{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.\n\nThis feature was added:\n\n- Support for the 2017 Intel Purley platform. \n\nThe following security bugs were fixed:\n\n- CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418).\n- CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759).\n- CVE-2016-3841: The IPv6 stack in the Linux kernel mishandled options data, which allowed local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call (bnc#992566).\n- CVE-2016-6828: Use after free in tcp_xmit_retransmit_queue or other tcp_ functions (bsc#994296)\n- CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152)\n- CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a 'double fetch' vulnerability (bnc#991608)\n- CVE-2016-4997: The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement (bnc#986362).\n- CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689).\n- CVE-2013-4312: The Linux kernel allowed local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket closing it, related to net/unix/af_unix.c and net/unix/garbage.c (bnc#839104).\n- CVE-2016-7425: A buffer overflow in the Linux Kernel in arcmsr_iop_message_xfer() could have caused kernel heap corruption and arbitraty kernel code execution (bsc#999932)\n\nThe following non-security bugs were fixed:\n\n- ahci: Order SATA device IDs for codename Lewisburg.\n- AHCI: Remove obsolete Intel Lewisburg SATA RAID device IDs.\n- ALSA: hda - Add Intel Lewisburg device IDs Audio.\n- avoid dentry crash triggered by NFS (bsc#984194).\n- blktap2: eliminate deadlock potential from shutdown path (bsc#909994).\n- blktap2: eliminate race from deferred work queue handling (bsc#911687).\n- bonding: always set recv_probe to bond_arp_rcv in arp monitor (bsc#977687).\n- bonding: fix bond_arp_rcv setting and arp validate desync state (bsc#977687).\n- btrfs: account for non-CoW'd blocks in btrfs_abort_transaction (bsc#983619).\n- btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600).\n- cdc-acm: added sanity checking for probe() (bsc#993891).\n- cxgb4: Set VPD size so we can read both VPD structures (bsc#976867).\n- Delete patches.fixes/net-fix-crash-due-to-wrong-dev-in-calling.patch. (bsc#979514)\n- fs/cifs: fix wrongly prefixed path to root (bsc#963655, bsc#979681)\n- fs/select: add vmalloc fallback for select(2) (bsc#1000189).\n- fs/select: introduce SIZE_MAX (bsc#1000189).\n- i2c: i801: add Intel Lewisburg device IDs.\n- include/linux/mmdebug.h: should include linux/bug.h (bnc#971975 VM performance -- git fixes).\n- increase CONFIG_NR_IRQS 512 -> 2048 reportedly irq error with multiple nvme and tg3 in the same machine is resolved by increasing CONFIG_NR_IRQS (bsc#998399)\n- kabi, unix: properly account for FDs passed over unix sockets (bnc#839104).\n- kaweth: fix firmware download (bsc#993890).\n- kaweth: fix oops upon failed memory allocation (bsc#993890).\n- KVM: x86: SYSENTER emulation is broken (bsc#994618).\n- libfc: sanity check cpu number extracted from xid (bsc#988440).\n- lpfc: call lpfc_sli_validate_fcp_iocb() with the hbalock held (bsc#951392).\n- md: lockless I/O submission for RAID1 (bsc#982783).\n- mm: thp: fix SMP race condition between THP page fault and MADV_DONTNEED (VM Functionality, bnc#986445).\n- mpt2sas, mpt3sas: Fix panic when aer correct error occurred (bsc#997708).\n- net: add pfmemalloc check in sk_add_backlog() (bnc#920016).\n- netback: fix flipping mode (bsc#996664).\n- nfs: Do not drop directory dentry which is in use (bsc#993127).\n- nfs: Don't disconnect open-owner on NFS4ERR_BAD_SEQID (bsc#989261).\n- nfs: Don't write enable new pages while an invalidation is proceeding (bsc#999584).\n- nfs: Fix a regression in the read() syscall (bsc#999584).\n- nfs: Fix races in nfs_revalidate_mapping (bsc#999584).\n- nfs: fix the handling of NFS_INO_INVALID_DATA flag in nfs_revalidate_mapping (bsc#999584).\n- nfs: Fix writeback performance issue on cache invalidation (bsc#999584).\n- nfs: Refresh open-owner id when server says SEQID is bad (bsc#989261).\n- nfsv4: do not check MAY_WRITE access bit in OPEN (bsc#985206).\n- nfsv4: fix broken patch relating to v4 read delegations (bsc#956514, bsc#989261, bsc#979595).\n- nfsv4: Fix range checking in __nfs4_get_acl_uncached and __nfs4_proc_set_acl (bsc#982218).\n- pci: Add pci_set_vpd_size() to set VPD size (bsc#976867).\n- pciback: fix conf_space read/write overlap check.\n- powerpc: add kernel parameter iommu_alloc_quiet (bsc#994926).\n- ppp: defer netns reference release for ppp channel (bsc#980371).\n- random32: add prandom_u32_max (bsc#989152).\n- rpm/constraints.in: Bump x86 disk space requirement to 20GB Clamav tends to run out of space nowadays.\n- s390/dasd: fix hanging device after clear subchannel (bnc#994436).\n- sata: Adding Intel Lewisburg device IDs for SATA.\n- sched/core: Fix an SMP ordering race in try_to_wake_up() vs.  schedule() (bnc#1001419).\n- sched/core: Fix a race between try_to_wake_up() and a woken up task (bnc#1002165).\n- sched: Fix possible divide by zero in avg_atom() calculation (bsc#996329).\n- scsi_dh_rdac: retry inquiry for UNIT ATTENTION (bsc#934760).\n- scsi: do not print 'reservation conflict' for TEST UNIT READY (bsc#984102).\n- scsi: ibmvfc: add FC Class 3 Error Recovery support (bsc#984992).\n- scsi: ibmvfc: Fix I/O hang when port is not mapped (bsc#971989)\n- scsi: ibmvfc: Set READ FCP_XFER_READY DISABLED bit in PRLI (bsc#984992).\n- scsi_scan: Send TEST UNIT READY to LUN0 before LUN scanning (bnc#843236,bsc#989779).\n- tmpfs: change final i_blocks BUG to WARNING (bsc#991923).\n- Update patches.drivers/fcoe-0102-fcoe-ensure-that-skb-placed-on-the-fip_recv_list-are.patch (add bsc#732582 reference).\n- USB: fix typo in wMaxPacketSize validation (bsc#991665).\n- USB: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665).\n- vlan: don't deliver frames for unknown vlans to protocols (bsc#979514).\n- vlan: mask vlan prio bits (bsc#979514).\n- xenbus: inspect the correct type in xenbus_dev_request_and_reply().\n- xen: x86/mm/pat, /dev/mem: Remove superfluous error message (bsc#974620).\n- xfs: Avoid grabbing ilock when file size is not changed (bsc#983535).\n- xfs: Silence warnings in xfs_vm_releasepage() (bnc#915183 bsc#987565).\n","title":"Description of the patch"},{"category":"details","text":"slertesp4-kernel-source-12880","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_3069-1.json"},{"category":"self","summary":"URL for SUSE-SU-2016:3069-1","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20163069-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2016:3069-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2016-December/002461.html"},{"category":"self","summary":"SUSE Bug 1000189","url":"https://bugzilla.suse.com/1000189"},{"category":"self","summary":"SUSE Bug 1001419","url":"https://bugzilla.suse.com/1001419"},{"category":"self","summary":"SUSE Bug 1002165","url":"https://bugzilla.suse.com/1002165"},{"category":"self","summary":"SUSE Bug 1004418","url":"https://bugzilla.suse.com/1004418"},{"category":"self","summary":"SUSE Bug 732582","url":"https://bugzilla.suse.com/732582"},{"category":"self","summary":"SUSE Bug 839104","url":"https://bugzilla.suse.com/839104"},{"category":"self","summary":"SUSE Bug 843236","url":"https://bugzilla.suse.com/843236"},{"category":"self","summary":"SUSE Bug 909994","url":"https://bugzilla.suse.com/909994"},{"category":"self","summary":"SUSE Bug 911687","url":"https://bugzilla.suse.com/911687"},{"category":"self","summary":"SUSE Bug 915183","url":"https://bugzilla.suse.com/915183"},{"category":"self","summary":"SUSE Bug 920016","url":"https://bugzilla.suse.com/920016"},{"category":"self","summary":"SUSE Bug 934760","url":"https://bugzilla.suse.com/934760"},{"category":"self","summary":"SUSE Bug 951392","url":"https://bugzilla.suse.com/951392"},{"category":"self","summary":"SUSE Bug 956514","url":"https://bugzilla.suse.com/956514"},{"category":"self","summary":"SUSE Bug 960689","url":"https://bugzilla.suse.com/960689"},{"category":"self","summary":"SUSE Bug 963655","url":"https://bugzilla.suse.com/963655"},{"category":"self","summary":"SUSE Bug 971975","url":"https://bugzilla.suse.com/971975"},{"category":"self","summary":"SUSE Bug 971989","url":"https://bugzilla.suse.com/971989"},{"category":"self","summary":"SUSE Bug 974620","url":"https://bugzilla.suse.com/974620"},{"category":"self","summary":"SUSE Bug 976867","url":"https://bugzilla.suse.com/976867"},{"category":"self","summary":"SUSE Bug 977687","url":"https://bugzilla.suse.com/977687"},{"category":"self","summary":"SUSE Bug 979514","url":"https://bugzilla.suse.com/979514"},{"category":"self","summary":"SUSE Bug 979595","url":"https://bugzilla.suse.com/979595"},{"category":"self","summary":"SUSE Bug 979681","url":"https://bugzilla.suse.com/979681"},{"category":"self","summary":"SUSE Bug 980371","url":"https://bugzilla.suse.com/980371"},{"category":"self","summary":"SUSE Bug 982218","url":"https://bugzilla.suse.com/982218"},{"category":"self","summary":"SUSE Bug 982783","url":"https://bugzilla.suse.com/982783"},{"category":"self","summary":"SUSE Bug 983535","url":"https://bugzilla.suse.com/983535"},{"category":"self","summary":"SUSE Bug 983619","url":"https://bugzilla.suse.com/983619"},{"category":"self","summary":"SUSE Bug 984102","url":"https://bugzilla.suse.com/984102"},{"category":"self","summary":"SUSE Bug 984194","url":"https://bugzilla.suse.com/984194"},{"category":"self","summary":"SUSE Bug 984992","url":"https://bugzilla.suse.com/984992"},{"category":"self","summary":"SUSE Bug 985206","url":"https://bugzilla.suse.com/985206"},{"category":"self","summary":"SUSE Bug 986362","url":"https://bugzilla.suse.com/986362"},{"category":"self","summary":"SUSE Bug 986365","url":"https://bugzilla.suse.com/986365"},{"category":"self","summary":"SUSE Bug 986445","url":"https://bugzilla.suse.com/986445"},{"category":"self","summary":"SUSE Bug 987565","url":"https://bugzilla.suse.com/987565"},{"category":"self","summary":"SUSE Bug 988440","url":"https://bugzilla.suse.com/988440"},{"category":"self","summary":"SUSE Bug 989152","url":"https://bugzilla.suse.com/989152"},{"category":"self","summary":"SUSE Bug 989261","url":"https://bugzilla.suse.com/989261"},{"category":"self","summary":"SUSE Bug 989779","url":"https://bugzilla.suse.com/989779"},{"category":"self","summary":"SUSE Bug 991608","url":"https://bugzilla.suse.com/991608"},{"category":"self","summary":"SUSE Bug 991665","url":"https://bugzilla.suse.com/991665"},{"category":"self","summary":"SUSE Bug 991923","url":"https://bugzilla.suse.com/991923"},{"category":"self","summary":"SUSE Bug 992566","url":"https://bugzilla.suse.com/992566"},{"category":"self","summary":"SUSE Bug 993127","url":"https://bugzilla.suse.com/993127"},{"category":"self","summary":"SUSE Bug 993890","url":"https://bugzilla.suse.com/993890"},{"category":"self","summary":"SUSE Bug 993891","url":"https://bugzilla.suse.com/993891"},{"category":"self","summary":"SUSE Bug 994296","url":"https://bugzilla.suse.com/994296"},{"category":"self","summary":"SUSE Bug 994436","url":"https://bugzilla.suse.com/994436"},{"category":"self","summary":"SUSE Bug 994618","url":"https://bugzilla.suse.com/994618"},{"category":"self","summary":"SUSE Bug 994759","url":"https://bugzilla.suse.com/994759"},{"category":"self","summary":"SUSE Bug 994926","url":"https://bugzilla.suse.com/994926"},{"category":"self","summary":"SUSE Bug 996329","url":"https://bugzilla.suse.com/996329"},{"category":"self","summary":"SUSE Bug 996664","url":"https://bugzilla.suse.com/996664"},{"category":"self","summary":"SUSE Bug 997708","url":"https://bugzilla.suse.com/997708"},{"category":"self","summary":"SUSE Bug 998399","url":"https://bugzilla.suse.com/998399"},{"category":"self","summary":"SUSE Bug 999584","url":"https://bugzilla.suse.com/999584"},{"category":"self","summary":"SUSE Bug 999600","url":"https://bugzilla.suse.com/999600"},{"category":"self","summary":"SUSE Bug 999932","url":"https://bugzilla.suse.com/999932"},{"category":"self","summary":"SUSE CVE CVE-2013-4312 page","url":"https://www.suse.com/security/cve/CVE-2013-4312/"},{"category":"self","summary":"SUSE CVE CVE-2015-7513 page","url":"https://www.suse.com/security/cve/CVE-2015-7513/"},{"category":"self","summary":"SUSE CVE CVE-2016-0823 page","url":"https://www.suse.com/security/cve/CVE-2016-0823/"},{"category":"self","summary":"SUSE CVE CVE-2016-3841 page","url":"https://www.suse.com/security/cve/CVE-2016-3841/"},{"category":"self","summary":"SUSE CVE CVE-2016-4997 page","url":"https://www.suse.com/security/cve/CVE-2016-4997/"},{"category":"self","summary":"SUSE CVE CVE-2016-5195 page","url":"https://www.suse.com/security/cve/CVE-2016-5195/"},{"category":"self","summary":"SUSE CVE CVE-2016-5696 page","url":"https://www.suse.com/security/cve/CVE-2016-5696/"},{"category":"self","summary":"SUSE CVE CVE-2016-6480 page","url":"https://www.suse.com/security/cve/CVE-2016-6480/"},{"category":"self","summary":"SUSE CVE CVE-2016-6828 page","url":"https://www.suse.com/security/cve/CVE-2016-6828/"},{"category":"self","summary":"SUSE CVE CVE-2016-7425 page","url":"https://www.suse.com/security/cve/CVE-2016-7425/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2016-12-09T13:20:33Z","generator":{"date":"2016-12-09T13:20:33Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2016:3069-1","initial_release_date":"2016-12-09T13:20:33Z","revision_history":[{"date":"2016-12-09T13:20:33Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-rt-3.0.101.rt130-65.1.x86_64","product":{"name":"kernel-rt-3.0.101.rt130-65.1.x86_64","product_id":"kernel-rt-3.0.101.rt130-65.1.x86_64"}},{"category":"product_version","name":"kernel-rt-base-3.0.101.rt130-65.1.x86_64","product":{"name":"kernel-rt-base-3.0.101.rt130-65.1.x86_64","product_id":"kernel-rt-base-3.0.101.rt130-65.1.x86_64"}},{"category":"product_version","name":"kernel-rt-devel-3.0.101.rt130-65.1.x86_64","product":{"name":"kernel-rt-devel-3.0.101.rt130-65.1.x86_64","product_id":"kernel-rt-devel-3.0.101.rt130-65.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-3.0.101.rt130-65.1.x86_64","product":{"name":"kernel-rt_trace-3.0.101.rt130-65.1.x86_64","product_id":"kernel-rt_trace-3.0.101.rt130-65.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","product":{"name":"kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","product_id":"kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","product":{"name":"kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","product_id":"kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64"}},{"category":"product_version","name":"kernel-source-rt-3.0.101.rt130-65.1.x86_64","product":{"name":"kernel-source-rt-3.0.101.rt130-65.1.x86_64","product_id":"kernel-source-rt-3.0.101.rt130-65.1.x86_64"}},{"category":"product_version","name":"kernel-syms-rt-3.0.101.rt130-65.1.x86_64","product":{"name":"kernel-syms-rt-3.0.101.rt130-65.1.x86_64","product_id":"kernel-syms-rt-3.0.101.rt130-65.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Real Time 11 SP4","product":{"name":"SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4","product_identification_helper":{"cpe":"cpe:/a:suse:suse-linux-enterprise-rt:11:sp4"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-rt-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64"},"product_reference":"kernel-rt-3.0.101.rt130-65.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-base-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64"},"product_reference":"kernel-rt-base-3.0.101.rt130-65.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-devel-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64"},"product_reference":"kernel-rt-devel-3.0.101.rt130-65.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64"},"product_reference":"kernel-rt_trace-3.0.101.rt130-65.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64"},"product_reference":"kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64"},"product_reference":"kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-rt-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64"},"product_reference":"kernel-source-rt-3.0.101.rt130-65.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"},{"category":"default_component_of","full_product_name":{"name":"kernel-syms-rt-3.0.101.rt130-65.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4","product_id":"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"},"product_reference":"kernel-syms-rt-3.0.101.rt130-65.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP4"}]},"vulnerabilities":[{"cve":"CVE-2013-4312","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2013-4312"}],"notes":[{"category":"general","text":"The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by sending each descriptor over a UNIX socket before closing it, related to net/unix/af_unix.c and net/unix/garbage.c.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2013-4312","url":"https://www.suse.com/security/cve/CVE-2013-4312"},{"category":"external","summary":"SUSE Bug 1020452 for CVE-2013-4312","url":"https://bugzilla.suse.com/1020452"},{"category":"external","summary":"SUSE Bug 839104 for CVE-2013-4312","url":"https://bugzilla.suse.com/839104"},{"category":"external","summary":"SUSE Bug 922947 for CVE-2013-4312","url":"https://bugzilla.suse.com/922947"},{"category":"external","summary":"SUSE Bug 968014 for CVE-2013-4312","url":"https://bugzilla.suse.com/968014"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.2,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-12-09T13:20:33Z","details":"moderate"}],"title":"CVE-2013-4312"},{"cve":"CVE-2015-7513","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-7513"}],"notes":[{"category":"general","text":"arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-7513","url":"https://www.suse.com/security/cve/CVE-2015-7513"},{"category":"external","summary":"SUSE Bug 1020452 for CVE-2015-7513","url":"https://bugzilla.suse.com/1020452"},{"category":"external","summary":"SUSE Bug 960689 for CVE-2015-7513","url":"https://bugzilla.suse.com/960689"},{"category":"external","summary":"SUSE Bug 987709 for CVE-2015-7513","url":"https://bugzilla.suse.com/987709"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-12-09T13:20:33Z","details":"moderate"}],"title":"CVE-2015-7513"},{"cve":"CVE-2016-0823","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-0823"}],"notes":[{"category":"general","text":"The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-0823","url":"https://www.suse.com/security/cve/CVE-2016-0823"},{"category":"external","summary":"SUSE Bug 987709 for CVE-2016-0823","url":"https://bugzilla.suse.com/987709"},{"category":"external","summary":"SUSE Bug 994759 for CVE-2016-0823","url":"https://bugzilla.suse.com/994759"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-12-09T13:20:33Z","details":"moderate"}],"title":"CVE-2016-0823"},{"cve":"CVE-2016-3841","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-3841"}],"notes":[{"category":"general","text":"The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-3841","url":"https://www.suse.com/security/cve/CVE-2016-3841"},{"category":"external","summary":"SUSE Bug 1052256 for CVE-2016-3841","url":"https://bugzilla.suse.com/1052256"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2016-3841","url":"https://bugzilla.suse.com/1115893"},{"category":"external","summary":"SUSE Bug 992566 for CVE-2016-3841","url":"https://bugzilla.suse.com/992566"},{"category":"external","summary":"SUSE Bug 992569 for CVE-2016-3841","url":"https://bugzilla.suse.com/992569"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-12-09T13:20:33Z","details":"moderate"}],"title":"CVE-2016-3841"},{"cve":"CVE-2016-4997","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-4997"}],"notes":[{"category":"general","text":"The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of service (memory corruption) by leveraging in-container root access to provide a crafted offset value that triggers an unintended decrement.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-4997","url":"https://www.suse.com/security/cve/CVE-2016-4997"},{"category":"external","summary":"SUSE Bug 1020452 for CVE-2016-4997","url":"https://bugzilla.suse.com/1020452"},{"category":"external","summary":"SUSE Bug 986362 for CVE-2016-4997","url":"https://bugzilla.suse.com/986362"},{"category":"external","summary":"SUSE Bug 986365 for CVE-2016-4997","url":"https://bugzilla.suse.com/986365"},{"category":"external","summary":"SUSE Bug 986377 for CVE-2016-4997","url":"https://bugzilla.suse.com/986377"},{"category":"external","summary":"SUSE Bug 991651 for CVE-2016-4997","url":"https://bugzilla.suse.com/991651"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-12-09T13:20:33Z","details":"important"}],"title":"CVE-2016-4997"},{"cve":"CVE-2016-5195","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5195"}],"notes":[{"category":"general","text":"Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka \"Dirty COW.\"","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5195","url":"https://www.suse.com/security/cve/CVE-2016-5195"},{"category":"external","summary":"SUSE Bug 1004418 for CVE-2016-5195","url":"https://bugzilla.suse.com/1004418"},{"category":"external","summary":"SUSE Bug 1004419 for CVE-2016-5195","url":"https://bugzilla.suse.com/1004419"},{"category":"external","summary":"SUSE Bug 1004436 for CVE-2016-5195","url":"https://bugzilla.suse.com/1004436"},{"category":"external","summary":"SUSE Bug 1006323 for CVE-2016-5195","url":"https://bugzilla.suse.com/1006323"},{"category":"external","summary":"SUSE Bug 1006695 for CVE-2016-5195","url":"https://bugzilla.suse.com/1006695"},{"category":"external","summary":"SUSE Bug 1007291 for CVE-2016-5195","url":"https://bugzilla.suse.com/1007291"},{"category":"external","summary":"SUSE Bug 1008110 for CVE-2016-5195","url":"https://bugzilla.suse.com/1008110"},{"category":"external","summary":"SUSE Bug 1030118 for CVE-2016-5195","url":"https://bugzilla.suse.com/1030118"},{"category":"external","summary":"SUSE Bug 1046453 for CVE-2016-5195","url":"https://bugzilla.suse.com/1046453"},{"category":"external","summary":"SUSE Bug 1069496 for CVE-2016-5195","url":"https://bugzilla.suse.com/1069496"},{"category":"external","summary":"SUSE Bug 1149725 for CVE-2016-5195","url":"https://bugzilla.suse.com/1149725"},{"category":"external","summary":"SUSE Bug 870618 for CVE-2016-5195","url":"https://bugzilla.suse.com/870618"},{"category":"external","summary":"SUSE Bug 986445 for CVE-2016-5195","url":"https://bugzilla.suse.com/986445"},{"category":"external","summary":"SUSE Bug 998689 for CVE-2016-5195","url":"https://bugzilla.suse.com/998689"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-12-09T13:20:33Z","details":"important"}],"title":"CVE-2016-5195"},{"cve":"CVE-2016-5696","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-5696"}],"notes":[{"category":"general","text":"net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-5696","url":"https://www.suse.com/security/cve/CVE-2016-5696"},{"category":"external","summary":"SUSE Bug 1020452 for CVE-2016-5696","url":"https://bugzilla.suse.com/1020452"},{"category":"external","summary":"SUSE Bug 1175721 for CVE-2016-5696","url":"https://bugzilla.suse.com/1175721"},{"category":"external","summary":"SUSE Bug 989152 for CVE-2016-5696","url":"https://bugzilla.suse.com/989152"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-12-09T13:20:33Z","details":"moderate"}],"title":"CVE-2016-5696"},{"cve":"CVE-2016-6480","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-6480"}],"notes":[{"category":"general","text":"Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a \"double fetch\" vulnerability.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-6480","url":"https://www.suse.com/security/cve/CVE-2016-6480"},{"category":"external","summary":"SUSE Bug 1004418 for CVE-2016-6480","url":"https://bugzilla.suse.com/1004418"},{"category":"external","summary":"SUSE Bug 991608 for CVE-2016-6480","url":"https://bugzilla.suse.com/991608"},{"category":"external","summary":"SUSE Bug 991667 for CVE-2016-6480","url":"https://bugzilla.suse.com/991667"},{"category":"external","summary":"SUSE Bug 992568 for CVE-2016-6480","url":"https://bugzilla.suse.com/992568"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.1,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-12-09T13:20:33Z","details":"moderate"}],"title":"CVE-2016-6480"},{"cve":"CVE-2016-6828","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-6828"}],"notes":[{"category":"general","text":"The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after a failed data copy, which allows local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-6828","url":"https://www.suse.com/security/cve/CVE-2016-6828"},{"category":"external","summary":"SUSE Bug 1052256 for CVE-2016-6828","url":"https://bugzilla.suse.com/1052256"},{"category":"external","summary":"SUSE Bug 994296 for CVE-2016-6828","url":"https://bugzilla.suse.com/994296"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-12-09T13:20:33Z","details":"moderate"}],"title":"CVE-2016-6828"},{"cve":"CVE-2016-7425","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2016-7425"}],"notes":[{"category":"general","text":"The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain length field, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2016-7425","url":"https://www.suse.com/security/cve/CVE-2016-7425"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2016-7425","url":"https://bugzilla.suse.com/1115893"},{"category":"external","summary":"SUSE Bug 999932 for CVE-2016-7425","url":"https://bugzilla.suse.com/999932"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-65.1.x86_64","SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-65.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-12-09T13:20:33Z","details":"moderate"}],"title":"CVE-2016-7425"}]}