ID CVE-2015-5307 Type cve Reporter NVD Modified 2017-05-23T21:29:01
Description
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.
{"result": {"openvas": [{"id": "OPENVAS:1361412562310105465", "type": "openvas", "title": "Citrix XenServer Security Update for CVE-2015-5307 and CVE-2015-8104 (CTX202583)", "description": "A security vulnerability has been identified in Citrix XenServer that may allow a malicious administrator of an HVM guest VM to crash the host. This vulnerability affects all currently supported versions of Citrix XenServer up to and including Citrix XenServer 6.5 Service Pack 1.", "published": "2015-11-26T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105465", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2017-07-05T10:52:30"}, {"id": "OPENVAS:1361412562310105517", "type": "openvas", "title": "F5 BIG-IP - SOL31026324 - Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104", "description": "The remote host is missing a security patch.", "published": "2016-01-19T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310105517", "cvelist": ["CVE-2015-2925", "CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2017-07-02T21:13:17"}, {"id": "OPENVAS:1361412562310842523", "type": "openvas", "title": "Ubuntu Update for linux USN-2803-1", "description": "Check the version of linux", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842523", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-12-04T11:24:13"}, {"id": "OPENVAS:1361412562310842529", "type": "openvas", "title": "Ubuntu Update for linux USN-2800-1", "description": "Check the version of linux", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842529", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-12-04T11:24:44"}, {"id": "OPENVAS:1361412562310842524", "type": "openvas", "title": "Ubuntu Update for linux USN-2802-1", "description": "Check the version of linux", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842524", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-12-04T11:24:42"}, {"id": "OPENVAS:1361412562310842525", "type": "openvas", "title": "Ubuntu Update for linux-lts-vivid USN-2806-1", "description": "Check the version of linux-lts-vivid", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842525", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-12-04T11:23:33"}, {"id": "OPENVAS:1361412562310842526", "type": "openvas", "title": "Ubuntu Update for linux USN-2801-1", "description": "Check the version of linux", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842526", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-12-04T11:24:11"}, {"id": "OPENVAS:1361412562310842528", "type": "openvas", "title": "Ubuntu Update for linux-lts-utopic USN-2805-1", "description": "Check the version of linux-lts-utopic", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842528", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-12-04T11:23:11"}, {"id": "OPENVAS:1361412562310842522", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-2804-1", "description": "Check the version of linux-lts-trusty", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842522", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-12-04T11:23:34"}, {"id": "OPENVAS:1361412562310842530", "type": "openvas", "title": "Ubuntu Update for linux-lts-wily USN-2807-1", "description": "Check the version of linux-lts-wily", "published": "2015-11-11T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842530", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-12-04T11:22:51"}], "f5": [{"id": "F5:K31026324", "type": "f5", "title": "Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104", "description": "\nF5 Product Development has assigned ID 563154 (BIG-IP) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<https://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H567192 on the **Diagnostics** >** Identified** > **High **screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct | Versions known to be vulnerable | Versions known to be not vulnerable | Severity | Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM | 12.0.0 \n11.6.0 - 11.6.1 \n11.1.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 \n11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP AAM | 12.0.0 \n11.6.0 - 11.6.1 \n11.4.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 | High | vCMP \nBIG-IP AFM | 12.0.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 | High | vCMP \nBIG-IP Analytics | 12.0.0 \n11.6.0 -11.6.1 \n11.1.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 \n11.0.0 | High | vCMP \nBIG-IP APM | 12.0.0 \n11.6.0 - 11.6.1 \n11.1.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 \n11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP ASM | 12.0.0 \n11.6.0 - 11.6.1 \n11.1.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 \n11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP DNS | 12.0.0 | 13.0.0 \n12.1.0 \n12.0.0 HF3 | High | vCMP \nBIG-IP Edge Gateway | 11.1.0 - 11.3.0 | 11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP GTM | 11.1.0 - 11.6.1 | 11.5.5 \n11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP Link Controller | 12.0.0 \n11.6.0 - 11.6.1 \n11.1.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 \n11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP PEM | 12.0.0 \n11.6.0 - 11.6.1 \n11.3.0 - 11.5.4 | 13.0.0 \n12.1.0 \n12.0.0 HF3 \n11.5.5 | High | vCMP \nBIG-IP PSM | 11.1.0 - 11.4.1 | 11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP WebAccelerator | 11.1.0 - 11.3.0 | 11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nBIG-IP WOM | 11.1.0 - 11.3.0 | 11.0.0 \n10.1.0 - 10.2.4 | High | vCMP \nARX | None | 6.0.0 - 6.4.0 | Not vulnerable | None \nEnterprise Manager | None | 3.0.0 - 3.1.1 | Not vulnerable | None \nFirePass | None | 7.0.0 \n6.0.0 - 6.1.0 | Not vulnerable | None \nBIG-IQ Cloud | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Device | None | 4.2.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ Security | None | 4.0.0 - 4.5.0 | Not vulnerable | None \nBIG-IQ ADC | None | 4.5.0 | Not vulnerable | None \nBIG-IQ Centralized Management | None | 5.0.0 - 5.3.0 \n4.6.0 | Not vulnerable | None \nBIG-IQ Cloud and Orchestration | None | 1.0.0 | Not vulnerable | None \nF5 iWorkflow | None | 2.0.0 - 2.3.0 | Not vulnerable | None \nLineRate | None | 2.5.0 - 2.6.1 | Not vulnerable | None \nF5 WebSafe | None | 1.0.0 | Not vulnerable | None \nTraffix SDC | None | 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1 | Not vulnerable | None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable **column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nTo mitigate this vulnerability, you can limit access to the Linux shell to trusted users only.\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "published": "2016-01-13T21:55:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K31026324", "cvelist": ["CVE-2015-2925", "CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2017-10-25T20:32:46"}, {"id": "SOL31026324", "type": "f5", "title": "SOL31026324 - Linux kernel vulnerabilities CVE-2015-2925, CVE-2015-5307, and CVE-2015-8104", "description": "Vulnerability Recommended Actions\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the **Severity** values published in the previous table. The **Severity** values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you can limit access to the Linux shell to trusted users only.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4918: Overview of the F5 critical issue hotfix policy\n * SOL167: Downloading software and firmware from F5\n", "published": "2016-01-13T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/k/31/sol31026324.html", "cvelist": ["CVE-2015-2925", "CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2016-09-26T17:22:53"}], "ubuntu": [{"id": "USN-2807-1", "type": "ubuntu", "title": "Linux kernel (Wily HWE) vulnerability", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2807-1/", "cvelist": ["CVE-2015-5307"], "lastseen": "2018-03-29T18:21:23"}, {"id": "USN-2806-1", "type": "ubuntu", "title": "Linux kernel (Vivid HWE) vulnerability", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2806-1/", "cvelist": ["CVE-2015-5307"], "lastseen": "2018-03-29T18:17:07"}, {"id": "USN-2803-1", "type": "ubuntu", "title": "Linux kernel vulnerability", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2803-1/", "cvelist": ["CVE-2015-5307"], "lastseen": "2018-03-29T18:19:05"}, {"id": "USN-2800-1", "type": "ubuntu", "title": "Linux kernel vulnerability", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2800-1/", "cvelist": ["CVE-2015-5307"], "lastseen": "2018-03-29T18:17:05"}, {"id": "USN-2802-1", "type": "ubuntu", "title": "Linux kernel vulnerability", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2802-1/", "cvelist": ["CVE-2015-5307"], "lastseen": "2018-03-29T18:19:36"}, {"id": "USN-2805-1", "type": "ubuntu", "title": "Linux kernel (Utopic HWE) vulnerability", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2805-1/", "cvelist": ["CVE-2015-5307"], "lastseen": "2018-03-29T18:20:56"}, {"id": "USN-2804-1", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerability", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2804-1/", "cvelist": ["CVE-2015-5307"], "lastseen": "2018-03-29T18:20:05"}, {"id": "USN-2801-1", "type": "ubuntu", "title": "Linux kernel vulnerability", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2801-1/", "cvelist": ["CVE-2015-5307"], "lastseen": "2018-03-29T18:20:04"}], "nessus": [{"id": "UBUNTU_USN-2800-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux vulnerability (USN-2800-1)", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86810", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-10-29T13:39:28"}, {"id": "UBUNTU_USN-2805-1.NASL", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-utopic vulnerability (USN-2805-1)", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86815", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-10-29T13:34:10"}, {"id": "UBUNTU_USN-2804-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerability (USN-2804-1)", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86814", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-10-29T13:46:14"}, {"id": "UBUNTU_USN-2806-1.NASL", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-vivid vulnerability (USN-2806-1)", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86816", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-10-29T13:35:44"}, {"id": "UBUNTU_USN-2807-1.NASL", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux-lts-wily vulnerability (USN-2807-1)", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-11-11T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86847", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-10-29T13:39:38"}, {"id": "UBUNTU_USN-2802-1.NASL", "type": "nessus", "title": "Ubuntu 15.04 : linux vulnerability (USN-2802-1)", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86812", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-10-29T13:36:09"}, {"id": "UBUNTU_USN-2803-1.NASL", "type": "nessus", "title": "Ubuntu 15.10 : linux vulnerability (USN-2803-1)", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86813", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-10-29T13:34:53"}, {"id": "UBUNTU_USN-2801-1.NASL", "type": "nessus", "title": "Ubuntu 14.04 LTS : linux vulnerability (USN-2801-1)", "description": "Ben Serebrin discovered that the KVM hypervisor implementation in the Linux kernel did not properly catch Alignment Check exceptions. An attacker in a guest virtual machine could use this to cause a denial of service (system crash) in the host OS.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86811", "cvelist": ["CVE-2015-5307"], "lastseen": "2017-10-29T13:37:16"}, {"id": "REDHAT-RHSA-2016-0024.NASL", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2016:0024)", "description": "Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) and #DB (debug exception) is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel. (CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the CVE-2015-5307 issue.\n\nThis update also fixes the following bugs :\n\n* When doing TSO/GSO in the presence of VLAN headers on a macvtap device, the header offsets were incorrectly calculated. As a consequence, when 2 guests on the same host communicated over a guest configured VLAN, performance dropped to about 1 Mbps. A set of patches has been provided to fix this bug, and network performance with VLAN tags now works with optimal performance. (BZ#1215914)\n\n* Prior to this update, TSO acceleration features have been removed from the VLAN device which caused that VLAN performance on top of a virtio device was much lower than that of a virtio device itself. This update re-enables TSO acceleration features, and performance of VLAN devices on top of a virtio device has thus been restored. (BZ#1240988)\n\n* With an IPv6 address on a bond and a slave failover, Unsolicited Neighbor Advertisement (UNA) was previously sent using the link global IPv6 address as source address. The underlying source code has been patched, and, after the failover in bonding, UNA is sent using both the corresponding link IPv6 address and global IPv6 address of bond0 and bond0.vlan. (BZ#1258480)\n\n* Previously, Human Interface Device (HID) would run a report on an unaligned buffer, which could cause a page fault interrupt and an oops when the end of the report was read. This update fixes this bug by padding the end of the report with extra bytes, so the reading of the report never crosses a page boundary. As a result, a page fault and subsequent oops no longer occur. (BZ#1268202)\n\n* Inside hugetlb, region data structures were protected by a combination of a memory map semaphore and a single hugetlb instance mutex. However, a page-fault scalability improvement backported to the kernel on previous releases removed the single hugetlb instance mutex and introduced a new mutex table, making the locking combination insufficient, leading to possible race windows that could cause corruption and undefined behavior. The problem could be seen for example with software mapping or re-mapping hugetlb areas with concurrent threads reading/writing to same areas causing page faults.\nThis update fixes the problem by introducing now a required spinlock to the region tracking functions for proper serialization. The problem only affects software using huge pages through hugetlb interface.\n(BZ#1274597)\n\n* Previously, VLAN stacked on the macvlan or macvtap device did not work for devices that implement and use VLAN filters. As a consequence, macvtap passthrough mode failed to transfer VLAN packets over the be2net driver. This update implements VLAN ndo calls to the macvlan driver to pass appropriate VLAN tag IDs to lower devices. As a result, macvtap transfers VLAN packets over be2net successfully.\n(BZ#1280205)\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "published": "2016-01-13T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87886", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2017-10-29T13:38:29"}, {"id": "SL_20151208_KERNEL_ON_SL7_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL7.x x86_64", "description": "- It was found that the x86 ISA (Instruction Set Architecture) is prone to a denial of service attack inside a virtualized environment in the form of an infinite loop in the microcode due to the way (sequential) delivering of benign exceptions such as #AC (alignment check exception) and #DB (debug exception) is handled. A privileged user inside a guest could use these flaws to create denial of service conditions on the host kernel. (CVE-2015-5307, CVE-2015-8104, Important)\n\nThis update also fixes the following bugs :\n\n - On Intel Xeon v5 platforms, the processor frequency was always tied to the highest possible frequency. Switching p-states on these client platforms failed. This update sets the idle frequency, busy frequency, and processor frequency values by determining the range and adjusting the minimal and maximal percent limit values. Now, switching p-states on the aforementioned client platforms proceeds successfully.\n\n - Due to a validation error of in-kernel memory-mapped I/O (MMIO) tracing, a VM became previously unresponsive when connected to RHEV Hypervisor. The provided patch fixes this bug by dropping the check in MMIO handler, and a VM continues running as expected.\n\n - Due to retry-able command errors, the NVMe driver previously leaked I/O descriptors and DMA mappings. As a consequence, the kernel could become unresponsive during the hot-unplug operation if a driver was removed. This update fixes the driver memory leak bug on command retries, and the kernel no longer hangs in this situation.\n\n - The hybrid_dma_data() function was not initialized before use, which caused an invalid memory access when hot-plugging a PCI card. As a consequence, a kernel oops occurred. The provided patch makes sure hybrid_dma_data() is initialized before use, and the kernel oops no longer occurs in this situation.\n\n - When running PowerPC (PPC) KVM guests and the host was experiencing a lot of page faults, for example because it was running low on memory, the host sometimes triggered an incorrect kind of interrupt in the guest: a data storage exception instead of a data segment exception. This caused a kernel panic of the PPC KVM guest. With this update, the host kernel synthesizes a segment fault if the corresponding Segment Lookaside Buffer (SLB) lookup fails, which prevents the kernel panic from occurring.\n\n - The kernel accessed an incorrect area of the khugepaged process causing Logical Partitioning (LPAR) to become unresponsive, and an oops occurred in medlp5. The backported upstream patch prevents an LPAR hang, and the oops no longer occurs.\n\n - When the sctp module was loaded and a route to an association endpoint was removed after receiving an Out-of-The-Blue (OOTB) chunk but before incrementing the 'dropped because of missing route' SNMP statistic, a NULL pointer Dereference kernel panic previously occurred. This update fixes the race condition between OOTB response and route removal.\n\n - The cpuscaling test of the certification test suite previously failed due to a rounding bug in the intel-pstate driver. This bug has been fixed and the cpuscaling test now passes.\n\nThe system must be rebooted for this update to take effect.", "published": "2015-12-22T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87583", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2017-10-29T13:38:42"}], "oraclelinux": [{"id": "ELSA-2015-2552", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[3.10.0-327.3.1.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-327.3.1]\n- rebuild\n[3.10.0-327.2.1]\n- [netdrv] macvtap: unbreak receiving of gro skb with frag list (Jason Wang) [1279794 1273737]\n- [net] ipv6: drop frames with attached skb->sk in forwarding (Hannes Frederic Sowa) [1281701 1243966]\n- [net] ipv6: ip6_forward: perform skb->pkt_type check at the beginning (Hannes Frederic Sowa) [1281701 1243966]\n- [net] sctp: Fix race between OOTB responce and route removal (Jamie Bainbridge) [1281426 1277309]\n- [x86] mm: fix VM_FAULT_RETRY handling (Andrea Arcangeli) [1281427 1277226]\n- [x86] mm: consolidate VM_FAULT_RETRY handling (Andrea Arcangeli) [1281427 1277226]\n- [x86] mm: move mmap_sem unlock from mm_fault_error() to caller (Andrea Arcangeli) [1281427 1277226]\n- [mm] let mm_find_pmd fix buggy race with THP fault (Larry Woodman) [1281424 1273993]\n- [mm] ksm: unstable_tree_search_insert error checking cleanup (Andrea Arcangeli) [1281422 1274871]\n- [mm] ksm: use find_mergeable_vma in try_to_merge_with_ksm_page (Andrea Arcangeli) [1281422 1274871]\n- [mm] ksm: use the helper method to do the hlist_empty check (Andrea Arcangeli) [1281422 1274871]\n- [mm] ksm: don't fail stable tree lookups if walking over stale stable_nodes (Andrea Arcangeli) [1281422 1274871]\n- [mm] ksm: add cond_resched() to the rmap_walks (Andrea Arcangeli) [1281422 1274871]\n- [powerpc] kvm: book3s_hv: Synthesize segment fault if SLB lookup fails (Thomas Huth) [1281423 1269467]\n- [powerpc] kvm: book3s_hv: Create debugfs file for each guest's HPT (David Gibson) [1281420 1273692]\n- [powerpc] kvm: book3s_hv: Add helpers for lock/unlock hpte (David Gibson) [1281420 1273692]\n- [powerpc] pci: initialize hybrid_dma_data before use (Laurent Vivier) [1279793 1270717]\n- [md] raid10: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1279796 1267652]\n- [md] raid1: don't clear bitmap bit when bad-block-list write fails (Jes Sorensen) [1279796 1267652]\n- [md] raid10: submit_bio_wait() returns 0 on success (Jes Sorensen) [1279796 1267652]\n- [md] raid1: submit_bio_wait() returns 0 on success (Jes Sorensen) [1279796 1267652]\n- [md] crash in md-raid1 and md-raid10 due to incorrect list manipulation (Jes Sorensen) [1279796 1267652]\n- [md] raid10: ensure device failure recorded before write request returns (Jes Sorensen) [1279796 1267652]\n- [md] raid1: ensure device failure recorded before write request returns (Jes Sorensen) [1279796 1267652]\n- [block] nvme: Fix memory leak on retried commands (David Milburn) [1279792 1271860]\n- [cpufreq] intel_pstate: fix rounding error in max_freq_pct (Prarit Bhargava) [1281491 1263866]\n- [cpufreq] intel_pstate: fix PCT_TO_HWP macro (Prarit Bhargava) [1273926 1264990]\n- [cpufreq] revert 'intel_pstate: add quirk to disable HWP on Skylake-S processors' (Prarit Bhargava) [1273926 1264990]\n- [cpufreq] revert 'intel_pstate: disable Skylake processors' (Prarit Bhargava) [1273926 1264990]\n- [x86] kvm: svm: unconditionally intercept #DB (Paolo Bonzini) [1279469 1279470] {CVE-2015-8104}\n- [x86] virt: guest to host DoS by triggering an infinite loop in microcode (Paolo Bonzini) [1277560 1277561] {CVE-2015-5307}\n[3.10.0-327.1.1]\n- [x86] kvm: mmu: fix validation of mmio page fault (Bandan Das) [1275150 1267128]", "published": "2015-12-08T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-2552.html", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2016-09-04T11:16:08"}, {"id": "ELSA-2015-3107", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[3.8.13-118.2.2]\n- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22333698] {CVE-2015-8104}\n- KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307}\n- KVM: x86: Defining missing x86 vectors (Nadav Amit) [Orabug: 22333689]", "published": "2015-12-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-3107.html", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2016-09-04T11:16:03"}, {"id": "ELSA-2015-2636", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[2.6.32-573.12.1]\n- Revert: [netdrv] igb: add support for 1512 PHY (Stefan Assmann) [1278275 1238551]\n[2.6.32-573.11.1]\n- [kvm] svm: unconditionally intercept DB (Paolo Bonzini) [1279467 1279468] {CVE-2015-8104}\n- [x86] virt: guest to host DoS by triggering an infinite loop in microcode (Paolo Bonzini) [1277557 1277559] {CVE-2015-5307}\n[2.6.32-573.10.1]\n- [sound] Fix USB audio issues (wrong URB_ISO_ASAP semantics) (Jaroslav Kysela) [1273916 1255071]\n- [security] keys: Don't permit request_key() to construct a new keyring (David Howells) [1275927 1273463] {CVE-2015-7872}\n- [security] keys: Fix crash when attempt to garbage collect an uninstantiated keyring (David Howells) [1275927 1273463] {CVE-2015-7872}\n- [security] keys: Fix race between key destruction and finding a keyring by name (David Howells) [1275927 1273463] {CVE-2015-7872}\n- [ipc] Initialize msg/shm IPC objects before doing ipc_addid() (Stanislav Kozina) [1271504 1271505] {CVE-2015-7613}\n- [fs] vfs: Test for and handle paths that are unreachable from their mnt_root (Eric W. Biederman) [1209368 1209369] {CVE-2015-2925}\n- [fs] dcache: Handle escaped paths in prepend_path (Eric W. Biederman) [1209368 1209369] {CVE-2015-2925}\n- [netdrv] igb: add support for 1512 PHY (Stefan Assmann) [1278275 1238551]\n- [hid] fix unused rsize usage (Don Zickus) [1268203 1256568]\n- [hid] fix data access in implement() (Don Zickus) [1268203 1256568]\n- [fs] NFS: Hold i_lock in nfs_wb_page_cancel() while locking a request (Benjamin Coddington) [1273721 1135601]\n[2.6.32-573.9.1]\n- [mm] hugetlb: fix race in region tracking (Herton R. Krzesinski) [1274599 1260755]\n- [mm] hugetlb: improve, cleanup resv_map parameters (Herton R. Krzesinski) [1274599 1260755]\n- [mm] hugetlb: unify region structure handling (Herton R. Krzesinski) [1274599 1260755]\n- [mm] hugetlb: change variable name reservations to resv (Herton R. Krzesinski) [1274599 1260755]\n- [fs] dcache: Log ELOOP rather than creating a loop (Benjamin Coddington) [1272858 1254020]\n- [fs] dcache: Fix loop checks in d_materialise_unique (Benjamin Coddington) [1272858 1254020]", "published": "2015-12-15T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-2636.html", "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2015-8104"], "lastseen": "2016-09-04T11:16:14"}, {"id": "ELSA-2016-3503", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[2.6.32-400.37.15uek]\n- ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22250043] {CVE-2015-7613}\n- Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250043] {CVE-2015-7613}\n- crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 22249655] {CVE-2013-7421} {CVE-2014-9644}\n[2.6.32-400.37.14uek]\n- KVM: add arg to ac_interception() missing from 'KVM: x86: work around infinite loop in microcode when #AC is delivered' (Chuck Anderson) [Orabug: 22336493] {CVE-2015-5307}\n[2.6.32-400.37.13uek]\n- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22336518] {CVE-2015-8104} {CVE-2015-8104}\n- KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22336493] {CVE-2015-5307} {CVE-2015-5307}", "published": "2016-01-08T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-3503.html", "cvelist": ["CVE-2014-9644", "CVE-2015-5307", "CVE-2015-7613", "CVE-2013-7421", "CVE-2015-8104"], "lastseen": "2016-09-04T11:16:27"}, {"id": "ELSA-2016-3502", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "[2.6.39-400.264.13]\n- KEYS: Don't permit request_key() to construct a new keyring (David Howells) [Orabug: 22373449] {CVE-2015-7872}\n[2.6.39-400.264.12]\n- crypto: add missing crypto module aliases (Mathias Krause) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: include crypto- module prefix in template (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n- crypto: prefix module autoloading with 'crypto-' (Kees Cook) [Orabug: 22249656] {CVE-2013-7421} {CVE-2014-9644}\n[2.6.39-400.264.11]\n- KVM: x86: Don't report guest userspace emulation error to userspace (Nadav Amit) [Orabug: 22249615] {CVE-2010-5313} {CVE-2014-7842}\n[2.6.39-400.264.9]\n- msg_unlock() in wrong spot after applying 'Initialize msg/shm IPC objects before doing ipc_addid()' (Chuck Anderson) [Orabug: 22250044] {CVE-2015-7613} {CVE-2015-7613}\n[2.6.39-400.264.8]\n- ipc/sem.c: fully initialize sem_array before making it visible (Manfred Spraul) [Orabug: 22250044] {CVE-2015-7613}\n- Initialize msg/shm IPC objects before doing ipc_addid() (Linus Torvalds) [Orabug: 22250044] {CVE-2015-7613}\n[2.6.39-400.264.7]\n- KVM: svm: unconditionally intercept #DB (Paolo Bonzini) [Orabug: 22333698] {CVE-2015-8104} {CVE-2015-8104}\n- KVM: x86: work around infinite loop in microcode when #AC is delivered (Eric Northup) [Orabug: 22333689] {CVE-2015-5307} {CVE-2015-5307}\n[2.6.39-400.264.6]\n- mlx4_core: Introduce restrictions for PD update (Ajaykumar Hotchandani) \n- IPoIB: Drop priv->lock before calling ipoib_send() (Wengang Wang) \n- IPoIB: serialize changing on tx_outstanding (Wengang Wang) [Orabug: 21861366] \n- IB/mlx4: Implement IB_QP_CREATE_USE_GFP_NOIO (Jiri Kosina) \n- IB: Add a QP creation flag to use GFP_NOIO allocations (Or Gerlitz) \n- IB: Return error for unsupported QP creation flags (Or Gerlitz) \n- IB/ipoib: Calculate csum only when skb->ip_summed is CHECKSUM_PARTIAL (Yuval Shaia) [Orabug: 20873175]", "published": "2016-01-08T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-3502.html", "cvelist": ["CVE-2014-9644", "CVE-2010-5313", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2013-7421", "CVE-2014-7842", "CVE-2015-8104"], "lastseen": "2016-09-04T11:16:43"}], "redhat": [{"id": "RHSA-2016:0024", "type": "redhat", "title": "(RHSA-2016:0024) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* When doing TSO/GSO in the presence of VLAN headers on a macvtap device,\nthe header offsets were incorrectly calculated. As a consequence, when 2\nguests on the same host communicated over a guest configured VLAN,\nperformance dropped to about 1 Mbps. A set of patches has been provided to\nfix this bug, and network performance with VLAN tags now works with optimal\nperformance. (BZ#1215914)\n\n* Prior to this update, TSO acceleration features have been removed from\nthe VLAN device which caused that VLAN performance on top of a virtio\ndevice was much lower than that of a virtio device itself. This update\nre-enables TSO acceleration features, and performance of VLAN devices on\ntop of a virtio device has thus been restored. (BZ#1240988)\n\n* With an IPv6 address on a bond and a slave failover, Unsolicited Neighbor\nAdvertisement (UNA) was previously sent using the link global IPv6 address\nas source address. The underlying source code has been patched, and, after\nthe failover in bonding, UNA is sent using both the corresponding link IPv6\naddress and global IPv6 address of bond0 and bond0.vlan. (BZ#1258480)\n\n* Previously, Human Interface Device (HID) would run a report on an\nunaligned buffer, which could cause a page fault interrupt and an oops when\nthe end of the report was read. This update fixes this bug by padding the\nend of the report with extra bytes, so the reading of the report never\ncrosses a page boundary. As a result, a page fault and subsequent oops no\nlonger occur. (BZ#1268202)\n\n* Inside hugetlb, region data structures were protected by a combination of\na memory map semaphore and a single hugetlb instance mutex. However, a\npage-fault scalability improvement backported to the kernel on previous\nreleases removed the single hugetlb instance mutex and introduced a new\nmutex table, making the locking combination insufficient, leading to\npossible race windows that could cause corruption and undefined behavior.\nThe problem could be seen for example with software mapping or re-mapping\nhugetlb areas with concurrent threads reading/writing to same areas causing\npage faults. This update fixes the problem by introducing now a required\nspinlock to the region tracking functions for proper serialization. The\nproblem only affects software using huge pages through hugetlb interface.\n(BZ#1274597)\n\n* Previously, VLAN stacked on the macvlan or macvtap device did not work\nfor devices that implement and use VLAN filters. As a consequence, macvtap\npassthrough mode failed to transfer VLAN packets over the be2net driver.\nThis update implements VLAN ndo calls to the macvlan driver to pass\nappropriate VLAN tag IDs to lower devices. As a result, macvtap transfers\nVLAN packets over be2net successfully. (BZ#1280205)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2016-01-12T05:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0024", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2016-11-25T14:52:33"}, {"id": "RHSA-2015:2645", "type": "redhat", "title": "(RHSA-2015:2645) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* With an IPv6 address on a bond and a slave failover, Unsolicited Neighbor\nAdvertisement (UNA) was previously sent using the link global IPv6 address\nas source address. The underlying source code has been patched, and, after\nthe failover in bonding, UNA is sent using both the corresponding link IPv6\naddress and global IPv6 address of bond0 and bond0.vlan. (BZ#1258479)\n\n* Previously, Human Interface Device (HID) would run a report on an\nunaligned buffer, which could cause a page fault interrupt and an oops when\nthe end of the report was read. This update fixes this bug by padding the\nend of the report with extra bytes, so the reading of the report never\ncrosses a page boundary. As a result, a page fault and subsequent oops no\nlonger occur. (BZ#1268201)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2015-12-15T05:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:2645", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2016-09-04T11:17:50"}, {"id": "RHSA-2015:2552", "type": "redhat", "title": "(RHSA-2015:2552) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* On Intel Xeon v5 platforms, the processor frequency was always tied to\nthe highest possible frequency. Switching p-states on these client\nplatforms failed. This update sets the idle frequency, busy frequency, and\nprocessor frequency values by determining the range and adjusting the\nminimal and maximal percent limit values. Now, switching p-states on the\naforementioned client platforms proceeds successfully. (BZ#1273926)\n\n* Due to a validation error of in-kernel memory-mapped I/O (MMIO) tracing,\na VM became previously unresponsive when connected to Red Hat Enterprise\nVirtualization Hypervisor. The provided patch fixes this bug by dropping\nthe check in MMIO handler, and a VM continues running as expected.\n(BZ#1275150)\n\n* Due to retry-able command errors, the NVMe driver previously leaked I/O\ndescriptors and DMA mappings. As a consequence, the kernel could become\nunresponsive during the hot-unplug operation if a driver was removed.\nThis update fixes the driver memory leak bug on command retries, and the\nkernel no longer hangs in this situation. (BZ#1279792)\n\n* The hybrid_dma_data() function was not initialized before use, which\ncaused an invalid memory access when hot-plugging a PCI card. As a\nconsequence, a kernel oops occurred. The provided patch makes sure\nhybrid_dma_data() is initialized before use, and the kernel oops no longer\noccurs in this situation. (BZ#1279793)\n\n* When running PowerPC (PPC) KVM guests and the host was experiencing a lot\nof page faults, for example because it was running low on memory, the host\nsometimes triggered an incorrect kind of interrupt in the guest: a data\nstorage exception instead of a data segment exception. This caused a kernel\npanic of the PPC KVM guest. With this update, the host kernel synthesizes a\nsegment fault if the corresponding Segment Lookaside Buffer (SLB) lookup\nfails, which prevents the kernel panic from occurring. (BZ#1281423)\n\n* The kernel accessed an incorrect area of the khugepaged process causing\nLogical Partitioning (LPAR) to become unresponsive, and an oops occurred in\nmedlp5. The backported upstream patch prevents an LPAR hang, and the oops\nno longer occurs. (BZ#1281424)\n\n* When the sctp module was loaded and a route to an association endpoint\nwas removed after receiving an Out-of-The-Blue (OOTB) chunk but before\nincrementing the \"dropped because of missing route\" SNMP statistic, a Null\nPointer Dereference kernel panic previously occurred. This update fixes the\nrace condition between OOTB response and route removal. (BZ#1281426)\n\n* The cpuscaling test of the certification test suite previously failed due\nto a rounding bug in the intel-pstate driver. This bug has been fixed and\nthe cpuscaling test now passes. (BZ#1281491)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.", "published": "2015-12-08T15:11:52", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:2552", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2018-04-15T14:25:23"}, {"id": "RHSA-2016:0004", "type": "redhat", "title": "(RHSA-2016:0004) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2016-01-07T05:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0004", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2016-09-04T11:17:40"}, {"id": "RHSA-2016:0046", "type": "redhat", "title": "(RHSA-2016:0046) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2016-01-19T05:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:0046", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2016-09-04T11:17:38"}, {"id": "RHSA-2015:2587", "type": "redhat", "title": "(RHSA-2015:2587) Important: kernel security, bug fix, and enhancement update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) is handled.\nA privileged user inside a guest could use this flaw to create denial of\nservice conditions on the host kernel. (CVE-2015-5307, Important)\n\n* A race condition flaw was found in the way the Linux kernel's IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs and adds one enhancement:\n\n* When setting up an ESP IPsec connection, the aes_ctr algorithm did not\nwork for ESP on a Power little endian VM host. As a consequence, a kernel\nerror was previously returned and the connection failed to be established.\nA set of patches has been provided to fix this bug, and aes_ctr works for\nESP in the described situation as expected. (BZ#1247127)\n\n* The redistribute3() function distributed entries across 3 nodes. However,\nsome entries were moved an incorrect way, breaking the ordering. As a\nresult, BUG() in the dm-btree-remove.c:shift() function occurred when\nentries were removed from the btree. A patch has been provided to fix this\nbug, and redistribute3() now works as expected. (BZ#1263945)\n\n* When booting an mpt2sas adapter in a huge DDW enabled slot on Power, the\nkernel previously generated a warning followed by a call trace.\nThe provided patch set enhances the Power kernel to be able to support\nIOMMU as a fallback for the cases where the coherent mask of the device is\nnot suitable for direct DMA. As a result, neither the warning nor the call\ntrace occur in this scenario. (BZ#1267133)\n\n* If the client mounted /exports and tried to execute the \"chown -R\"\ncommand across the entire mountpoint, a warning about a circular directory\nstructure was previously returned because mount points all had the same\ninode number. A set of patches has been provided to fix this bug, and mount\npoints are now assigned with unique inode numbers as expected. (BZ#1273239)\n\n* Due to a validation error of in-kernel MMIO tracing, a VM became\npreviously unresponsive when connected to Red Hat Enterprise Virtualization\nHypervisor. The provided patch fixes this bug by dropping the check in MMIO\nhandler, and a VM continues running as expected. (BZ#1275149)\n\n* The NFS client could previously fail to send a CLOSE operation if the\nfile was opened with O_WRONLY and the server restarted after the OPEN.\nConsequently, the server appeared in a state that could block other NFS\noperations from completing. The client's state flags have been modified to\ncatch this condition and correctly CLOSE the file. (BZ#1275298)\n\n* This update sets multicast filters for multicast packets when the\ninterface is not in promiscuous mode. This change has an impact on the RAR\nusage such that SR-IOV has some RARs reserved for its own usage as well.\n(BZ#1265091)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add this\nenhancement. The system must be rebooted for this update to take effect.", "published": "2015-12-09T13:43:06", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:2587", "cvelist": ["CVE-2015-2925", "CVE-2015-5307", "CVE-2015-7613"], "lastseen": "2016-09-04T11:17:40"}, {"id": "RHSA-2015:2636", "type": "redhat", "title": "(RHSA-2015:2636) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\n* A race condition flaw was found in the way the Linux kernel's IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\n* It was found that the Linux kernel's keys subsystem did not correctly\ngarbage collect uninstantiated keyrings. A local attacker could use this\nflaw to crash the system or, potentially, escalate their privileges on\nthe system. (CVE-2015-7872, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* Previously, Human Interface Device (HID) ran a report on an unaligned\nbuffer, which could cause a page fault interrupt and an oops when the end\nof the report was read. This update fixes this bug by padding the end of\nthe report with extra bytes, so the reading of the report never crosses a\npage boundary. As a result, a page fault and subsequent oops no longer\noccur. (BZ#1268203)\n\n* The NFS client was previously failing to detect a directory loop for some\nNFS server directory structures. This failure could cause NFS inodes to\nremain referenced after attempting to unmount the file system, leading to a\nkernel crash. Loop checks have been added to VFS, which effectively\nprevents this problem from occurring. (BZ#1272858)\n\n* Due to a race whereby the nfs_wb_pages_cancel() and\nnfs_commit_release_pages() calls both removed a request from the nfs_inode\nstruct type, the kernel panicked with negative nfs_inode.npages count.\nThe provided upstream patch performs the required serialization by holding\nthe inode i_lock over the check of PagePrivate and locking the request,\nthus preventing the race and kernel panic from occurring. (BZ#1273721)\n\n* Due to incorrect URB_ISO_ASAP semantics, playing an audio file using a\nUSB sound card could previously fail for some hardware configurations.\nThis update fixes the bug, and playing audio from a USB sound card now\nworks as expected. (BZ#1273916)\n\n* Inside hugetlb, region data structures were protected by a combination of\na memory map semaphore and a single hugetlb instance mutex. However, a\npage-fault scalability improvement backported to the kernel on previous\nreleases removed the single hugetlb instance mutex and introduced a new\nmutex table, making the locking combination insufficient, leading to\npossible race windows that could cause corruption and undefined behavior.\nThis update fixes the problem by introducing a required spinlock to the\nregion tracking functions for proper serialization. The problem only\naffects software using huge pages through hugetlb interface. (BZ#1274599)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2015-12-15T05:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:2636", "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2015-8104"], "lastseen": "2017-03-07T05:19:03"}], "centos": [{"id": "CESA-2015:2552", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:2552\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* On Intel Xeon v5 platforms, the processor frequency was always tied to\nthe highest possible frequency. Switching p-states on these client\nplatforms failed. This update sets the idle frequency, busy frequency, and\nprocessor frequency values by determining the range and adjusting the\nminimal and maximal percent limit values. Now, switching p-states on the\naforementioned client platforms proceeds successfully. (BZ#1273926)\n\n* Due to a validation error of in-kernel memory-mapped I/O (MMIO) tracing,\na VM became previously unresponsive when connected to Red Hat Enterprise\nVirtualization Hypervisor. The provided patch fixes this bug by dropping\nthe check in MMIO handler, and a VM continues running as expected.\n(BZ#1275150)\n\n* Due to retry-able command errors, the NVMe driver previously leaked I/O\ndescriptors and DMA mappings. As a consequence, the kernel could become\nunresponsive during the hot-unplug operation if a driver was removed.\nThis update fixes the driver memory leak bug on command retries, and the\nkernel no longer hangs in this situation. (BZ#1279792)\n\n* The hybrid_dma_data() function was not initialized before use, which\ncaused an invalid memory access when hot-plugging a PCI card. As a\nconsequence, a kernel oops occurred. The provided patch makes sure\nhybrid_dma_data() is initialized before use, and the kernel oops no longer\noccurs in this situation. (BZ#1279793)\n\n* When running PowerPC (PPC) KVM guests and the host was experiencing a lot\nof page faults, for example because it was running low on memory, the host\nsometimes triggered an incorrect kind of interrupt in the guest: a data\nstorage exception instead of a data segment exception. This caused a kernel\npanic of the PPC KVM guest. With this update, the host kernel synthesizes a\nsegment fault if the corresponding Segment Lookaside Buffer (SLB) lookup\nfails, which prevents the kernel panic from occurring. (BZ#1281423)\n\n* The kernel accessed an incorrect area of the khugepaged process causing\nLogical Partitioning (LPAR) to become unresponsive, and an oops occurred in\nmedlp5. The backported upstream patch prevents an LPAR hang, and the oops\nno longer occurs. (BZ#1281424)\n\n* When the sctp module was loaded and a route to an association endpoint\nwas removed after receiving an Out-of-The-Blue (OOTB) chunk but before\nincrementing the \"dropped because of missing route\" SNMP statistic, a Null\nPointer Dereference kernel panic previously occurred. This update fixes the\nrace condition between OOTB response and route removal. (BZ#1281426)\n\n* The cpuscaling test of the certification test suite previously failed due\nto a rounding bug in the intel-pstate driver. This bug has been fixed and\nthe cpuscaling test now passes. (BZ#1281491)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-December/002732.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2552.html", "published": "2015-12-09T19:18:47", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-December/002732.html", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2017-10-03T18:26:15"}, {"id": "CESA-2015:2636", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:2636\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the Linux kernel's file system implementation\nhandled rename operations in which the source was inside and the\ndestination was outside of a bind mount. A privileged user inside a\ncontainer could use this flaw to escape the bind mount and, potentially,\nescalate their privileges on the system. (CVE-2015-2925, Important)\n\n* It was found that the x86 ISA (Instruction Set Architecture) is prone to\na denial of service attack inside a virtualized environment in the form of\nan infinite loop in the microcode due to the way (sequential) delivering of\nbenign exceptions such as #AC (alignment check exception) and #DB (debug\nexception) is handled. A privileged user inside a guest could use these\nflaws to create denial of service conditions on the host kernel.\n(CVE-2015-5307, CVE-2015-8104, Important)\n\n* A race condition flaw was found in the way the Linux kernel's IPC\nsubsystem initialized certain fields in an IPC object structure that were\nlater used for permission checking before inserting the object into a\nglobally visible list. A local, unprivileged user could potentially use\nthis flaw to elevate their privileges on the system. (CVE-2015-7613,\nImportant)\n\n* It was found that the Linux kernel's keys subsystem did not correctly\ngarbage collect uninstantiated keyrings. A local attacker could use this\nflaw to crash the system or, potentially, escalate their privileges on\nthe system. (CVE-2015-7872, Important)\n\nRed Hat would like to thank Ben Serebrin of Google Inc. for reporting the\nCVE-2015-5307 issue.\n\nThis update also fixes the following bugs:\n\n* Previously, Human Interface Device (HID) ran a report on an unaligned\nbuffer, which could cause a page fault interrupt and an oops when the end\nof the report was read. This update fixes this bug by padding the end of\nthe report with extra bytes, so the reading of the report never crosses a\npage boundary. As a result, a page fault and subsequent oops no longer\noccur. (BZ#1268203)\n\n* The NFS client was previously failing to detect a directory loop for some\nNFS server directory structures. This failure could cause NFS inodes to\nremain referenced after attempting to unmount the file system, leading to a\nkernel crash. Loop checks have been added to VFS, which effectively\nprevents this problem from occurring. (BZ#1272858)\n\n* Due to a race whereby the nfs_wb_pages_cancel() and\nnfs_commit_release_pages() calls both removed a request from the nfs_inode\nstruct type, the kernel panicked with negative nfs_inode.npages count.\nThe provided upstream patch performs the required serialization by holding\nthe inode i_lock over the check of PagePrivate and locking the request,\nthus preventing the race and kernel panic from occurring. (BZ#1273721)\n\n* Due to incorrect URB_ISO_ASAP semantics, playing an audio file using a\nUSB sound card could previously fail for some hardware configurations.\nThis update fixes the bug, and playing audio from a USB sound card now\nworks as expected. (BZ#1273916)\n\n* Inside hugetlb, region data structures were protected by a combination of\na memory map semaphore and a single hugetlb instance mutex. However, a\npage-fault scalability improvement backported to the kernel on previous\nreleases removed the single hugetlb instance mutex and introduced a new\nmutex table, making the locking combination insufficient, leading to\npossible race windows that could cause corruption and undefined behavior.\nThis update fixes the problem by introducing a required spinlock to the\nregion tracking functions for proper serialization. The problem only\naffects software using huge pages through hugetlb interface. (BZ#1274599)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-December/021541.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2636.html", "published": "2015-12-16T00:07:51", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-December/021541.html", "cvelist": ["CVE-2015-2925", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7613", "CVE-2015-8104"], "lastseen": "2017-10-03T18:26:40"}], "xen": [{"id": "XSA-156", "type": "xen", "title": "x86: CPU lockup during exception delivery", "description": "#### ISSUE DESCRIPTION\nWhen a benign exception occurs while delivering another benign exception, it is architecturally specified that these would be delivered sequentially. There are, however, cases where this results in an infinite loop inside the CPU, which (in the virtualized case) can be broken only by intercepting delivery of the respective exception.\nArchitecturally, at least some of these cases should also be resolvable by an arriving NMI or external interrupt, but empirically this has been determined to not be the case.\nThe cases affecting Xen are:\n#AC (Alignment Check Exception, CVE-2015-5307): When a 32-bit guest sets up the IDT entry corresponding to this exception to reference a ring-3 handler, and when ring 3 code triggers the exception while running with an unaligned stack pointer, delivering the exception will re-encounter #AC, ending in an infinite loop.\n#DB (Debug Exception, CVE-2015-8104): When a guest sets up a hardware breakpoint covering a data structure involved in delivering #DB, upon completion of the delivery of the first exception another #DB will need to be delivered. The effects slightly differ depending on further guest characteristics:\n- - Guests running in 32-bit mode would be expected to sooner or later encounter another fault due to the stack pointer decreasing during each iteration of the loop. The most likely case would be #PF (Page Fault) due to running into unmapped virtual space. However, an infinite loop cannot be excluded (e.g. when the guest is running with paging disabled).\n- - Guests running in long mode, but not using the IST (Interrupt Stack Table) feature for the IDT entry corresponding to #DB would behave similarly to guests running in 32-bit mode, just that the larger virtual address space allows for a much longer loop. The loop can't, however, be infinite, as eventually the stack pointer would move into non-canonical address space, causing #SS (Stack Fault) instead.\n- - Guests running in long mode and using IST for the IDT entry corresponding to #DB would enter an infinite loop, as the stack pointer wouldn't change between #DB instances.\n#### IMPACT\nA malicious HVM guest administrator can cause a denial of service. Specifically, prevent use of a physical CPU for a significant, perhaps indefinite period.\nIf a host watchdog (Xen or dom0) is in use, this can lead to a watchdog timeout and consequently a reboot of the host. If another, innocent, guest, is configured with a watchdog, this issue can lead to a reboot of such a guest.\nIt is possible that a guest kernel might expose the #AC vulnerability to malicious unprivileged guest users (by permitting #AC to be handled in guest user mode). However, we believe that almost all ordinary operating system kernels do not permit this; we are not aware of any exceptions. (A guest kernel which exposed the #AC vulnerability to guest userspace would be vulnerable when running on baremetal, without Xen involved.)\n #### VULNERABLE SYSTEMS\nThe vulnerability is exposed to any x86 HVM guest.\nARM is not vulnerable. x86 PV VMs are not vulnerable.\nAll versions of Xen are affected.\nx86 CPUs from all manufacturers are affected.\n", "published": "2015-11-10T00:01:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://xenbits.xen.org/xsa/advisory-156.html", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2016-09-04T11:24:07"}], "freebsd": [{"id": "2CABFBAB-8BFB-11E5-BD18-002590263BF5", "type": "freebsd", "title": "xen-kernel -- CPU lockup during exception delivery", "description": "\nThe Xen Project reports:\n\nA malicious HVM guest administrator can cause a denial of service.\n\t Specifically, prevent use of a physical CPU for a significant,\n\t perhaps indefinite period. If a host watchdog (Xen or dom0) is in\n\t use, this can lead to a watchdog timeout and consequently a reboot\n\t of the host. If another, innocent, guest, is configured with a\n\t watchdog, this issue can lead to a reboot of such a guest.\n\n", "published": "2015-11-10T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://vuxml.freebsd.org/freebsd/2cabfbab-8bfb-11e5-bd18-002590263bf5.html", "cvelist": ["CVE-2015-5307", "CVE-2015-8104"], "lastseen": "2016-09-26T17:24:13"}], "debian": [{"id": "DSA-3396", "type": "debian", "title": "linux -- security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service.\n\n * [CVE-2015-5307](<https://security-tracker.debian.org/tracker/CVE-2015-5307>)\n\nBen Serebrin from Google discovered a guest to host denial of service flaw affecting the KVM hypervisor. A malicious guest can trigger an infinite stream of alignment check (#AC) exceptions causing the processor microcode to enter an infinite loop where the core never receives another interrupt. This leads to a panic of the host kernel.\n\n * [CVE-2015-7833](<https://security-tracker.debian.org/tracker/CVE-2015-7833>)\n\nSergej Schumilo, Hendrik Schwartke and Ralf Spenneberg discovered a flaw in the processing of certain USB device descriptors in the usbvision driver. An attacker with physical access to the system can use this flaw to crash the system.\n\n * [CVE-2015-7872](<https://security-tracker.debian.org/tracker/CVE-2015-7872>)\n\nDmitry Vyukov discovered a vulnerability in the keyrings garbage collector allowing a local user to trigger a kernel panic.\n\n * [CVE-2015-7990](<https://security-tracker.debian.org/tracker/CVE-2015-7990>)\n\nIt was discovered that the fix for [CVE-2015-6937](<https://security-tracker.debian.org/tracker/CVE-2015-6937>) was incomplete. A race condition when sending a message on unbound socket can still cause a NULL pointer dereference. A remote attacker might be able to cause a denial of service (crash) by sending a crafted packet.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in version 3.2.68-1+deb7u6.\n\nFor the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt11-1+deb8u6.\n\nWe recommend that you upgrade your linux packages.", "published": "2015-11-10T00:00:00", "cvss": {"score": 5.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3396", "cvelist": ["CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-7833"], "lastseen": "2018-01-10T17:00:59"}, {"id": "DSA-3454", "type": "debian", "title": "virtualbox -- security update", "description": "Multiple vulnerabilities have been discovered in VirtualBox, an x86 virtualisation solution.\n\nUpstream support for the 4.1 release series has ended and since no information is available which would allow backports of isolated security fixes, security support for virtualbox in wheezy/oldstable needed to be ended as well. If you use virtualbox with externally procured VMs (e.g. through vagrant) we advise you to update to Debian jessie.\n\nFor the stable distribution (jessie), these problems have been fixed in version 4.3.36-dfsg-1+deb8u1.\n\nFor the testing distribution (stretch), these problems have been fixed in version 5.0.14-dfsg-1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 5.0.14-dfsg-1.\n\nWe recommend that you upgrade your virtualbox packages.", "published": "2016-01-27T00:00:00", "cvss": {"score": 4.9, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3454", "cvelist": ["CVE-2016-0592", "CVE-2015-5307", "CVE-2016-0495", "CVE-2015-8104"], "lastseen": "2016-09-02T18:20:47"}, {"id": "DSA-3414", "type": "debian", "title": "xen -- security update", "description": "Multiple security issues have been found in the Xen virtualisation solution, which may result in denial of service or information disclosure.\n\nFor the oldstable distribution (wheezy), an update will be provided later.\n\nFor the stable distribution (jessie), these problems have been fixed in version 4.4.1-9+deb8u3.\n\nFor the unstable distribution (sid), these problems will be fixed soon.\n\nWe recommend that you upgrade your xen packages.", "published": "2015-12-09T00:00:00", "cvss": {"score": 6.8, "vector": "AV:LOCAL/AC:LOW/Au:SINGLE_INSTANCE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3414", "cvelist": ["CVE-2015-6654", "CVE-2015-7969", "CVE-2015-7813", "CVE-2015-7971", "CVE-2015-7972", "CVE-2015-3340", "CVE-2015-3259", "CVE-2015-7311", "CVE-2015-7970", "CVE-2015-5307", "CVE-2015-7814", "CVE-2015-7812", "CVE-2015-8104"], "lastseen": "2016-09-02T18:28:12"}], "kaspersky": [{"id": "KLA10744", "type": "kaspersky", "title": "\r KLA10744Multiple vulnerabilities in Oracle VM VirtualBox\t\t\t ", "description": "### *CVSS*:\n7.5\n\n### *Detect date*:\n02/21/2016\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn unspecified vulnerabilities were found in Oracle VirtualBox. By exploiting these vulnerabilities malicious users can affect availability, integrity and confidentiality. These vulnerabilities can be exploited remotely via an unknown vectors related to Core and Windows Installer.\n\n### *Affected products*:\nOracle VM VirtualBox versions earlier than 5.0.14\n\n### *Solution*:\nUpdate to the latest version \n[Get VirtualBox](<https://www.virtualbox.org/wiki/Downloads>)\n\n### *Original advisories*:\n[Oracle bulletin](<http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR>) \n\n\n### *Impacts*:\nOSI \n\n### *Related products*:\n[Oracle VirtualBox](<https://threats.kaspersky.com/en/product/Oracle-VirtualBox/>)\n\n### *CVE-IDS*:\n[CVE-2016-0495](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0495>) \n[CVE-2016-0592](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0592>) \n[CVE-2016-0602](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0602>) \n[CVE-2015-8104](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104>) \n[CVE-2015-5307](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307>) \n[CVE-2015-7183](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183>)", "published": "2016-02-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://threats.kaspersky.com/en/vulnerability/KLA10744", "cvelist": ["CVE-2016-0592", "CVE-2015-5307", "CVE-2015-7183", "CVE-2016-0495", "CVE-2015-8104", "CVE-2016-0602"], "lastseen": "2018-03-30T14:10:53"}], "suse": [{"id": "SUSE-SU-2015:2194-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 12 kernel was updated to 3.12.51 to receive\n various security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers were valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n - CVE-2015-5283: The sctp_init function in net/sctp/protocol.c in the\n Linux kernel had an incorrect sequence of protocol-initialization steps,\n which allowed local users to cause a denial of service (panic or memory\n corruption) by creating SCTP sockets before all of the steps have\n finished (bnc#947155).\n - CVE-2015-2925: The prepend_path function in fs/dcache.c in the Linux\n kernel did not properly handle rename actions inside a bind mount, which\n allowed local users to bypass an intended container protection mechanism\n by renaming a directory, related to a "double-chroot attack (bnc#926238).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n - CVE-2015-7990: RDS: There was no verification that an underlying\n transport exists when creating a connection, causing usage of a NULL\n pointer (bsc#952384).\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial\n of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6\n Router Advertisement (RA) message, a different vulnerability than\n CVE-2015-8215 (bnc#944296).\n\n The following non-security bugs were fixed:\n - ALSA: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - Add PCI IDs of Intel Sunrise Point-H SATA Controller S232/236\n (bsc#953796).\n - Btrfs: fix file corruption and data loss after cloning inline extents\n (bnc#956053).\n - Btrfs: fix truncation of compressed and inlined extents (bnc#956053).\n - Disable some ppc64le netfilter modules to restore the kabi (bsc#951546)\n - Fix regression in NFSRDMA server (bsc#951110).\n - KEYS: Fix race between key destruction and finding a keyring by name\n (bsc#951440).\n - KVM: x86: call irq notifiers with directed EOI (bsc#950862).\n - NVMe: Add shutdown timeout as module parameter (bnc#936076).\n - NVMe: Mismatched host/device page size support (bsc#935961).\n - PCI: Drop "setting latency timer" messages (bsc#956047).\n - SCSI: Fix hard lockup in scsi_remove_target() (bsc#944749).\n - SCSI: hosts: update to use ida_simple for host_no (bsc#939926)\n - SUNRPC: Fix oops when trace sunrpc_task events in nfs client\n (bnc#956703).\n - Sync ppc64le netfilter config options with other archs (bnc#951546)\n - Update kabi files with sbc_parse_cdb symbol change (bsc#954635).\n - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another\n task (bsc#921949).\n - apparmor: temporary work around for bug while unloading policy\n (boo#941867).\n - audit: correctly record file names with different path name types\n (bsc#950013).\n - audit: create private file name copies when auditing inodes (bsc#950013).\n - cpu: Defer smpboot kthread unparking until CPU known to scheduler\n (bsc#936773).\n - dlm: make posix locks interruptible, (bsc#947241).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).\n - dm: do not start current request if it would've merged with the previous\n (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn's merge heuristic\n (bsc#904348).\n - dmapi: Fix xfs dmapi to not unlock and lock XFS_ILOCK_EXCL (bsc#949744).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,\n v2 (bsc#942938).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - fanotify: fix notification of groups with inode and mount marks\n (bsc#955533).\n - genirq: Make sure irq descriptors really exist when __irq_alloc_descs\n returns (bsc#945626).\n - hv: vss: run only on supported host versions (bnc#949504).\n - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).\n - ipv6: Check RTF_LOCAL on rt->rt6i_flags instead of rt->dst.flags\n (bsc#947321).\n - ipv6: Consider RTF_CACHE when searching the fib6 tree (bsc#947321).\n - ipv6: Extend the route lookups to low priority metrics (bsc#947321).\n - ipv6: Stop /128 route from disappearing after pmtu update (bsc#947321).\n - ipv6: Stop rt6_info from using inet_peer's metrics (bsc#947321).\n - ipv6: distinguish frag queues by device for multicast and link-local\n packets (bsc#955422).\n - ipvs: drop first packet to dead server (bsc#946078).\n - kABI: protect struct ahci_host_priv.\n - kABI: protect struct rt6_info changes from bsc#947321 changes\n (bsc#947321).\n - kabi: Hide rt6_* types from genksyms on ppc64le (bsc#951546).\n - kabi: Restore kabi in struct iscsi_tpg_attrib (bsc#954635).\n - kabi: Restore kabi in struct se_cmd (bsc#954635).\n - kabi: Restore kabi in struct se_subsystem_api (bsc#954635).\n - kabi: protect skb_copy_and_csum_datagram_iovec() signature (bsc#951199).\n - kgr: fix migration of kthreads to the new universe.\n - kgr: wake up kthreads periodically.\n - ktime: add ktime_after and ktime_before helper (bsc#904348).\n - macvlan: Support bonding events (bsc#948521).\n - net: add length argument to skb_copy_and_csum_datagram_iovec\n (bsc#951199).\n - net: handle null iovec pointer in skb_copy_and_csum_datagram_iovec()\n (bsc#951199).\n - pci: Update VPD size with correct length (bsc#924493).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - ring-buffer: Always run per-cpu ring buffer resize with\n schedule_work_on() (bnc#956711).\n - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).\n - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds\n (bsc#930145).\n - rtc: cmos: Revert "rtc-cmos: Add an alarm disable quirk" (bsc#930145).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bnc#949100).\n - sunrpc/cache: make cache flushing more reliable (bsc#947478).\n - supported.conf: Add missing dependencies of supported modules hwmon_vid\n needed by nct6775 hwmon_vid needed by w83627ehf reed_solomon needed by\n ramoops\n - supported.conf: Fix dependencies on ppc64le of_mdio needed by mdio-gpio\n - target/pr: fix core_scsi3_pr_seq_non_holder() caller (bnc#952666).\n - target/rbd: fix COMPARE AND WRITE page vector leak (bnc#948831).\n - target/rbd: fix PR info memory leaks (bnc#948831).\n - target: Send UA upon LUN RESET tmr completion (bsc#933514).\n - target: use "^A" when allocating UAs (bsc#933514).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - vmxnet3: Fix ethtool -S to return correct rx queue stats (bsc#950750).\n - vmxnet3: adjust ring sizes when interface is down (bsc#950750).\n - x86/efi: Fix boot crash by mapping EFI memmap entries bottom-up at\n runtime, instead of top-down (bsc#940853).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - x86/mm/hotplug: Modify PGD entry when removing memory (VM Functionality,\n bnc#955148).\n - x86/mm/hotplug: Pass sync_global_pgds() a correct argument in\n remove_pagetable() (VM Functionality, bnc#955148).\n - xfs: DIO needs an ioend for writes (bsc#949744).\n - xfs: DIO write completion size updates race (bsc#949744).\n - xfs: DIO writes within EOF do not need an ioend (bsc#949744).\n - xfs: always drain dio before extending aio write submission (bsc#949744).\n - xfs: direct IO EOF zeroing needs to drain AIO (bsc#949744).\n - xfs: do not allocate an ioend for direct I/O completions (bsc#949744).\n - xfs: factor DIO write mapping from get_blocks (bsc#949744).\n - xfs: handle DIO overwrite EOF update completion correctly (bsc#949744).\n - xfs: move DIO mapping size calculation (bsc#949744).\n - xfs: using generic_file_direct_write() is unnecessary (bsc#949744).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bnc#951165).\n - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949463).\n\n", "published": "2015-12-04T14:10:52", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html", "cvelist": ["CVE-2015-2925", "CVE-2015-8215", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-7799", "CVE-2015-5283", "CVE-2015-0272", "CVE-2015-8104"], "lastseen": "2016-09-04T12:36:14"}, {"id": "SUSE-SU-2016:0354-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive\n various security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#952384,\n CVE-2015-7990).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandled IRET faults in processing NMIs that\n occurred during userspace execution, which might allow local users to\n gain privileges by triggering an NMI (bnc#937969 bnc#937970 bnc#938706\n bnc#939207).\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that is (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272. NOTE: the scope of\n CVE-2015-0272 is limited to the NetworkManager product. (bnc#955354).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified\n other impact by using a socket that was not properly bound (bnc#945825).\n - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in\n the Linux kernel allowed local users to cause a denial of service\n (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers\n permanent file-descriptor allocation (bnc#942367).\n\n The following non-security bugs were fixed:\n - alsa: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - btrfs: fix hang when failing to submit bio of directIO (bnc#942688).\n - btrfs: fix memory corruption on failure to submit bio for direct IO\n (bnc#942688).\n - btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688).\n - dm: do not start current request if it would've merged with the previous\n (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn's merge heuristic\n (bsc#904348).\n - dm-snap: avoid deadock on s-&gt;lock when a read is split (bsc#939826).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - drm/i915: Add bit field to record which pins have received HPD events\n (v3) (bsc#942938).\n - drm/I915: Add enum hpd_pin to intel_encoder (bsc#942938).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).\n - drm/i915: Add messages useful for HPD storm detection debugging (v2)\n (bsc#942938).\n - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4)\n (bsc#942938).\n - drm/i915: assert_spin_locked for pipestat interrupt enable/disable\n (bsc#942938).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt\n (bsc#942938).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,\n v2 (bsc#942938).\n - drm/i915: clear crt hotplug compare voltage field before setting\n (bsc#942938).\n - drm/i915: close tiny race in the ilk pcu even interrupt setup\n (bsc#942938).\n - drm/i915: Convert HPD interrupts to make use of HPD pin assignment in\n encoders (v2) (bsc#942938).\n - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3)\n (bsc#942938).\n - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch\n platforms (bsc#942938).\n - drm/i915: Enable hotplug interrupts after querying hw capabilities\n (bsc#942938).\n - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).\n - drm/i915: fix hotplug event bit tracking (bsc#942938).\n - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).\n - drm/i915: fix hpd interrupt register locking (bsc#942938).\n - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock\n (bsc#942938).\n - drm/i915: fix locking around ironlake_enable|disable_display_irq\n (bsc#942938).\n - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).\n - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler\n (bsc#942938).\n - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938).\n - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).\n - drm/i915: Get rid if the "hotplug_supported_mask" in struct\n drm_i915_private (bsc#942938).\n - drm/i915: implement ibx_hpd_irq_setup (bsc#942938).\n - drm/i915: Make hpd arrays big enough to avoid out of bounds access\n (bsc#942938).\n - drm/i915: Mask out the HPD irq bits before setting them individually\n (bsc#942938).\n - drm/i915: Only print hotplug event message when hotplug bit is set\n (bsc#942938).\n - drm/i915: Only reprobe display on encoder which has received an HPD\n event (v2) (bsc#942938).\n - drm/i915: Queue reenable timer also when enable_hotplug_processing is\n false (bsc#942938).\n - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).\n - drm/i915: Remove i965_hpd_irq_setup (bsc#942938).\n - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).\n - drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938).\n - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938).\n - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler()\n (bsc#942938).\n - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets\n (bsc#942938).\n - ehci-pci: enable interrupt on BayTrail (bnc926007).\n - Fixing wording in patch comment (bsc#923002)\n - fix lpfc_send_rscn_event allocation size claims bnc#935757\n - hugetlb: simplify migrate_huge_page() (bnc#947957, VM Functionality).\n - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a\n free hugepage (bnc#947957, VM Functionality).\n - IB/iser: Add Discovery support (bsc#923002).\n - IB/iser: Move informational messages from error to info level\n (bsc#923002).\n - IB/srp: Avoid skipping srp_reset_host() after a transport error\n (bsc#904965).\n - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).\n - inotify: Fix nested sleeps in inotify_read() (bsc#940925).\n - ipv6: fix tunnel error handling (bsc#952579).\n - ipv6: probe routes asynchronous in rt6_probe (bsc#936118).\n - ipvs: drop first packet to dead server (bsc#946078).\n - ipvs: Fix reuse connection if real server is dead (bnc#945827).\n - kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch\n (bnc#920016).\n - KEYS: Fix race between key destruction and finding a keyring by name\n (bsc#951440).\n - ktime: add ktime_after and ktime_before helpe (bsc#904348).\n - libiscsi: Exporting new attrs for iscsi session and connection in sysfs\n (bsc#923002).\n - lib/string.c: introduce memchr_inv() (bnc#930788).\n - macvlan: Support bonding events bsc#948521\n - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n - memory-failure: do code refactor of soft_offline_page() (bnc#947957, VM\n Functionality).\n - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957, VM\n Functionality).\n - memory-failure: use num_poisoned_pages instead of mce_bad_pages\n (bnc#947957, VM Functionality).\n - memory-hotplug: update mce_bad_pages when removing the memory\n (bnc#947957, VM Functionality).\n - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017,\n bnc#949298).\n - mm: make page pfmemalloc check more robust (bnc#920016).\n - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory\n error on thp (bnc#947957, VM Functionality).\n - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate\n successfully (bnc#947957, VM Functionality).\n - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge\n pages (bnc#947957, VM Functionality).\n - Modified -rt patches: 344 of 435, useless noise elided.\n - Moved iscsi kabi patch to patches.kabi (bsc#923002)\n - netfilter: nf_conntrack_proto_sctp: minimal multihoming support\n (bsc#932350).\n - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786).\n - pci: Add flag indicating device has been assigned by KVM (bnc#777565\n FATE#313819).\n - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786).\n - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084).\n - PCI: delay configuration of SRIOV capability (bnc#952084).\n - PCI: Refresh First VF Offset and VF Stride when updating NumVFs\n (bnc#952084).\n - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084).\n - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084).\n - pktgen: clean up ktime_t helpers (bsc#904348).\n - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).\n - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).\n - qla2xxx: Remove decrement of sp reference count in abort handler\n (bsc#944993).\n - r8169: remember WOL preferences on driver load (bsc#942305).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - Refresh patches.xen/1282-usbback-limit-copying.patch (bsc#941202).\n - Rename kabi patch appropriately (bsc#923002)\n - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds\n (bsc#930145).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bnc#949100).\n - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204).\n - SCSI: hosts: update to use ida_simple for host_no (bsc#939926)\n - SCSI: kabi: allow iscsi disocvery session support (bsc#923002).\n - scsi_transport_iscsi: Exporting new attrs for iscsi session and\n connection in sysfs (bsc#923002).\n - sg: fix read() error reporting (bsc#926774).\n - Update patches.fixes/fanotify-fix-deadlock-during-thread-exit.patch\n (bsc#935053, bsc#926709). Add bug reference.\n - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers\n (bnc#944989).\n - USB: xhci: do not start a halted endpoint before its new dequeue is set\n (bnc#933721).\n - usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721).\n - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb\n (bnc#933721).\n - USB: xhci: Reset a halted endpoint immediately when we encounter a stall\n (bnc#933721).\n - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - x86/tsc: Change Fast TSC calibration failed from error to info\n (bnc#942605).\n - xfs: add background scanning to clear eofblocks inodes (bnc#930788).\n - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788).\n - xfs: add inode id filtering to eofblocks scan (bnc#930788).\n - xfs: add minimum file size filtering to eofblocks scan (bnc#930788).\n - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788).\n - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788).\n - xfs: create helper to check whether to free eofblocks on inode\n (bnc#930788).\n - xfs: Fix lost direct IO write in the last block (bsc#949744).\n - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).\n - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).\n - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock\n failure (bnc#930788).\n - xfs: support a tag-based inode_ag_iterator (bnc#930788).\n - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788).\n - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bnc#949981).\n - xhci: Allocate correct amount of scratchpad buffers (bnc#933721).\n - xhci: Calculate old endpoints correctly on device reset (bnc#944831).\n - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502).\n - xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721).\n - xhci: do not report PLC when link is in internal resume state\n (bnc#933721).\n - xhci: fix isoc endpoint dequeue from advancing too far on transaction\n error (bnc#944837).\n - xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721).\n - xhci: For streams the css flag most be read from the stream-ctx on ep\n stop (bnc#945691).\n - xhci: report U3 when link is in resume state (bnc#933721).\n - xhci: rework cycle bit checking for new dequeue pointers (bnc#933721).\n - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256\n (bnc#933721).\n - xhci: Treat not finding the event_seg on COMP_STOP the same as\n COMP_STOP_INVAL (bnc#933721).\n - XHCI: use uninterruptible sleep for waiting for internal operations\n (bnc#939955).\n - xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721).\n\n", "published": "2016-02-05T21:12:31", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00013.html", "cvelist": ["CVE-2015-8215", "CVE-2015-6252", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-6937", "CVE-2015-8104"], "lastseen": "2016-09-04T12:46:26"}, {"id": "SUSE-SU-2015:2108-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to receive\n various security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-8104: Prevent guest to host DoS caused by infinite loop in\n microcode via #DB exception (bsc#954404).\n - CVE-2015-5307: Prevent guest to host DoS caused by infinite loop in\n microcode via #AC exception (bsc#953527).\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#952384).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandled IRET faults in processing NMIs that occurred\n during userspace execution, which might have allowed local users to gain\n privileges by triggering an NMI (bsc#938706).\n - CVE-2015-7872: Possible crash when trying to garbage collect an\n uninstantiated keyring (bsc#951440).\n - CVE-2015-0272: Prevent remote DoS using IPv6 RA with bogus MTU by\n validating before applying it (bsc#944296).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified other\n impact by using a socket that was not properly bound (bsc#945825).\n - CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c in\n the Linux kernel allowed local users to cause a denial of service\n (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggered\n permanent file-descriptor allocation (bsc#942367).\n\n The following non-security bugs were fixed:\n - alsa: hda - Disable 64bit address for Creative HDA controllers\n (bsc#814440).\n - btrfs: fix hang when failing to submit bio of directIO (bsc#942688).\n - btrfs: fix memory corruption on failure to submit bio for direct IO\n (bsc#942688).\n - btrfs: fix put dio bio twice when we submit dio bio fail (bsc#942688).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).\n - dm: do not start current request if it would have merged with the\n previous (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn merge heuristic\n (bsc#904348).\n - drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).\n - drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).\n - drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4)\n (bsc#942938).\n - drm/i915: Add bit field to record which pins have received HPD events\n (v3) (bsc#942938).\n - drm/i915: Add enum hpd_pin to intel_encoder (bsc#942938).\n - drm/i915: Add messages useful for HPD storm detection debugging (v2)\n (bsc#942938).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt\n (bsc#942938).\n - drm/i915: Convert HPD interrupts to make use of HPD pin assignment in\n encoders (v2) (bsc#942938).\n - drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3)\n (bsc#942938).\n - drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch\n platforms (bsc#942938).\n - drm/i915: Enable hotplug interrupts after querying hw capabilities\n (bsc#942938).\n - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).\n - drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).\n - drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).\n - drm/i915: Get rid if the "^A" in struct drm_i915_private (bsc#942938).\n - drm/i915: Make hpd arrays big enough to avoid out of bounds access\n (bsc#942938).\n - drm/i915: Mask out the HPD irq bits before setting them individually\n (bsc#942938).\n - drm/i915: Only print hotplug event message when hotplug bit is set\n (bsc#942938).\n - drm/i915: Only reprobe display on encoder which has received an HPD\n event (v2) (bsc#942938).\n - drm/i915: Queue reenable timer also when enable_hotplug_processing is\n false (bsc#942938).\n - drm/i915: Remove i965_hpd_irq_setup (bsc#942938).\n - drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).\n - drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938).\n - drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler()\n (bsc#942938).\n - drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets\n (bsc#942938).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - drm/i915: assert_spin_locked for pipestat interrupt enable/disable\n (bsc#942938).\n - drm/i915: clear crt hotplug compare voltage field before setting\n (bsc#942938).\n - drm/i915: close tiny race in the ilk pcu even interrupt setup\n (bsc#942938).\n - drm/i915: fix hotplug event bit tracking (bsc#942938).\n - drm/i915: fix hpd interrupt register locking (bsc#942938).\n - drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock\n (bsc#942938).\n - drm/i915: fix locking around ironlake_enable|disable_display_irq\n (bsc#942938).\n - drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler\n (bsc#942938).\n - drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938).\n - drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).\n - drm/i915: implement ibx_hpd_irq_setup (bsc#942938).\n - drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938).\n - ehci-pci: enable interrupt on BayTrail (bnc926007).\n - fix lpfc_send_rscn_event allocation size claims bsc#935757\n - hugetlb: simplify migrate_huge_page() (bsc#947957, VM Functionality).\n - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a\n free hugepage (bsc#947957).\n - ib/iser: Add Discovery support (bsc#923002).\n - ib/iser: Move informational messages from error to info level\n (bsc#923002).\n - ib/srp: Avoid skipping srp_reset_host() after a transport error\n (bsc#904965).\n - ib/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).\n - inotify: Fix nested sleeps in inotify_read() (bsc#940925).\n - ipv6: fix tunnel error handling (bsc#952579).\n - ipv6: probe routes asynchronous in rt6_probe (bsc#936118).\n - ipvs: Fix reuse connection if real server is dead (bsc#945827).\n - ipvs: drop first packet to dead server (bsc#946078).\n - keys: Fix race between key destruction and finding a keyring by name\n (bsc#951440).\n - ktime: add ktime_after and ktime_before helpe (bsc#904348).\n - lib/string.c: introduce memchr_inv() (bsc#930788).\n - libiscsi: Exporting new attrs for iscsi session and connection in sysfs\n (bsc#923002).\n - macvlan: Support bonding events bsc#948521\n - make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n - memory-failure: do code refactor of soft_offline_page() (bsc#947957).\n - memory-failure: fix an error of mce_bad_pages statistics (bsc#947957).\n - memory-failure: use num_poisoned_pages instead of mce_bad_pages\n (bsc#947957).\n - memory-hotplug: update mce_bad_pages when removing the memory\n (bsc#947957).\n - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory\n error on thp (bsc#947957).\n - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate\n successfully (bsc#947957).\n - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge\n pages (bsc#947957).\n - mm: exclude reserved pages from dirtyable memory 32b fix (bsc#940017,\n bsc#949298).\n - mm: make page pfmemalloc check more robust (bsc#920016).\n - netfilter: nf_conntrack_proto_sctp: minimal multihoming support\n (bsc#932350).\n - pci: Add VPD function 0 quirk for Intel Ethernet devices (bsc#943786).\n - pci: Add dev_flags bit to access VPD through function 0 (bsc#943786).\n - pci: Add flag indicating device has been assigned by KVM (bsc#777565).\n - pci: Clear NumVFs when disabling SR-IOV in sriov_init() (bsc#952084).\n - pci: Refresh First VF Offset and VF Stride when updating NumVFs\n (bsc#952084).\n - pci: Update NumVFs register when disabling SR-IOV (bsc#952084).\n - pci: delay configuration of SRIOV capability (bsc#952084).\n - pci: set pci sriov page size before reading SRIOV BAR (bsc#952084).\n - pktgen: clean up ktime_t helpers (bsc#904348).\n - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).\n - qla2xxx: Remove decrement of sp reference count in abort handler\n (bsc#944993).\n - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).\n - r8169: remember WOL preferences on driver load (bsc#942305).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds\n (bsc#930145).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bsc#949100).\n - scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bsc#942204).\n - scsi: hosts: update to use ida_simple for host_no (bsc#939926)\n - scsi: kabi: allow iscsi disocvery session support (bsc#923002).\n - scsi_transport_iscsi: Exporting new attrs for iscsi session and\n connection in sysfs (bsc#923002).\n - sg: fix read() error reporting (bsc#926774).\n - usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb\n (bsc#933721).\n - usb: xhci: Reset a halted endpoint immediately when we encounter a stall\n (bsc#933721).\n - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers\n (bsc#944989).\n - usb: xhci: do not start a halted endpoint before its new dequeue is set\n (bsc#933721).\n - usb: xhci: handle Config Error Change (CEC) in xhci driver (bsc#933721).\n - x86/tsc: Change Fast TSC calibration failed from error to info\n (bsc#942605).\n - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - xfs: Fix lost direct IO write in the last block (bsc#949744).\n - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).\n - xfs: add EOFBLOCKS inode tagging/untagging (bsc#930788).\n - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bsc#930788).\n - xfs: add background scanning to clear eofblocks inodes (bsc#930788).\n - xfs: add inode id filtering to eofblocks scan (bsc#930788).\n - xfs: add minimum file size filtering to eofblocks scan (bsc#930788).\n - xfs: create function to scan and clear EOFBLOCKS inodes (bsc#930788).\n - xfs: create helper to check whether to free eofblocks on inode\n (bsc#930788).\n - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).\n - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock\n failure (bsc#930788).\n - xfs: support a tag-based inode_ag_iterator (bsc#930788).\n - xfs: support multiple inode id filtering in eofblocks scan (bsc#930788).\n - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bsc#949981).\n - xhci: Allocate correct amount of scratchpad buffers (bsc#933721).\n - xhci: Calculate old endpoints correctly on device reset (bsc#944831).\n - xhci: Do not enable/disable RWE on bus suspend/resume (bsc#933721).\n - xhci: For streams the css flag most be read from the stream-ctx on ep\n stop (bsc#945691).\n - xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256\n (bsc#933721).\n - xhci: Treat not finding the event_seg on COMP_STOP the same as\n COMP_STOP_INVAL (bsc#933721).\n - xhci: Workaround for PME stuck issues in Intel xhci (bsc#933721).\n - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bsc#949502).\n - xhci: do not report PLC when link is in internal resume state\n (bsc#933721).\n - xhci: fix isoc endpoint dequeue from advancing too far on transaction\n error (bsc#944837).\n - xhci: fix reporting of 0-sized URBs in control endpoint (bsc#933721).\n - xhci: report U3 when link is in resume state (bsc#933721).\n - xhci: rework cycle bit checking for new dequeue pointers (bsc#933721).\n - xhci: use uninterruptible sleep for waiting for internal operations\n (bsc#939955).\n\n", "published": "2015-11-26T13:10:56", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html", "cvelist": ["CVE-2015-6252", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-6937", "CVE-2015-8104"], "lastseen": "2016-09-04T12:33:55"}, {"id": "SUSE-SU-2015:2339-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-7509: Mounting ext4 filesystems in no-journal mode could hav\n lead to a system crash (bsc#956709).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n - CVE-2015-7990: RDS: There was no verification that an underlying\n transport exists when creating a connection, causing usage of a NULL\n pointer (bsc#952384).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandled IRET faults in processing NMIs that occurred\n during userspace execution, which might have allowed local users to gain\n privileges by triggering an NMI (bnc#938706).\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n - CVE-2015-0272: Missing checks allowed remote attackers to cause a denial\n of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6\n Router Advertisement (RA) message, a different vulnerability than\n CVE-2015-8215 (bnc#944296).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified other\n impact by using a socket that was not properly bound (bnc#945825).\n\n The following non-security bugs were fixed:\n - ALSA: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - Driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats\n (bsc#950750).\n - Drivers: hv: do not do hypercalls when hypercall_page is NULL.\n - Drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h.\n - Drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h.\n - Drivers: hv: vmbus: Get rid of some unused definitions.\n - Drivers: hv: vmbus: Implement the protocol for tearing down vmbus state.\n - Drivers: hv: vmbus: add special crash handler (bnc#930770).\n - Drivers: hv: vmbus: add special kexec handler.\n - Drivers: hv: vmbus: kill tasklets on module unload.\n - Drivers: hv: vmbus: prefer "^A" notification chain to 'panic'.\n - Drivers: hv: vmbus: remove hv_synic_free_cpu() call from\n hv_synic_cleanup().\n - Drivers: hv: vmbus: unregister panic notifier on module unload.\n - IB/srp: Avoid skipping srp_reset_host() after a transport error\n (bsc#904965).\n - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).\n - KEYS: Fix race between key destruction and finding a keyring by name\n (bsc#951440).\n - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n - NFSv4: Fix two infinite loops in the mount code (bsc#954628).\n - PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786).\n - PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786).\n - PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084).\n - PCI: Refresh First VF Offset and VF Stride when updating NumVFs\n (bnc#952084).\n - PCI: Update NumVFs register when disabling SR-IOV (bnc#952084).\n - PCI: delay configuration of SRIOV capability (bnc#952084).\n - PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084).\n - SCSI: hosts: update to use ida_simple for host_no (bsc#939926)\n - SUNRPC refactor rpcauth_checkverf error returns (bsc#955673).\n - af_iucv: avoid path quiesce of severed path in shutdown() (bnc#946214).\n - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - cachefiles: Avoid deadlocks with fs freezing (bsc#935123).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).\n - dm: do not start current request if it would've merged with the previous\n (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn's merge heuristic\n (bsc#904348).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,\n v2 (bsc#942938).\n - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - fix lpfc_send_rscn_event allocation size claims bnc#935757\n - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123).\n - fs: Fix deadlocks between sync and fs freezing (bsc#935123).\n - hugetlb: simplify migrate_huge_page() (bnc#947957).\n - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a\n free hugepage (bnc#947957,).\n - ipr: Fix incorrect trace indexing (bsc#940913).\n - ipr: Fix invalid array indexing for HRRQ (bsc#940913).\n - ipv6: fix tunnel error handling (bsc#952579).\n - ipvs: Fix reuse connection if real server is dead (bnc#945827).\n - ipvs: drop first packet to dead server (bsc#946078).\n - kernel: correct uc_sigmask of the compat signal frame (bnc#946214).\n - kernel: fix incorrect use of DIAG44 in continue_trylock_relax()\n (bnc#946214).\n - kexec: Fix race between panic() and crash_kexec() called directly\n (bnc#937444).\n - ktime: add ktime_after and ktime_before helpe (bsc#904348).\n - lib/string.c: introduce memchr_inv() (bnc#930788).\n - lpfc: Fix cq_id masking problem (bsc#944677).\n - macvlan: Support bonding events bsc#948521\n - memory-failure: do code refactor of soft_offline_page() (bnc#947957).\n - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957).\n - memory-failure: use num_poisoned_pages instead of mce_bad_pages\n (bnc#947957).\n - memory-hotplug: update mce_bad_pages when removing the memory\n (bnc#947957).\n - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory\n error on thp (bnc#947957).\n - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate\n successfully (bnc#947957).\n - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge\n pages (bnc#947957).\n - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017,\n bnc#949298).\n - mm: fix GFP_THISNODE callers and clarify (bsc#954950).\n - mm: remove GFP_THISNODE (bsc#954950).\n - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS).\n - net/core: Add VF link state control policy (bsc#950298).\n - netfilter: xt_recent: fix namespace destroy path (bsc#879378).\n - panic/x86: Allow cpus to save registers even if they (bnc#940946).\n - panic/x86: Fix re-entrance problem due to panic on (bnc#937444).\n - pktgen: clean up ktime_t helpers (bsc#904348).\n - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).\n - qla2xxx: Remove decrement of sp reference count in abort handler\n (bsc#944993).\n - qla2xxx: Remove unavailable firmware files (bsc#921081).\n - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).\n - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down\n (bsc#930835).\n - quota: Fix deadlock with suspend and quotas (bsc#935123).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds\n (bsc#930145).\n - rtnetlink: Fix VF IFLA policy (bsc#950298).\n - rtnetlink: fix VF info size (bsc#950298).\n - s390/dasd: fix disconnected device with valid path mask (bnc#946214).\n - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214).\n - s390/dasd: fix list_del corruption after lcu changes (bnc#954984).\n - s390/pci: handle events for unused functions (bnc#946214).\n - s390/pci: improve handling of hotplug event 0x301 (bnc#946214).\n - s390/pci: improve state check when processing hotplug events\n (bnc#946214).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bnc#949100).\n - sg: fix read() error reporting (bsc#926774).\n - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers\n (bnc#944989).\n - usbback: correct copy length for partial transfers (bsc#941202).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - veth: extend device features (bsc#879381).\n - vfs: Provide function to get superblock and wait for it to thaw\n (bsc#935123).\n - vmxnet3: adjust ring sizes when interface is down (bsc#950750).\n - vmxnet3: fix ethtool ring buffer size setting (bsc#950750).\n - writeback: Skip writeback for frozen filesystem (bsc#935123).\n - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE\n (bnc#937256).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE\n (bnc#937256).\n - xfs: Fix lost direct IO write in the last block (bsc#949744).\n - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).\n - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788).\n - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788).\n - xfs: add background scanning to clear eofblocks inodes (bnc#930788).\n - xfs: add inode id filtering to eofblocks scan (bnc#930788).\n - xfs: add minimum file size filtering to eofblocks scan (bnc#930788).\n - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788).\n - xfs: create helper to check whether to free eofblocks on inode\n (bnc#930788).\n - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).\n - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock\n failure (bnc#930788).\n - xfs: support a tag-based inode_ag_iterator (bnc#930788).\n - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788).\n - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bnc#949981).\n - xhci: Calculate old endpoints correctly on device reset (bnc#944831).\n - xhci: For streams the css flag most be read from the stream-ctx on ep\n stop (bnc#945691).\n - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502).\n - xhci: fix isoc endpoint dequeue from advancing too far on transaction\n error (bnc#944837).\n - xhci: silence TD warning (bnc#939955).\n - xhci: use uninterruptible sleep for waiting for internal operations\n (bnc#939955).\n\n", "published": "2015-12-22T16:11:01", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html", "cvelist": ["CVE-2015-7509", "CVE-2015-8215", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-7799", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-6937", "CVE-2015-8104"], "lastseen": "2016-09-04T12:40:04"}, {"id": "SUSE-SU-2016:0658-1", "type": "suse", "title": "Security update for Xen (important)", "description": "Xen was updated to fix the following vulnerabilities:\n\n * CVE-2014-0222: Qcow1 L2 table size integer overflows (bsc#877642)\n * CVE-2015-4037: Insecure temporary file use in /net/slirp.c\n (bsc#932267)\n * CVE-2015-5239: Integer overflow in vnc_client_read() and\n protocol_client_msg() (bsc#944463)\n * CVE-2015-7504: Heap buffer overflow vulnerability in pcnet emulator\n (XSA-162, bsc#956411)\n * CVE-2015-7971: Some pmu and profiling hypercalls log without rate\n limiting (XSA-152, bsc#950706)\n * CVE-2015-8104: Guest to host DoS by triggering an infinite loop in\n microcode via #DB exception (bsc#954405)\n * CVE-2015-5307: Guest to host DOS by intercepting #AC (XSA-156,\n bsc#953527)\n * CVE-2015-8339: XENMEM_exchange error handling issues (XSA-159,\n bsc#956408)\n * CVE-2015-8340: XENMEM_exchange error handling issues (XSA-159,\n bsc#956408)\n * CVE-2015-7512: Buffer overflow in pcnet's non-loopback mode\n (bsc#962360)\n * CVE-2015-8550: Paravirtualized drivers incautious about shared\n memory contents (XSA-155, bsc#957988)\n * CVE-2015-8504: Avoid floating point exception in vnc support\n (bsc#958493)\n * CVE-2015-8555: Information leak in legacy x86 FPU/XMM initialization\n (XSA-165, bsc#958009)\n * Ioreq handling possibly susceptible to multiple read issue (XSA-166,\n bsc#958523)\n\n Security Issues:\n\n * CVE-2014-0222\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0222</a>>\n * CVE-2015-4037\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4037</a>>\n * CVE-2015-5239\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5239\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5239</a>>\n * CVE-2015-7504\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7504</a>>\n * CVE-2015-7971\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7971</a>>\n * CVE-2015-8104\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8104</a>>\n * CVE-2015-5307\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5307</a>>\n * CVE-2015-8339\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8339</a>>\n * CVE-2015-8340\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8340</a>>\n * CVE-2015-7512\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7512</a>>\n * CVE-2015-8550\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8550</a>>\n * CVE-2015-8504\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8504</a>>\n * CVE-2015-8555\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8555</a>>\n\n", "published": "2016-03-04T22:13:56", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00013.html", "cvelist": ["CVE-2015-8340", "CVE-2015-7971", "CVE-2015-8339", "CVE-2014-0222", "CVE-2015-4037", "CVE-2015-7504", "CVE-2015-5307", "CVE-2015-7512", "CVE-2015-8550", "CVE-2015-8555", "CVE-2015-8504", "CVE-2015-5239", "CVE-2015-8104"], "lastseen": "2016-09-04T12:35:28"}, {"id": "SUSE-SU-2015:2350-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive\n various security and bugfixes.\n\n Following security bugs were fixed:\n - CVE-2015-7509: Mounting a prepared ext2 filesystem as ext4 could lead to\n a local denial of service (crash) (bsc#956709).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel did not ensure that certain slot numbers are valid, which\n allowed local users to cause a denial of service (NULL pointer\n dereference and system crash) via a crafted PPPIOCSMAXCID ioctl call\n (bnc#949936).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (host OS panic or hang) by triggering\n many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c\n (bnc#953527).\n - CVE-2015-7990: RDS: Verify the underlying transport exists before\n creating a connection, preventing possible DoS (bsc#952384).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandled IRET faults in processing NMIs that\n occurred during userspace execution, which might allow local users to\n gain privileges by triggering an NMI (bnc#937969 937970 938706 939207).\n - CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c in\n the Linux kernel allowed local users to cause a denial of service (OOPS)\n via crafted keyctl commands (bnc#951440).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that is (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272. NOTE: the scope of\n CVE-2015-0272 is limited to the NetworkManager product. (bnc#955354).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified\n other impact by using a socket that was not properly bound (bnc#945825).\n\n The following non-security bugs were fixed:\n - af_xhci: avoid path quiesce of severed path in shutdown() (bnc#946214,\n LTC#131684).\n - ahci: Add Device ID for Intel Sunrise Point PCH (bsc#953799).\n - alsa: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - cachefiles: Avoid deadlocks with fs freezing (bsc#935123).\n - dm: do not start current request if it would've merged with the previous\n (bsc#904348).\n - dm: impose configurable deadline for dm_request_fn's merge heuristic\n (bsc#904348).\n - dm-snap: avoid deadock on s-&gt;lock when a read is split (bsc#939826).\n - dm sysfs: introduce ability to add writable attributes (bsc#904348).\n - drivers: hv: do not do hypercalls when hypercall_page is NULL.\n - drivers: hv: kvp: move poll_channel() to hyperv_vmbus.h.\n - drivers: hv: util: move kvp/vss function declarations to hyperv_vmbus.h.\n - drivers: hv: vmbus: add special crash handler (bnc#930770).\n - drivers: hv: vmbus: add special kexec handler.\n - drivers: hv: vmbus: Get rid of some unused definitions.\n - drivers: hv: vmbus: Implement the protocol for tearing down vmbus state.\n - drivers: hv: vmbus: kill tasklets on module unload.\n - drivers: hv: vmbus: prefer "die" notification chain to 'panic'.\n - drivers: hv: vmbus: remove hv_synic_free_cpu() call from\n hv_synic_cleanup().\n - drivers: hv: vmbus: unregister panic notifier on module unload.\n - driver: Vmxnet3: Fix ethtool -S to return correct rx queue stats\n (bsc#950750).\n - drm/i915: add hotplug activation period to hotplug update mask\n (bsc#953980).\n - drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt,\n v2 (bsc#942938).\n - drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).\n - fix lpfc_send_rscn_event allocation size claims bnc#935757\n - fs: Avoid deadlocks of fsync_bdev() and fs freezing (bsc#935123).\n - fs: Fix deadlocks between sync and fs freezing (bsc#935123).\n - hugetlb: simplify migrate_huge_page() (bnc#947957, VM Functionality).\n - hwpoison, hugetlb: lock_page/unlock_page does not match for handling a\n free hugepage (bnc#947957, VM Functionality).\n - IB/srp: Avoid skipping srp_reset_host() after a transport error\n (bsc#904965).\n - IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).\n - Import SP4-RT GA kabi files\n - ipr: Fix incorrect trace indexing (bsc#940913).\n - ipr: Fix invalid array indexing for HRRQ (bsc#940913).\n - ipv6: fix tunnel error handling (bsc#952579).\n - ipvs: drop first packet to dead server (bsc#946078).\n - ipvs: Fix reuse connection if real server is dead (bnc#945827).\n - kernel: correct uc_sigmask of the compat signal frame (bnc#946214,\n LTC#130124).\n - kernel: fix incorrect use of DIAG44 in continue_trylock_relax()\n (bnc#946214, LTC#132100).\n - kexec: Fix race between panic() and crash_kexec() called directly\n (bnc#937444).\n - keys: Fix race between key destruction and finding a keyring by name\n (bsc#951440).\n - ktime: add ktime_after and ktime_before helpe (bsc#904348).\n - lib/string.c: introduce memchr_inv() (bnc#930788).\n - lpfc: Fix cq_id masking problem (bsc#944677).\n - macvlan: Support bonding events bsc#948521\n - Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n - memory-failure: do code refactor of soft_offline_page() (bnc#947957, VM\n Functionality).\n - memory-failure: fix an error of mce_bad_pages statistics (bnc#947957, VM\n Functionality).\n - memory-failure: use num_poisoned_pages instead of mce_bad_pages\n (bnc#947957, VM Functionality).\n - memory-hotplug: update mce_bad_pages when removing the memory\n (bnc#947957, VM Functionality).\n - mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017,\n bnc#949298).\n - mm: fix GFP_THISNODE callers and clarify (bsc#954950, VM Functionality).\n - mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory\n error on thp (bnc#947957, VM Functionality).\n - mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate\n successfully (bnc#947957, VM Functionality).\n - mm/migrate.c: pair unlock_page() and lock_page() when migrating huge\n pages (bnc#947957, VM Functionality).\n - mm: remove GFP_THISNODE (bsc#954950, VM Functionality).\n - mm: sl[au]b: add knowledge of PFMEMALLOC reserve pages (Swap over NFS\n (fate#304949)).\n - Modified -rt patches: 343 of 434, noise elided.\n - net/core: Add VF link state control policy (bsc#950298).\n - netfilter: xt_recent: fix namespace destroy path (bsc#879378).\n - NFSv4: Fix two infinite loops in the mount code (bsc#954628).\n - panic/x86: Allow cpus to save registers even if they (bnc#940946).\n - panic/x86: Fix re-entrance problem due to panic on (bnc#937444).\n - pci: Add dev_flags bit to access VPD through function 0 (bnc#943786).\n - pci: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786).\n - pci: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084).\n - pci: delay configuration of SRIOV capability (bnc#952084).\n - pci: Refresh First VF Offset and VF Stride when updating NumVFs\n (bnc#952084).\n - pci: set pci sriov page size before reading SRIOV BAR (bnc#952084).\n - pci: Update NumVFs register when disabling SR-IOV (bnc#952084).\n - pktgen: clean up ktime_t helpers (bsc#904348).\n - qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).\n - qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).\n - qla2xxx: Remove decrement of sp reference count in abort handler\n (bsc#944993).\n - qla2xxx: Remove unavailable firmware files (bsc#921081).\n - qlge: Fix qlge_update_hw_vlan_features to handle if interface is down\n (bsc#930835).\n - quota: Fix deadlock with suspend and quotas (bsc#935123).\n - rcu: Eliminate deadlock between CPU hotplug and expedited grace periods\n (bsc#949706).\n - Refresh patches.xen/1282-usbback-limit-copying.patch (bsc#941202).\n - rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds\n (bsc#930145).\n - rtnetlink: Fix VF IFLA policy (bsc#950298).\n - rtnetlink: fix VF info size (bsc#950298).\n - s390/dasd: fix disconnected device with valid path mask (bnc#946214,\n LTC#132707).\n - s390/dasd: fix invalid PAV assignment after suspend/resume (bnc#946214,\n LTC#132706).\n - s390/dasd: fix list_del corruption after lcu changes (bnc#954984,\n LTC#133077).\n - s390/pci: handle events for unused functions (bnc#946214, LTC#130628).\n - s390/pci: improve handling of hotplug event 0x301 (bnc#946214,\n LTC#130628).\n - s390/pci: improve state check when processing hotplug events\n (bnc#946214, LTC#130628).\n - sched/core: Fix task and run queue sched_info::run_delay inconsistencies\n (bnc#949100).\n - scsi: hosts: update to use ida_simple for host_no (bsc#939926)\n - sg: fix read() error reporting (bsc#926774).\n - sunrpc: refactor rpcauth_checkverf error returns (bsc#955673).\n - Update patches.fixes/fanotify-fix-deadlock-during-thread-exit.patch\n (bsc#935053, bsc#926709). Add bug reference.\n - usbback: correct copy length for partial transfers (bsc#941202).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers\n (bnc#944989).\n - veth: extend device features (bsc#879381).\n - vfs: Provide function to get superblock and wait for it to thaw\n (bsc#935123).\n - vmxnet3: adjust ring sizes when interface is down (bsc#950750).\n - vmxnet3: fix ethtool ring buffer size setting (bsc#950750).\n - writeback: Skip writeback for frozen filesystem (bsc#935123).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n - x86: mm: only do a local tlb flush in ptep_set_access_flags()\n (bsc#948330).\n - x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE\n (fate#317533, bnc#937256).\n - xen: x86, pageattr: Prevent overflow in slow_virt_to_phys() for X86_PAE\n (fate#317533, bnc#937256).\n - xfs: add background scanning to clear eofblocks inodes (bnc#930788).\n - xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788).\n - xfs: add inode id filtering to eofblocks scan (bnc#930788).\n - xfs: add minimum file size filtering to eofblocks scan (bnc#930788).\n - xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788).\n - xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788).\n - xfs: create helper to check whether to free eofblocks on inode\n (bnc#930788).\n - xfs: Fix lost direct IO write in the last block (bsc#949744).\n - xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).\n - xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).\n - xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock\n failure (bnc#930788).\n - xfs: support a tag-based inode_ag_iterator (bnc#930788).\n - xfs: support multiple inode id filtering in eofblocks scan (bnc#930788).\n - xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).\n - xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).\n - xhci: Add spurious wakeup quirk for LynxPoint-LP controllers\n (bnc#949981).\n - xhci: Calculate old endpoints correctly on device reset (bnc#944831).\n - xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502).\n - xhci: fix isoc endpoint dequeue from advancing too far on transaction\n error (bnc#944837).\n - xhci: For streams the css flag most be read from the stream-ctx on ep\n stop (bnc#945691).\n - xhci: silence TD warning (bnc#939955).\n - xhci: use uninterruptible sleep for waiting for internal operations\n (bnc#939955).\n\n", "published": "2015-12-23T18:10:37", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html", "cvelist": ["CVE-2015-7509", "CVE-2015-8215", "CVE-2015-7872", "CVE-2015-5307", "CVE-2015-7990", "CVE-2015-7799", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-6937", "CVE-2015-8104"], "lastseen": "2016-09-04T12:46:49"}, {"id": "OPENSUSE-SU-2016:0126-1", "type": "suse", "title": "Security update for xen (important)", "description": "This update for xen fixes the following issues:\n\n - CVE-2015-8567,CVE-2015-8568: xen: qemu: net: vmxnet3: host memory\n leakage (boo#959387)\n - CVE-2015-8550: xen: paravirtualized drivers incautious about shared\n memory contents (XSA-155, boo#957988)\n - CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state\n results in DoS (boo#959006)\n - CVE-2015-7549: xen: qemu pci: null pointer dereference issue (boo#958918)\n - CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception\n (boo#958493)\n - CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164,\n boo#958007)\n - CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM\n initialization (XSA-165, boo#958009)\n - boo#958523: xen: ioreq handling possibly susceptible to multiple read\n issue (XSA-166)\n - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing\n command block list (boo#956832)\n - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156,\n boo#954018)\n - boo#956592: xen: virtual PMU is unsupported (XSA-163)\n - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues\n (XSA-159, boo#956408)\n - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error\n (XSA-160, boo#956409)\n - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator\n (XSA-162, boo#956411)\n\n", "published": "2016-01-14T22:19:10", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00012.html", "cvelist": ["CVE-2015-8567", "CVE-2015-8340", "CVE-2015-8339", "CVE-2015-8558", "CVE-2015-7504", "CVE-2015-5307", "CVE-2015-8550", "CVE-2015-8345", "CVE-2015-8554", "CVE-2015-8568", "CVE-2015-8555", "CVE-2015-7549", "CVE-2015-8504", "CVE-2015-8341"], "lastseen": "2016-09-04T11:57:00"}, {"id": "OPENSUSE-SU-2016:0124-1", "type": "suse", "title": "Security update for xen (important)", "description": "This update for xen fixes the following security issues:\n\n - CVE-2015-8550: paravirtualized drivers incautious about shared memory\n contents (XSA-155, boo#957988)\n - CVE-2015-8558: qemu: usb: infinite loop in ehci_advance_state results in\n DoS (boo#959006)\n - CVE-2015-7549: qemu pci: null pointer dereference issue (boo#958918)\n - CVE-2015-8504: qemu: ui: vnc: avoid floating point exception (boo#958493)\n - CVE-2015-8554: qemu-dm buffer overrun in MSI-X handling (XSA-164,\n boo#958007)\n - CVE-2015-8555: information leak in legacy x86 FPU/XMM initialization\n (XSA-165, boo#958009)\n - boo#958523 xen: ioreq handling possibly susceptible to multiple read\n issue (XSA-166)\n - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing\n command block list (boo#956832)\n - boo#956592: xen: virtual PMU is unsupported (XSA-163)\n - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues\n (XSA-159, boo#956408)\n - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error\n (XSA-160, boo#956409)\n - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator\n (XSA-162, boo#956411)\n - CVE-2015-7311: xen: libxl fails to honour readonly flag on disks with\n qemu-xen (xsa-142, boo#947165)\n - CVE-2015-8104: Xen: guest to host DoS by triggering an infinite loop in\n microcode via #DB exception (boo#954405)\n - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156,\n boo#954018)\n - CVE-2015-7970: xen: x86: Long latency populate-on-demand operation is\n not preemptible (XSA-150, boo#950704)\n\n", "published": "2016-01-14T22:16:01", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00011.html", "cvelist": ["CVE-2015-8340", "CVE-2015-8339", "CVE-2015-8558", "CVE-2015-7311", "CVE-2015-7970", "CVE-2015-7504", "CVE-2015-5307", "CVE-2015-8550", "CVE-2015-8345", "CVE-2015-8554", "CVE-2015-8555", "CVE-2015-7549", "CVE-2015-8504", "CVE-2015-8341", "CVE-2015-8104"], "lastseen": "2016-09-04T12:38:49"}, {"id": "OPENSUSE-SU-2016:0318-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The openSUSE 13.2 kernel was updated to receive various security and\n bugfixes.\n\n Following security bugs were fixed:\n - CVE-2016-0728: A reference leak in keyring handling with\n join_session_keyring() could lead to local attackers gain root\n privileges. (bsc#962075).\n - CVE-2015-7550: A local user could have triggered a race between read and\n revoke in keyctl (bnc#958951).\n - CVE-2015-8569: The (1) pptp_bind and (2) pptp_connect functions in\n drivers/net/ppp/pptp.c in the Linux kernel did not verify an address\n length, which allowed local users to obtain sensitive information from\n kernel memory and bypass the KASLR protection mechanism via a crafted\n application (bnc#959190).\n - CVE-2015-8543: The networking implementation in the Linux kernel did not\n validate protocol identifiers for certain protocol families, which\n allowed local users to cause a denial of service (NULL function pointer\n dereference and system crash) or possibly gain privileges by leveraging\n CLONE_NEWUSER support to execute a crafted SOCK_RAW application\n (bnc#958886).\n - CVE-2014-8989: The Linux kernel did not properly restrict dropping\n of supplemental group memberships in certain namespace scenarios, which\n allowed local users to bypass intended file permissions by leveraging a\n POSIX ACL containing an entry for the group category that is more\n restrictive than the entry for the other category, aka a "negative\n groups" issue, related to kernel/groups.c, kernel/uid16.c, and\n kernel/user_namespace.c (bnc#906545).\n - CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on the\n x86_64 platform mishandles IRET faults in processing NMIs that\n occurred during userspace execution, which might allow local users to\n gain privileges by triggering an NMI (bnc#937969).\n - CVE-2015-7799: The slhc_init function in drivers/net/slip/slhc.c in the\n Linux kernel through 4.2.3 did not ensure that certain slot numbers are\n valid, which allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) via a crafted PPPIOCSMAXCID ioctl\n call (bnc#949936).\n - CVE-2015-8104: The KVM subsystem in the Linux kernel through 4.2.6, and\n Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial\n of service (host OS panic or hang) by triggering many #DB (aka Debug)\n exceptions, related to svm.c (bnc#954404).\n - CVE-2015-5307: The KVM subsystem in the Linux kernel through 4.2.6, and\n Xen 4.3.x through 4.6.x, allowed guest OS users to cause a denial\n of service (host OS panic or hang) by triggering many #AC (aka Alignment\n Check) exceptions, related to svm.c and vmx.c (bnc#953527).\n - CVE-2014-9529: Race condition in the key_gc_unused_keys function in\n security/keys/gc.c in the Linux kernel allowed local users to cause a\n denial of service (memory corruption or panic) or possibly have\n unspecified other impact via keyctl commands that trigger access to a\n key structure member during garbage collection of a key (bnc#912202).\n - CVE-2015-7990: Race condition in the rds_sendmsg function in\n net/rds/sendmsg.c in the Linux kernel allowed local users to cause a\n denial of service (NULL pointer dereference and system crash) or\n possibly have unspecified other impact by using a socket that was not\n properly bound. NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2015-6937 (bnc#952384 953052).\n - CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c in\n the Linux kernel allowed local users to cause a denial of service (NULL\n pointer dereference and system crash) or possibly have unspecified\n other impact by using a socket that was not properly bound (bnc#945825).\n - CVE-2015-7885: The dgnc_mgmt_ioctl function in\n drivers/staging/dgnc/dgnc_mgmt.c in the Linux kernel through 4.3.3 did\n not initialize a certain structure member, which allowed local users to\n obtain sensitive information from kernel memory via a crafted\n application (bnc#951627).\n - CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel\n did not validate attempted changes to the MTU value, which allowed\n context-dependent attackers to cause a denial of service (packet loss)\n via a value that is (1) smaller than the minimum compliant value or (2)\n larger than the MTU of an interface, as demonstrated by a Router\n Advertisement (RA) message that is not validated by a daemon, a\n different vulnerability than CVE-2015-0272. NOTE: the scope of\n CVE-2015-0272 is limited to the NetworkManager product (bnc#955354).\n - CVE-2015-8767: A case can occur when sctp_accept() is called by the user\n during a heartbeat timeout event after the 4-way handshake. Since\n sctp_assoc_migrate() changes both assoc->base.sk and assoc->ep, the\n bh_sock_lock in sctp_generate_heartbeat_event() will be taken with the\n listening socket but released with the new association socket. The\n result is a deadlock on any future attempts to take the listening socket\n lock. (bsc#961509)\n - CVE-2015-8575: Validate socket address length in sco_sock_bind() to\n prevent information leak (bsc#959399).\n - CVE-2015-8551, CVE-2015-8552: xen/pciback: For\n XEN_PCI_OP_disable_msi[|x] only disable if device has MSI(X) enabled\n (bsc#957990).\n - CVE-2015-8550: Compiler optimizations in the XEN PV backend drivers\n could have lead to double fetch vulnerabilities, causing denial of\n service or arbitrary code execution (depending on the configuration)\n (bsc#957988).\n\n The following non-security bugs were fixed:\n - ALSA: hda - Disable 64bit address for Creative HDA controllers\n (bnc#814440).\n - ALSA: hda - Fix noise problems on Thinkpad T440s (boo#958504).\n - Input: aiptek - fix crash on detecting device without endpoints\n (bnc#956708).\n - KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y (boo#956934).\n - KVM: x86: update masterclock values on TSC writes (bsc#961739).\n - NFS: Fix a NULL pointer dereference of migration recovery ops for v4.2\n client (bsc#960839).\n - apparmor: allow SYS_CAP_RESOURCE to be sufficient to prlimit another\n task (bsc#921949).\n - blktap: also call blkif_disconnect() when frontend switched to closed\n (bsc#952976).\n - blktap: refine mm tracking (bsc#952976).\n - cdrom: Random writing support for BD-RE media (bnc#959568).\n - genksyms: Handle string literals with spaces in reference files\n (bsc#958510).\n - ipv4: Do not increase PMTU with Datagram Too Big message (bsc#955224).\n - ipv6: distinguish frag queues by device for multicast and link-local\n packets (bsc#955422).\n - ipv6: fix tunnel error handling (bsc#952579).\n - route: Use ipv4_mtu instead of raw rt_pmtu (bsc#955224).\n - uas: Add response iu handling (bnc#954138).\n - usbvision fix overflow of interfaces array (bnc#950998).\n - x86/evtchn: make use of PHYSDEVOP_map_pirq.\n - xen/pciback: Do not allow MSI-X ops if PCI_COMMAND_MEMORY is not set\n (bsc#957990 XSA-157).\n\n", "published": "2016-02-03T15:11:57", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00005.html", "cvelist": ["CVE-2015-8551", "CVE-2014-9529", "CVE-2015-8215", "CVE-2015-7550", "CVE-2014-8989", "CVE-2015-5307", "CVE-2015-8550", "CVE-2015-8543", "CVE-2016-0728", "CVE-2015-7990", "CVE-2015-8767", "CVE-2015-7799", "CVE-2015-8575", "CVE-2015-8552", "CVE-2015-8569", "CVE-2015-0272", "CVE-2015-5157", "CVE-2015-7885", "CVE-2015-6937", "CVE-2015-8104"], "lastseen": "2016-09-04T12:08:02"}, {"id": "OPENSUSE-SU-2016:0123-1", "type": "suse", "title": "Security update for xen (important)", "description": "This update for xen fixes the following security issues:\n\n - CVE-2015-8568 CVE-2015-8567: xen: qemu: net: vmxnet3: host memory\n leakage (boo#959387)\n - CVE-2015-8550: xen: paravirtualized drivers incautious about shared\n memory contents (XSA-155, boo#957988)\n - CVE-2015-8558: xen: qemu: usb: infinite loop in ehci_advance_state\n results in DoS (boo#959006)\n - CVE-2015-7549: xen: qemu pci: null pointer dereference issue (boo#958918)\n - CVE-2015-8504: xen: qemu: ui: vnc: avoid floating point exception\n (boo#958493)\n - CVE-2015-8554: xen: qemu-dm buffer overrun in MSI-X handling (XSA-164,\n boo#958007)\n - CVE-2015-8555: xen: information leak in legacy x86 FPU/XMM\n initialization (XSA-165, boo#958009)\n - boo#958523: xen: ioreq handling possibly susceptible to multiple read\n issue (XSA-166)\n - CVE-2015-5307: xen: x86: CPU lockup during fault delivery (XSA-156,\n boo#954018)\n - CVE-2015-8345: xen: qemu: net: eepro100: infinite loop in processing\n command block list (boo#956832)\n - boo#956592: xen: virtual PMU is unsupported (XSA-163)\n - CVE-2015-8339, CVE-2015-8340: xen: XENMEM_exchange error handling issues\n (XSA-159, boo#956408)\n - CVE-2015-8341: xen: libxl leak of pv kernel and initrd on error\n (XSA-160, boo#956409)\n - CVE-2015-7504: xen: heap buffer overflow vulnerability in pcnet emulator\n (XSA-162, boo#956411)\n\n", "published": "2016-01-14T22:13:24", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00010.html", "cvelist": ["CVE-2015-8567", "CVE-2015-8340", "CVE-2015-8339", "CVE-2015-8558", "CVE-2015-7504", "CVE-2015-5307", "CVE-2015-8550", "CVE-2015-8345", "CVE-2015-8554", "CVE-2015-8568", "CVE-2015-8555", "CVE-2015-7549", "CVE-2015-8504", "CVE-2015-8341"], "lastseen": "2016-09-04T11:28:40"}], "oracle": [{"id": "ORACLE:CPUJAN2016-2367955", "type": "oracle", "title": "Oracle Critical Patch Update - January 2016", "description": "A Critical Patch Update (CPU) is a collection of patches for multiple security vulnerabilities. Critical Patch Update patches are usually cumulative, but each advisory describes only the security fixes added since the previous Critical Patch Update advisory. Thus, prior Critical Patch Update advisories should be reviewed for information regarding earlier published security fixes. Please refer to:\n\n \n\n\n[Critical Patch Updates and Security Alerts](<http://www.oracle.com/technetwork/topics/security/alerts-086861.html>) for information about Oracle Security Advisories.\n\n \n\n\n**Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released fixes. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches. Oracle therefore _strongly_ recommends that customers remain on actively-supported versions and apply Critical Patch Update fixes _without_ delay.**\n\n \n\n\nThis Critical Patch Update contains 248 new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at <https://blogs.oracle.com/security>.\n\n \n\n\n** Please note that on November 10, 2015, Oracle released [Security Alert for CVE-2015-4852](<http://www.oracle.com/technetwork/topics/security/alert-cve-2015-4852-2763333.html>). Customers of affected Oracle products are strongly advised to apply the fixes and/or configuration steps that were announced for CVE-2015-4852. **\n\n \n\n\nThis Critical Patch Update advisory is also available in an XML format that conforms to the Common Vulnerability Reporting Format (CVRF) version 1.1. More information about Oracle's use of CVRF is available at: <http://www.oracle.com/technetwork/topics/security/cpufaq-098434.html#CVRF>.\n\n \n\n", "published": "2016-01-19T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "", "cvelist": ["CVE-2016-0571", "CVE-2016-0528", "CVE-2015-6013", "CVE-2015-4000", "CVE-2016-0608", "CVE-2016-0515", "CVE-2016-0514", "CVE-2016-0600", "CVE-2015-1792", "CVE-2016-0492", "CVE-2016-0611", "CVE-2016-0575", "CVE-2016-0544", "CVE-2016-0599", "CVE-2015-0235", "CVE-2016-0445", "CVE-2016-0500", "CVE-2016-0572", "CVE-2015-1793", "CVE-2016-0592", "CVE-2016-0435", "CVE-2016-0512", "CVE-2015-8126", "CVE-2016-0526", "CVE-2016-0457", "CVE-2016-0594", "CVE-2016-0498", "CVE-2016-0516", "CVE-2016-0580", "CVE-2016-0470", "CVE-2016-0444", "CVE-2016-0577", "CVE-2016-0440", "CVE-2016-0546", "CVE-2015-1789", "CVE-2016-0541", "CVE-2016-0560", "CVE-2016-0428", "CVE-2016-0447", "CVE-2016-0477", "CVE-2016-0568", "CVE-2016-0415", "CVE-2015-0286", "CVE-2016-0489", "CVE-2016-0559", "CVE-2016-0472", "CVE-2016-0578", "CVE-2016-0579", "CVE-2016-0561", "CVE-2014-3583", "CVE-2016-0412", "CVE-2015-3195", "CVE-2016-0449", "CVE-2016-0555", "CVE-2016-0481", "CVE-2016-0511", "CVE-2016-0605", "CVE-2015-4885", "CVE-2016-0455", "CVE-2015-4921", "CVE-2016-0534", "CVE-2016-0414", "CVE-2015-4924", "CVE-2016-0589", "CVE-2016-0474", "CVE-2016-0508", "CVE-2016-0465", "CVE-2016-0553", "CVE-2016-0582", "CVE-2016-0483", "CVE-2013-5855", "CVE-2016-0517", "CVE-2013-5704", "CVE-2016-0454", "CVE-2015-0288", "CVE-2016-0486", "CVE-2013-5605", "CVE-2016-0554", "CVE-2016-0542", "CVE-2016-0591", "CVE-2016-0433", "CVE-2016-0448", "CVE-2016-0506", "CVE-2016-0401", "CVE-2016-0416", "CVE-2016-0437", "CVE-2016-0550", "CVE-2016-0533", "CVE-2016-0403", "CVE-2015-4922", "CVE-2016-0566", "CVE-2016-0606", "CVE-2016-0510", "CVE-2016-0431", "CVE-2015-0285", "CVE-2016-0569", "CVE-2016-0459", "CVE-2016-0471", "CVE-2016-0564", "CVE-2016-0524", "CVE-2016-0563", "CVE-2016-0522", "CVE-2015-3153", "CVE-2016-0616", "CVE-2016-0614", "CVE-2013-1741", "CVE-2015-0207", "CVE-2016-0442", "CVE-2016-0493", "CVE-2016-0443", "CVE-2016-0618", "CVE-2016-0573", "CVE-2016-0527", "CVE-2016-0610", "CVE-2016-0609", "CVE-2016-0570", "CVE-2015-4926", "CVE-2015-0208", "CVE-2015-5307", "CVE-2016-0473", "CVE-2016-0518", "CVE-2013-1740", "CVE-2016-0567", "CVE-2015-7575", "CVE-2016-0558", "CVE-2016-0543", "CVE-2016-0463", "CVE-2016-0487", "CVE-2013-1739", "CVE-2016-0466", "CVE-2016-0462", "CVE-2016-0423", "CVE-2016-0596", "CVE-2016-0535", "CVE-2016-0509", "CVE-2016-0574", "CVE-2014-1492", "CVE-2016-0426", "CVE-2016-0460", "CVE-2016-0504", "CVE-2016-0521", "CVE-2016-0501", "CVE-2013-5606", "CVE-2016-0451", "CVE-2016-0482", "CVE-2015-4808", "CVE-2016-0539", "CVE-2014-0050", "CVE-2016-0404", "CVE-2016-0419", "CVE-2016-0494", "CVE-2015-0293", "CVE-2016-0552", "CVE-2016-0485", "CVE-2014-1490", "CVE-2016-0595", "CVE-2016-0402", "CVE-2016-0480", "CVE-2016-0478", "CVE-2016-0427", "CVE-2015-4919", "CVE-2016-0529", "CVE-2015-7183", "CVE-2016-0503", "CVE-2015-1788", "CVE-2016-0413", "CVE-2016-0476", "CVE-2016-0598", "CVE-2016-0556", "CVE-2015-0209", "CVE-2016-0422", "CVE-2016-0502", "CVE-2016-0601", "CVE-2013-2186", "CVE-2015-3183", "CVE-2015-4920", "CVE-2016-0441", "CVE-2016-0432", "CVE-2016-0484", "CVE-2016-0536", "CVE-2016-0576", "CVE-2015-0204", "CVE-2016-0540", "CVE-2016-0584", "CVE-2016-0537", "CVE-2016-0590", "CVE-2016-0565", "CVE-2016-0420", "CVE-2016-0557", "CVE-2016-0586", "CVE-2016-0417", "CVE-2016-0491", "CVE-2016-0424", "CVE-2015-8472", "CVE-2016-0450", "CVE-2016-0495", "CVE-2016-0520", "CVE-2016-0405", "CVE-2016-0488", "CVE-2015-1790", "CVE-2016-0525", "CVE-2016-0475", "CVE-2016-0499", "CVE-2016-0452", "CVE-2015-6014", "CVE-2016-0548", "CVE-2016-0519", "CVE-2016-0587", "CVE-2016-0461", "CVE-2016-0464", "CVE-2016-0409", "CVE-2016-0438", "CVE-2015-0291", "CVE-2016-0429", "CVE-2016-0497", "CVE-2014-3581", "CVE-2016-0607", "CVE-2015-8370", "CVE-2016-0439", "CVE-2015-0287", "CVE-2014-8109", "CVE-2016-0530", "CVE-2016-0456", "CVE-2016-0496", "CVE-2016-0551", "CVE-2016-0425", "CVE-2016-0421", "CVE-2016-0523", "CVE-2016-0430", "CVE-2015-0289", "CVE-2016-0597", "CVE-2016-0467", "CVE-2016-0581", "CVE-2016-0549", "CVE-2016-0458", "CVE-2014-1491", "CVE-2016-0538", "CVE-2016-0531", "CVE-2015-0292", "CVE-2016-0583", "CVE-2016-0411", "CVE-2016-0507", "CVE-2016-0490", "CVE-2016-0418", "CVE-2014-0107", "CVE-2016-0453", "CVE-2015-7744", "CVE-2016-0513", "CVE-2016-0436", "CVE-2016-0547", "CVE-2016-0588", "CVE-2015-0290", "CVE-2016-0434", "CVE-2016-0446", "CVE-2015-1787", "CVE-2016-0505", "CVE-2015-4852", "CVE-2016-0562", "CVE-2016-0585", "CVE-2015-4923", "CVE-2016-0406", "CVE-2015-1791", "CVE-2015-8104", "CVE-2016-0532", "CVE-2015-4925", "CVE-2015-6015", "CVE-2016-0545", "CVE-2016-0602"], "lastseen": "2018-04-18T20:23:57"}]}}