Skip to main content

Suse Linux Enterprise Live Patching

23 CVEs product

Monthly

CVE-2016-4997 HIGH POC PATCH Act Now

The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Privilege Escalation Linux Buffer Overflow Linux Kernel +9
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
4.8%
CVE-2016-1583 HIGH POC PATCH This Week

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Buffer Overflow Linux Kernel Suse Linux Enterprise Software Development Kit +8
NVD GitHub Exploit-DB
CVSS 3.1
7.8
EPSS
0.4%
CVE-2016-4805 HIGH PATCH This Week

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free Linux Buffer Overflow +11
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-4569 MEDIUM PATCH This Month

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel Ubuntu Linux Suse Linux Enterprise Software Development Kit +7
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2016-4486 LOW POC PATCH Monitor

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +7
NVD Exploit-DB GitHub
CVSS 3.0
3.3
EPSS
0.5%
CVE-2016-4482 MEDIUM PATCH This Month

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Ubuntu Linux Linux Kernel Suse Linux Enterprise Software Development Kit +8
NVD GitHub
CVSS 3.0
6.2
EPSS
0.0%
CVE-2016-3951 MEDIUM PATCH This Month

Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Ubuntu Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop +6
NVD GitHub
CVSS 3.0
4.6
EPSS
0.0%
CVE-2016-3689 MEDIUM PATCH This Month

The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop Suse Linux Enterprise Live Patching +6
NVD GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-3140 MEDIUM POC This Month

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Ubuntu Linux Linux Kernel Suse Linux Enterprise Software Development Kit +7
NVD GitHub Exploit-DB
CVSS 3.0
4.6
EPSS
0.2%
CVE-2016-3138 MEDIUM This Month

The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Suse Linux Enterprise Software Development Kit +7
NVD GitHub
CVSS 3.0
4.6
EPSS
0.0%
CVE-2016-3137 MEDIUM This Month

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +7
NVD GitHub
CVSS 3.0
4.6
EPSS
0.0%
CVE-2016-3136 MEDIUM POC This Month

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Linux Kernel Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop +6
NVD GitHub Exploit-DB
CVSS 3.0
4.6
EPSS
0.2%
CVE-2016-2188 MEDIUM POC PATCH This Month

The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +7
NVD Exploit-DB GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-2186 MEDIUM POC PATCH This Month

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo +7
NVD GitHub
CVSS 3.0
4.6
EPSS
0.0%
CVE-2016-2185 MEDIUM POC PATCH This Month

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Ubuntu Linux Linux Kernel Suse Linux Enterprise Software Development Kit +7
NVD GitHub
CVSS 3.0
4.6
EPSS
0.0%
CVE-2016-3672 HIGH POC PATCH This Week

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Ubuntu Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Desktop +6
NVD GitHub Exploit-DB
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-3156 MEDIUM PATCH This Month

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +7
NVD GitHub
CVSS 3.0
5.5
EPSS
0.0%
CVE-2016-3139 MEDIUM POC This Month

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +6
NVD GitHub Exploit-DB
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-3134 HIGH POC This Week

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Buffer Overflow Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo +7
NVD GitHub Exploit-DB
CVSS 3.0
8.4
EPSS
0.0%
CVE-2016-2847 MEDIUM PATCH This Month

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo +6
NVD GitHub
CVSS 3.0
6.2
EPSS
0.1%
CVE-2016-2184 MEDIUM POC PATCH This Month

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel Ubuntu Linux Suse Linux Enterprise Software Development Kit +7
NVD Exploit-DB GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2015-8845 MEDIUM PATCH This Month

The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Authentication Bypass Linux Kernel Suse Linux Enterprise Live Patching +6
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8816 MEDIUM PATCH This Month

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit Suse Linux Enterprise Debuginfo Suse Linux Enterprise Desktop +8
NVD GitHub
CVSS 3.1
6.8
EPSS
0.1%
EPSS 5% CVSS 7.8
HIGH POC PATCH Act Now

The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before 4.6.3 allow local users to gain privileges or cause a denial of. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Privilege Escalation Linux +11
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service (stack memory consumption) via. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Denial Of Service Linux Buffer Overflow +10
NVD GitHub Exploit-DB
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of service (memory corruption and system crash, or spinlock) or. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Denial Of Service Use After Free +13
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Linux Kernel +9
NVD GitHub
EPSS 1% CVSS 3.3
LOW POC PATCH Monitor

The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows local users to obtain sensitive information from. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.

Linux Information Disclosure Suse Linux Enterprise Software Development Kit +9
NVD Exploit-DB GitHub
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Information Disclosure Ubuntu Linux +10
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (system crash) or possibly have unspecified. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Ubuntu Linux +8
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM PATCH This Month

The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (system crash) via a USB device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit +8
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC This Month

The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Ubuntu Linux +9
NVD GitHub Exploit-DB
EPSS 0% CVSS 4.6
MEDIUM This Month

The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash). Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Linux Kernel +9
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM This Month

drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a USB device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit +9
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC This Month

The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Linux Kernel +8
NVD GitHub Exploit-DB
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit +9
NVD Exploit-DB GitHub
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +9
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Ubuntu Linux +9
NVD GitHub
EPSS 0% CVSS 7.8
HIGH POC PATCH This Week

The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available.

Linux Authentication Bypass Ubuntu Linux +8
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a denial of service (host OS networking outage) by arranging. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit +9
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC This Month

The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit +8
NVD GitHub Exploit-DB
EPSS 0% CVSS 8.4
HIGH POC This Week

The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption). Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Linux Buffer Overflow +9
NVD GitHub Exploit-DB
EPSS 0% CVSS 6.2
MEDIUM PATCH This Month

fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of service (memory consumption) by creating many pipes with. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Linux Kernel +8
NVD GitHub
EPSS 0% CVSS 4.6
MEDIUM POC PATCH This Month

The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Linux Linux Kernel +9
NVD Exploit-DB GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM suspend mode exists before proceeding with a tm_reclaim. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Linux Authentication Bypass +8
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM PATCH This Month

The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Linux Suse Linux Enterprise Software Development Kit +10
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy