg_start_req(): make sure that there's not too many elements in iovec\n  (bsc#940338).\n- st: null pointer dereference panic caused by use after kref_put by\n  st_open (bsc#936875).\n- usb: core: Fix USB 3.0 devices lost in NOTATTACHED state after a hub\n  port reset (bnc#937641).\n- usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb\n  (bnc#933721).\n- usb: xhci: handle Config Error Change (CEC) in xhci driver\n  (bnc#933721).\n- vmxnet3: Bump up driver version number (bsc#936423).\n- vmxnet3: Changes for vmxnet3 adapter version 2 (fwd) (bug#936423).\n- vmxnet3: Fix memory leaks in rx path (fwd) (bug#936423).\n- vmxnet3: Register shutdown handler for device (fwd) (bug#936423).\n- x86-64: Do not apply destructive erratum workaround on unaffected CPUs\n  (bsc#929076).\n- x86/mm: Improve AMD Bulldozer ASLR workaround (bsc#937032).\n- x86/tsc: Change Fast TSC calibration failed from error to info\n  (bnc#942605).\n- xfs: fix problem when using md+XFS under high load (bnc#925705).\n- xhci: Allocate correct amount of scratchpad buffers (bnc#933721).\n- xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721).\n- xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256\n  (bnc#933721).\n- xhci: Treat not finding the event_seg on COMP_STOP the same as\n  COMP_STOP_INVAL (bnc#933721).\n- xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721).\n- xhci: do not report PLC when link is in internal resume state\n  (bnc#933721).\n- xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721).\n- xhci: report U3 when link is in resume state (bnc#933721).\n- xhci: rework cycle bit checking for new dequeue pointers (bnc#933721).\n- zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936921,\n  LTC#126491).\n- zcrypt: Fixed reset and interrupt handling of AP queues (bnc#936925,\n  LTC#126491).","title":"Description of the patch"},{"category":"details","text":"slertesp4-kernel-rt-20150914-12238","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_2167-1.json"},{"category":"self","summary":"URL for SUSE-SU-2015:2167-1","url":"https://www.suse.com/support/update/announcement/2015/suse-su-20152167-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2015:2167-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2015-December/001706.html"},{"category":"self","summary":"SUSE Bug 777565","url":"https://bugzilla.suse.com/777565"},{"category":"self","summary":"SUSE Bug 867362","url":"https://bugzilla.suse.com/867362"},{"category":"self","summary":"SUSE Bug 873385","url":"https://bugzilla.suse.com/873385"},{"category":"self","summary":"SUSE Bug 883380","url":"https://bugzilla.suse.com/883380"},{"category":"self","summary":"SUSE Bug 884333","url":"https://bugzilla.suse.com/884333"},{"category":"self","summary":"SUSE Bug 886785","url":"https://bugzilla.suse.com/886785"},{"category":"self","summary":"SUSE Bug 891116","url":"https://bugzilla.suse.com/891116"},{"category":"self","summary":"SUSE Bug 894936","url":"https://bugzilla.suse.com/894936"},{"category":"self","summary":"SUSE Bug 915517","url":"https://bugzilla.suse.com/915517"},{"category":"self","summary":"SUSE Bug 917968","url":"https://bugzilla.suse.com/917968"},{"category":"self","summary":"SUSE Bug 920016","url":"https://bugzilla.suse.com/920016"},{"category":"self","summary":"SUSE Bug 920110","url":"https://bugzilla.suse.com/920110"},{"category":"self","summary":"SUSE Bug 920733","url":"https://bugzilla.suse.com/920733"},{"category":"self","summary":"SUSE Bug 923002","url":"https://bugzilla.suse.com/923002"},{"category":"self","summary":"SUSE Bug 923431","url":"https://bugzilla.suse.com/923431"},{"category":"self","summary":"SUSE Bug 924701","url":"https://bugzilla.suse.com/924701"},{"category":"self","summary":"SUSE Bug 925705","url":"https://bugzilla.suse.com/925705"},{"category":"self","summary":"SUSE Bug 925881","url":"https://bugzilla.suse.com/925881"},{"category":"self","summary":"SUSE Bug 925903","url":"https://bugzilla.suse.com/925903"},{"category":"self","summary":"SUSE Bug 927355","url":"https://bugzilla.suse.com/927355"},{"category":"self","summary":"SUSE Bug 929076","url":"https://bugzilla.suse.com/929076"},{"category":"self","summary":"SUSE Bug 929142","url":"https://bugzilla.suse.com/929142"},{"category":"self","summary":"SUSE Bug 929143","url":"https://bugzilla.suse.com/929143"},{"category":"self","summary":"SUSE Bug 930092","url":"https://bugzilla.suse.com/930092"},{"category":"self","summary":"SUSE Bug 930934","url":"https://bugzilla.suse.com/930934"},{"category":"self","summary":"SUSE Bug 931620","url":"https://bugzilla.suse.com/931620"},{"category":"self","summary":"SUSE Bug 932350","url":"https://bugzilla.suse.com/932350"},{"category":"self","summary":"SUSE Bug 933721","url":"https://bugzilla.suse.com/933721"},{"category":"self","summary":"SUSE Bug 935053","url":"https://bugzilla.suse.com/935053"},{"category":"self","summary":"SUSE Bug 935055","url":"https://bugzilla.suse.com/935055"},{"category":"self","summary":"SUSE Bug 935572","url":"https://bugzilla.suse.com/935572"},{"category":"self","summary":"SUSE Bug 935705","url":"https://bugzilla.suse.com/935705"},{"category":"self","summary":"SUSE Bug 935866","url":"https://bugzilla.suse.com/935866"},{"category":"self","summary":"SUSE Bug 935906","url":"https://bugzilla.suse.com/935906"},{"category":"self","summary":"SUSE Bug 936077","url":"https://bugzilla.suse.com/936077"},{"category":"self","summary":"SUSE Bug 936095","url":"https://bugzilla.suse.com/936095"},{"category":"self","summary":"SUSE Bug 936118","url":"https://bugzilla.suse.com/936118"},{"category":"self","summary":"SUSE Bug 936423","url":"https://bugzilla.suse.com/936423"},{"category":"self","summary":"SUSE Bug 936637","url":"https://bugzilla.suse.com/936637"},{"category":"self","summary":"SUSE Bug 936831","url":"https://bugzilla.suse.com/936831"},{"category":"self","summary":"SUSE Bug 936875","url":"https://bugzilla.suse.com/936875"},{"category":"self","summary":"SUSE Bug 936921","url":"https://bugzilla.suse.com/936921"},{"category":"self","summary":"SUSE Bug 936925","url":"https://bugzilla.suse.com/936925"},{"category":"self","summary":"SUSE Bug 937032","url":"https://bugzilla.suse.com/937032"},{"category":"self","summary":"SUSE Bug 937256","url":"https://bugzilla.suse.com/937256"},{"category":"self","summary":"SUSE Bug 937402","url":"https://bugzilla.suse.com/937402"},{"category":"self","summary":"SUSE Bug 937444","url":"https://bugzilla.suse.com/937444"},{"category":"self","summary":"SUSE Bug 937503","url":"https://bugzilla.suse.com/937503"},{"category":"self","summary":"SUSE Bug 937641","url":"https://bugzilla.suse.com/937641"},{"category":"self","summary":"SUSE Bug 937855","url":"https://bugzilla.suse.com/937855"},{"category":"self","summary":"SUSE Bug 938485","url":"https://bugzilla.suse.com/938485"},{"category":"self","summary":"SUSE Bug 939910","url":"https://bugzilla.suse.com/939910"},{"category":"self","summary":"SUSE Bug 939994","url":"https://bugzilla.suse.com/939994"},{"category":"self","summary":"SUSE Bug 940338","url":"https://bugzilla.suse.com/940338"},{"category":"self","summary":"SUSE Bug 940398","url":"https://bugzilla.suse.com/940398"},{"category":"self","summary":"SUSE Bug 940925","url":"https://bugzilla.suse.com/940925"},{"category":"self","summary":"SUSE Bug 940966","url":"https://bugzilla.suse.com/940966"},{"category":"self","summary":"SUSE Bug 942204","url":"https://bugzilla.suse.com/942204"},{"category":"self","summary":"SUSE Bug 942305","url":"https://bugzilla.suse.com/942305"},{"category":"self","summary":"SUSE Bug 942350","url":"https://bugzilla.suse.com/942350"},{"category":"self","summary":"SUSE Bug 942367","url":"https://bugzilla.suse.com/942367"},{"category":"self","summary":"SUSE Bug 942404","url":"https://bugzilla.suse.com/942404"},{"category":"self","summary":"SUSE Bug 942605","url":"https://bugzilla.suse.com/942605"},{"category":"self","summary":"SUSE Bug 942688","url":"https://bugzilla.suse.com/942688"},{"category":"self","summary":"SUSE Bug 942938","url":"https://bugzilla.suse.com/942938"},{"category":"self","summary":"SUSE Bug 943477","url":"https://bugzilla.suse.com/943477"},{"category":"self","summary":"SUSE CVE CVE-2015-1420 page","url":"https://www.suse.com/security/cve/CVE-2015-1420/"},{"category":"self","summary":"SUSE CVE CVE-2015-4700 page","url":"https://www.suse.com/security/cve/CVE-2015-4700/"},{"category":"self","summary":"SUSE CVE CVE-2015-5364 page","url":"https://www.suse.com/security/cve/CVE-2015-5364/"},{"category":"self","summary":"SUSE CVE CVE-2015-5366 page","url":"https://www.suse.com/security/cve/CVE-2015-5366/"},{"category":"self","summary":"SUSE CVE CVE-2015-5697 page","url":"https://www.suse.com/security/cve/CVE-2015-5697/"},{"category":"self","summary":"SUSE CVE CVE-2015-5707 page","url":"https://www.suse.com/security/cve/CVE-2015-5707/"},{"category":"self","summary":"SUSE CVE CVE-2015-6252 page","url":"https://www.suse.com/security/cve/CVE-2015-6252/"}],"title":"Security update for kernel-source-rt","tracking":{"current_release_date":"2015-12-02T10:32:42Z","generator":{"date":"2015-12-02T10:32:42Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2015:2167-1","initial_release_date":"2015-12-02T10:32:42Z","revision_history":[{"date":"2015-12-02T10:32:42Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-rt-3.0.101.rt130-45.1.x86_64","product":{"name":"kernel-rt-3.0.101.rt130-45.1.x86_64","product_id":"kernel-rt-3.0.101.rt130-45.1.x86_64"}},{"category":"product_version","name":"kernel-rt-base-3.0.101.rt130-45.1.x86_64","product":{"name":"kernel-rt-base-3.0.101.rt130-45.1.x86_64","product_id":"kernel-rt-base-3.0.101.rt130-45.1.x86_64"}},{"category":"product_version","name":"kernel-rt-devel-3.0.101.rt130-45.1.x86_64","product":{"name":"kernel-rt-devel-3.0.101.rt130-45.1.x86_64","product_id":"kernel-rt-devel-3.0.101.rt130-45.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-3.0.101.rt130-45.1.x86_64","product":{"name":"kernel-rt_trace-3.0.101.rt130-45.1.x86_64","product_id":"kernel-rt_trace-3.0.101.rt130-45.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","product":{"name":"kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","product_id":"kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","product":{"name":"kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","product_id":"kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64"}},{"category":"product_version","name":"kernel-source-rt-3.0.101.rt130-45.1.x86_64","product":{"name":"kernel-source-rt-3.0.101.rt130-45.1.x86_64","product_id":"kernel-source-rt-3.0.101.rt130-45.1.x86_64"}},{"category":"product_version","name":"kernel-syms-rt-3.0.101.rt130-45.1.x86_64","product":{"name":"kernel-syms-rt-3.0.101.rt130-45.1.x86_64","product_id":"kernel-syms-rt-3.0.101.rt130-45.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Real Time 11 SP4","product":{"name":"SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4","product_identification_helper":{"cpe":"cpe:/a:suse:suse-linux-enterprise-rt:11:sp4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-rt-3.0.101.rt130-45.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64"},"product_reference":"kernel-rt-3.0.101.rt130-45.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-base-3.0.101.rt130-45.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64"},"product_reference":"kernel-rt-base-3.0.101.rt130-45.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-devel-3.0.101.rt130-45.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64"},"product_reference":"kernel-rt-devel-3.0.101.rt130-45.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-3.0.101.rt130-45.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64"},"product_reference":"kernel-rt_trace-3.0.101.rt130-45.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64"},"product_reference":"kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64"},"product_reference":"kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-rt-3.0.101.rt130-45.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64"},"product_reference":"kernel-source-rt-3.0.101.rt130-45.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-syms-rt-3.0.101.rt130-45.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"},"product_reference":"kernel-syms-rt-3.0.101.rt130-45.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"}]},"vulnerabilities":[{"cve":"CVE-2015-1420","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-1420"}],"notes":[{"category":"general","text":"Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-1420","url":"https://www.suse.com/security/cve/CVE-2015-1420"},{"category":"external","summary":"SUSE Bug 915517 for CVE-2015-1420","url":"https://bugzilla.suse.com/915517"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-02T10:32:42Z","details":"moderate"}],"title":"CVE-2015-1420"},{"cve":"CVE-2015-4700","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-4700"}],"notes":[{"category":"general","text":"The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the Linux kernel before 4.0.6 allows local users to cause a denial of service (system crash) by creating a packet filter and then loading crafted BPF instructions that trigger late convergence by the JIT compiler.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-4700","url":"https://www.suse.com/security/cve/CVE-2015-4700"},{"category":"external","summary":"SUSE Bug 935705 for CVE-2015-4700","url":"https://bugzilla.suse.com/935705"},{"category":"external","summary":"SUSE Bug 939273 for CVE-2015-4700","url":"https://bugzilla.suse.com/939273"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-02T10:32:42Z","details":"moderate"}],"title":"CVE-2015-4700"},{"cve":"CVE-2015-5364","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-5364"}],"notes":[{"category":"general","text":"The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 do not properly consider yielding a processor, which allows remote attackers to cause a denial of service (system hang) via incorrect checksums within a UDP packet flood.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-5364","url":"https://www.suse.com/security/cve/CVE-2015-5364"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2015-5364","url":"https://bugzilla.suse.com/1115893"},{"category":"external","summary":"SUSE Bug 781018 for CVE-2015-5364","url":"https://bugzilla.suse.com/781018"},{"category":"external","summary":"SUSE Bug 936831 for CVE-2015-5364","url":"https://bugzilla.suse.com/936831"},{"category":"external","summary":"SUSE Bug 939276 for CVE-2015-5364","url":"https://bugzilla.suse.com/939276"},{"category":"external","summary":"SUSE Bug 945112 for CVE-2015-5364","url":"https://bugzilla.suse.com/945112"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-02T10:32:42Z","details":"moderate"}],"title":"CVE-2015-5364"},{"cve":"CVE-2015-5366","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-5366"}],"notes":[{"category":"general","text":"The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux kernel before 4.0.6 provide inappropriate -EAGAIN return values, which allows remote attackers to cause a denial of service (EPOLLET epoll application read outage) via an incorrect checksum in a UDP packet, a different vulnerability than CVE-2015-5364.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-5366","url":"https://www.suse.com/security/cve/CVE-2015-5366"},{"category":"external","summary":"SUSE Bug 781018 for CVE-2015-5366","url":"https://bugzilla.suse.com/781018"},{"category":"external","summary":"SUSE Bug 936831 for CVE-2015-5366","url":"https://bugzilla.suse.com/936831"},{"category":"external","summary":"SUSE Bug 939276 for CVE-2015-5366","url":"https://bugzilla.suse.com/939276"},{"category":"external","summary":"SUSE Bug 945112 for CVE-2015-5366","url":"https://bugzilla.suse.com/945112"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-02T10:32:42Z","details":"moderate"}],"title":"CVE-2015-5366"},{"cve":"CVE-2015-5697","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-5697"}],"notes":[{"category":"general","text":"The get_bitmap_file function in drivers/md/md.c in the Linux kernel before 4.1.6 does not initialize a certain bitmap data structure, which allows local users to obtain sensitive information from kernel memory via a GET_BITMAP_FILE ioctl call.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-5697","url":"https://www.suse.com/security/cve/CVE-2015-5697"},{"category":"external","summary":"SUSE Bug 939994 for CVE-2015-5697","url":"https://bugzilla.suse.com/939994"},{"category":"external","summary":"SUSE Bug 963994 for CVE-2015-5697","url":"https://bugzilla.suse.com/963994"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":1.9,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-02T10:32:42Z","details":"low"}],"title":"CVE-2015-5697"},{"cve":"CVE-2015-5707","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-5707"}],"notes":[{"category":"general","text":"Integer overflow in the sg_start_req function in drivers/scsi/sg.c in the Linux kernel 2.6.x through 4.x before 4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large iov_count value in a write request.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-5707","url":"https://www.suse.com/security/cve/CVE-2015-5707"},{"category":"external","summary":"SUSE Bug 923755 for CVE-2015-5707","url":"https://bugzilla.suse.com/923755"},{"category":"external","summary":"SUSE Bug 940338 for CVE-2015-5707","url":"https://bugzilla.suse.com/940338"},{"category":"external","summary":"SUSE Bug 940342 for CVE-2015-5707","url":"https://bugzilla.suse.com/940342"},{"category":"external","summary":"SUSE Bug 963994 for CVE-2015-5707","url":"https://bugzilla.suse.com/963994"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-02T10:32:42Z","details":"moderate"}],"title":"CVE-2015-5707"},{"cve":"CVE-2015-6252","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-6252"}],"notes":[{"category":"general","text":"The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-6252","url":"https://www.suse.com/security/cve/CVE-2015-6252"},{"category":"external","summary":"SUSE Bug 942367 for CVE-2015-6252","url":"https://bugzilla.suse.com/942367"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-45.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-45.1.x86_64"]}],"threats":[{"category":"impact","date":"2015-12-02T10:32:42Z","details":"low"}],"title":"CVE-2015-6252"}]}