http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3

http://source.android.com/security/bulletin/2016-11-01.html

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.4

94138

USN-3159-1

USN-3159-2

https://bugzilla.kernel.org/show_bug.cgi?id=116461

https://forums.grsecurity.net/viewtopic.php?f=3&t=4363

https://github.com/torvalds/linux/commit/8148a73c9901a8794a50f950083c00ccf97d43b3

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - An out-of-bounds memory access flaw was found in the     Linux kernel's system call auditing implementation. On     a system with existing audit rules defined, a local,     unprivileged user could use this flaw to leak kernel     memory to user space or, potentially, crash the     system.(CVE-2014-3917)

  - The net/netfilter/nfnetlink_cthelper.c function in the     Linux kernel through 4.14.4 does not require the     CAP_NET_ADMIN capability for new, get, and del     operations. This allows local users to bypass intended     access restrictions because the nfnl_cthelper_list data     structure is shared across all net     namespaces.(CVE-2017-17448)

  - A race condition flaw was found between the chown and     execve system calls. When changing the owner of a     setuid user binary to root, the race condition could     momentarily make the binary setuid root. A local,     unprivileged user could potentially use this flaw to     escalate their privileges on the system.(CVE-2015-3339)

  - Keberos 5 tickets being decoded when using the RXRPC     keys incorrectly assumes the size of a field. This     could lead to the size-remaining variable wrapping and     the data pointer going over the end of the buffer. This     could possibly lead to memory corruption and possible     privilege escalation.(CVE-2017-7482)

  - The nfs_can_extend_write function in fs/nfs/write.c in     the Linux kernel before 3.13.3 relies on a write     delegation to extend a write operation without a     certain up-to-date verification, which allows local     users to obtain sensitive information from kernel     memory in opportunistic circumstances by writing to a     file in an NFS filesystem and then reading the same     file.(CVE-2014-2038)

  - KVM in the Linux kernel before 4.8.12, when I/O APIC is     enabled, does not properly restrict the VCPU index,     which allows guest OS users to gain host OS privileges     or cause a denial of service (out-of-bounds array     access and host OS crash) via a crafted interrupt     request, related to arch/x86/kvm/ioapic.c and     arch/x86/kvm/ioapic.h.(CVE-2016-9777)

  - The instruction decoder in arch/x86/kvm/emulate.c in     the KVM subsystem in the Linux kernel before 3.18-rc2     lacks intended decoder-table flags for certain     RIP-relative instructions, which allows guest OS users     to cause a denial of service (NULL pointer dereference     and host OS crash) via a crafted     application.(CVE-2014-8480)

  - arch/x86/kernel/entry_32.S in the Linux kernel through     3.15.1 on 32-bit x86 platforms, when syscall auditing     is enabled and the sep CPU feature flag is set, allows     local users to cause a denial of service (OOPS and     system crash) via an invalid syscall number, as     demonstrated by number 1000.(CVE-2014-4508)

  - The overlayfs implementation in the Linux kernel     through 4.5.2 does not properly restrict the mount     namespace, which allows local users to gain privileges     by mounting an overlayfs filesystem on top of a FUSE     filesystem, and then executing a crafted setuid     program.(CVE-2016-1576)

  - A use-after-free vulnerability was found when issuing     an ioctl to a sound device. This could allow a user to     exploit a race condition and create memory corruption     or possibly privilege escalation.(CVE-2017-15265)

  - The drivers/uwb/uwbd.c in the Linux kernel, before     4.13.6, allows local users to cause a denial of service     (general protection fault and system crash) or possibly     have unspecified other impact via a crafted USB     device.(CVE-2017-16526)

  - The Linux kernel was found vulnerable to a NULL pointer     dereference in the     drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe()     function caused by an unchecked return value from the     platform_get_resource() function. A successful flaw     exploitation can cause a system panic and a denial of     service. This flaw is believed not to be an attacker     triggerable as bad return value can be caused by     hardware misconfiguration.(CVE-2018-8043)

  - A flaw was found in the Linux kernel SCSI subsystem,     which allowed a local user to gain privileges or cause     a denial of service (memory corruption and system     crash) by issuing an SG_IO ioctl call while a device     was being detached.(CVE-2015-8962)

  - The xc2028_set_config function in     drivers/media/tuners/tuner-xc2028.c in the Linux kernel     before 4.6 allows local users to gain privileges or     cause a denial of service (use-after-free) via vectors     involving omission of the firmware name from a certain     data structure. Due to the nature of the flaw,     privilege escalation cannot be fully ruled out,     although we believe it is unlikely.(CVE-2016-7913)

  - drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver     in the Linux kernel through 4.0.5 does not ensure that     certain length values are sufficiently large, which     allows remote attackers to cause a denial of service     (system crash or large loop) or possibly execute     arbitrary code via a crafted packet, related to the (1)     oz_usb_rx and (2) oz_usb_handle_ep_data     functions.(CVE-2015-4002)

  - Race condition in the environ_read() function in     'fs/proc/base.c' in the Linux kernel before 4.5.4     allows local users to obtain sensitive information from     kernel memory by reading a '/proc/*/environ' file     during a process-setup time interval in which     environment-variable copying is     incomplete.(CVE-2016-7916)

  - Integer signedness error in the oz_hcd_get_desc_cnf     function in drivers/staging/ozwpan/ozhcd.c in the     OZWPAN driver in the Linux kernel through 4.0.5 allows     remote attackers to cause a denial of service (system     crash) or possibly execute arbitrary code via a crafted     packet.(CVE-2015-4001)

  - A vulnerability was found in the Linux kernel when     peeling off an association to the socket in another     network namespace. All transports in this association     are not to be rehashed and keep using the old key in     hashtable, thus removing transports from hashtable when     closing the socket, all transports are being freed.
    Later on a use-after-free issue could be caused when     looking up an association and dereferencing the     transports.(CVE-2017-15115)

  - The evm_verify_hmac function in     security/integrity/evm/evm_main.c in the Linux kernel     before 4.5 does not properly copy data, which makes it     easier for local users to forge MAC values via a timing     side-channel attack.(CVE-2016-2085)

  - A flaw was discovered in processing setsockopt for 32     bit processes on 64 bit systems. This flaw will allow     attackers to alter arbitrary kernel memory when     unloading a kernel module. This action is usually     restricted to root-privileged users but can also be     leveraged if the kernel is compiled with CONFIG_USER_NS     and CONFIG_NET_NS and the user is granted elevated     privileges.(CVE-2016-4997)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A use-after-free vulnerability was found in the     kernel's socket recvmmsg subsystem. This may allow     remote attackers to corrupt memory and may allow     execution of arbitrary code. This corruption takes     place during the error handling routines within
    __sys_recvmmsg() function.(CVE-2016-7117)

  - A heap-buffer overflow vulnerability was found in the     arcmsr_iop_message_xfer() function in     'drivers/scsi/arcmsr/arcmsr_hba.c' file in the Linux     kernel through 4.8.2. The function does not restrict a     certain length field, which allows local users to gain     privileges or cause a denial of service via an     ARCMSR_MESSAGE_WRITE_WQBUFFER control code. This can     potentially cause kernel heap corruption and arbitrary     kernel code execution.(CVE-2016-7425)

  - A flaw was found in the Linux kernel's implementation     of seq_file where a local attacker could manipulate     memory in the put() function pointer. This could lead     to memory corruption and possible privileged     escalation.(CVE-2016-7910)

  - A use-after-free vulnerability in sys_ioprio_get() was     found due to get_task_ioprio() accessing the     task->io_context without holding the task lock and     could potentially race with exit_io_context(), leading     to a use-after-free.(CVE-2016-7911)

  - The xc2028_set_config function in     drivers/media/tuners/tuner-xc2028.c in the Linux kernel     before 4.6 allows local users to gain privileges or     cause a denial of service (use-after-free) via vectors     involving omission of the firmware name from a certain     data structure. Due to the nature of the flaw,     privilege escalation cannot be fully ruled out,     although we believe it is unlikely.(CVE-2016-7913)

  - The assoc_array_insert_into_terminal_node() function in     'lib/assoc_array.c' in the Linux kernel before 4.5.3     does not check whether a slot is a leaf, which allows     local users to obtain sensitive information from kernel     memory or cause a denial of service (invalid pointer     dereference and out-of-bounds read) via an application     that uses associative-array data     structures.(CVE-2016-7914)

  - The hid_input_field() function in     'drivers/hid/hid-core.c' in the Linux kernel before 4.6     allows physically proximate attackers to obtain     sensitive information from kernel memory or cause a     denial of service (out-of-bounds read) by connecting a     device.(CVE-2016-7915)

  - Race condition in the environ_read() function in     'fs/proc/base.c' in the Linux kernel before 4.5.4     allows local users to obtain sensitive information from     kernel memory by reading a '/proc/*/environ' file     during a process-setup time interval in which     environment-variable copying is     incomplete.(CVE-2016-7916)

  - A flaw was found in the Linux networking subsystem     where a local attacker with CAP_NET_ADMIN capabilities     could cause an out-of-bounds memory access by creating     a smaller-than-expected ICMP header and sending to its     destination via sendto().(CVE-2016-8399)

  - Linux kernel built with the Kernel-based Virtual     Machine (CONFIG_KVM) support is vulnerable to a null     pointer dereference flaw. It could occur on x86     platform, when emulating an undefined instruction. An     attacker could use this flaw to crash the host kernel     resulting in DoS.(CVE-2016-8630)

  - A buffer overflow vulnerability due to a lack of input     filtering of incoming fragmented datagrams was found in     the IP-over-1394 driver firewire-net in a fragment     handling code in the Linux kernel. The vulnerability     exists since firewire supported IPv4, i.e. since     version 2.6.31 (year 2009) till version v4.9-rc4. A     maliciously formed fragment with a respectively large     datagram offset would cause a memcpy() past the     datagram buffer, which would cause a system panic or     possible arbitrary code execution.The flaw requires     firewire-net module to be loaded and is remotely     exploitable from connected firewire devices, but not     over a local network.(CVE-2016-8633)

  - It was discovered that the Linux kernel since 3.6-rc1     with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG()     statement in tcp_collapse() function after making a     number of certain syscalls leading to a possible system     crash.(CVE-2016-8645)

  - A vulnerability was found in the Linux kernel. An     unprivileged local user could trigger oops in     shash_async_export() by attempting to force the     in-kernel hashing algorithms into decrypting an empty     data set.(CVE-2016-8646)

  - A flaw was found in the Linux kernel key management     subsystem in which a local attacker could crash the     kernel or corrupt the stack and additional memory     (denial of service) by supplying a specially crafted     RSA key. This flaw panics the machine during the     verification of the RSA key.(CVE-2016-8650)

  - A race condition issue leading to a use-after-free flaw     was found in the way the raw packet sockets     implementation in the Linux kernel networking subsystem     handled synchronization while creating the TPACKET_V3     ring buffer. A local user able to open a raw packet     socket (requires the CAP_NET_RAW capability) could use     this flaw to elevate their privileges on the     system.(CVE-2016-8655)

  - A flaw was found in the way the Linux kernel's     networking subsystem handled offloaded packets with     multiple layers of encapsulation in the GRO (Generic     Receive Offload) code path. A remote attacker could use     this flaw to trigger unbounded recursion in the kernel     that could lead to stack corruption, resulting in a     system crash.(CVE-2016-8666)

  - A flaw was discovered in the Linux kernel's     implementation of VFIO. An attacker issuing an ioctl     can create a situation where memory is corrupted and     modify memory outside of the expected area. This may     overwrite kernel memory and subvert kernel     execution.(CVE-2016-9083)

  - The use of a kzalloc with an integer multiplication     allowed an integer overflow condition to be reached in     vfio_pci_intrs.c. This combined with CVE-2016-9083 may     allow an attacker to craft an attack and use     unallocated memory, potentially crashing the     machine.(CVE-2016-9084)

  - A flaw was found in the Linux kernel's implementation     of the SCTP protocol. A remote attacker could trigger     an out-of-bounds read with an offset of up to 64kB     potentially causing the system to crash.(CVE-2016-9555)

  - It was found that the blk_rq_map_user_iov() function in     the Linux kernel's block device implementation did not     properly restrict the type of iterator, which could     allow a local attacker to read or write to arbitrary     kernel memory locations or cause a denial of service     (use-after-free) by leveraging write access to a     /dev/sg device.(CVE-2016-9576)

  - Linux kernel built with the KVM visualization support     (CONFIG_KVM), with nested visualization(nVMX) feature     enabled(nested=1), is vulnerable to an uncaught     exception issue. It could occur if an L2 guest was to     throw an exception which is not handled by an L1     guest.(CVE-2016-9588)

  - It was discovered that root can gain direct access to     an internal keyring, such as '.dns_resolver' in RHEL-7     or '.builtin_trusted_keys' upstream, by joining it as     its session keyring. This allows root to bypass module     signature verification by adding a new public key of     its own devising to the keyring.(CVE-2016-9604)

  - A flaw was found in the Linux kernel's implementation     of XFS file attributes. Two memory leaks were detected     in xfs_attr_shortform_list and xfs_attr3_leaf_list_int     when running a docker container backed by xfs/overlay2.
    A dedicated attacker could possible exhaust all memory     and create a denial of service     situation.(CVE-2016-9685)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Use-after-free vulnerability in the disk_seqf_stop     function in block/genhd.c in the Linux kernel before     4.7.1 allows local users to gain privileges by     leveraging the execution of a certain stop operation     even if the corresponding start operation had     failed.(CVE-2016-7910)

  - Race condition in the get_task_ioprio function in     block/ioprio.c in the Linux kernel before 4.6.6 allows     local users to gain privileges or cause a denial of     service (use-after-free) via a crafted ioprio_get     system call.(CVE-2016-7911)

  - The assoc_array_insert_into_terminal_node function in     lib/assoc_array.c in the Linux kernel before 4.5.3 does     not check whether a slot is a leaf, which allows local     users to obtain sensitive information from kernel     memory or cause a denial of service (invalid pointer     dereference and out-of-bounds read) via an application     that uses associative-array data structures, as     demonstrated by the keyutils test suite.(CVE-2016-7914)

  - The IPv6 stack in the Linux kernel before 4.3.3     mishandles options data, which allows local users to     gain privileges or cause a denial of service     (use-after-free and system crash) via a crafted sendmsg     system call.(CVE-2016-3841)

  - Race condition in the environ_read function in     fs/proc/base.c in the Linux kernel before 4.5.4 allows     local users to obtain sensitive information from kernel     memory by reading a /proc/*/environ file during a     process-setup time interval in which     environment-variable copying is     incomplete.(CVE-2016-7916)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2015-8970: crypto/algif_skcipher.c in the Linux     kernel did not verify that a setkey operation has been     performed on an AF_ALG socket before an accept system     call is processed, which allowed local users to cause a     denial of service (NULL pointer dereference and system     crash) via a crafted application that did not supply a     key, related to the lrw_crypt function in crypto/lrw.c     (bnc#1008374).

  - CVE-2017-5551: Clear S_ISGID on tmpfs when setting posix     ACLs (bsc#1021258).

  - CVE-2016-7097: The filesystem implementation in the     Linux kernel preserves the setgid bit during a setxattr     call, which allowed local users to gain group privileges     by leveraging the existence of a setgid program with     restrictions on execute permissions (bnc#995968).

  - CVE-2016-10088: The sg implementation in the Linux     kernel did not properly restrict write operations in     situations where the KERNEL_DS option is set, which     allowed local users to read or write to arbitrary kernel     memory locations or cause a denial of service     (use-after-free) by leveraging access to a /dev/sg     device, related to block/bsg.c and drivers/scsi/sg.c.
    NOTE: this vulnerability exists because of an incomplete     fix for CVE-2016-9576 (bnc#1017710).

  - CVE-2004-0230: TCP, when using a large Window Size, made     it easier for remote attackers to guess sequence numbers     and cause a denial of service (connection loss) to     persistent TCP connections by repeatedly injecting a TCP     RST packet, especially in protocols that use long-lived     connections, such as BGP (bnc#969340).

  - CVE-2016-8632: The tipc_msg_build function in     net/tipc/msg.c in the Linux kernel did not validate the     relationship between the minimum fragment length and the     maximum packet size, which allowed local users to gain     privileges or cause a denial of service (heap-based     buffer overflow) by leveraging the CAP_NET_ADMIN     capability (bnc#1008831).

  - CVE-2016-8399: An elevation of privilege vulnerability     in the kernel networking subsystem could have enabled a     local malicious application to execute arbitrary code     within the context of the kernel bnc#1014746).

  - CVE-2016-9793: The sock_setsockopt function in     net/core/sock.c in the Linux kernel mishandled negative     values of sk_sndbuf and sk_rcvbuf, which allowed local     users to cause a denial of service (memory corruption     and system crash) or possibly have unspecified other     impact by leveraging the CAP_NET_ADMIN capability for a     crafted setsockopt system call with the (1)     SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option     (bnc#1013531).

  - CVE-2012-6704: The sock_setsockopt function in     net/core/sock.c in the Linux kernel mishandled negative     values of sk_sndbuf and sk_rcvbuf, which allowed local     users to cause a denial of service (memory corruption     and system crash) or possibly have unspecified other     impact by leveraging the CAP_NET_ADMIN capability for a     crafted setsockopt system call with the (1) SO_SNDBUF or     (2) SO_RCVBUF option (bnc#1013542).

  - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux     kernel did not properly initialize Code Segment (CS) in     certain error cases, which allowed local users to obtain     sensitive information from kernel stack memory via a     crafted application (bnc#1013038).

  - CVE-2016-3841: The IPv6 stack in the Linux kernel     mishandled options data, which allowed local users to     gain privileges or cause a denial of service     (use-after-free and system crash) via a crafted sendmsg     system call (bnc#992566).

  - CVE-2016-9685: Multiple memory leaks in error paths in     fs/xfs/xfs_attr_list.c in the Linux kernel allowed local     users to cause a denial of service (memory consumption)     via crafted XFS filesystem operations (bnc#1012832).

  - CVE-2015-1350: The VFS subsystem in the Linux kernel     provided an incomplete set of requirements for setattr     operations that underspecifies removing extended     privilege attributes, which allowed local users to cause     a denial of service (capability stripping) via a failed     invocation of a system call, as demonstrated by using     chown to remove a capability from the ping or Wireshark     dumpcap program (bnc#914939).

  - CVE-2015-8962: Double free vulnerability in the     sg_common_write function in drivers/scsi/sg.c in the     Linux kernel allowed local users to gain privileges or     cause a denial of service (memory corruption and system     crash) by detaching a device during an SG_IO ioctl call     (bnc#1010501).

  - CVE-2016-9555: The sctp_sf_ootb function in     net/sctp/sm_statefuns.c in the Linux kernel lacked     chunk-length checking for the first chunk, which allowed     remote attackers to cause a denial of service     (out-of-bounds slab access) or possibly have unspecified     other impact via crafted SCTP data (bnc#1011685).

  - CVE-2016-7910: Use-after-free vulnerability in the     disk_seqf_stop function in block/genhd.c in the Linux     kernel allowed local users to gain privileges by     leveraging the execution of a certain stop operation     even if the corresponding start operation had failed     (bnc#1010716).

  - CVE-2016-7911: Race condition in the get_task_ioprio     function in block/ioprio.c in the Linux kernel allowed     local users to gain privileges or cause a denial of     service (use-after-free) via a crafted ioprio_get system     call (bnc#1010711).

  - CVE-2015-8964: The tty_set_termios_ldisc function in     drivers/tty/tty_ldisc.c in the Linux kernel allowed     local users to obtain sensitive information from kernel     memory by reading a tty data structure (bnc#1010507).

  - CVE-2016-7916: Race condition in the environ_read     function in fs/proc/base.c in the Linux kernel allowed     local users to obtain sensitive information from kernel     memory by reading a /proc/*/environ file during a     process-setup time interval in which     environment-variable copying is incomplete     (bnc#1010467).

  - CVE-2016-8646: The hash_accept function in     crypto/algif_hash.c in the Linux kernel allowed local     users to cause a denial of service (OOPS) by attempting     to trigger use of in-kernel hash algorithms for a socket     that has received zero bytes of data (bnc#1010150).

  - CVE-2016-8633: drivers/firewire/net.c in the Linux     kernel in certain unusual hardware configurations     allowed remote attackers to execute arbitrary code via     crafted fragmented packets (bnc#1008833).

  - CVE-2016-7042: The proc_keys_show function in     security/keys/proc.c in the Linux, when the GNU Compiler     Collection (gcc) stack protector is enabled, used an     incorrect buffer size for certain timeout data, which     allowed local users to cause a denial of service (stack     memory corruption and panic) by reading the /proc/keys     file (bnc#1004517).

  - CVE-2015-8956: The rfcomm_sock_bind function in     net/bluetooth/rfcomm/sock.c in the Linux kernel allowed     local users to obtain sensitive information or cause a     denial of service (NULL pointer dereference) via vectors     involving a bind system call on a Bluetooth RFCOMM     socket (bnc#1003925).

  - CVE-2016-7117: Use-after-free vulnerability in the
    __sys_recvmmsg function in net/socket.c in the Linux     kernel allowed remote attackers to execute arbitrary     code via vectors involving a recvmmsg system call that     is mishandled during error processing (bnc#1003077).

  - CVE-2016-0823: The pagemap_open function in     fs/proc/task_mmu.c in the Linux kernel allowed local     users to obtain sensitive physical-address information     by reading a pagemap file (bnc#994759).

  - CVE-2016-7425: The arcmsr_iop_message_xfer function in     drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did     not restrict a certain length field, which allowed local     users to gain privileges or cause a denial of service     (heap-based buffer overflow) via an     ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).

  - CVE-2016-6828: The tcp_check_send_head function in     include/net/tcp.h in the Linux kernel did not properly     maintain certain SACK state after a failed data copy,     which allowed local users to cause a denial of service     (tcp_xmit_retransmit_queue use-after-free and system     crash) via a crafted SACK option (bnc#994296).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 11 SP4 kernel was updated to 3.0.101-94 to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2017-5551: tmpfs: clear S_ISGID when setting posix     ACLs (bsc#1021258).

  - CVE-2016-10088: The sg implementation in the Linux     kernel did not properly restrict write operations in     situations where the KERNEL_DS option is set, which     allowed local users to read or write to arbitrary kernel     memory locations or cause a denial of service     (use-after-free) by leveraging access to a /dev/sg     device NOTE: this vulnerability existed because of an     incomplete fix for CVE-2016-9576 (bnc#1017710).

  - CVE-2016-5696: TCP, when using a large Window Size, made     it easier for remote attackers to guess sequence numbers     and cause a denial of service (connection loss) to     persistent TCP connections by repeatedly injecting a TCP     RST packet, especially in protocols that use long-lived     connections, such as BGP (bnc#989152).

  - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x     provided an incomplete set of requirements for setattr     operations that underspecified removing extended     privilege attributes, which allowed local users to cause     a denial of service (capability stripping) via a failed     invocation of a system call, as demonstrated by using     chown to remove a capability from the ping or Wireshark     dumpcap program (bnc#914939).

  - CVE-2016-8632: The tipc_msg_build function in     net/tipc/msg.c in the Linux kernel did not validate the     relationship between the minimum fragment length and the     maximum packet size, which allowed local users to gain     privileges or cause a denial of service (heap-based     buffer overflow) by leveraging the CAP_NET_ADMIN     capability (bnc#1008831).

  - CVE-2016-8399: An elevation of privilege vulnerability     in the kernel networking subsystem could enable a local     malicious application to execute arbitrary code within     the context of the kernel. This issue is rated as     Moderate because it first requires compromising a     privileged process and current compiler optimizations     restrict access to the vulnerable code. (bnc#1014746).

  - CVE-2016-9793: The sock_setsockopt function in     net/core/sock.c in the Linux kernel mishandled negative     values of sk_sndbuf and sk_rcvbuf, which allowed local     users to cause a denial of service (memory corruption     and system crash) or possibly have unspecified other     impact by leveraging the CAP_NET_ADMIN capability for a     crafted setsockopt system call with the (1)     SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option     (bnc#1013531).

  - CVE-2012-6704: The sock_setsockopt function in     net/core/sock.c in the Linux kernel mishandled negative     values of sk_sndbuf and sk_rcvbuf, which allowed local     users to cause a denial of service (memory corruption     and system crash) or possibly have unspecified other     impact by leveraging the CAP_NET_ADMIN capability for a     crafted setsockopt system call with the (1) SO_SNDBUF or     (2) SO_RCVBUF option (bnc#1013542).

  - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux     kernel did not properly initialize Code Segment (CS) in     certain error cases, which allowed local users to obtain     sensitive information from kernel stack memory via a     crafted application (bnc#1013038).

  - CVE-2016-9685: Multiple memory leaks in error paths in     fs/xfs/xfs_attr_list.c in the Linux kernel allowed local     users to cause a denial of service (memory consumption)     via crafted XFS filesystem operations (bnc#1012832).

  - CVE-2015-8962: Double free vulnerability in the     sg_common_write function in drivers/scsi/sg.c in the     Linux kernel allowed local users to gain privileges or     cause a denial of service (memory corruption and system     crash) by detaching a device during an SG_IO ioctl call     (bnc#1010501).

  - CVE-2016-9555: The sctp_sf_ootb function in     net/sctp/sm_statefuns.c in the Linux kernel lacked     chunk-length checking for the first chunk, which allowed     remote attackers to cause a denial of service     (out-of-bounds slab access) or possibly have unspecified     other impact via crafted SCTP data (bnc#1011685).

  - CVE-2016-7910: Use-after-free vulnerability in the     disk_seqf_stop function in block/genhd.c in the Linux     kernel allowed local users to gain privileges by     leveraging the execution of a certain stop operation     even if the corresponding start operation had failed     (bnc#1010716).

  - CVE-2016-7911: Race condition in the get_task_ioprio     function in block/ioprio.c in the Linux kernel allowed     local users to gain privileges or cause a denial of     service (use-after-free) via a crafted ioprio_get system     call (bnc#1010711).

  - CVE-2013-6368: The KVM subsystem in the Linux kernel     allowed local users to gain privileges or cause a denial     of service (system crash) via a VAPIC synchronization     operation involving a page-end address (bnc#853052).

  - CVE-2015-8964: The tty_set_termios_ldisc function in     drivers/tty/tty_ldisc.c in the Linux kernel allowed     local users to obtain sensitive information from kernel     memory by reading a tty data structure (bnc#1010507).

  - CVE-2016-7916: Race condition in the environ_read     function in fs/proc/base.c in the Linux kernel allowed     local users to obtain sensitive information from kernel     memory by reading a /proc/*/environ file during a     process-setup time interval in which     environment-variable copying is incomplete     (bnc#1010467).

  - CVE-2016-8646: The hash_accept function in     crypto/algif_hash.c in the Linux kernel allowed local     users to cause a denial of service (OOPS) by attempting     to trigger use of in-kernel hash algorithms for a socket     that has received zero bytes of data (bnc#1010150).

  - CVE-2016-8633: drivers/firewire/net.c in the Linux     kernel, in certain unusual hardware configurations,     allowed remote attackers to execute arbitrary code via     crafted fragmented packets (bnc#1008833).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 11 SP2 LTSS kernel was updated to receive various security and bugfixes. This is the last planned LTSS kernel update for the SUSE Linux Enterprise Server 11 SP2 LTSS. The following security bugs were fixed :

  - CVE-2016-10088: The sg implementation in the Linux     kernel did not properly restrict write operations in     situations where the KERNEL_DS option is set, which     allowed local users to read or write to arbitrary kernel     memory locations or cause a denial of service     (use-after-free) by leveraging access to a /dev/sg     device, related to block/bsg.c and drivers/scsi/sg.c.
    NOTE: this vulnerability exists because of an incomplete     fix for CVE-2016-9576 (bnc#1017710).

  - CVE-2004-0230: TCP, when using a large Window Size, made     it easier for remote attackers to guess sequence numbers     and cause a denial of service (connection loss) to     persistent TCP connections by repeatedly injecting a TCP     RST packet, especially in protocols that use long-lived     connections, such as BGP (bnc#969340).

  - CVE-2016-8632: The tipc_msg_build function in     net/tipc/msg.c in the Linux kernel did not validate the     relationship between the minimum fragment length and the     maximum packet size, which allowed local users to gain     privileges or cause a denial of service (heap-based     buffer overflow) by leveraging the CAP_NET_ADMIN     capability (bnc#1008831).

  - CVE-2016-8399: An out of bounds read in the ping     protocol handler could have lead to information     disclosure (bsc#1014746).

  - CVE-2016-9793: The sock_setsockopt function in     net/core/sock.c in the Linux kernel mishandled negative     values of sk_sndbuf and sk_rcvbuf, which allowed local     users to cause a denial of service (memory corruption     and system crash) or possibly have unspecified other     impact by leveraging the CAP_NET_ADMIN capability for a     crafted setsockopt system call with the (1)     SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option     (bnc#1013531).

  - CVE-2012-6704: The sock_setsockopt function in     net/core/sock.c in the Linux kernel mishandled negative     values of sk_sndbuf and sk_rcvbuf, which allowed local     users to cause a denial of service (memory corruption     and system crash) or possibly have unspecified other     impact by leveraging the CAP_NET_ADMIN capability for a     crafted setsockopt system call with the (1) SO_SNDBUF or     (2) SO_RCVBUF option (bnc#1013542).

  - CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux     kernel did not properly initialize Code Segment (CS) in     certain error cases, which allowed local users to obtain     sensitive information from kernel stack memory via a     crafted application (bnc#1013038).

  - CVE-2016-3841: The IPv6 stack in the Linux kernel     mishandled options data, which allowed local users to     gain privileges or cause a denial of service     (use-after-free and system crash) via a crafted sendmsg     system call (bnc#992566).

  - CVE-2016-9685: Multiple memory leaks in error paths in     fs/xfs/xfs_attr_list.c in the Linux kernel allowed local     users to cause a denial of service (memory consumption)     via crafted XFS filesystem operations (bnc#1012832).

  - CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x     provides an incomplete set of requirements for setattr     operations that underspecified removing extended     privilege attributes, which allowed local users to cause     a denial of service (capability stripping) via a failed     invocation of a system call, as demonstrated by using     chown to remove a capability from the ping or Wireshark     dumpcap program (bnc#914939).

  - CVE-2015-8962: Double free vulnerability in the     sg_common_write function in drivers/scsi/sg.c in the     Linux kernel allowed local users to gain privileges or     cause a denial of service (memory corruption and system     crash) by detaching a device during an SG_IO ioctl call     (bnc#1010501).

  - CVE-2016-9555: The sctp_sf_ootb function in     net/sctp/sm_statefuns.c in the Linux kernel lacked     chunk-length checking for the first chunk, which allowed     remote attackers to cause a denial of service     (out-of-bounds slab access) or possibly have unspecified     other impact via crafted SCTP data (bnc#1011685).

  - CVE-2016-7910: Use-after-free vulnerability in the     disk_seqf_stop function in block/genhd.c in the Linux     kernel allowed local users to gain privileges by     leveraging the execution of a certain stop operation     even if the corresponding start operation had failed     (bnc#1010716).

  - CVE-2016-7911: Race condition in the get_task_ioprio     function in block/ioprio.c in the Linux kernel allowed     local users to gain privileges or cause a denial of     service (use-after-free) via a crafted ioprio_get system     call (bnc#1010711).

  - CVE-2015-8964: The tty_set_termios_ldisc function in     drivers/tty/tty_ldisc.c in the Linux kernel allowed     local users to obtain sensitive information from kernel     memory by reading a tty data structure (bnc#1010507).

  - CVE-2016-7916: Race condition in the environ_read     function in fs/proc/base.c in the Linux kernel allowed     local users to obtain sensitive information from kernel     memory by reading a /proc/*/environ file during a     process-setup time interval in which     environment-variable copying is incomplete     (bnc#1010467).

  - CVE-2016-8646: The hash_accept function in     crypto/algif_hash.c in the Linux kernel allowed local     users to cause a denial of service (OOPS) by attempting     to trigger use of in-kernel hash algorithms for a socket     that has received zero bytes of data (bnc#1010150).

  - CVE-2016-8633: drivers/firewire/net.c in the Linux     kernel before 4.8.7, in certain unusual hardware     configurations, allowed remote attackers to execute     arbitrary code via crafted fragmented packets     (bnc#1008833).

  - CVE-2016-7042: The proc_keys_show function in     security/keys/proc.c in the Linux kernel used an     incorrect buffer size for certain timeout data, which     allowed local users to cause a denial of service (stack     memory corruption and panic) by reading the /proc/keys     file (bnc#1004517).

  - CVE-2016-7097: The filesystem implementation in the     Linux kernel preserves the setgid bit during a setxattr     call, which allowed local users to gain group privileges     by leveraging the existence of a setgid program with     restrictions on execute permissions (bnc#995968).

  - CVE-2017-5551: The filesystem implementation in the     Linux kernel preserves the setgid bit during a setxattr     call, which allowed local users to gain group privileges     by leveraging the existence of a setgid program with     restrictions on execute permissions. This CVE tracks the     fix for the tmpfs filesystem. (bsc#1021258).

  - CVE-2015-8956: The rfcomm_sock_bind function in     net/bluetooth/rfcomm/sock.c in the Linux kernel allowed     local users to obtain sensitive information or cause a     denial of service (NULL pointer dereference) via vectors     involving a bind system call on a Bluetooth RFCOMM     socket (bnc#1003925).

  - CVE-2016-7117: Use-after-free vulnerability in the
    __sys_recvmmsg function in net/socket.c in the Linux     kernel allowed remote attackers to execute arbitrary     code via vectors involving a recvmmsg system call that     is mishandled during error processing (bnc#1003077).

  - CVE-2016-0823: The pagemap_open function in     fs/proc/task_mmu.c in the Linux kernel allowed local     users to obtain sensitive physical-address information     by reading a pagemap file, aka Android internal bug     25739721 (bnc#994759).

  - CVE-2016-7425: The arcmsr_iop_message_xfer function in     drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did     not restrict a certain length field, which allowed local     users to gain privileges or cause a denial of service     (heap-based buffer overflow) via an     ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).

  - CVE-2016-6828: The tcp_check_send_head function in     include/net/tcp.h in the Linux kernel did not properly     maintain certain SACK state after a failed data copy,     which allowed local users to cause a denial of service     (tcp_xmit_retransmit_queue use-after-free and system     crash) via a crafted SACK option (bnc#994296).

  - CVE-2016-6480: Race condition in the ioctl_send_fib     function in drivers/scsi/aacraid/commctrl.c in the Linux     kernel allowed local users to cause a denial of service     (out-of-bounds access or system crash) by changing a     certain size value, aka a 'double fetch' vulnerability     (bnc#991608).

  - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt     implementation in the netfilter subsystem in the Linux     kernel allowed local users to cause a denial of service     (out-of-bounds read) or possibly obtain sensitive     information from kernel heap memory by leveraging     in-container root access to provide a crafted offset     value that leads to crossing a ruleset blob boundary     (bsc#986365).

  - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel     did not reset the PIT counter values during state     restoration, which allowed guest OS users to cause a     denial of service (divide-by-zero error and host OS     crash) via a zero value, related to the     kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions     (bnc#960689).

  - CVE-2013-4312: The Linux kernel allowed local users to     bypass file-descriptor limits and cause a denial of     service (memory consumption) by sending each descriptor     over a UNIX socket before closing it, related to     net/unix/af_unix.c and net/unix/garbage.c (bnc#839104).

  - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and     IP6T_SO_SET_REPLACE setsockopt implementations in the     netfilter subsystem in the Linux kernel allow local     users to gain privileges or cause a denial of service     (memory corruption) by leveraging in-container root     access to provide a crafted offset value that triggers     an unintended decrement (bnc#986362).

  - CVE-2016-5829: Multiple heap-based buffer overflows in     the hiddev_ioctl_usage function in     drivers/hid/usbhid/hiddev.c in the Linux kernel allow     local users to cause a denial of service or possibly     have unspecified other impact via a crafted (1)     HIDIOCGUSAGES or (2) HIDIOCSUSAGES ioctl call     (bnc#986572).

  - CVE-2016-4470: The key_reject_and_link function in     security/keys/key.c in the Linux kernel did not ensure     that a certain data structure is initialized, which     allowed local users to cause a denial of service (system     crash) via vectors involving a crafted keyctl request2     command (bnc#984755).

  - CVE-2016-5244: The rds_inc_info_copy function in     net/rds/recv.c in the Linux kernel did not initialize a     certain structure member, which allowed remote attackers     to obtain sensitive information from kernel stack memory     by reading an RDS message (bnc#983213).

  - CVE-2016-1583: The ecryptfs_privileged_open function in     fs/ecryptfs/kthread.c in the Linux kernel allowed local     users to gain privileges or cause a denial of service     (stack memory consumption) via vectors involving crafted     mmap calls for /proc pathnames, leading to recursive     pagefault handling (bnc#983143).

  - CVE-2016-4913: The get_rock_ridge_filename function in     fs/isofs/rock.c in the Linux kernel mishandled NM (aka     alternate name) entries containing \0 characters, which     allowed local users to obtain sensitive information from     kernel memory or possibly have unspecified other impact     via a crafted isofs filesystem (bnc#980725).

  - CVE-2016-4580: The x25_negotiate_facilities function in     net/x25/x25_facilities.c in the Linux kernel did not     properly initialize a certain data structure, which     allowed attackers to obtain sensitive information from     kernel stack memory via an X.25 Call Request     (bnc#981267).

  - CVE-2016-4805: Use-after-free vulnerability in     drivers/net/ppp/ppp_generic.c in the Linux kernel     allowed local users to cause a denial of service (memory     corruption and system crash, or spinlock) or possibly     have unspecified other impact by removing a network     namespace, related to the ppp_register_net_channel and     ppp_unregister_channel functions (bnc#980371).

  - CVE-2015-7833: The usbvision driver in the Linux kernel     allowed physically proximate attackers to cause a denial     of service (panic) via a nonzero bInterfaceNumber value     in a USB device descriptor (bnc#950998).

  - CVE-2016-2187: The gtco_probe function in     drivers/input/tablet/gtco.c in the Linux kernel allowed     physically proximate attackers to cause a denial of     service (NULL pointer dereference and system crash) via     a crafted endpoints value in a USB device descriptor     (bnc#971944).

  - CVE-2016-4482: The proc_connectinfo function in     drivers/usb/core/devio.c in the Linux kernel did not     initialize a certain data structure, which allowed local     users to obtain sensitive information from kernel stack     memory via a crafted USBDEVFS_CONNECTINFO ioctl call     (bnc#978401).

  - CVE-2016-4565: The InfiniBand (aka IB) stack in the     Linux kernel incorrectly relies on the write system     call, which allowed local users to cause a denial of     service (kernel memory write operation) or possibly have     unspecified other impact via a uAPI interface     (bnc#979548).

  - CVE-2016-4485: The llc_cmsg_rcv function in     net/llc/af_llc.c in the Linux kernel did not initialize     a certain data structure, which allowed attackers to     obtain sensitive information from kernel stack memory by     reading a message (bnc#978821).

  - CVE-2016-4578: sound/core/timer.c in the Linux kernel     did not initialize certain r1 data structures, which     allowed local users to obtain sensitive information from     kernel stack memory via crafted use of the ALSA timer     interface, related to the (1) snd_timer_user_ccallback     and (2) snd_timer_user_tinterrupt functions     (bnc#979879).

  - CVE-2016-4569: The snd_timer_user_params function in     sound/core/timer.c in the Linux kernel did not     initialize a certain data structure, which allowed local     users to obtain sensitive information from kernel stack     memory via crafted use of the ALSA timer interface     (bnc#979213).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3160-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS.

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213)

It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-7916).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

CAI Qian discovered that shared bind mounts in a mount namespace exponentially added entries without restriction to the Linux kernel's mount table. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-6213)

It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-7916).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that a race condition existed in the procfs environ_read function in the Linux kernel, leading to an integer underflow. A local attacker could use this to expose sensitive information (kernel memory).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The openSUSE 13.2 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

  - CVE-2015-8962: Double free vulnerability in the     sg_common_write function in drivers/scsi/sg.c in the     Linux kernel allowed local users to gain privileges or     cause a denial of service (memory corruption and system     crash) by detaching a device during an SG_IO ioctl call     (bnc#1010501).

  - CVE-2015-8963: Race condition in kernel/events/core.c in     the Linux kernel allowed local users to gain privileges     or cause a denial of service (use-after-free) by     leveraging incorrect handling of an swevent data     structure during a CPU unplug operation (bnc#1010502).

  - CVE-2016-7042: The proc_keys_show function in     security/keys/proc.c in the Linux kernel through 4.8.2,     when the GNU Compiler Collection (gcc) stack protector     is enabled, uses an incorrect buffer size for certain     timeout data, which allowed local users to cause a     denial of service (stack memory corruption and panic) by     reading the /proc/keys file (bnc#1004517).

  - CVE-2016-7910: Use-after-free vulnerability in the     disk_seqf_stop function in block/genhd.c in the Linux     kernel allowed local users to gain privileges by     leveraging the execution of a certain stop operation     even if the corresponding start operation had failed     (bnc#1010716).

  - CVE-2016-7911: Race condition in the get_task_ioprio     function in block/ioprio.c in the Linux kernel allowed     local users to gain privileges or cause a denial of     service (use-after-free) via a crafted ioprio_get system     call (bnc#1010711).

  - CVE-2016-7913: The xc2028_set_config function in     drivers/media/tuners/tuner-xc2028.c in the Linux kernel     allowed local users to gain privileges or cause a denial     of service (use-after-free) via vectors involving     omission of the firmware name from a certain data     structure (bnc#1010478).

  - CVE-2016-7914: The assoc_array_insert_into_terminal_node     function in lib/assoc_array.c in the Linux kernel did     not check whether a slot is a leaf, which allowed local     users to obtain sensitive information from kernel memory     or cause a denial of service (invalid pointer     dereference and out-of-bounds read) via an application     that uses associative-array data structures, as     demonstrated by the keyutils test suite (bnc#1010475).

  - CVE-2016-7916: Race condition in the environ_read     function in fs/proc/base.c in the Linux kernel allowed     local users to obtain sensitive information from kernel     memory by reading a /proc/*/environ file during a     process-setup time interval in which     environment-variable copying is incomplete     (bnc#1010467).

  - CVE-2016-8633: drivers/firewire/net.c in the Linux     kernel before 4.8.7, in certain unusual hardware     configurations, allowed remote attackers to execute     arbitrary code via crafted fragmented packets     (bnc#1008833).

  - CVE-2016-8646: The hash_accept function in     crypto/algif_hash.c in the Linux kernel allowed local     users to cause a denial of service (OOPS) by attempting     to trigger use of in-kernel hash algorithms for a socket     that has received zero bytes of data (bnc#1010150).

  - CVE-2016-8655: A race condition in the af_packet     packet_set_ring function could be used by local     attackers to crash the kernel or gain privileges     (bsc#1012754).

  - CVE-2016-9555: The sctp_sf_ootb function in     net/sctp/sm_statefuns.c in the Linux kernel lacks     chunk-length checking for the first chunk, which allowed     remote attackers to cause a denial of service     (out-of-bounds slab access) or possibly have unspecified     other impact via crafted SCTP data (bnc#1011685).

The following non-security bugs were fixed :

  - bna: Add synchronization for tx ring (bsc#993739).

  - bonding: set carrier off for devices created through     netlink (bsc#999577).

  - btrfs: fix extent tree corruption due to relocation     (bsc#990384).

  - introduce NETIF_F_GSO_ENCAP_ALL helper mask     (bsc#1001486).

  - ipv6: send NEWLINK on RA managed/otherconf changes     (bsc#934067).

  - ipv6: send only one NEWLINK when RA causes changes     (bsc#934067).

  - tunnels: Remove encapsulation offloads on decap     (bsc#1001486).

  - usbhid: add ATEN CS962 to list of quirky devices     (bsc#1007615).

  - vmxnet3: Wake queue from reset work (bsc#999907).

ID	Name	Product	Family	Severity
124981	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1528)	Nessus	Huawei Local Security Checks	high
124819	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1496)	Nessus	Huawei Local Security Checks	critical
99846	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1089)	Nessus	Huawei Local Security Checks	high
97297	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0494-1)	Nessus	SuSE Local Security Checks	critical
97097	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0437-1)	Nessus	SuSE Local Security Checks	critical
96903	SUSE SLES11 Security Update : kernel (SUSE-SU-2017:0333-1)	Nessus	SuSE Local Security Checks	critical
95994	Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3160-2)	Nessus	Ubuntu Local Security Checks	medium
95993	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3160-1)	Nessus	Ubuntu Local Security Checks	medium
95992	Ubuntu 12.04 LTS : linux vulnerability (USN-3159-1)	Nessus	Ubuntu Local Security Checks	medium
95705	openSUSE Security Update : the Linux Kernel (openSUSE-2016-1431)	Nessus	SuSE Local Security Checks	critical

CVE-2016-7916

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins