{"id": "EULEROS_SA-2017-1001.NASL", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)", "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-05-02T00:00:00", "modified": "2017-05-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=99848", "reporter": "Tenable", "references": ["http://www.nessus.org/u?d5780220"], "cvelist": ["CVE-2016-9806", "CVE-2016-8666", "CVE-2016-10088", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-3672"], "type": "nessus", "lastseen": "2017-05-04T20:44:22", "history": [{"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-9806", "CVE-2016-8666", "CVE-2016-10088", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-3672"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 1, "hash": "cc278c2818236d27c171a15ea0784f23bc658957bdab5664a1c9ee760c27bf69", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "4b2d11a67217aae440da75853c5c5f5a", "key": "description"}, {"hash": "7c444ea8419d668be59012d58b75e6cb", "key": "references"}, {"hash": "dcac2dcb1482e5eeb88ed2dd3ffaf36d", "key": "published"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "d356786be2f93b49e1afe88705f49970", "key": "cvelist"}, {"hash": "09a571428c93c7a2d494e61fdf7161af", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "dcac2dcb1482e5eeb88ed2dd3ffaf36d", "key": "modified"}, {"hash": "241799a875fe4ddd679edf318dda7676", "key": "pluginID"}, {"hash": "effdd28429a82e1106a7bf810edb72e3", "key": "sourceData"}, {"hash": "e985fbd2c5ddcc49c87aee94a15a8f7b", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=99848", "id": "EULEROS_SA-2017-1001.NASL", "lastseen": "2017-05-02T02:44:03", "modified": "2017-05-01T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.2", "pluginID": "99848", "published": "2017-05-01T00:00:00", "references": ["http://www.nessus.org/u?d5780220"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99848);\n script_version(\"$Revision: 1.1 $\");\n script_cvs_date(\"$Date: 2017/05/01 19:05:11 $\");\n\n script_cve_id(\n \"CVE-2016-10088\",\n \"CVE-2016-3672\",\n \"CVE-2016-8666\",\n \"CVE-2016-9555\",\n \"CVE-2016-9576\",\n \"CVE-2016-9588\",\n \"CVE-2016-9806\"\n );\n script_osvdb_id(\n 136761,\n 145649,\n 145694,\n 147698,\n 148137,\n 148443,\n 148861\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9\n mismanages the #BP and #OF exceptions, which allows\n guest OS users to cause a denial of service (guest OS\n crash) by declining to handle an exception thrown by an\n L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by\n interleaved IPv4 headers and GRE headers, a related\n issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users\n to read or write to arbitrary kernel memory locations\n or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel before\n 4.6.3 allows local users to cause a denial of service\n (double free) or possibly have unspecified other impact\n via a crafted application that makes sendmsg system\n calls, leading to a free operation associated with a\n new dump that started earlier than\n anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9\n does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allows local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel through 4.5.2\n does not properly randomize the legacy base address,\n which makes it easier for local users to defeat the\n intended restrictions on the ADDR_NO_RANDOMIZE flag,\n and bypass the ASLR protection mechanism for a setuid\n or setgid program, by disabling stack-consumption\n resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1001\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5780220\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.46.1.111\",\n \"kernel-debug-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.46.1.111\",\n \"kernel-devel-3.10.0-229.46.1.111\",\n \"kernel-headers-3.10.0-229.46.1.111\",\n \"kernel-tools-3.10.0-229.46.1.111\",\n \"kernel-tools-libs-3.10.0-229.46.1.111\",\n \"perf-3.10.0-229.46.1.111\",\n \"python-perf-3.10.0-229.46.1.111\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)", "type": "nessus", "viewCount": 0}, "differentElements": ["published", "modified", "sourceData"], "edition": 1, "lastseen": "2017-05-02T02:44:03"}, {"bulletin": {"bulletinFamily": "exploit", "cvelist": ["CVE-2016-9806", "CVE-2016-8666", "CVE-2016-10088", "CVE-2016-9555", "CVE-2016-9576", "CVE-2016-9588", "CVE-2016-3672"], "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "description": "According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "edition": 2, "hash": "6b655eedfda302db91b6d14b3a8ae38d45756b830832319650c72626b75144d5", "hashmap": [{"hash": "53784ff7c486320838231ecdb0e92b83", "key": "sourceData"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "4b2d11a67217aae440da75853c5c5f5a", "key": "description"}, {"hash": "c4a8cf42c868fe1dea8ed5b93cb6e2d5", "key": "modified"}, {"hash": "7c444ea8419d668be59012d58b75e6cb", "key": "references"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "c4a8cf42c868fe1dea8ed5b93cb6e2d5", "key": "published"}, {"hash": "d356786be2f93b49e1afe88705f49970", "key": "cvelist"}, {"hash": "09a571428c93c7a2d494e61fdf7161af", "key": "href"}, {"hash": "2bdabeb49c44761f9565717ab0e38165", "key": "cvss"}, {"hash": "241799a875fe4ddd679edf318dda7676", "key": "pluginID"}, {"hash": "e985fbd2c5ddcc49c87aee94a15a8f7b", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "67933a273737791ab6f71e29a2605c31", "key": "naslFamily"}], "history": [], "href": "https://www.tenable.com/plugins/index.php?view=single&id=99848", "id": "EULEROS_SA-2017-1001.NASL", "lastseen": "2017-05-02T20:44:05", "modified": "2017-05-02T00:00:00", "naslFamily": "Huawei Local Security Checks", "objectVersion": "1.2", "pluginID": "99848", "published": "2017-05-02T00:00:00", "references": ["http://www.nessus.org/u?d5780220"], "reporter": "Tenable", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99848);\n script_version(\"$Revision: 1.2 $\");\n script_cvs_date(\"$Date: 2017/05/02 13:34:09 $\");\n\n script_cve_id(\n \"CVE-2016-10088\",\n \"CVE-2016-3672\",\n \"CVE-2016-8666\",\n \"CVE-2016-9555\",\n \"CVE-2016-9576\",\n \"CVE-2016-9588\",\n \"CVE-2016-9806\"\n );\n script_osvdb_id(\n 147698,\n 136761,\n 148137,\n 148861,\n 145649,\n 145694,\n 148443\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9\n mismanages the #BP and #OF exceptions, which allows\n guest OS users to cause a denial of service (guest OS\n crash) by declining to handle an exception thrown by an\n L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by\n interleaved IPv4 headers and GRE headers, a related\n issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users\n to read or write to arbitrary kernel memory locations\n or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel before\n 4.6.3 allows local users to cause a denial of service\n (double free) or possibly have unspecified other impact\n via a crafted application that makes sendmsg system\n calls, leading to a free operation associated with a\n new dump that started earlier than\n anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9\n does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allows local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel through 4.5.2\n does not properly randomize the legacy base address,\n which makes it easier for local users to defeat the\n intended restrictions on the ADDR_NO_RANDOMIZE flag,\n and bypass the ASLR protection mechanism for a setuid\n or setgid program, by disabling stack-consumption\n resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1001\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5780220\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.46.1.111\",\n \"kernel-debug-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.46.1.111\",\n \"kernel-devel-3.10.0-229.46.1.111\",\n \"kernel-headers-3.10.0-229.46.1.111\",\n \"kernel-tools-3.10.0-229.46.1.111\",\n \"kernel-tools-libs-3.10.0-229.46.1.111\",\n \"perf-3.10.0-229.46.1.111\",\n \"python-perf-3.10.0-229.46.1.111\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "title": "EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)", "type": "nessus", "viewCount": 0}, "differentElements": ["modified", "sourceData"], "edition": 2, "lastseen": "2017-05-02T20:44:05"}], "edition": 3, "hashmap": [{"key": "bulletinFamily", "hash": "bbdaea376f500d25f6b0c1050311dd07"}, {"key": "cvelist", "hash": "d356786be2f93b49e1afe88705f49970"}, {"key": "cvss", "hash": "2bdabeb49c44761f9565717ab0e38165"}, {"key": "description", "hash": "4b2d11a67217aae440da75853c5c5f5a"}, {"key": "href", "hash": "09a571428c93c7a2d494e61fdf7161af"}, {"key": "modified", "hash": "da6aa731495907f7c1150b75a2987c92"}, {"key": "naslFamily", "hash": "67933a273737791ab6f71e29a2605c31"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "pluginID", "hash": "241799a875fe4ddd679edf318dda7676"}, {"key": "published", "hash": "c4a8cf42c868fe1dea8ed5b93cb6e2d5"}, {"key": "references", "hash": "7c444ea8419d668be59012d58b75e6cb"}, {"key": "reporter", "hash": "9cf00d658b687f030ebe173a0528c567"}, {"key": "sourceData", "hash": "20580ea4a4aab8b19391ef23822bcced"}, {"key": "title", "hash": "e985fbd2c5ddcc49c87aee94a15a8f7b"}, {"key": "type", "hash": "5e0bd03bec244039678f2b955a2595aa"}], "hash": "4536ef421b6866f3c3bfdf0cb034a5540fa4ae76f753bfc61537aa01c3d2b608", "viewCount": 1, "objectVersion": "1.2", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(99848);\n script_version(\"$Revision: 1.3 $\");\n script_cvs_date(\"$Date: 2017/05/04 13:21:27 $\");\n\n script_cve_id(\n \"CVE-2016-10088\",\n \"CVE-2016-3672\",\n \"CVE-2016-8666\",\n \"CVE-2016-9555\",\n \"CVE-2016-9576\",\n \"CVE-2016-9588\",\n \"CVE-2016-9806\"\n );\n script_osvdb_id(\n 136761,\n 145649,\n 145694,\n 147698,\n 148137,\n 148443,\n 148861\n );\n\n script_name(english:\"EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1001)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the kernel packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - arch/x86/kvm/vmx.c in the Linux kernel through 4.9\n mismanages the #BP and #OF exceptions, which allows\n guest OS users to cause a denial of service (guest OS\n crash) by declining to handle an exception thrown by an\n L2 guest.(CVE-2016-9588)\n\n - The IP stack in the Linux kernel before 4.6 allows\n remote attackers to cause a denial of service (stack\n consumption and panic) or possibly have unspecified\n other impact by triggering use of the GRO path for\n packets with tunnel stacking, as demonstrated by\n interleaved IPv4 headers and GRE headers, a related\n issue to CVE-2016-7039.(CVE-2016-8666)\n\n - The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel before 4.8.14 does not properly\n restrict the type of iterator, which allows local users\n to read or write to arbitrary kernel memory locations\n or cause a denial of service (use-after-free) by\n leveraging access to a /dev/sg device.(CVE-2016-9576)\n\n - Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel before\n 4.6.3 allows local users to cause a denial of service\n (double free) or possibly have unspecified other impact\n via a crafted application that makes sendmsg system\n calls, leading to a free operation associated with a\n new dump that started earlier than\n anticipated.(CVE-2016-9806)\n\n - The sg implementation in the Linux kernel through 4.9\n does not properly restrict write operations in\n situations where the KERNEL_DS option is set, which\n allows local users to read or write to arbitrary kernel\n memory locations or cause a denial of service\n (use-after-free) by leveraging access to a /dev/sg\n device, related to block/bsg.c and drivers/scsi/sg.c.\n NOTE: this vulnerability exists because of an\n incomplete fix for CVE-2016-9576.(CVE-2016-10088)\n\n - A flaw was found in the Linux kernel's implementation\n of the SCTP protocol. A remote attacker could trigger\n an out-of-bounds read with an offset of up to 64kB\n potentially causing the system to crash.\n (CVE-2016-9555)\n\n - The arch_pick_mmap_layout function in\n arch/x86/mm/mmap.c in the Linux kernel through 4.5.2\n does not properly randomize the legacy base address,\n which makes it easier for local users to defeat the\n intended restrictions on the ADDR_NO_RANDOMIZE flag,\n and bypass the ASLR protection mechanism for a setuid\n or setgid program, by disabling stack-consumption\n resource limits.(CVE-2016-3672)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # http://developer.huawei.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1001\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d5780220\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kernel packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/01/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kernel-tools-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017 Tenable Network Security, Inc.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(1)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP1\");\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"kernel-3.10.0-229.46.1.111\",\n \"kernel-debug-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-3.10.0-229.46.1.111\",\n \"kernel-debuginfo-common-x86_64-3.10.0-229.46.1.111\",\n \"kernel-devel-3.10.0-229.46.1.111\",\n \"kernel-headers-3.10.0-229.46.1.111\",\n \"kernel-tools-3.10.0-229.46.1.111\",\n \"kernel-tools-libs-3.10.0-229.46.1.111\",\n \"perf-3.10.0-229.46.1.111\",\n \"python-perf-3.10.0-229.46.1.111\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"1\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "naslFamily": "Huawei Local Security Checks", "pluginID": "99848", "enchantments": {"vulnersScore": 10.0}}

{"result": {"cve": [{"id": "CVE-2016-9806", "type": "cve", "title": "CVE-2016-9806", "description": "Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel before 4.6.3 allows local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that makes sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated.", "published": "2016-12-28T02:59:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9806", "cvelist": ["CVE-2016-9806"], "lastseen": "2017-07-18T10:49:33"}, {"id": "CVE-2016-8666", "type": "cve", "title": "CVE-2016-8666", "description": "The IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039.", "published": "2016-10-16T17:59:15", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8666", "cvelist": ["CVE-2016-8666"], "lastseen": "2017-04-18T16:00:42"}, {"id": "CVE-2016-10088", "type": "cve", "title": "CVE-2016-10088", "description": "The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576.", "published": "2016-12-30T13:59:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10088", "cvelist": ["CVE-2016-10088"], "lastseen": "2017-04-18T15:59:03"}, {"id": "CVE-2016-9555", "type": "cve", "title": "CVE-2016-9555", "description": "The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk, which allows remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data.", "published": "2016-11-27T22:59:17", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9555", "cvelist": ["CVE-2016-9555"], "lastseen": "2017-04-18T16:01:03"}, {"id": "CVE-2016-9576", "type": "cve", "title": "CVE-2016-9576", "description": "The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.", "published": "2016-12-28T02:59:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9576", "cvelist": ["CVE-2016-9576"], "lastseen": "2017-04-18T16:01:03"}, {"id": "CVE-2016-9588", "type": "cve", "title": "CVE-2016-9588", "description": "arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP and #OF exceptions, which allows guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest.", "published": "2016-12-28T02:59:00", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9588", "cvelist": ["CVE-2016-9588"], "lastseen": "2016-12-31T16:54:35"}, {"id": "CVE-2016-3672", "type": "cve", "title": "CVE-2016-3672", "description": "The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.", "published": "2016-04-27T13:59:27", "cvss": {"score": 4.6, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3672", "cvelist": ["CVE-2016-3672"], "lastseen": "2016-12-03T10:11:38"}], "suse": [{"id": "SUSE-SU-2017:0303-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 18 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.60-52_63 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n\n", "published": "2017-01-27T22:09:30", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00062.html", "cvelist": ["CVE-2016-9806"], "lastseen": "2017-01-27T22:59:52"}, {"id": "SUSE-SU-2017:0267-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 17 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.60-52_60 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-24T12:09:03", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00054.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9576"], "lastseen": "2017-01-24T12:59:38"}, {"id": "SUSE-SU-2017:0247-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 10 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-21T15:11:51", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00051.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-21T14:59:39"}, {"id": "SUSE-SU-2017:0235-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 5 for SLE 12 SP1 (important)", "description": "This update for the Linux Kernel 3.12.59-60_41 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-20T17:18:24", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00046.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-20T16:59:42"}, {"id": "SUSE-SU-2017:0234-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 4 for SLE 12 SP1 (important)", "description": "This update for the Linux Kernel 3.12.57-60_35 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-20T17:17:24", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00045.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-20T16:59:42"}, {"id": "SUSE-SU-2017:0248-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 14 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.60-52_49 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-21T15:12:54", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00052.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-21T14:59:39"}, {"id": "SUSE-SU-2017:0244-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 12 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-21T15:08:32", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00048.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-21T14:59:39"}, {"id": "SUSE-SU-2017:0246-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 15 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.60-52_54 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-21T15:10:46", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00050.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-21T14:59:39"}, {"id": "SUSE-SU-2017:0268-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 11 for SLE 12 (important)", "description": "This update for the Linux Kernel 3.12.51-52_39 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-24T12:10:08", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00055.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-24T12:59:38"}, {"id": "SUSE-SU-2017:0230-1", "type": "suse", "title": "Security update for Linux Kernel Live Patch 6 for SLE 12 SP1 (important)", "description": "This update for the Linux Kernel 3.12.59-60_45 fixes several issues.\n\n The following security bugs were fixed:\n - CVE-2016-9806: Race condition in the netlink_dump function in\n net/netlink/af_netlink.c in the Linux kernel allowed local users to\n cause a denial of service (double free) or possibly have unspecified\n other impact via a crafted application that made sendmsg system calls,\n leading to a free operation associated with a new dump that started\n earlier than anticipated (bsc#1017589).\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in\n sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed\n local users to cause a denial of service (use-after-free) or possibly\n have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START\n command (bsc#1013543).\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the\n Linux kernel did not validate the relationship between the minimum\n fragment length and the maximum packet size, which allowed local users\n to gain privileges or cause a denial of service (heap-based buffer\n overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in\n the Linux kernel did not properly restrict the type of iterator, which\n allowed local users to read or write to arbitrary kernel memory\n locations or cause a denial of service (use-after-free) by leveraging\n access to a /dev/sg device (bsc#1014271).\n\n", "published": "2017-01-20T17:13:47", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2017-01/msg00041.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-20T16:59:42"}], "nessus": [{"id": "SUSE_SU-2017-0303-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0303-1)", "description": "This update for the Linux Kernel 3.12.60-52_63 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-30T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96869", "cvelist": ["CVE-2016-9806"], "lastseen": "2017-02-17T01:02:34"}, {"id": "SUSE_SU-2017-0267-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0267-1)", "description": "This update for the Linux Kernel 3.12.60-52_60 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-25T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96761", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9576"], "lastseen": "2017-01-25T21:01:37"}, {"id": "VIRTUOZZO_VZA-2017-007.NASL", "type": "nessus", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-007)", "description": "According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities :\n\n - A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact.\n\n - It was discovered that the Linux kernel since 3.6-rc1 with 'net.ipv4.tcp_fastopen' set to 1 can hit BUG() statement in tcp_collapse() function after making a number of certain syscalls leading to a possible system crash.\n\n - A flaw was found in the way nfnetlink validated length of batch messages that could allow a user logged in to a container as root to cause a general protection fault and crash the host.\n\n - A flaw was found in the way nfnetlink handled errors while processing batch messages that could allow a user logged in to a container as root to trigger use after free and crash the host.\n\n - A security flaw was found in the Linux kernel that an attempt to move page mapped by AIO ring buffer to the other node triggers NULL pointer dereference at trace_writeback_dirty_page(), because aio_fs_backing_dev_info.dev is 0.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-03-27T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=97979", "cvelist": ["CVE-2016-9806", "CVE-2016-3070", "CVE-2016-8645"], "lastseen": "2017-07-14T23:48:40"}, {"id": "SUSE_SU-2017-0247-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0247-1)", "description": "This update for the Linux Kernel 3.12.51-52_34 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96700", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-23T23:02:42"}, {"id": "SUSE_SU-2017-0245-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0245-1)", "description": "This update for the Linux Kernel 3.12.60-52_57 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96698", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-23T23:00:37"}, {"id": "SUSE_SU-2017-0246-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0246-1)", "description": "This update for the Linux Kernel 3.12.60-52_54 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96699", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-23T23:01:28"}, {"id": "SUSE_SU-2017-0244-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0244-1)", "description": "This update for the Linux Kernel 3.12.55-52_42 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96697", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-23T23:02:16"}, {"id": "UBUNTU_USN-3168-2.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3168-2)", "description": "USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel did not properly initialize the Code Segment (CS) in certain error cases. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2016-9756)\n\nAndrey Konovalov discovered that signed integer overflows existed in the setsockopt() system call when handling the SO_SNDBUFFORCE and SO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability could use this to cause a denial of service (system crash or memory corruption). (CVE-2016-9793)\n\nBaozeng Ding discovered a race condition that could lead to a use-after- free in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9794)\n\nBaozeng Ding discovered a double free in the netlink_dump() function in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2016-9806).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-12T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96438", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "lastseen": "2017-06-23T03:46:40"}, {"id": "SUSE_SU-2017-0249-1.NASL", "type": "nessus", "title": "SUSE SLES12 Security Update : kernel (SUSE-SU-2017:0249-1)", "description": "This update for the Linux Kernel 3.12.55-52_45 fixes several issues.\nThe following security bugs were fixed :\n\n - CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bsc#1017589).\n\n - CVE-2016-9794: Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted SNDRV_PCM_TRIGGER_START command (bsc#1013543).\n\n - CVE-2016-8632: The tipc_msg_build function in net/tipc/msg.c in the Linux kernel did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability (bsc#1012852).\n\n - CVE-2016-9576: The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device (bsc#1014271).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2017-01-23T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=96702", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8632", "CVE-2016-9576"], "lastseen": "2017-01-23T23:00:34"}, {"id": "ALA_ALAS-2016-718.NASL", "type": "nessus", "title": "Amazon Linux AMI : kernel (ALAS-2016-718)", "description": "A flaw was discovered in processing setsockopt for 32 bit processes on 64 bit systems. This flaw will allow attackers to alter arbitary kernel memory when unloading a kernel module. This action is usually restricted to root-priveledged users but can also be leveraged if the kernel is compiled with CONFIG_USER_NS and CONFIG_NET_NS.\n(CVE-2016-4997)\n\nAn out-of-bounds heap memory access leading to a Denial of Service, heap disclosure, or further impact was found in setsockopt(). The function call is normally restricted to root, however some processes with cap_sys_admin may also be able to trigger this flaw in privileged container environments. (CVE-2016-4998)\n\nA vulnerability was found in the Linux kernel. The pointer to the netlink socket attribute is not checked, which could cause a NULL pointer dereference when parsing the nested attributes in function tipc_nl_publ_dump().\n\nThis allows local users to cause a DoS. (CVE-2016-4951)\n\nA double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact.\n(CVE-2016-9806)\n\n(Updated on 2016-07-14: CVE-2016-4998 and CVE-2016-4951 were fixed in this version, but was not previously listed in this errata.)\n\n(Updated on 2017-01-19: CVE-2016-9806 was fixed in this release but was previously not part of this errata.)", "published": "2016-06-28T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=91858", "cvelist": ["CVE-2016-9806", "CVE-2016-4951", "CVE-2016-4997", "CVE-2016-4998"], "lastseen": "2017-01-20T21:03:49"}], "openvas": [{"id": "OPENVAS:1361412562310843018", "type": "openvas", "title": "Ubuntu Update for linux USN-3168-1", "description": "Check the version of linux", "published": "2017-01-12T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843018", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "lastseen": "2017-07-02T21:14:36"}, {"id": "OPENVAS:1361412562310843009", "type": "openvas", "title": "Ubuntu Update for linux-lts-trusty USN-3168-2", "description": "Check the version of linux-lts-trusty", "published": "2017-01-12T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843009", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "lastseen": "2017-07-02T21:14:39"}, {"id": "OPENVAS:1361412562310851489", "type": "openvas", "title": "SuSE Update for Kernel openSUSE-SU-2017:0458-1 (Kernel)", "description": "Check the version of kernel", "published": "2017-02-14T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851489", "cvelist": ["CVE-2016-9806", "CVE-2016-7117", "CVE-2016-9793", "CVE-2016-7917", "CVE-2016-10088", "CVE-2017-5551", "CVE-2016-10147", "CVE-2016-9576", "CVE-2016-8645"], "lastseen": "2017-07-02T21:14:38"}, {"id": "OPENVAS:1361412562310851506", "type": "openvas", "title": "SuSE Update for the openSUSE-SU-2017:0456-1 (Linux Kernel)", "description": "Check the version of Linux Kernel", "published": "2017-02-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851506", "cvelist": ["CVE-2017-5576", "CVE-2016-9806", "CVE-2017-2584", "CVE-2016-7117", "CVE-2016-9793", "CVE-2017-5577", "CVE-2017-5551", "CVE-2017-2583", "CVE-2016-9919", "CVE-2015-8709", "CVE-2016-8645"], "lastseen": "2017-07-02T21:14:29"}, {"id": "OPENVAS:1361412562310851415", "type": "openvas", "title": "SuSE Update for Kernel openSUSE-SU-2016:2584-1 (Kernel)", "description": "Check the version of the Kernel", "published": "2016-10-22T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851415", "cvelist": ["CVE-2016-8666", "CVE-2016-7039", "CVE-2016-5195"], "lastseen": "2017-07-02T21:12:50"}, {"id": "OPENVAS:1361412562310851414", "type": "openvas", "title": "SuSE Update for Kernel openSUSE-SU-2016:2583-1 (Kernel)", "description": "Check the version of the Kernel", "published": "2016-10-22T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851414", "cvelist": ["CVE-2016-8666", "CVE-2016-7425", "CVE-2016-8658", "CVE-2016-7039", "CVE-2016-5195"], "lastseen": "2017-07-02T21:13:03"}, {"id": "OPENVAS:1361412562310851513", "type": "openvas", "title": "SuSE Update for Linux Kernel openSUSE-SU-2016:3050-1 (Linux Kernel)", "description": "Check the version of the", "published": "2017-02-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851513", "cvelist": ["CVE-2016-9794", "CVE-2016-8655", "CVE-2016-9084", "CVE-2016-7917", "CVE-2016-8666", "CVE-2015-8964", "CVE-2016-9555", "CVE-2016-8632", "CVE-2015-1350", "CVE-2016-9083", "CVE-2016-7913", "CVE-2016-7039", "CVE-2016-7042"], "lastseen": "2017-07-02T21:14:29"}, {"id": "OPENVAS:1361412562310843060", "type": "openvas", "title": "Ubuntu Update for linux USN-3209-1", "description": "Check the version of linux", "published": "2017-02-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843060", "cvelist": ["CVE-2017-6074", "CVE-2016-10088", "CVE-2016-9588"], "lastseen": "2017-07-02T21:14:24"}, {"id": "OPENVAS:1361412562310843061", "type": "openvas", "title": "Ubuntu Update for linux USN-3208-1", "description": "Check the version of linux", "published": "2017-02-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843061", "cvelist": ["CVE-2016-9191", "CVE-2017-2584", "CVE-2017-6074", "CVE-2016-10088", "CVE-2017-2583", "CVE-2016-9588", "CVE-2017-5549"], "lastseen": "2017-07-02T21:14:45"}, {"id": "OPENVAS:1361412562310843062", "type": "openvas", "title": "Ubuntu Update for linux-lts-xenial USN-3208-2", "description": "Check the version of linux-lts-xenial", "published": "2017-02-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310843062", "cvelist": ["CVE-2016-9191", "CVE-2017-2584", "CVE-2017-6074", "CVE-2016-10088", "CVE-2017-2583", "CVE-2016-9588", "CVE-2017-5549"], "lastseen": "2017-07-02T21:14:23"}], "ubuntu": [{"id": "USN-3168-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Dmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly initialize the Code Segment (CS) in certain error cases. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). ([CVE-2016-9756](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9756>))\n\nAndrey Konovalov discovered that signed integer overflows existed in the \nsetsockopt() system call when handling the SO_SNDBUFFORCE and \nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability \ncould use this to cause a denial of service (system crash or memory \ncorruption). ([CVE-2016-9793](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9793>))\n\nBaozeng Ding discovered a race condition that could lead to a use-after- \nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash). ([CVE-2016-9794](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9794>))\n\nBaozeng Ding discovered a double free in the netlink_dump() function in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(system crash). ([CVE-2016-9806](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9806>))", "published": "2017-01-11T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.ubuntu.com/usn/usn-3168-1", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "lastseen": "2017-05-01T08:29:02"}, {"id": "USN-3168-2", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "description": "USN-3168-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 LTS.\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \ndid not properly initialize the Code Segment (CS) in certain error cases. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). ([CVE-2016-9756](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9756>))\n\nAndrey Konovalov discovered that signed integer overflows existed in the \nsetsockopt() system call when handling the SO_SNDBUFFORCE and \nSO_RCVBUFFORCE options. A local attacker with the CAP_NET_ADMIN capability \ncould use this to cause a denial of service (system crash or memory \ncorruption). ([CVE-2016-9793](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9793>))\n\nBaozeng Ding discovered a race condition that could lead to a use-after- \nfree in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux \nkernel. A local attacker could use this to cause a denial of service \n(system crash). ([CVE-2016-9794](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9794>))\n\nBaozeng Ding discovered a double free in the netlink_dump() function in the \nLinux kernel. A local attacker could use this to cause a denial of service \n(system crash). ([CVE-2016-9806](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9806>))", "published": "2017-01-11T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.ubuntu.com/usn/usn-3168-2", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-9793", "CVE-2016-9756"], "lastseen": "2017-05-01T08:28:17"}, {"id": "USN-3209-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "It was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. ([CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>))\n\nJim Mattson discovered that the KVM implementation in the Linux kernel \nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual \nmachine could use this to cause a denial of service (guest OS crash). \n([CVE-2016-9588](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9588>))\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly gain administrative \nprivileges. ([CVE-2017-6074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074>))", "published": "2017-02-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.ubuntu.com/usn/usn-3209-1", "cvelist": ["CVE-2017-6074", "CVE-2016-10088", "CVE-2016-9588"], "lastseen": "2017-05-01T08:28:26"}, {"id": "USN-3208-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "It was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. ([CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>))\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did \nnot properly perform reference counting in some situations. An unprivileged \nattacker could use this to cause a denial of service (system hang). \n([CVE-2016-9191](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9191>))\n\nJim Mattson discovered that the KVM implementation in the Linux kernel \nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual \nmachine could use this to cause a denial of service (guest OS crash). \n([CVE-2016-9588](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9588>))\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in \nthe Linux kernel did not properly emulate instructions on the SS segment \nregister. A local attacker in a guest virtual machine could use this to \ncause a denial of service (guest OS crash) or possibly gain administrative \nprivileges in the guest OS. ([CVE-2017-2583](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2583>))\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \nimproperly emulated certain instructions. A local attacker could use this \nto obtain sensitive information (kernel memory). ([CVE-2017-2584](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2584>))\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in \nthe Linux kernel did not properly initialize memory related to logging. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). ([CVE-2017-5549](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5549>))\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly gain administrative \nprivileges. ([CVE-2017-6074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074>))", "published": "2017-02-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.ubuntu.com/usn/usn-3208-1", "cvelist": ["CVE-2016-9191", "CVE-2017-2584", "CVE-2017-6074", "CVE-2016-10088", "CVE-2017-2583", "CVE-2016-9588", "CVE-2017-5549"], "lastseen": "2017-05-01T08:28:23"}, {"id": "USN-3208-2", "type": "ubuntu", "title": "Linux kernel (Xenial HWE) vulnerabilities", "description": "USN-3208-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu \n14.04 LTS.\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. ([CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>))\n\nCAI Qian discovered that the sysctl implementation in the Linux kernel did \nnot properly perform reference counting in some situations. An unprivileged \nattacker could use this to cause a denial of service (system hang). \n([CVE-2016-9191](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9191>))\n\nJim Mattson discovered that the KVM implementation in the Linux kernel \nmismanages the #BP and #OF exceptions. A local attacker in a guest virtual \nmachine could use this to cause a denial of service (guest OS crash). \n([CVE-2016-9588](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9588>))\n\nAndy Lutomirski and Willy Tarreau discovered that the KVM implementation in \nthe Linux kernel did not properly emulate instructions on the SS segment \nregister. A local attacker in a guest virtual machine could use this to \ncause a denial of service (guest OS crash) or possibly gain administrative \nprivileges in the guest OS. ([CVE-2017-2583](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2583>))\n\nDmitry Vyukov discovered that the KVM implementation in the Linux kernel \nimproperly emulated certain instructions. A local attacker could use this \nto obtain sensitive information (kernel memory). ([CVE-2017-2584](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-2584>))\n\nIt was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in \nthe Linux kernel did not properly initialize memory related to logging. A \nlocal attacker could use this to expose sensitive information (kernel \nmemory). ([CVE-2017-5549](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-5549>))\n\nAndrey Konovalov discovered a use-after-free vulnerability in the DCCP \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly gain administrative \nprivileges. ([CVE-2017-6074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-6074>))", "published": "2017-02-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.ubuntu.com/usn/usn-3208-2", "cvelist": ["CVE-2016-9191", "CVE-2017-2584", "CVE-2017-6074", "CVE-2016-10088", "CVE-2017-2583", "CVE-2016-9588", "CVE-2017-5549"], "lastseen": "2017-05-01T08:29:03"}, {"id": "USN-3360-2", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "description": "USN-3360-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nIt was discovered that the Linux kernel did not properly initialize a Wake- \non-Lan data structure. A local attacker could use this to expose sensitive \ninformation (kernel memory). ([CVE-2014-9900](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9900>))\n\nIt was discovered that the Linux kernel did not properly restrict access to \n/proc/iomem. A local attacker could use this to expose sensitive \ninformation. ([CVE-2015-8944](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8944>))\n\nIt was discovered that a use-after-free vulnerability existed in the \nperformance events and counters subsystem of the Linux kernel for ARM64. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. ([CVE-2015-8955](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8955>))\n\nIt was discovered that the SCSI generic (sg) driver in the Linux kernel \ncontained a double-free vulnerability. A local attacker could use this to \ncause a denial of service (system crash). ([CVE-2015-8962](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8962>))\n\nSasha Levin discovered that a race condition existed in the performance \nevents and counters subsystem of the Linux kernel when handling CPU unplug \nevents. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. ([CVE-2015-8963](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8963>))\n\nTilman Schmidt and Sasha Levin discovered a use-after-free condition in the \nTTY implementation in the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). ([CVE-2015-8964](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8964>))\n\nIt was discovered that the fcntl64() system call in the Linux kernel did \nnot properly set memory limits when returning on 32-bit ARM processors. A \nlocal attacker could use this to gain administrative privileges. \n([CVE-2015-8966](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8966>))\n\nIt was discovered that the system call table for ARM 64-bit processors in \nthe Linux kernel was not write-protected. An attacker could use this in \nconjunction with another kernel vulnerability to execute arbitrary code. \n([CVE-2015-8967](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8967>))\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. ([CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>))\n\nAlexander Potapenko discovered a race condition in the Advanced Linux Sound \nArchitecture (ALSA) subsystem in the Linux kernel. A local attacker could \nuse this to expose sensitive information (kernel memory). \n([CVE-2017-1000380](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000380>))\n\nLi Qiang discovered that the DRM driver for VMware Virtual GPUs in the \nLinux kernel did not properly validate some ioctl arguments. A local \nattacker could use this to cause a denial of service (system crash). \n([CVE-2017-7346](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7346>))\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly check for the end of \nbuffer. A remote attacker could use this to craft requests that cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n([CVE-2017-7895](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7895>))\n\nIt was discovered that an integer underflow existed in the Edgeport USB \nSerial Converter device driver of the Linux kernel. An attacker with \nphysical access could use this to expose sensitive information (kernel \nmemory). ([CVE-2017-8924](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8924>))\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux \nkernel did not properly perform reference counting. A local attacker could \nuse this to cause a denial of service (tty exhaustion). ([CVE-2017-8925](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8925>))\n\nAndrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux \nkernel's IPv6 stack. A local attacker could cause a denial of service or \npotentially other unspecified problems. ([CVE-2017-9074](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9074>))\n\nMurray McAllister discovered that the DRM driver for VMware Virtual GPUs in \nthe Linux kernel did not properly initialize memory. A local attacker could \nuse this to expose sensitive information (kernel memory). ([CVE-2017-9605](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9605>))", "published": "2017-07-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.ubuntu.com/usn/usn-3360-2", "cvelist": ["CVE-2017-7895", "CVE-2017-1000380", "CVE-2017-9074", "CVE-2017-7346", "CVE-2016-10088", "CVE-2015-8962", "CVE-2015-8964", "CVE-2014-9900", "CVE-2017-8924", "CVE-2015-8963", "CVE-2015-8944", "CVE-2015-8955", "CVE-2017-8925", "CVE-2015-8966", "CVE-2015-8967", "CVE-2017-9605"], "lastseen": "2017-07-22T00:17:17"}, {"id": "USN-3360-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "It was discovered that the Linux kernel did not properly initialize a Wake- \non-Lan data structure. A local attacker could use this to expose sensitive \ninformation (kernel memory). ([CVE-2014-9900](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9900>))\n\nIt was discovered that the Linux kernel did not properly restrict access to \n/proc/iomem. A local attacker could use this to expose sensitive \ninformation. ([CVE-2015-8944](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8944>))\n\nIt was discovered that a use-after-free vulnerability existed in the \nperformance events and counters subsystem of the Linux kernel for ARM64. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. ([CVE-2015-8955](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8955>))\n\nIt was discovered that the SCSI generic (sg) driver in the Linux kernel \ncontained a double-free vulnerability. A local attacker could use this to \ncause a denial of service (system crash). ([CVE-2015-8962](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8962>))\n\nSasha Levin discovered that a race condition existed in the performance \nevents and counters subsystem of the Linux kernel when handling CPU unplug \nevents. A local attacker could use this to cause a denial of service \n(system crash) or possibly execute arbitrary code. ([CVE-2015-8963](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8963>))\n\nTilman Schmidt and Sasha Levin discovered a use-after-free condition in the \nTTY implementation in the Linux kernel. A local attacker could use this to \nexpose sensitive information (kernel memory). ([CVE-2015-8964](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8964>))\n\nIt was discovered that the fcntl64() system call in the Linux kernel did \nnot properly set memory limits when returning on 32-bit ARM processors. A \nlocal attacker could use this to gain administrative privileges. \n([CVE-2015-8966](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8966>))\n\nIt was discovered that the system call table for ARM 64-bit processors in \nthe Linux kernel was not write-protected. An attacker could use this in \nconjunction with another kernel vulnerability to execute arbitrary code. \n([CVE-2015-8967](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8967>))\n\nIt was discovered that the generic SCSI block layer in the Linux kernel did \nnot properly restrict write operations in certain situations. A local \nattacker could use this to cause a denial of service (system crash) or \npossibly gain administrative privileges. ([CVE-2016-10088](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-10088>))\n\nAlexander Potapenko discovered a race condition in the Advanced Linux Sound \nArchitecture (ALSA) subsystem in the Linux kernel. A local attacker could \nuse this to expose sensitive information (kernel memory). \n([CVE-2017-1000380](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-1000380>))\n\nLi Qiang discovered that the DRM driver for VMware Virtual GPUs in the \nLinux kernel did not properly validate some ioctl arguments. A local \nattacker could use this to cause a denial of service (system crash). \n([CVE-2017-7346](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7346>))\n\nTuomas Haanp\u00e4\u00e4 and Ari Kauppi discovered that the NFSv2 and NFSv3 server \nimplementations in the Linux kernel did not properly check for the end of \nbuffer. A remote attacker could use this to craft requests that cause a \ndenial of service (system crash) or possibly execute arbitrary code. \n([CVE-2017-7895](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-7895>))\n\nIt was discovered that an integer underflow existed in the Edgeport USB \nSerial Converter device driver of the Linux kernel. An attacker with \nphysical access could use this to expose sensitive information (kernel \nmemory). ([CVE-2017-8924](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8924>))\n\nIt was discovered that the USB ZyXEL omni.net LCD PLUS driver in the Linux \nkernel did not properly perform reference counting. A local attacker could \nuse this to cause a denial of service (tty exhaustion). ([CVE-2017-8925](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-8925>))\n\nMurray McAllister discovered that the DRM driver for VMware Virtual GPUs in \nthe Linux kernel did not properly initialize memory. A local attacker could \nuse this to expose sensitive information (kernel memory). ([CVE-2017-9605](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2017-9605>))", "published": "2017-07-21T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.ubuntu.com/usn/usn-3360-1", "cvelist": ["CVE-2017-7895", "CVE-2017-1000380", "CVE-2017-7346", "CVE-2016-10088", "CVE-2015-8962", "CVE-2015-8964", "CVE-2014-9900", "CVE-2017-8924", "CVE-2015-8963", "CVE-2015-8944", "CVE-2015-8955", "CVE-2017-8925", "CVE-2015-8966", "CVE-2015-8967", "CVE-2017-9605"], "lastseen": "2017-07-21T12:17:09"}, {"id": "USN-3188-1", "type": "ubuntu", "title": "Linux kernel vulnerability", "description": "Andrey Konovalov discovered that the SCTP implementation in the Linux \nkernel improperly handled validation of incoming data. A remote attacker \ncould use this to cause a denial of service (system crash).", "published": "2017-02-03T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.ubuntu.com/usn/usn-3188-1", "cvelist": ["CVE-2016-9555"], "lastseen": "2017-05-01T08:28:16"}, {"id": "USN-3188-2", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerability", "description": "USN-3188-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 LTS.\n\nAndrey Konovalov discovered that the SCTP implementation in the Linux \nkernel improperly handled validation of incoming data. A remote attacker \ncould use this to cause a denial of service (system crash).", "published": "2017-02-03T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.ubuntu.com/usn/usn-3188-2", "cvelist": ["CVE-2016-9555"], "lastseen": "2017-05-01T08:28:24"}, {"id": "USN-3187-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Andrey Konovalov discovered that the SCTP implementation in the Linux \nkernel improperly handled validation of incoming data. A remote attacker \ncould use this to cause a denial of service (system crash). ([CVE-2016-9555](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9555>))\n\nIt was discovered that multiple memory leaks existed in the XFS \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (memory consumption). ([CVE-2016-9685](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-9685>))", "published": "2017-02-03T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.ubuntu.com/usn/usn-3187-1", "cvelist": ["CVE-2016-9555", "CVE-2016-9685"], "lastseen": "2017-05-01T08:29:28"}], "oraclelinux": [{"id": "ELSA-2017-3508", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[4.1.12-61.1.25]\n- KEYS: Fix short sprintf buffer in /proc/keys show function (David Howells) [Orabug: 25306361] {CVE-2016-7042}\n- nvme: Limit command retries (Keith Busch) [Orabug: 25374751] \n- fs/proc/task_mmu.c: fix mm_access() mode parameter in pagemap_read() (Kenny Keslar) [Orabug: 25374977] \n- tcp: fix use after free in tcp_xmit_retransmit_queue() (Eric Dumazet) [Orabug: 25374364] {CVE-2016-6828}\n- tunnels: Don't apply GRO to multiple layers of encapsulation. (Jesse Gross) [Orabug: 25036352] {CVE-2016-8666}\n- i40e: Don't notify client(s) for DCB changes on all VSIs (Neerav Parikh) [Orabug: 25046290] \n- packet: fix race condition in packet_set_ring (Philip Pettersson) [Orabug: 25231617] {CVE-2016-8655}\n- netlink: Fix dump skb leak/double free (Herbert Xu) [Orabug: 25231692] {CVE-2016-9806}\n- ALSA: pcm : Call kill_fasync() in stream lock (Takashi Iwai) [Orabug: 25231720] {CVE-2016-9794}\n- net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25231751] {CVE-2016-9793}\n[4.1.12-61.1.24]\n- rebuild bumping release", "published": "2017-01-12T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3508.html", "cvelist": ["CVE-2016-9806", "CVE-2016-9794", "CVE-2016-8655", "CVE-2016-9793", "CVE-2016-8666", "CVE-2016-6828", "CVE-2016-7042"], "lastseen": "2017-01-13T01:33:23"}, {"id": "ELSA-2017-3535", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "[2.6.39-400.294.6]\n- RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142}\n[2.6.39-400.294.5]\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187}\n[2.6.39-400.294.4]\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636}\n- drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636}\n- list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636}\n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672}\n- x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672}\n- sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425}\n- x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700}\n- net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345}", "published": "2017-03-31T00:00:00", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3535.html", "cvelist": ["CVE-2016-8633", "CVE-2016-8399", "CVE-2016-10088", "CVE-2017-2636", "CVE-2016-7425", "CVE-2017-6345", "CVE-2016-3140", "CVE-2017-7187", "CVE-2016-10142", "CVE-2015-5707", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-8645", "CVE-2015-4700"], "lastseen": "2017-04-18T17:19:18"}, {"id": "ELSA-2017-0817", "type": "oraclelinux", "title": "kernel security, bug fix, and enhancement update", "description": "[2.6.32-696.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-696]\n- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424628] {CVE-2017-6074}\n[2.6.32-695]\n- [block] nvme: Dont poll device being removed (David Milburn) [1422521]\n[2.6.32-694]\n- [fs] posix_acl: Clear SGID bit when setting file permissions (Andreas Grunbacher) [1371252] {CVE-2016-7097}\n- [fs] switch posix_acl_equiv_mode() to umode_t * (Andreas Grunbacher) [1371252] {CVE-2016-7097}\n- [perf] sched latency: Fix thread pid reuse issue (Jiri Olsa) [1400743]\n- [fs] ext4: fix races of writeback with punch hole and zero range (Lukas Czerner) [1394786]\n- [fs] ext4: validate s_reserved_gdt_blocks on mount (Lukas Czerner) [1394786]\n- [fs] ext4: release bh in make_indexed_dir (Lukas Czerner) [1394786]\n- [fs] ext4: reinforce check of i_dtime when clearing high fields of uid and gid (Lukas Czerner) [1394786]\n- [fs] ext4: validate that metadata blocks do not overlap superblock (Lukas Czerner) [1394786]\n- [fs] ext4: short-cut orphan cleanup on error (Lukas Czerner) [1394786]\n- [fs] ext4: fix reference counting bug on block allocation error (Lukas Czerner) [1394786]\n- [fs] ext4: check for extents that wrap around (Lukas Czerner) [1394786]\n- [fs] ext4: silence UBSAN in ext4_mb_init() (Lukas Czerner) [1394786]\n- [fs] ext4: address UBSAN warning in mb_find_order_for_block() (Lukas Czerner) [1394786]\n- [fs] ext4: clean up error handling when orphan list is corrupted (Lukas Czerner) [1394786]\n- [fs] ext4: fix hang when processing corrupted orphaned inode list (Lukas Czerner) [1394786]\n- [fs] jbd2: Fix unreclaimed pages after truncate in data=journal mode (Lukas Czerner) [1394786]\n- [fs] ext4: Fix handling of extended tv_sec (Lukas Czerner) [1394786]\n- [fs] create and use seq_show_option for escaping (Lukas Czerner) [1394786]\n- [fs] ext4: replace open coded nofail allocation in ext4_free_blocks() (Lukas Czerner) [1394786]\n- [fs] ext4: Introduce EFSBADCRC and EFSCORRUPTED error codes (Lukas Czerner) [1394786]\n- [block] ensure request->part is valid (Jeff Moyer) [1416341]\n- [sound] alsa: hda - fix Lewisburg audio issue (Jaroslav Kysela) [1413134]\n[2.6.32-693]\n- [netdrv] sfc: Add efx_nic member with fixed netdev features (Jarod Wilson) [1419396]\n- [netdrv] sfc: Take mac_lock before calling efx_ef10_filter_table_probe (Jarod Wilson) [1419396]\n- [netdrv] sfc: Fix VLAN filtering feature if vPort has VLAN_RESTRICT flag (Jarod Wilson) [1419396]\n- [netdrv] sfc: clean fallbacks between promisc/normal in efx_ef10_filter_sync_rx_mode (Jarod Wilson) [1419396]\n- [netdrv] sfc: support cascaded multicast filters (Jarod Wilson) [1419396]\n- [netdrv] sfc: Make failed filter removal less noisy (Jarod Wilson) [1410750]\n- [netdrv] sfc: re-factor efx_ef10_filter_sync_rx_mode() (Jarod Wilson) [1410750]\n- [netdrv] sfc: refactor debug-or-warnings printks (Jarod Wilson) [1410750]\n- [net] implement netif_cond_dbg macro (Jarod Wilson) [1410750]\n[2.6.32-692]\n- [fs] gfs2: Limit number of transaction blocks requested for truncates (Robert S Peterson) [1401058]\n- [fs] revert 'sunrpc: make AF_LOCAL connect synchronous' (Benjamin Coddington) [1420044]\n[2.6.32-691]\n- [net] tcp: correct memory barrier usage in tcp_check_space() (Oleg Nesterov) [1386136]\n- [fs] epoll: prevent missed events on EPOLL_CTL_MOD (Oleg Nesterov) [1386136]\n- [acpi] acpica: Fix regression in FADT revision checks (Lenny Szubowicz) [1418339]\n- [net] ipv6: stop sending PTB packets for MTU < 1280 (Hannes Frederic Sowa) [1415931] {CVE-2016-10142}\n- [net] fix dst_ops_extend leaks (Sabrina Dubroca) [1399633]\n[2.6.32-690]\n- [drm] core: Do not preserve framebuffer on rmfb, v4 (Rob Clark) [1405267]\n- [scsi] mpt3sas: Fix for block device of raid exists even after deleting raid disk (Tomas Henzl) [1416552]\n[2.6.32-689]\n- [netdrv] be2net: fix initial MAC setting (Ivan Vecera) [1415905]\n[2.6.32-688]\n- [netdrv] sfc: fix missing mc_promisc setting (Jarod Wilson) [1410750]\n[2.6.32-687]\n- [netdrv] sfc: reduce severity of PIO buffer alloc failures (Jarod Wilson) [1410750]\n- [netdrv] sfc: avoid division by zero (Jarod Wilson) [1410750]\n- [netdrv] sfc: Insert multicast filters as well as mismatch filters in promiscuous mode (Jarod Wilson) [1410750]\n- [netdrv] sfc: get timer configuration from adapter (Jarod Wilson) [1410750]\n- [netdrv] sfc: warn if other functions have been reset by MCFW (Jarod Wilson) [1410750]\n- [netdrv] sfc: add output flag decoding to efx_mcdi_set_workaround (Jarod Wilson) [1410750]\n- [netdrv] sfc: get PIO buffer size from the NIC (Jarod Wilson) [1410750]\n- [netdrv] sfc: set interrupt moderation via MCDI (Jarod Wilson) [1410750]\n- [netdrv] sfc: allow asynchronous MCDI without completion function (Jarod Wilson) [1410750]\n- [netdrv] sfc: on MC reset, clear PIO buffer linkage in TXQs (Jarod Wilson) [1410750]\n- [netdrv] sfc: Downgrade EPERM messages from MCDI to debug (Jarod Wilson) [1410750]\n- [netdrv] sfc: cope with ENOSYS from efx_mcdi_get_workarounds() (Jarod Wilson) [1410750]\n- [netdrv] sfc: enable cascaded multicast filters in MCFW (Jarod Wilson) [1410750]\n- [netdrv] sfc: work around TRIGGER_INTERRUPT command not working on SFC9140 (Jarod Wilson) [1410750]\n- [dm] raid: fix transient device failure processing (Mike Snitzer) [1404425]\n[2.6.32-686]\n- [scsi] Add intermediate STARGET_REMOVE state to scsi_target_state (Ewan Milne) [1349623]\n- [scsi] restart list search after unlock in scsi_remove_target (Ewan Milne) [1349623]\n- [powerpc] pci: Support per-aperture memory offset (Laurent Vivier) [1413448]\n- [powerpc] pci: Dont add bogus empty resources to PHBs (Laurent Vivier) [1413448]\n- [mm] mmap.c: fix arithmetic overflow in __vm_enough_memory() (Jerome Marchand) [1413500]\n- [net] ping: check minimum size on ICMP header length (Mateusz Guzik) [1414202] {CVE-2016-8399}\n- [scsi] sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Ewan Milne) [1414823] {CVE-2016-10088 CVE-2016-9576}\n[2.6.32-685]\n- [kernel] ftrace: Do not function trace inlined functions (Pratyush Anand) [1413456]\n- [x86] paravirt: Do not trace _paravirt_ident_*() functions (Pratyush Anand) [1413456]\n- [netdrv] i40e: Fix for long link down notification time (Stefan Assmann) [1414274]\n- [scsi] megaraid_sas: fix done in queue_command (Tomas Henzl) [1415192]\n- [scsi] megaraid: fixes (Tomas Henzl) [1415192]\n- [netdrv] ixgbe: Add support for new X557 device (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add KR backplane support for x550em_a (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for SGMII backplane interface (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for SFPs with retimer (Ken Cox) [1408509]\n- [netdrv] ixgbe: Introduce function to control MDIO speed (Ken Cox) [1408509]\n- [netdrv] ixgbe: Read and set instance id (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for x550em_a 10G MAC type (Ken Cox) [1408509]\n- [netdrv] ixgbe: Use method pointer to access IOSF devices (Ken Cox) [1408509]\n- [netdrv] ixgbe: Add support for single-port X550 device (Ken Cox) [1408509]\n- [netdrv] ixgbe: Clean up interface for firmware commands (Ken Cox) [1408509]\n- [netdrv] ixgbe: Change the lan_id and func fields to a u8 to avoid casts (Ken Cox) [1408509]\n- [netdrv] ixgbe: Fix flow control for Xeon D KR backplane (Ken Cox) [1408509]\n- [netdrv] ixgbe: Make all unchanging ops structures const (Ken Cox) [1408509]\n- [netdrv] ixgbe: Update PTP to support X550EM_x devices (Ken Cox) [1408509]\n- [netdrv] ixgbe: convert to CYCLECOUNTER_MASK macro (Ken Cox) [1408509]\n- [netdrv] ixgbevf: add VF support for new hardware (Ken Cox) [1408507]\n- [netdrv] ixgbevf: Support Windows hosts (Hyper-V) (Ken Cox) [1408507]\n- [netdrv] ixgbevf: Add the device IDs presented while running on Hyper-V (Ken Cox) [1408507]\n- [netdrv] ixgbevf: Move API negotiation function into mac_ops (Ken Cox) [1408507]\n- [x86] tsc: Reset cycle_last after resume from S3/S4 (Lenny Szubowicz) [1406468]\n- [kernel] hung_task: allow hung_task_panic when hung_task_warnings is 0 (Waiman Long) [1410297]\n[2.6.32-684]\n- [s390] kernel/ap: Fix hang condition on crypto card config-off (Hendrik Brueckner) [1413552]\n- [s390] zcrypt: Improved invalid domain response handling (Hendrik Brueckner) [1406389]\n- [infiniband] ucm: Fix bitmap wrap when devnum > IB_UCM_MAX_DEVICES (Slava Shwartsman) [1413476]\n- [netdrv] mlx5e: Copy all L2 headers into inline segment (Kamal Heib) [1408937]\n- [netdrv] be2net: fix MAC addr setting on privileged BE3 VFs (Ivan Vecera) [1406659]\n- [netdrv] be2net: dont delete MAC on close on unprivileged BE3 VFs (Ivan Vecera) [1406659]\n- [netdrv] be2net: fix status check in be_cmd_pmac_add() (Ivan Vecera) [1406659]\n- [acpi] acpica: Tables: Update FADT handling (Lenny Szubowicz) [1408401]\n- [acpi] acpica: ACPI 6.0: Add changes for FADT table (Lenny Szubowicz) [1408401]\n- [acpi] acpica: Basic support for FADT version 5 (Lenny Szubowicz) [1408401]\n- [acpi] acpica: Remove use of unreliable FADT revision field (Lenny Szubowicz) [1408401]\n[2.6.32-683]\n- [netdrv] sfc: include size-binned TX stats on sfn8542q (Jarod Wilson) [1411279]\n- [netdrv] sfc: retrieve second word of datapath capabilities (Jarod Wilson) [1411279]\n- [netdrv] sfc: update MCDI protocol headers (Jarod Wilson) [1411279]\n- [netdrv] sfc: Update MCDI protocol definitions (Jarod Wilson) [1411279]\n- [net] mlx4_en: Fix type mismatch for 32-bit systems (Slava Shwartsman) [1399239]\n- [net] mlx4_en: Resolve dividing by zero in 32-bit system (Slava Shwartsman) [1399239]\n- [netdrv] e1000e: Initial support for KabeLake (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Clear ULP configuration register on ULP exit (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Set HW FIFO minimum pointer gap for non-gig speeds (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Increase PHY PLL clock gate timing (Jarod Wilson) [1406917]\n- [netdrv] e1000e: Increase ULP timer (Jarod Wilson) [1406917]\n- [netdrv] e1000e: initial support for i219-LM (3) (Jarod Wilson) [1406917]\n- [netdrv] be2net: fix unicast list filling (Ivan Vecera) [1408247]\n- [netdrv] be2net: fix accesses to unicast list (Ivan Vecera) [1408247]\n- [netdrv] sfc: Downgrade or remove some error messages (Jarod Wilson) [1410750]\n- [netdrv] be2net: call be_set_uc_list() unconditionally (Ivan Vecera) [1402679]\n- [netdrv] mlx5e: Use hw_features through netdev_extended macro (Kamal Heib) [1385318]\n- [block] nvme: Dont stop kthread while clearing queues (David Milburn) [1399431]\n- [fs] dlm: Fix saving of NULL callbacks (Robert S Peterson) [1264492]\n[2.6.32-682]\n- [x86] kdump: Fix several bound checking error of crashkernel reserving (Baoquan He) [1349069]\n- [x86] kdump: Crashkernel auto reservation failed on large system (Baoquan He) [1349069]\n- [kdump] Fix wrong dmi_present argument in case efi_smbios_addr being used (Dave Young) [1404984]\n- [kdump] Add error check in case dmi_get_system_info return null (Dave Young) [1404984]\n- [netdrv] bnxt_en: Improve the delay logic for firmware response (John Linville) [1406129]\n- [netdrv] bnxt_en: Implement proper firmware message padding (John Linville) [1406129]\n- [netdrv] bnxt_en: Refactor _hwrm_send_message() (John Linville) [1406129]\n- [netdrv] bnxt_en: Fix dmesg log firmware error messages (John Linville) [1406129]\n- [netdrv] bnxt_en: Use firmware provided message timeout value (John Linville) [1406129]\n- [fs] nfs: Allow getattr to also report readdirplus cache hits (Scott Mayhew) [1325766]\n- [fs] nfs: Be more targeted about readdirplus use when doing lookup/revalidation (Scott Mayhew) [1325766]\n- [fs] nfs: Fix a performance regression in readdir (Scott Mayhew) [1325766]\n[2.6.32-681]\n- [net] udplite: fast-path computation of checksum coverage (Hangbin Liu) [1404127]\n- [ata] libata: fix sff host state machine locking while polling (Cathy Avery) [1390972]\n- [ata] libata-sff: use WARN instead of BUG on illegal host state machine state (Cathy Avery) [1390972]\n- [x86] hyperv: Handle unknown NMIs on one CPU when unknown_nmi_panic (Vitaly Kuznetsov) [1400428]\n- [fs] nfsd4: zero op arguments beyond the 8th compound op (J. Bruce Fields) [1409002]\n- [fs] nfsd: fix deadlock secinfo+readdir compound (J. Bruce Fields) [1314505]\n- [fs] nfsd4: fix recovery-dir leak on nfsd startup failure (J. Bruce Fields) [1266405]\n- [x86] Mark Skylake processors with Kaby Lake PCH as unsupported (David Arcari) [1405459]\n- [infiniband] ipoib: Remove cant use GFP_NOIO warning (Slava Shwartsman) [1321529]\n- [netdrv] veth: allow changing the mac address while interface is up (David Arcari) [1402696]\n- [kernel] tracing: Protect tracer flags with trace_types_lock (Steven Rostedt) [1397661]\n- [acpi] acpica: Prevent circular object list in acpi_ns_exec_module_code (Lenny Szubowicz) [1401776]\n- [acpi] acpica: Fix possible memory leak for module-level code execution (Lenny Szubowicz) [1401776]\n- [acpi] acpica: Add additional module-level code support (Lenny Szubowicz) [1401776]\n- [fs] xfs: growfs: use uncached buffers for new headers (Bill ODonnell) [1134314]\n- [fs] xfs: catch invalid negative blknos in _xfs_buf_find() (Bill ODonnell) [1134314]\n- [fs] xfs: fix _xfs_buf_find oops on blocks beyond the filesystem end (Bill ODonnell) [1134314]\n[2.6.32-680]\n- [scsi] be2iscsi: Add checks to validate completions (Maurizio Lombardi) [1397807]\n[2.6.32-679]\n- [mm] Revert 'mm: Fix slab growing out of bound within a cpuset' (Larry Woodman) [1402713]\n- [netdrv] cxgb4: update latest firmware version supported (Sai Vemuri) [1381382]\n- [kernel] audit: correctly record file names with different path name types (Paul Moore) [1305103]\n- [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Implement the PD Map support for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: ldio_outstanding variable is not decremented in completion path (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Enable or Disable Fast path based on the PCI Threshold Bandwidth (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Add the Support for SAS3.5 Generic Megaraid Controllers Capabilities (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Dynamic Raid Map Changes for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: SAS3.5 Generic Megaraid Controllers Fast Path for RAID 1/10 Writes (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: SAS3.5 Generic Megaraid Controllers Stream Detection and IO Coalescing (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: EEDP Escape Mode Support for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: 128 MSIX Support (Tomas Henzl) [1306457]\n- [scsi] megaraid_sas: Add new pci device Ids for SAS3.5 Generic Megaraid Controllers (Tomas Henzl) [1306457]\n[2.6.32-678]\n- [netdrv] RDMA/iw_cxgb4: Fix bar2 virt addr calculation for T4 chips (Sai Vemuri) [1381382]\n- [netdrv] cxgb4: Stop Rx Queues before freeing it up (Sai Vemuri) [1381382]\n- [netdrv] iw_cxgb4 : Added 'Fail' column in debug iw_cxgb4 stats (Sai Vemuri) [1381382]\n- [netdrv] cxgb4: Add info print to display number of MSI-X vectors allocated (Sai Vemuri) [1381382]\n- [netdrv] iwpm: crash fix for large connections test (Sai Vemuri) [1381382]\n- [netdrv] cxgb4/cxgb4vf : Use vlan_gro_frags_gr() for VLANs (Sai Vemuri) [1381382]\n- [netdrv] cxgb4vf : Using RHEL6 provided napi_gro_frags_gr() API which returns (enum gro_result) values (Sai Vemuri) [1381382]\n- [serial] 8250_pci: Detach low-level driver during PCI error recovery (Gustavo Duarte) [1400508]\n- [drm] reservation: Remove shadowing local variable 'ret' (Rob Clark) [1398084]\n- [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399457] {CVE-2016-9555}\n- [net] ipv6: add mtu lock check in __ip6_rt_update_pmtu (Xin Long) [1397295]\n- [net] Reduce queue allocation to one in kdump kernel (Sai Vemuri) [1321315]\n- [netdrv] cxgb4: Force cxgb4 driver as MASTER in kdump kernel (Sai Vemuri) [1321315]\n[2.6.32-677]\n- [netdrv] cxgb4 : Add cxgb4 T4/T5 firmware version 1.15.37.0 (Sai Vemuri) [1349112]\n- [netdrv] be2net: fix locking (Ivan Vecera) [1397915]\n- [perf] tools: Initialize reference counts in map__clone() (Jiri Olsa) [1359100]\n- [perf] tools: Replace map->referenced & maps->removed_maps with map->refcnt (Jiri Olsa) [1359100]\n- [md] raid10: add rcu protection to rdev access in raid10_sync_request (Xiao Ni) [1395048]\n- [md] raid10: add rcu protection in raid10_status (Xiao Ni) [1395048]\n- [md] raid10: fix refounct imbalance when resyncing an array with a replacement device (Xiao Ni) [1395048]\n- [netdrv] qlcnic: add wmb() call in transmit data path (Harish Patil) [1342659]\n- [x86] ACPI: add dynamic_debug support (Prarit Bhargava) [1252674]\n- [mm] hugetlb: fix huge_pte_alloc BUG_ON (Dave Anderson) [1397250]\n[2.6.32-676]\n- [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: add in missing white spaces in error messages text (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Do not set MPI2_TYPE_CUDA for JBOD FP path for FW which does not support JBOD sequence map (Tomas Henzl) [1397873]\n- [scsi] megaraid_sas: Send SYNCHRONIZE_CACHE for VD to firmware (Tomas Henzl) [1392499]\n- [scsi] megaraid_sas: Do not fire DCMDs during PCI shutdown/detach (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Send correct PhysArm to FW for R1 VD downgrade (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: For SRIOV enabled firmware, ensure VF driver waits for 30secs before reset (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Fix data integrity failure for JBOD (passthrough) devices (Tomas Henzl) [1392499]\n- [scsi] megaraid_sas: fix macro MEGASAS_IS_LOGICAL to avoid regression (Tomas Henzl) [1392499]\n- [scsi] megaraid_sas: clean function declarations in megaraid_sas_base.c up (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: add in missing white space in error message text (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Fix the search of first memory bar (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Use memdup_user() rather than duplicating its implementation (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Fix probing cards without io port (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: Downgrade two success messages to info (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: driver version upgrade (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: task management code optimizations (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: call ISR function to clean up pending replies in OCR path (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: reduce memory footprints in kdump mode (Tomas Henzl) [1396567]\n- [scsi] megaraid_sas: add missing curly braces in ioctl handler (Tomas Henzl) [1396567]\n- [scsi] mpt3sas: Bump driver version as '14.101.00.00' (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix for Endianness issue (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Use the new MPI 2.6 32-bit Atomic Request Descriptors for SAS35 devices (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: set EEDP-escape-flags for SAS35 devices (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Increased/Additional MSIX support for SAS35 devices (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Added Device IDs for SAS35 devices and updated MPI header (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Dont spam logs if logging level is 0 (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix warnings exposed by W=1 (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Eliminate dead sleep_flag code (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Eliminate conditional locking in mpt3sas_scsih_issue_tm() (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Ensure the connector_name string is NUL-terminated (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Bump driver version as '14.100.00.00' (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Remove unused macro 'MPT_DEVICE_TLR_ON' (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Implement device_remove_in_progress check in IOCTL path (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix for incorrect numbers for MSIX vectors enabled when non RDPQ card is enumerated first (Tomas Henzl) [1306469]\n- [scsi] mpt3sas: Fix for improper info displayed in var log, while blocking or unblocking the device (Tomas Henzl) [1306469]\n- [net] increase xmit RECURSION_LIMIT to 10 (Sabrina Dubroca) [1392660]\n- [net] add a recursion limit in xmit path (Sabrina Dubroca) [1392660]\n- [net] netfilter: ebtables: put module reference when an incorrect extension is found (Sabrina Dubroca) [1390061]\n- [net] netfilter: ebtables: Fix extension lookup with identical name (Sabrina Dubroca) [1390061]\n- [net] ipv6: ipv6_find_hdr restore prev functionality (Paolo Abeni) [1392975]\n[2.6.32-675]\n- [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359304] {CVE-2016-6136}\n- [fs] nfs: Kill fscache warnings when mounting without -ofsc (David Howells) [1353844]\n- [fs] nfs: Fix a compile issue when CONFIG_NFS_FSCACHE was undefined (David Howells) [1353844]\n- [fs] nfs: Dont pass mount data to nfs_fscache_get_super_cookie() (David Howells) [1353844]\n- [fs] dlm: Dont save callbacks after accept (Robert S Peterson) [1264492]\n- [fs] dlm: Save and restore socket callbacks properly (Robert S Peterson) [1264492]\n- [fs] dlm: Replace nodeid_to_addr with kernel_getpeername (Robert S Peterson) [1264492]\n- [fs] dlm: print kernel message when we get an error from kernel_sendpage (Robert S Peterson) [1264492]\n- [fs] nfsd: handle fileid wraparound (Dave Wysochanski) [1397552]\n- [hv] storvsc: Payload buffer incorrectly sized for 32 bit kernels (Cathy Avery) [1394756]\n- [fs] xfs: fix unbalanced inode reclaim flush locking (Brian Foster) [1384564]\n- [scsi] hpsa: correct logical resets (Joseph Szczypek) [1083110]\n- [scsi] hpsa: generate a controller NMI (Joseph Szczypek) [1083110]\n- [scsi] hpsa: update driver version to 3.4.10-0-RH3 (Joseph Szczypek) [1083110]\n- [scsi] hpsa: Check for null devices in ioaccel submission patch (Joseph Szczypek) [1083110]\n- [scsi] hpsa: check for null device pointers (Joseph Szczypek) [1083110]\n- [scsi] hpsa: correct skipping masked peripherals (Joseph Szczypek) [1083110]\n- [scsi] hpsa: generalize external arrays (Joseph Szczypek) [1083110]\n- [scsi] vmw_pvscsi: return SUCCESS for successful command aborts (Ewan Milne) [1372465]\n[2.6.32-674]\n- [fs] ext4: fix extent tree corruption caused by hole punch (Lukas Czerner) [1351798]\n- [x86] Mark Intel Purley supported (Steve Best) [1271866]\n- [pnp] Prevent attaching to ACPI IPMI device (Charles Rose) [857150]\n[2.6.32-673]\n- [netdrv] ehea: fix operation state report (Gustavo Duarte) [1089134]\n- [block] nvme: Always use MSI/MSI-x interrupts (David Milburn) [1372023]\n- [fs] aio: aio_nr decrements dont need to be delayed (Jiri Olsa) [1386216]\n- [fs] aio: dont bother with async freeing on failure in ioctx_alloc() (Jiri Olsa) [1386216]\n- [fs] epoll: ep_unregister_pollwait() can use the freed pwq->whead (Lauro Ramos Venancio) [1392372]\n- [fs] epoll: introduce POLLFREE to flush ->signalfd_wqh before kfree() (Lauro Ramos Venancio) [1392372]\n[2.6.32-672]\n- [sched] Fix rq->nr_uninterruptible update race (Aaron Tomlin) [1377292]\n- [security] keys: Fix short sprintf buffer in /proc/keys show function (Frantisek Hrbata) [1375208] {CVE-2016-7042}\n- [net] bridge: fix switched interval for MLD Query types (Hangbin Liu) [1392327]\n- [net] netfilter: ipv6: move POSTROUTING invocation before fragmentation (Eric Garver) [1391240]\n- [net] Fix use after free in the recvmmsg exit path (Davide Caratti) [1390046] {CVE-2016-7117}\n- [net] vlan: Propagate MAC address to VLANs (Jarod Wilson) [1381585]\n- [net] tcp: fix use after free in tcp_xmit_retransmit_queue() (Mateusz Guzik) [1379529] {CVE-2016-6828}\n- [net] netfilter: x_tables: check for bogus target offset (Mateusz Guzik) [1351422] {CVE-2016-4998}\n- [net] netfilter: x_tables: validate e->target_offset early (Mateusz Guzik) [1351422] {CVE-2016-4998}\n- [net] netfilter: x_tables: make sure e->next_offset covers remaining blob size (Mateusz Guzik) [1351422] {CVE-2016-4998}\n- [net] tcp: enable per-socket rate limiting of all 'challenge acks' (Florian Westphal) [1388287]\n- [net] tcp: uninline tcp_oow_rate_limited() (Florian Westphal) [1388287]\n- [net] tcp: mitigate ACK loops for connections as tcp_timewait_sock (Florian Westphal) [1388287]\n- [net] tcp: mitigate ACK loops for connections as tcp_sock (Florian Westphal) [1388287]\n- [net] tcp: mitigate ACK loops for connections as tcp_request_sock (Florian Westphal) [1388287]\n- [net] tcp: helpers to mitigate ACK loops by rate-limiting out-of-window dupacks (Florian Westphal) [1388287]\n- [net] ipv6: Dont change dst->flags using assignments (Marcelo Leitner) [1389478]\n- [scsi] megaraid-sas: request irqs later (Tomas Henzl) [1385088]\n[2.6.32-671]\n- [perf] list: Fix rNNNN list output to appear only once (Jiri Olsa) [1291256 1374411]\n- [perf] symbols: Check kptr_restrict for root (Jiri Olsa) [1291256 1374411]\n- [fs] SUNRPC: Fix a regression when reconnecting (Benjamin Coddington) [1323801]\n- [fs] SUNRPC: Clear the request rq_bytes_sent field in xprt_release_write (Benjamin Coddington) [1323801]\n- [fs] SUNRPC: Lock the transport layer on shutdown (Benjamin Coddington) [1323801]\n- [virt] kvm: x86 emulator: implement IMUL REG, R/M (opcode 0F AF) (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: implement IMUL REG, R/M, IMM (opcode 69) (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: implement IMUL REG, R/M, imm8 (opcode 6B) (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: Use a register for ____emulate_2op() destination (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: pass destination type to ____emulate_2op() (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: add Src2Imm decoding (Radim Krcmar) [1313468]\n- [virt] kvm: x86 emulator: consolidate immediate decode into a function (Radim Krcmar) [1313468]\n- [hv] netvsc: fix incorrect receive checksum offloading (Vitaly Kuznetsov) [1388701]\n- [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1378614]\n- [hv] vmbus: Fix signaling logic in hv_need_to_signal_on_read() (Vitaly Kuznetsov) [1319054]\n- [hv] vmbus: Eliminate the spin lock on the read path (Vitaly Kuznetsov) [1319054]\n- [hv] ring_buffer: eliminate hv_ringbuffer_peek() (Vitaly Kuznetsov) [1319054]\n- [hv] remove code duplication between vmbus_recvpacket()/vmbus_recvpacket_raw() (Vitaly Kuznetsov) [1319054]\n- [hv] ring_buffer: remove code duplication from hv_ringbuffer_peek/read() (Vitaly Kuznetsov) [1319054]\n- [hv] ring_buffer.c: fix comment style (Vitaly Kuznetsov) [1319054]\n- [hv] netvsc: set nvdev link after populating chn_table (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: synchronize netvsc_change_mtu()/netvsc_set_channels() with netvsc_remove() (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: get rid of struct net_device pointer in struct netvsc_device (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: untangle the pointer mess (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: use start_remove flag to protect netvsc_link_change() (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: move start_remove flag to net_device_context (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Move subchannel waiting to rndis_filter_device_remove() (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Wait for sub-channels to be processed during probe (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Properly size the vrss queues (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] netvsc: Add close of RNDIS filter into change mtu call (Vitaly Kuznetsov) [1320094 1335926]\n- [hv] hv_netvsc: Add support to set MTU reservation from guest side (Vitaly Kuznetsov) [1352105]\n- [perf] probe: Clear probe_trace_event when add_probe_trace_event() fails (Jiri Olsa) [1291510]\n- [perf] probe: Move ftrace probe-event operations to probe-file.c (Jiri Olsa) [1291510]\n- [block] loop: fix comment typo in loop_config_discard (Lukas Czerner) [818597]\n- [block] loop: Limit the number of requests in the bio list (Lukas Czerner) [818597]\n- [fs] ext4: optimize test_root() (Lukas Czerner) [1236047]\n- [fs] ext4: verify group number in verify_group_input() before using it (Lukas Czerner) [1236047]\n- [fs] nfsd: use short read as well as i_size to set eof (Benjamin Coddington) [1302415]\n- [fs] xfs: xfs_alloc_fix_minleft can underflow near ENOSPC (Carlos Maiolino) [1259493]\n- [fs] xfs: Fix rounding in xfs_alloc_fix_len() (Carlos Maiolino) [1259493]\n- [fs] jbd: dont BUG but return ENOSPC if a handle runs out of space (Lukas Czerner) [1291015]\n- [fs] jbd2: dont BUG but return ENOSPC if a handle runs out of space (Lukas Czerner) [1291015]\n[2.6.32-670]\n- [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Gustavo Duarte) [1387243]\n- [misc] hpilo: Changes to support new security states in iLO5 FW (Joseph Szczypek) [1376584]\n- [misc] hpilo: Change e-mail address from hp.com to hpe.com (Joseph Szczypek) [1376584]\n- [misc] hpilo: cleanup hpilo (Joseph Szczypek) [1376584]\n- [mm] memory_hotplug.c: change normal message to use pr_debug (Jeremy McNicoll) [1255272]\n- [acpi] mem_hotplug: set memory info correctly when problems forcing mem online (Jeremy McNicoll) [1255272]\n- [fs] bio: Need to free integrity payload if the split bio gets memory by itself (Xiao Ni) [1268434]\n- [md] add rdev reference for super write (Xiao Ni) [1365718]\n- [netdrv] rtlwifi: fix memory leak for USB device (Stanislaw Gruszka) [1364597]\n- [fs] NFSv4: Fix a use-after-free situation in _nfs4_proc_getlk() (Benjamin Coddington) [1353272]\n- [drm] nouveau/kms: take mode_config mutex in connector hotplug path (Ben Skeggs) [1349978]\n- [kernel] clocksource: Defer override invalidation unless clock is unstable (Prarit Bhargava) [1356231]\n- [kernel] clocksource: Reselect clocksource when watchdog validated high-res capability (Prarit Bhargava) [1356231]\n- [fs] nfs4: clnt: respect noresvport when establishing connections to DSes (Benjamin Coddington) [1346041]\n- [fs] nfs: Add nfs_client behavior flags (Benjamin Coddington) [1346041]\n- [block] fix /proc/diskstats in-flight - kABI workaround (Jerome Marchand) [1273339 1306879]\n- [block] add internal hd part table references (Jerome Marchand) [1273339 1306879]\n- [block] fix accounting bug on cross partition merges (Jerome Marchand) [1273339 1306879]\n- [block] kref: add kref_test_and_get (Jerome Marchand) [1273339 1306879]\n- [block] Revert 'block: fix accounting bug on cross partition merges' (Jerome Marchand) [1273339 1306879]\n- [perf] thread: Fix reference count initial state (Jiri Olsa) [1359100]\n- [perf] tools: Reference count struct map (Jiri Olsa) [1359100]\n- [perf] tools: Check if a map is still in use when deleting it (Jiri Olsa) [1359100]\n- [perf] tools: Protect accesses the map rbtrees with a rw lock (Jiri Olsa) [1359100]\n- [perf] tools: Introduce struct maps (Jiri Olsa) [1359100]\n- [perf] tools: Assign default value for some pointers (Jiri Olsa) [1359100]\n- [perf] tools: Use maps__first()/map__next() (Jiri Olsa) [1359100]\n- [perf] tools: Leave DSO destruction to the map destruction (Jiri Olsa) [1359100]\n- [perf] machine: Mark removed threads as such (Jiri Olsa) [1359100]\n- [perf] tools: Import rb_erase_init from block/ in the kernel sources (Jiri Olsa) [1359100]\n- [perf] tools: Nuke unused map_groups__flush() (Jiri Olsa) [1359100]\n- [perf] tools: Remove redundant initialization of thread linkage members (Jiri Olsa) [1359100]\n- [perf] tools: Rename maps__next (Jiri Olsa) [1359100]\n- [perf] machine: Do not call map_groups__delete(), drop refcnt instead (Jiri Olsa) [1359100]\n- [perf] hists: Rename add_hist_entry to hists__findnew_entry (Jiri Olsa) [1359100]\n- [perf] tools: Use atomic.h for the map_groups refcount (Jiri Olsa) [1359100]\n- [perf] tests: Fix map_groups refcount test (Jiri Olsa) [1359100]\n- [perf] machine: No need to keep a refcnt for last_match (Jiri Olsa) [1359100]\n- [perf] tests: Show refcounting broken expectations in thread-mg-share test (Jiri Olsa) [1359100]\n- [perf] machine: Protect the machine->threads with a rwlock (Jiri Olsa) [1359100]\n- [video] efifb: prevent null-deref when iterating dmi_list (Rob Clark) [1360982]\n- [video] configs: updates for fb backport (Rob Clark) [1360982]\n- [video] fbdev: efifb: bind to efi-framebuffer (Rob Clark) [1360982]\n- [video] fbdev: vesafb: bind to platform-framebuffer device (Rob Clark) [1360982]\n- [video] fbdev: simplefb: add common x86 RGB formats (Rob Clark) [1360982]\n- [video] x86: sysfb: move EFI quirks from efifb to sysfb (Rob Clark) [1360982]\n- [video] x86: provide platform-devices for boot-framebuffers (Rob Clark) [1360982]\n- [video] fbdev: simplefb: mark as fw and allocate apertures (Rob Clark) [1360982]\n- [video] fbdev: simplefb: add init through platform_data (Rob Clark) [1360982]\n- [video] drivers/video: implement a simple framebuffer driver (Rob Clark) [1360982]\n- [video] vesafb: fix memory leak (Rob Clark) [1360982]\n- [video] uvesafb,vesafb: create WC or WB PAT-entries (Rob Clark) [1360982]\n- [video] vesafb: fix comment a typo (Rob Clark) [1360982]\n- [video] vesafb: use platform_driver_probe() instead of platform_driver_register() (Rob Clark) [1360982]\n- [video] efifb: Fix call to wrong unregister function (Rob Clark) [1360982]\n- [video] efifb: Disallow manual bind and unbind (Rob Clark) [1360982]\n- [video] efifb: Fix mismatched request/release_mem_region (Rob Clark) [1360982]\n- [video] efifb: fix int to pointer cast warning (Rob Clark) [1360982]\n- [video] efifb: Add override for 11 Macbook Air 3,1 (Rob Clark) [1360982]\n- [video] efifb: Support overriding fields FW tells us with the DMI data (Rob Clark) [1360982]\n- [video] efifb: support AMD Radeon HD 6490 (Rob Clark) [1360982]\n- [video] efifb: support the EFI framebuffer on more Apple hardware (Rob Clark) [1360982]\n- [video] efifb: check that the base address is plausible on pci systems (Rob Clark) [1360982]\n- [video] drivers/video/efifb.c: support framebuffer for NVIDIA 9400M in MacBook Pro 5, 1 (Rob Clark) [1360982]\n[2.6.32-669]\n- [netdrv] sfc: fix potential stack corruption from running past stat bitmask (Jarod Wilson) [1374067]\n- [netdrv] cxgb4: Enable SR-IOV configuration via PCI sysfs interface (Sai Vemuri) [1222751]\n- [netdrv] bnx2x: dont wait for Tx completion on recovery (Michal Schmidt) [1300681]\n- [pm] hibernate: Only crash if necessary in create/free_basic_memory_bitmaps() (Jerry Snitselaar) [1374378]\n- [netdrv] ixgbe: add WoL support for some 82599 subdevice IDs (Ken Cox) [1316845]\n- [kernel] cgroup: improve old cgroup handling in cgroup_attach_proc() (Lauro Ramos Venancio) [1372085]\n- [watchdog] hpwdt: add support for iLO5 (Linda Knippers) [1382496]\n- [watchdog] hpwdt: HP rebranding (Linda Knippers) [1388170]\n- [documentation] Fix hpwdt documentation to match RHEL6 (Linda Knippers) [1388170]\n- [acpi] acpica: Fix for a Store->ArgX when ArgX contains a reference to a field (Lenny Szubowicz) [1324697]\n- [acpi] acpica: Standardize all switch() blocks (Lenny Szubowicz) [1324697]\n- [acpi] acpica: Interpreter: Fix Store() when implicit conversion is not possible (Lenny Szubowicz) [1324697]\n- [fs] backing-dev: fix wakeup timer races with bdi_unregister() (Jeff Moyer) [1111683]\n- [fs] backing-dev: ensure wakeup_timer is deleted (Jeff Moyer) [1111683]\n- [fs] writeback: Fix lost wake-up shutting down writeback thread (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wakeup events when forking bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: fix bad _bh spinlock nesting (Jeff Moyer) [1111683]\n- [fs] writeback: cleanup bdi_register (Jeff Moyer) [1111683]\n- [fs] writeback: remove unnecessary init_timer call (Jeff Moyer) [1111683]\n- [fs] writeback: optimize periodic bdi thread wakeups (Jeff Moyer) [1111683]\n- [fs] writeback: prevent unnecessary bdi threads wakeups (Jeff Moyer) [1111683]\n- [fs] writeback: move bdi threads exiting logic to the forker thread (Jeff Moyer) [1111683]\n- [fs] writeback: restructure bdi forker loop a little (Jeff Moyer) [1111683]\n- [fs] writeback: move last_active to bdi (Jeff Moyer) [1111683]\n- [fs] writeback: do not remove bdi from bdi_list (Jeff Moyer) [1111683]\n- [fs] writeback: simplify bdi code a little (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in the forker thread - 2 (Jeff Moyer) [1111683]\n- [fs] writeback: do not lose wake-ups in the forker thread - 1 (Jeff Moyer) [1111683]\n- [fs] writeback: fix possible race when creating bdi threads (Jeff Moyer) [1111683]\n- [fs] writeback: harmonize writeback threads naming (Jeff Moyer) [1111683]\n- [fs] writeback: merge bdi_writeback_task and bdi_start_fn (Jeff Moyer) [1111683]\n- [fs] writeback: bdi_writeback_task() must set task state before calling schedule() (Jeff Moyer) [1111683]\n- [fs] writeback: remove wb_list (Jeff Moyer) [1111683]\n- [s390] zfcp: close window with unblocked rport during rport gone (Hendrik Brueckner) [1383980]\n- [s390] zfcp: fix ELS/GS request&response length for hardware data router (Hendrik Brueckner) [1383981]\n- [s390] zfcp: fix fc_host port_type with NPIV (Hendrik Brueckner) [1383982]\n- [s390] zcrypt: toleration of new crypto adapter hardware with type 12 (Hendrik Brueckner) [1344041]\n- [s390] time: LPAR offset handling (Hendrik Brueckner) [1381564]\n- [s390] time: move PTFF definitions (Hendrik Brueckner) [1381564]\n- [scsi] libfc: Dont have fc_exch_find log errors on a new exchange (Chris Leech) [1368175]\n- [scsi] libfc: Revert: use offload EM instance again (Chris Leech) [1383078]\n- [scsi] libfc: dont advance state machine for incoming FLOGI (Chris Leech) [1368175]\n- [scsi] libfc: Do not login if the port is already started (Chris Leech) [1368175]\n- [scsi] libfc: Do not drop down to FLOGI for fc_rport_login() (Chris Leech) [1368175]\n- [scsi] libfc: Do not take rdata->rp_mutex when processing a (Chris Leech) [1368175]\n- [scsi] libfc: Fixup disc_mutex handling (Chris Leech) [1368175]\n- [scsi] libfc: Revisit kref handling (Chris Leech) [1368175]\n- [scsi] fcoe: Stop fc_rport_priv structure leak (Chris Leech) [1368175]\n- [scsi] libfc: do not send ABTS when resetting exchanges (Chris Leech) [1368175]\n- [scsi] libfc: reset exchange manager during LOGO handling (Chris Leech) [1368175]\n- [scsi] libfc: send LOGO for PLOGI failure (Chris Leech) [1368175]\n- [scsi] libfc: Issue PRLI after a PRLO has been received (Chris Leech) [1368175]\n- [scsi] libfc: fix seconds_since_last_reset calculation (Chris Leech) [1368175]\n- [scsi] libfc: Update rport reference counting (Chris Leech) [1368175]\n- [scsi] libfc: XenServer fails to mount root filesystem (Chris Leech) [1368175]\n[2.6.32-668]\n- [netdrv] mlx5e: Fix minimum MTU (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Devices mtu field is u16 and not int (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Fix endianness bug in IPV6 csum calculation (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Allow resetting VF admin mac to zero (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Correctly handle RSS indirection table when changing number of channels (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Fix ethtool RX hash func configuration change (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Fix LRO modify (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5e: Remove wrong poll CQ optimization (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Do not BUG_ON during reset when PCI is offline (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Count HW buffer overrun only once (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5: Fix RC transport send queue overhead computation (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: fix some error handling in mlx4_multi_func_init() (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Remove unused macro (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Initialize hop_limit when creating address handle (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5: Expose correct maximum number of CQE capacity (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Replace kfree with kvfree in mlx4_ib_destroy_srq (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: fix handling return value of mlx4_slave_convert_port (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Use vmalloc for WR buffers when needed (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Use correct order of variables in log message (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Expose correct max_sge_rd limit (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Avoid returning success in case of an error flow (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Replace VF zero mac with random mac in mlx4_core (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Fix resource tracker error flow in add_res_range (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Copy/set only sizeof struct mlx4_eqe bytes (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: really allow to change RSS key (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx5: Fix incorrect wc pkey_index assignment for GSI messages (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Fix incorrect cq flushing in error state (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Use correct SL on AH query under RoCE (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Forbid using sysfs to change RoCE pkeys (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Demote mcg message from warning to debug (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Fix potential deadlock when sending mad to wire (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4, mlx5, mthca: Expose max_sge_rd correctly (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Add extra check for total vfs for SRIOV (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Remove BUG_ON assert when checking if ring is full (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Relieve cpu load average on the port sending flow (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Fix wrong index in propagating port change event to VFs (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Fix memory leak in do_slave_init (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4: Disable HA for SRIOV PF RoCE devices (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_en: Release TX QP when destroying TX ring (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: Disable Granular QoS per VF under IB/Eth VPI configuration (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: fix typo in mlx4_set_vf_mac (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: need to call close fw if alloc icm is called twice (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] mlx4_core: double free of dev_vfs (Slava Shwartsman) [1333657 1384212 1384531 1385314 1385317 1385318 1385319]\n- [netdrv] bnx2x: dont reset chip on cleanup if PCI function is offline (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: allow adding VLANs while interface is down (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: avoid leaking memory on bnx2x_init_one() failures (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Prevent false warning for lack of FC NPIV (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: fix receive of VF->PF mailbox messages by the PF on big-endian (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: fix sending VF->PF messages on big-endian (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix 84833 phy command handler (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix led setting for 84858 phy (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Correct 84858 PHY fw version (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix 84833 RX CRC (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Fix link-forcing for KR2 (Michal Schmidt) [1386199]\n- [netdrv] bnx2x: Warn about grc timeouts in register dump (Michal Schmidt) [1386199]\n- [netdrv] be2net: Enable VF link state setting for BE3 (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix TX stats for TSO packets (Ivan Vecera) [1347812]\n- [netdrv] be2net: NCSI FW section should be properly updated with ethtool for BE3 (Ivan Vecera) [1347812]\n- [netdrv] be2net: Provide an alternate way to read pf_num for BEx chips (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix mac address collision in some configurations (Ivan Vecera) [1347812]\n- [netdrv] be2net: Avoid redundant addition of mac address in HW (Ivan Vecera) [1347812]\n- [netdrv] be2net: Add privilege level check for OPCODE_COMMON_GET_EXT_FAT_CAPABILITIES SLI cmd (Ivan Vecera) [1347812]\n- [netdrv] be2net: Issue COMMON_RESET_FUNCTION cmd during driver unload (Ivan Vecera) [1347812]\n- [netdrv] be2net: Support UE recovery in BEx/Skyhawk adapters (Ivan Vecera) [1347812]\n- [netdrv] be2net: replace polling with sleeping in the FW completion path (Ivan Vecera) [1347812]\n- [netdrv] be2net: do not remove vids from driver table if be_vid_config() fails (Ivan Vecera) [1347812]\n- [netdrv] be2net: clear vlan-promisc setting before programming the vlan list (Ivan Vecera) [1347812]\n- [netdrv] be2net: perform temperature query in adapter regardless of its interface state (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix broadcast echoes from EVB in BE3 (Ivan Vecera) [1347812]\n- [netdrv] be2net: fix definition of be_max_eqs() (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix provisioning of RSS for VFs in multi-partition configurations (Ivan Vecera) [1347812]\n- [netdrv] be2net: Enable Wake-On-LAN from shutdown for Skyhawk (Ivan Vecera) [1347812]\n- [netdrv] be2net: use max-TXQs limit too while provisioning VF queue pairs (Ivan Vecera) [1347812]\n- [netdrv] benet: be_resume needs to protect be_open with rtnl_lock (Ivan Vecera) [1347812]\n- [netdrv] be2net: Dont leak iomapped memory on removal (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix a UE caused by passing large frames to the ASIC (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix pcie error recovery in case of NIC+RoCE adapters (Ivan Vecera) [1347812]\n- [netdrv] be2net: Interpret and log new data thats added to the port misconfigure async event (Ivan Vecera) [1347812]\n- [netdrv] be2net: Request RSS capability of Rx interface depending on number of Rx rings (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix interval calculation in interrupt moderation (Ivan Vecera) [1347812]\n- [netdrv] be2net: Add retry in case of error recovery failure (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix Lancer error recovery (Ivan Vecera) [1347812]\n- [netdrv] be2net: Dont run ethtool self-tests for VFs (Ivan Vecera) [1347812]\n- [netdrv] be2net: SRIOV Queue distribution should factor in EQ-count of VFs (Ivan Vecera) [1347812]\n- [netdrv] be2net: Fix be_vlan_rem_vid() to check vlan id being removed (Ivan Vecera) [1347812]\n- [netdrv] be2net: check for INSUFFICIENT_PRIVILEGES error (Ivan Vecera) [1347812]\n- [netdrv] be2net: return error status from be_set_phys_id() (Ivan Vecera) [1347812]\n- [netdrv] be2net: fix port-res desc query of GET_PROFILE_CONFIG FW cmd (Ivan Vecera) [1347812]\n- [netdrv] be2net: fix VF link state transition from disabled to auto (Ivan Vecera) [1347812]\n- [netdrv] bnx2: fix locking when netconsole is used (Ivan Vecera) [1291369]\n- [netdrv] tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (Ivan Vecera) [1347828]\n- [netdrv] tg3: Fix for disallow tx coalescing time to be 0 (Ivan Vecera) [1347828]\n- [netdrv] tg3: Report the correct number of RSS queues through tg3_get_rxnfc (Ivan Vecera) [1347828]\n- [netdrv] tg3: Fix for diasllow rx coalescing time to be 0 (Ivan Vecera) [1347828]\n- [netdrv] net: tg3: avoid uninitialized variable warning (Ivan Vecera) [1347828]\n- [net] ipv6: restrict hop_limit sysctl setting to range (1; 255) (Paolo Abeni) [1314305]\n- [net] ipv4: add limits to ip_default_ttl (Paolo Abeni) [1314305]\n- [net] route: enforce hoplimit max value (Paolo Abeni) [1313899]\nfor userland (Sabrina Dubroca) [1317697]\n- [net] sctp: use the same clock as if sock source timestamps were on (Xin Long) [1334561]\n- [net] sctp: update the netstamp_needed counter when copying sockets (Xin Long) [1334561]\n- [net] sctp: fix the transports round robin issue when init is retransmitted (Xin Long) [1312728]\n- [net] pppoe: fix memory corruption in padt work structure (Beniamino Galvani) [1317900]\n- [net] pppoe: drop pppoe device in pppoe_unbind_sock_work (Beniamino Galvani) [1317900]\n- [net] pppoe: Use workqueue to die properly when a PADT is received (Beniamino Galvani) [1317900]\n- [net] ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [1327680]\n- [net] ipv6: Consolidate route lookup sequences (Jakub Sitnicki) [1327680]\n- [net] macvtap: Add support of packet capture on macvtap device (Sabrina Dubroca) [1373100]\n- [scsi] fnic: pci_dma_mapping_error() doesnt return an error code (Maurizio Lombardi) [1364593]\n- [scsi] fnic: Using rport->dd_data to check rport online instead of rport_lookup (Maurizio Lombardi) [1364593]\n- [scsi] fnic: Cleanup the I/O pending with fw and has timed out and is used to issue LUN reset (Maurizio Lombardi) [1364593]\n- [scsi] fnic: move printk()s outside of the critical code section (Maurizio Lombardi) [1364593]\n- [scsi] fnic: check pci_map_single() return value (Maurizio Lombardi) [1364593]\n- [scsi] be2iscsi: Driver version: 11.1.0.0 (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Replace _bh with _irqsave/irqrestore (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Remove redundant iscsi_wrb desc memset (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix bad WRB index error (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix async PDU handling path (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Add lock to protect WRB alloc and free (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: _bh for io_sgl_lock and mgmt_sgl_lock (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Reduce driver load/unload time (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix ExpStatSn in management tasks (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Update the driver version (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix WRB leak in login/logout path (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix async link event processing (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to process 25G link speed info from FW (Maurizio Lombardi) [1347815]\n- [scsi] scsi_transport_iscsi: Add 25G and 40G speed definition (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix IOPOLL implementation (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix return value for MCC completion (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Add FW config validation (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to handle misconfigured optics events (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix VLAN support for IPv6 network (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to remove shutdown entry point (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Added return value check for mgmt_get_all_if_id (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Set mbox timeout to 30s (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to synchronize tag allocation using spin_lock (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix to use atomic bit operations for tag_state (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix mbox synchronization replacing spinlock with mutex (Maurizio Lombardi) [1347815]\n- [scsi] be2iscsi: Fix soft lockup in mgmt_get_all_if_id path using bmbx (Maurizio Lombardi) [1347815]\n- [scsi] scsi_debug: fix logical block provisioning support when unmap_alignment != 0 (Maurizio Lombardi) [1388096]\n- [scsi] scsi_debug: fix logical block provisioning support (Maurizio Lombardi) [1388096]\n- [scsi] mpt3sas: Fix resume on WarpDrive flash cards (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: avoid mpt3sas_transport_port_add NULL parent_dev (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: set num_phys after allocating phy space (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: add missing curly braces (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Used 'synchronize_irq()'API to synchronize timed-out IO & TMs (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Set maximum transfer length per IO to 4MB for VDs (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Updating mpt3sas driver version to 13.100.00.00 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Handle active cable exception event (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Update MPI header to 2.00.42 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: remove unused fw_event_work elements (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Remove usage of 'struct timeval' (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Dont overreach ioc->reply_post during initialization (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Remove unnecessary synchronize_irq() before free_irq() (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Free memory pools before retrying to allocate with different value (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Remove cpumask_clear for zalloc_cpumask_var and dont free free_cpu_mask_var before reply_q (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Updating mpt3sas driver version to 12.100.00.00 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Updated MPI Header to 2.00.42 (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Add support for configurable Chain Frame Size (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Added smp_affinity_enable module parameter (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Make use of additional HighPriority credit message frames for sending SCSI IOs (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Never block the Enclosure device (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Fix static analyzer(coverity) tool identified defects (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Used IEEE SGL instead of MPI SGL while framing a SMP Passthrough request message (Tomas Henzl) [1329353]\n- [scsi] mpt3sas: Added support for high port count HBA variants (Tomas Henzl) [1329353]\n- [scsi] bnx2fc: Update version number to 2.10.3 (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Check sc_cmd device and host pointer before returning the command to the mid-layer (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Print netdev device name when FCoE is successfully initialized (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Print when we send a fip keep alive (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: bnx2fc_eh_abort(): fix wrong return code (Maurizio Lombardi) [1380385]\n- [scsi] bnx2fc: Show information about log levels in 'modinfo' (Maurizio Lombardi) [1380385]\n- [scsi] hpsa: update driver revision to 3.4.10-0-RH2 (Joseph Szczypek) [1377892]\n- [scsi] hpsa: correct scsi 6byte lba calculation (Joseph Szczypek) [1377892]\n- [scsi] lpfc: remove unknown ELS message warnings for RDP (Maurizio Lombardi) [1347811]\n- [scsi] smartpqi: add to config-generic (Scott Benesh) [1343743]\n- [scsi] smartpqi: raid bypass lba calculation fix (Scott Benesh) [1343743]\n- [scsi] smartpqi: bump driver version (Scott Benesh) [1343743]\n- [scsi] smartpqi: add smartpqi.txt (Scott Benesh) [1343743]\n- [scsi] smartpqi: update Kconfig (Scott Benesh) [1343743]\n- [scsi] smartpqi: remove timeout for cache flush operations (Scott Benesh) [1343743]\n- [scsi] smartpqi: scsi queuecommand cleanup (Scott Benesh) [1343743]\n- [scsi] smartpqi: minor tweaks to update time support (Scott Benesh) [1343743]\n- [scsi] smartpqi: minor function reformating (Scott Benesh) [1343743]\n- [scsi] smartpqi: correct event acknowledgement timeout issue (Scott Benesh) [1343743]\n- [scsi] smartpqi: correct controller offline issue (Scott Benesh) [1343743]\n- [scsi] smartpqi: add kdump support (Scott Benesh) [1343743]\n- [scsi] smartpqi: enhance reset logic (Scott Benesh) [1343743]\n- [scsi] smartpqi: enhance drive offline informational message (Scott Benesh) [1343743]\n- [scsi] smartpqi: simplify spanning (Scott Benesh) [1343743]\n- [scsi] smartpqi: change tmf macro names (Scott Benesh) [1343743]\n- [scsi] smartpqi: change aio sg processing (Scott Benesh) [1343743]\n- [scsi] aacraid: remove wildcard for series 9 controllers (Scott Benesh) [1343743]\n- [scsi] smartpqi: initial commit of Microsemi smartpqi driver (Scott Benesh) [1343743]\n[2.6.32-667]\n- [hv] get rid of id in struct vmbus_channel (Vitaly Kuznetsov) [1322802]\n- [hv] make VMBus bus ids persistent (Vitaly Kuznetsov) [1322802]\n- [hv] storvsc: Fix potential memory leak (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Filter out storvsc messages CD-ROM medium not present (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: fix SRB_STATUS_ABORTED handling (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: add logging for error/warning messages (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Fix a bug in the handling of SRB status flags (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Dont set the SRB_FLAGS_QUEUE_ACTION_ENABLE flag (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Set the tablesize based on the information given by the host (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Dont assume that the scatterlist is not chained (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Retrieve information about the capability of the target (Cathy Avery) [1322928 1352824]\n- [hv] storvsc: Always send on the selected outgoing channel (Cathy Avery) [1322928 1352824]\n- [hv] vmbus: Support a vmbus API for efficiently sending page arrays (Cathy Avery) [1322928 1352824]\n- [hv] balloon: replace ha_region_mutex with spinlock (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: account for gaps in hot add regions (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: keep track of where ha_region starts (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: reset host_specified_ha_region (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: dont crash when memory is added in non-sorted order (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] balloon: check if ha_region_mutex was acquired in MEM_CANCEL_ONLINE case (Vitaly Kuznetsov) [1326999 1381617]\n- [hv] dont leak memory in vmbus_establish_gpadl() (Vitaly Kuznetsov) [1376860]\n- [hv] get rid of redundant messagecount in create_gpadl_header() (Vitaly Kuznetsov) [1376860]\n- [hv] vmbus: dont manipulate with clocksources on crash (Cathy Avery) [1365049]\n- [hv] correct tsc page sequence invalid value (Cathy Avery) [1365049]\n- [hv] vmbus: fix build warning (Cathy Avery) [1365049]\n- [hv] vmbus: Implement a clocksource based on the TSC page (Cathy Avery) [1365049]\n- [hv] kvp: cancel kvp_host_handshake_work on module unload (Vitaly Kuznetsov) [1321259]\n- [x86] mm/xen: Suppress hugetlbfs in PV guests (Vitaly Kuznetsov) [1312331]\n- [mm] hugetlb: allow hugepages_supported to be architecture specific (Vitaly Kuznetsov) [1312331]\n[2.6.32-666]\n- [netdrv] i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: RSS Hash Option parameters (Stefan Assmann) [1360179]\n- [netdrv] i40e: Remove HMC AQ API implementation (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Add driver support for promiscuous mode (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Only offload VLAN tag if enabled (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add DeviceID for X722 QSFP+ (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add device capability which defines if update is available (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Allow PF driver to configure RSS (Stefan Assmann) [1360179]\n- [netdrv] i40e: Specify AQ event opcode to wait for (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Dont Panic (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Stefan Assmann) [1360179]\n- [netdrv] i40evf: properly handle VLAN features (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Stefan Assmann) [1360179]\n- [netdrv] i40e: Input set mask constants for RSS, flow director, and flex bytes (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add RSS configuration to virtual channel (Stefan Assmann) [1360179]\n- [netdrv] i40e: Move NVM variable out of AQ struct (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Faster RX via avoiding FCoE (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Drop unused tx_ring argument (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Fix get_rss_aq (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Add longer wait after remove module (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add new device ID for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Fix VLAN features (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Add additional check for reset (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Fix handling of boolean logic in polling routines (Stefan Assmann) [1360179]\n- [netdrv] i40evf: remove dead code (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.25 and i40evf to 1.4.15 (Stefan Assmann) [1360179]\n- [netdrv] i40e: implement and use Rx CTL helper functions (Stefan Assmann) [1360179]\n- [netdrv] i40e: add adminq commands for Rx CTL registers (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add functions to blink led on 10GBaseT PHY (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Rewrite logic for 8 descriptor per packet check (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Use u64 values instead of casting them in TSO function (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Drop outer checksum offload that was not requested (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.15 and i40evf to 1.4.11 (Stefan Assmann) [1360179]\n- [netdrv] i40e: When in promisc mode apply promisc mode to Tx Traffic as well (Stefan Assmann) [1360179]\n- [netdrv] i40e: clean event descriptor before use (Stefan Assmann) [1360179]\n- [netdrv] i40evf: set adapter state on reset failure (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: avoid atomics (Stefan Assmann) [1360179]\n- [netdrv] i40e: Add a SW workaround for lost interrupts (Stefan Assmann) [1360179]\n- [netdrv] i40evf: support packet split receive (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump version (Stefan Assmann) [1360179]\n- [netdrv] i40e: properly show packet split status in debugfs (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: use logical operators, not bitwise (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: use __GFP_NOWARN (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: try again after failure (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: dont lose interrupts (Stefan Assmann) [1360179]\n- [netdrv] i40evf: Change vf driver string to reflect all products i40evf supports (Stefan Assmann) [1360179]\n- [netdrv] i40e: Refactor force_wb and WB_ON_ITR functionality code (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: bump version to 1.4.12/1.4.8 (Stefan Assmann) [1360179]\n- [netdrv] i40e: do TSO only if CHECKSUM_PARTIAL is set (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.11 and i40evf to 1.4.7 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: enable bus master after reset (Stefan Assmann) [1360179]\n- [netdrv] i40e: fix write-back-on-itr to work with legacy itr (Stefan Assmann) [1360179]\n- [netdrv] i40e: Bump AQ minor version to 1.5 for new FW features (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ thermal sensor control struct (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add VXLAN-GPE tunnel type (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add set_switch_config (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Shared resource flags (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add external power class to get link status (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Geneve cloud tunnel type (Stefan Assmann) [1360179]\n- [netdrv] i40e: AQ Add Run PHY Activity struct (Stefan Assmann) [1360179]\n- [netdrv] i40e: add new proxy-wol bit for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Use private workqueue (Stefan Assmann) [1360179]\n- [netdrv] i40evf: add new write-back mode (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Fix for UDP/TCP RSS for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: null out ring pointers on free (Stefan Assmann) [1360179]\n- [netdrv] i40e: define function capabilities in only one place (Stefan Assmann) [1360179]\n- [netdrv] i40evf: allow channel bonding of VFs (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Fix RSS rx-flow-hash configuration through ethtool (Stefan Assmann) [1360179]\n- [netdrv] treewide: Fix typos in printk (Stefan Assmann) [1360179]\n- [netdrv] i40e: remove forever unused ID (Stefan Assmann) [1360179]\n- [netdrv] i40e: Fix Rx hash reported to the stack by our driver (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.8 and i40evf to 1.4.4 (Stefan Assmann) [1360179]\n- [netdrv] i40evf: change version string generation (Stefan Assmann) [1360179]\n- [netdrv] i40e/i40evf: Add a new offload for RSS PCTYPE V2 for X722 (Stefan Assmann) [1360179]\n- [netdrv] i40e: Opcode and structures required by OEM Post Update AQ command and add new NVM arq message (Stefan Assmann) [1360179]\n- [netdrv] i40evf: check rings before freeing resources (Stefan Assmann) [1360179]\n- [netdrv] i40e: Fix errors resulted while turning off TSO (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: use configured RSS key and lookup table in i40e_vsi_config_rss (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix broken i40e_config_rss_aq function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: move i40e_vsi_config_rss below i40e_get_rss_aq (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove redundant memset (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: check for and deal with non-contiguous TCs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf : Bump driver version from 1.5.5 to 1.5.10 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Update device ids for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Drop extra copy of function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Use consistent type for vf_id (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: PTP - avoid aggregate return warnings (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix uninitialized variable (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove HMC AQ API implementation (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40evf: Add driver support for promiscuous mode (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add VF promiscuous mode driver support (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add promiscuous on VLAN support (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Only offload VLAN tag if enabled (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove zero check (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add DeviceID for X722 QSFP+ (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add device capability which defines if update is available (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Specify AQ event opcode to wait for (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Code cleanup in i40e_add_fdir_ethtool (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Limit TSO to 7 descriptors for payload instead of 8 per packet (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix errant PCIe bandwidth message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.2 to 1.5.5 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Input set mask constants for RSS, flow director, and flex bytes (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Move NVM event wait check to NVM code (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add RSS configuration to virtual channel (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Move NVM variable out of AQ struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Restrict VF poll mode to only single function mode devices (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Faster RX via avoiding FCoE (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Drop unused tx_ring argument (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Move HW flush (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Leave debug_mask cleared at init (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Inserting a HW capability display info (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump patch from 1.5.1 to 1.5.2 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Request PHY media event at reset time (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Lower some message levels (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix for supported link modes in 10GBaseT PHYs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Disable link polling (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Make VF resets more reliable (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add new device ID for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove unused variable (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: remove redundant check on vsi->active_vlans (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump patch from 1.4.25 to 1.5.1 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Change comment to reflect correct function name (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Change unknown event error msg to ignore message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Added code to prevent double resets (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Notify VFs of all resets (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove timer and task only if created (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Assure that adminq is alive in debug mode (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Remove MSIx only if created (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix up return code (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Save off VSI resource count when updating VSI (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Remove I40E_MAX_USER_PRIORITY define (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Fix handling of boolean logic in polling routines (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Allow up to 12K bytes of data per Tx descriptor instead of 8K (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: call ndo_stop() instead of dev_close() when running offline selftest (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: queue-specific settings for interrupt moderation (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.25 and i40evf to 1.4.15 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: let go of the past (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: suspend scheduling during driver unload (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Use the new rx ctl register helpers. Dont use AQ calls from clear_hw (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: implement and use Rx CTL helper functions (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add adminq commands for Rx CTL registers (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add check for null VSI (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Expose some registers to program parser, FD and RSS logic (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix for unexpected messaging (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Do not wait for Rx queue disable in DCB reconfig (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Increase timeout when checking GLGEN_RSTAT_DEVSTATE bit (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix led blink capability for 10GBaseT PHY (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add functions to blink led on 10GBaseT PHY (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Rewrite logic for 8 descriptor per packet check (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Break up xmit_descriptor_count from maybe_stop_tx (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Clean-up Rx packet checksum handling (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Set skb->csum_level for encapsulated checksum (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Add exception handling for Tx checksum (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Use u64 values instead of casting them in TSO function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Drop outer checksum offload that was not requested (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.15 and i40evf to 1.4.11 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: When in promisc mode apply promisc mode to Tx Traffic as well (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: clean event descriptor before use (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: better error reporting for nvmupdate (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: expand comment (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Do not disable queues in the Legacy/MSI Interrupt handler (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: avoid atomics (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Removal of code which relies on BASE VEB SEID (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix PROMISC mode for Multi-function per port (MFP) devices (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add a SW workaround for lost interrupts (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: cleanup use of pf->hw (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: drop unused debugfs file 'dump' (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: get rid of magic number (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump version (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: properly show packet split status in debugfs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: use logical operators, not bitwise (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: use __GFP_NOWARN (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: dump descriptor indexes in hex (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: try again after failure (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: dont lose interrupts (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Refactor force_wb and WB_ON_ITR functionality code (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: use new add_veb calling with VEB stats control (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add VEB stat control and remove L2 cloud filter (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: set shared bit for multicast filters (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Make the DCB firmware checks for X710/XL710 only (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: move sync_vsi_filters up in service_task (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add priv flag for automatic rule eviction (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: bump version to 1.4.12/1.4.8 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: avoid large memcpy by assigning struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: count allocation errors (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: drop unused function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: negate PHY int mask bits (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: APIs to Add/remove port mirroring rules (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix: do not sleep in netdev_ops (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: allocate memory safer (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: do TSO only if CHECKSUM_PARTIAL is set (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: fix missing space (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: drop duplicate definition (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.11 and i40evf to 1.4.7 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: trivial: remove unnecessary local var (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: remove VF device IDs from PF (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add netdev info to VSI dump (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add a little more to an NVM update debug message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: refactor DCB function (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add 20G speed for Tx bandwidth calculations (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add counter for arq overflows (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: fix write-back-on-itr to work with legacy itr (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Store lan_vsi_idx and lan_vsi_id in the right size (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Bump AQ minor version to 1.5 for new FW features (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ thermal sensor control struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Add VXLAN-GPE tunnel type (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Add set_switch_config (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Shared resource flags (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add 100Mb ethtool reporting (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: AQ Add Run PHY Activity struct (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Limit DCB FW version checks to X710/XL710 devices (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add new proxy-wol bit for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Use private workqueue (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40evf: add new write-back mode (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Fix for UDP/TCP RSS for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Extend ethtool RSS hooks for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: add new device IDs for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: bump version to 1.4.10 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Cleanup the code with respect to restarting autoneg (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: define function capabilities in only one place (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Replace X722 mac check in ethtool get_settings (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Fix RSS rx-flow-hash configuration through ethtool (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Add mac_filter_element at the end of the list instead of HEAD (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: remove forever unused ID (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Fix Rx hash reported to the stack by our driver (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: allow zero MAC address for VFs (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: change log messages and error returns (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Bump i40e to 1.4.8 and i40evf to 1.4.4 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: clean whole mac filter list (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e/i40evf: Add a new offload for RSS PCTYPE V2 for X722 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: hush little warnings (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: Opcode and structures required by OEM Post Update AQ command and add new NVM arq message (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: use explicit cast from u16 to u8 (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: dont add zero MAC filter (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: properly delete VF MAC filters (Stefan Assmann) [1249250 1310402 1346978]\n- [netdrv] i40e: chomp the BIT(_ULL) (Stefan Assmann) [1249250 1310402 1346978]", "published": "2017-03-27T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-0817.html", "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2017-6074", "CVE-2016-8399", "CVE-2016-7117", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9555", "CVE-2016-6136", "CVE-2016-6828", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-4998", "CVE-2016-7042"], "lastseen": "2017-03-27T21:17:47"}, {"id": "ELSA-2017-3566", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[3.8.13-118.18.2]\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986990] {CVE-2017-7895}\n[3.8.13-118.18.1]\n- fnic: Update fnic driver version to 1.6.0.24 (John Sobecki) [Orabug: 24448585] \n- xen-netfront: Rework the fix for Rx stall during OOM and network stress (Dongli Zhang) [Orabug: 25450703] \n- xen-netfront: Fix Rx stall during network stress and OOM (Dongli Zhang) [Orabug: 25450703] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) \n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549809] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549809] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549809] \n- VSOCK: Fix lockdep issue. (Dongli Zhang) [Orabug: 25559937] \n- VSOCK: sock_put wasn't safe to call in interrupt context (Dongli Zhang) [Orabug: 25559937] \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 25677469] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719675] {CVE-2017-2583} {CVE-2017-2583}\n- ext4: validate s_first_meta_bg at mount time (Eryu Guan) [Orabug: 25719738] {CVE-2016-10208}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719810] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720813] {CVE-2017-6214}\n- lpfc cannot establish connection with targets that send PRLI under P2P mode (Joe Jin) [Orabug: 25759083] \n- USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796594] {CVE-2016-2782}\n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797012] {CVE-2017-5669}\n- vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797052] {CVE-2015-6252}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814663] {CVE-2017-7184}\n- KEYS: Remove key_type::match in favour of overriding default by match_preparse (Aniket Alshi) [Orabug: 25823962] {CVE-2017-2647} {CVE-2017-2647}\n- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825105] {CVE-2015-5257} {CVE-2015-5257}\n- udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871102] {CVE-2015-9731}\n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25876655] {CVE-2016-10229}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877530] {CVE-2016-7910}\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644}\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187}", "published": "2017-05-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3566.html", "cvelist": ["CVE-2016-10208", "CVE-2016-2782", "CVE-2017-7895", "CVE-2017-7184", "CVE-2016-7910", "CVE-2016-8399", "CVE-2016-10088", "CVE-2015-6252", "CVE-2015-9731", "CVE-2015-5257", "CVE-2017-2583", "CVE-2017-6214", "CVE-2017-5669", "CVE-2017-2647", "CVE-2017-5986", "CVE-2016-10229", "CVE-2017-7187", "CVE-2016-10142", "CVE-2016-9644"], "lastseen": "2017-05-16T13:21:12"}, {"id": "ELSA-2017-3534", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[3.8.13-118.17.4]\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790392] {CVE-2016-9644}\n[3.8.13-118.17.3]\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766911] {CVE-2016-8399}\n[3.8.13-118.17.2]\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765776] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765445] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751996] {CVE-2017-7187}\n[3.8.13-118.17.1]\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696686] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696686] {CVE-2017-2636}\n- drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696686] {CVE-2017-2636}\n- x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 21305080] {CVE-2015-4700}\n- net: filter: return -EINVAL if BPF_S_ANC* operation is not supported (Daniel Borkmann) [Orabug: 22187148] \n- KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED (David Howells) \n- KEYS: Increase root_maxkeys and root_maxbytes sizes (Steve Dickson) \n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451530] {CVE-2016-8633}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463927] {CVE-2016-3672}\n- x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463927] {CVE-2016-3672}\n- pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (WANG Cong) [Orabug: 25490335] {CVE-2015-8569}\n- sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490372] {CVE-2015-5707}\n- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507195] {CVE-2016-9588}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507230] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507230] {CVE-2016-8645}\n- fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507281] {CVE-2016-9178}\n- scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507328] {CVE-2016-7425}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507328] {CVE-2016-7425}\n- net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512413] {CVE-2016-4580}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512471] {CVE-2016-3140}\n- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25543892] {CVE-2017-5970}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682430] {CVE-2017-6345}\n- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) {CVE-2017-6074}\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417805] {CVE-2016-8646}\n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462760] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462807] {CVE-2016-4485}\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446}\n- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25463996] {CVE-2013-7446}\n- net: avoid signed overflows for SO_{SND|RCV}BUFFORCE (Eric Dumazet) [Orabug: 25203623] {CVE-2016-9793}", "published": "2017-03-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3534.html", "cvelist": ["CVE-2016-8633", "CVE-2017-6074", "CVE-2016-8399", "CVE-2016-9793", "CVE-2016-10088", "CVE-2017-5970", "CVE-2017-2636", "CVE-2016-9178", "CVE-2016-7425", "CVE-2016-4485", "CVE-2016-4482", "CVE-2017-6345", "CVE-2016-8646", "CVE-2016-9588", "CVE-2016-3140", "CVE-2013-7446", "CVE-2017-7187", "CVE-2015-8569", "CVE-2016-10142", "CVE-2016-9644", "CVE-2015-5707", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-8645", "CVE-2015-4700"], "lastseen": "2017-04-01T03:18:17"}, {"id": "ELSA-2017-3533", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[4.1.12-61.1.33]\n- Revert 'x86/mm: Expand the exception table logic to allow new handling options' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}\n- Revert 'fix minor infoleak in get_user_ex()' (Brian Maly) [Orabug: 25790387] {CVE-2016-9644}\n[4.1.12-61.1.32]\n- x86/mm: Expand the exception table logic to allow new handling options (Tony Luck) [Orabug: 25790387] {CVE-2016-9644}\n[4.1.12-61.1.31]\n- rebuild bumping release\n[4.1.12-61.1.30]\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766898] {CVE-2016-8399} {CVE-2016-8399}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765436] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25751984] {CVE-2017-7187}\n[4.1.12-61.1.29]\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696677] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696677] {CVE-2017-2636}\n- If Slot Status indicates changes in both Data Link Layer Status and Presence Detect, prioritize the Link status change. (Jack Vogel) [Orabug: 25353783] \n- PCI: pciehp: Leave power indicator on when enabling already-enabled slot (Ashok Raj) [Orabug: 25353783] \n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451520] {CVE-2016-8633}\n- usbnet: cleanup after bind() in probe() (Oliver Neukum) [Orabug: 25463898] {CVE-2016-3951}\n- cdc_ncm: do not call usbnet_link_change from cdc_ncm_bind (Bjorn Mork) [Orabug: 25463898] {CVE-2016-3951}\n- cdc_ncm: Add support for moving NDP to end of NCM frame (Enrico Mioso) [Orabug: 25463898] {CVE-2016-3951}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463918] {CVE-2016-3672}\n- kvm: fix page struct leak in handle_vmon (Paolo Bonzini) [Orabug: 25507133] {CVE-2017-2596}\n- crypto: mcryptd - Check mcryptd algorithm compatibility (tim) [Orabug: 25507153] {CVE-2016-10147}\n- kvm: nVMX: Allow L1 to intercept software exceptions (#BP and #OF) (Jim Mattson) [Orabug: 25507188] {CVE-2016-9588}\n- KVM: x86: drop error recovery in em_jmp_far and em_ret_far (Radim Krcmar) [Orabug: 25507213] {CVE-2016-9756}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507226] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507226] {CVE-2016-8645}\n- tipc: check minimum bearer MTU (Michal Kubecek) [Orabug: 25507239] {CVE-2016-8632} {CVE-2016-8632}\n- fix minor infoleak in get_user_ex() (Al Viro) [Orabug: 25507269] {CVE-2016-9178}\n- scsi: arcmsr: Simplify user_len checking (Borislav Petkov) [Orabug: 25507319] {CVE-2016-7425}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507319] {CVE-2016-7425}\n- tmpfs: clear S_ISGID when setting posix ACLs (Gu Zheng) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}\n- posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507341] {CVE-2016-7097} {CVE-2016-7097}\n- ext2: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- ext4: convert to mbcache2 (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- mbcache2: reimplement mbcache (Jan Kara) [Orabug: 25512366] {CVE-2015-8952}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512466] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682419] {CVE-2017-6345}\n- net/mlx4_core: Disallow creation of RAW QPs on a VF (Eli Cohen) [Orabug: 25697847] \n- ipv4: keep skb->dst around in presence of IP options (Eric Dumazet) [Orabug: 25698300] {CVE-2017-5970}\n- perf/core: Fix concurrent sys_perf_event_open() vs. 'move_group' race (Peter Zijlstra) [Orabug: 25698751] {CVE-2017-6001}\n- ip6_gre: fix ip6gre_err() invalid reads (Eric Dumazet) [Orabug: 25699015] {CVE-2017-5897}\n- mpt3sas: Dont spam logs if logging level is 0 (Johannes Thumshirn) [Orabug: 25699035] \n- xen-netfront: cast grant table reference first to type int (Dongli Zhang) \n- xen-netfront: do not cast grant table reference to signed short (Dongli Zhang)", "published": "2017-03-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3533.html", "cvelist": ["CVE-2016-7097", "CVE-2016-8633", "CVE-2016-8399", "CVE-2016-10088", "CVE-2017-6001", "CVE-2017-5970", "CVE-2015-8952", "CVE-2017-2636", "CVE-2016-8632", "CVE-2016-9178", "CVE-2016-7425", "CVE-2016-3951", "CVE-2016-10147", "CVE-2016-9756", "CVE-2017-6345", "CVE-2017-2596", "CVE-2016-9588", "CVE-2016-3140", "CVE-2017-7187", "CVE-2016-9644", "CVE-2016-3672", "CVE-2016-8645", "CVE-2017-5897"], "lastseen": "2017-04-01T03:18:27"}, {"id": "ELSA-2017-3567", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "[2.6.39-400.295.2]\n- nfsd: stricter decoding of write-like NFSv2/v3 ops (J. Bruce Fields) [Orabug: 25986995] {CVE-2017-7895}\n[2.6.39-400.295.1]\n- ocfs2/o2net: o2net_listen_data_ready should do nothing if socket state is not TCP_LISTEN (Tariq Saeed) [Orabug: 25510857] \n- IB/CORE: sync the resouce access in fmr_pool (Wengang Wang) [Orabug: 23750748] \n- ipv6: Skip XFRM lookup if dst_entry in socket cache is valid (Jakub Sitnicki) [Orabug: 25534688] \n- uek-rpm: enable CONFIG_KSPLICE. (Jamie Iles) [Orabug: 25549845] \n- ksplice: add sysctls for determining Ksplice features. (Jamie Iles) [Orabug: 25549845] \n- signal: protect SIGNAL_UNKILLABLE from unintentional clearing. (Jamie Iles) [Orabug: 25549845] \n- KVM: x86: fix emulation of 'MOV SS, null selector' (Paolo Bonzini) [Orabug: 25719676] {CVE-2017-2583} {CVE-2017-2583}\n- sctp: avoid BUG_ON on sctp_wait_for_sndbuf (Marcelo Ricardo Leitner) [Orabug: 25719811] {CVE-2017-5986}\n- tcp: avoid infinite loop in tcp_splice_read() (Eric Dumazet) [Orabug: 25720815] {CVE-2017-6214}\n- USB: visor: fix null-deref at probe (Johan Hovold) [Orabug: 25796604] {CVE-2016-2782}\n- ipc/shm: Fix shmat mmap nil-page protection (Davidlohr Bueso) [Orabug: 25797014] {CVE-2017-5669}\n- vhost: actually track log eventfd file (Marc-Andre Lureau) [Orabug: 25797056] {CVE-2015-6252}\n- xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184}\n- xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Andy Whitcroft) [Orabug: 25814664] {CVE-2017-7184}\n- KEYS: Remove key_type::match in favour of overriding default by match_preparse (David Howells) [Orabug: 25823965] {CVE-2017-2647} {CVE-2017-2647}\n- USB: whiteheat: fix potential null-deref at probe (Johan Hovold) [Orabug: 25825107] {CVE-2015-5257}\n- RDS: fix race condition when sending a message on unbound socket (Quentin Casasnovas) [Orabug: 25871048] {CVE-2015-6937} {CVE-2015-6937}\n- udf: Check path length when reading symlink (Jan Kara) [Orabug: 25871104] {CVE-2015-9731}\n- udf: Treat symlink component of type 2 as / (Jan Kara) [Orabug: 25871104] {CVE-2015-9731}\n- udp: properly support MSG_PEEK with truncated buffers (Eric Dumazet) [Orabug: 25874741] {CVE-2016-10229}\n- block: fix use-after-free in seq file (Vegard Nossum) [Orabug: 25877531] {CVE-2016-7910}\n- RHEL: complement upstream workaround for CVE-2016-10142. (Quentin Casasnovas) [Orabug: 25765786] {CVE-2016-10142} {CVE-2016-10142}\n- net: ping: check minimum size on ICMP header length (Kees Cook) [Orabug: 25766914] {CVE-2016-8399}\n- ipv6: stop sending PTB packets for MTU < 1280 (Hagen Paul Pfeifer) [Orabug: 25765786] {CVE-2016-10142}\n- sg_write()/bsg_write() is not fit to be called under KERNEL_DS (Al Viro) [Orabug: 25765448] {CVE-2016-10088}\n- scsi: sg: check length passed to SG_NEXT_CMD_LEN (peter chang) [Orabug: 25752011] {CVE-2017-7187}\n- tty: n_hdlc: get rid of racy n_hdlc.tbuf (Alexander Popov) [Orabug: 25696689] {CVE-2017-2636}\n- TTY: n_hdlc, fix lockdep false positive (Jiri Slaby) [Orabug: 25696689] {CVE-2017-2636}\n- drivers/tty/n_hdlc.c: replace kmalloc/memset by kzalloc (Fabian Frederick) [Orabug: 25696689] {CVE-2017-2636}\n- list: introduce list_first_entry_or_null (Jiri Pirko) [Orabug: 25696689] {CVE-2017-2636}\n- firewire: net: guard against rx buffer overflows (Stefan Richter) [Orabug: 25451538] {CVE-2016-8633}\n- x86/mm/32: Enable full randomization on i386 and X86_32 (Hector Marco-Gisbert) [Orabug: 25463929] {CVE-2016-3672}\n- x86 get_unmapped_area: Access mmap_legacy_base through mm_struct member (Radu Caragea) [Orabug: 25463929] {CVE-2016-3672}\n- sg_start_req(): make sure that there's not too many elements in iovec (Al Viro) [Orabug: 25490377] {CVE-2015-5707}\n- tcp: take care of truncations done by sk_filter() (Eric Dumazet) [Orabug: 25507232] {CVE-2016-8645}\n- rose: limit sk_filter trim to payload (Willem de Bruijn) [Orabug: 25507232] {CVE-2016-8645}\n- scsi: arcmsr: Buffer overflow in arcmsr_iop_message_xfer() (Dan Carpenter) [Orabug: 25507330] {CVE-2016-7425}\n- x86: bpf_jit: fix compilation of large bpf programs (Alexei Starovoitov) [Orabug: 25507375] {CVE-2015-4700}\n- net: fix a kernel infoleak in x25 module (Kangjie Lu) [Orabug: 25512417] {CVE-2016-4580}\n- USB: digi_acceleport: do sanity checking for the number of ports (Oliver Neukum) [Orabug: 25512472] {CVE-2016-3140}\n- net/llc: avoid BUG_ON() in skb_orphan() (Eric Dumazet) [Orabug: 25682437] {CVE-2017-6345}\n- dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Andrey Konovalov) [Orabug: 25598277] {CVE-2017-6074}\n- vfs: read file_handle only once in handle_to_path (Sasha Levin) [Orabug: 25388709] {CVE-2015-1420}\n- crypto: algif_hash - Only export and import on sockets with data (Herbert Xu) [Orabug: 25417807] \n- USB: usbfs: fix potential infoleak in devio (Kangjie Lu) [Orabug: 25462763] {CVE-2016-4482}\n- net: fix infoleak in llc (Kangjie Lu) [Orabug: 25462811] {CVE-2016-4485}\n- af_unix: Guard against other == sk in unix_dgram_sendmsg (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}\n- unix: avoid use-after-free in ep_remove_wait_queue (Rainer Weikusat) [Orabug: 25464000] {CVE-2013-7446}", "published": "2017-05-16T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-3567.html", "cvelist": ["CVE-2016-2782", "CVE-2017-7895", "CVE-2017-7184", "CVE-2016-7910", "CVE-2016-8633", "CVE-2017-6074", "CVE-2016-8399", "CVE-2015-1420", "CVE-2016-10088", "CVE-2015-6252", "CVE-2015-9731", "CVE-2015-5257", "CVE-2017-2636", "CVE-2017-2583", "CVE-2016-7425", "CVE-2017-6214", "CVE-2016-4485", "CVE-2016-4482", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-2647", "CVE-2017-5986", "CVE-2016-3140", "CVE-2016-10229", "CVE-2013-7446", "CVE-2017-7187", "CVE-2016-10142", "CVE-2015-5707", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-8645", "CVE-2015-6937", "CVE-2015-4700"], "lastseen": "2017-05-16T13:20:57"}, {"id": "ELSA-2016-3652", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "[2.6.39-400.293.1]\n- logging errors that get masked to EIO inside drivers/block/loop.c (Manjunath Patil) [Orabug: 21962821] \n- sched/core: Clear the root_domain cpumasks in init_rootdomain() (Xunlei Pang) [Orabug: 23518650] \n- bio allocation failure due to bio_get_nr_vecs() (Darrick J. Wong) [Orabug: 23852442] \n- mlx4: avoid ABBA deadlock (Wengang Wang) [Orabug: 23538548] \n- mlx4: avoid multiple free on id_map_ent (Wengang Wang) [Orabug: 25022815] \n- sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142906] {CVE-2016-9555}\n[2.6.39-400.292.1]\n- NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25138146]\n[2.6.39-400.291.1]\n- RDS: Drop the connection as part of cancel to avoid hangs (Avinash Repaka) [Orabug: 24951873] ", "published": "2016-12-09T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-3652.html", "cvelist": ["CVE-2016-9555"], "lastseen": "2016-12-10T05:24:00"}, {"id": "ELSA-2016-3648", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security update", "description": "kernel-uek\n[4.1.12-61.1.22]\n- ocfs2: fix trans extend while free cached blocks (Junxiao Bi) [Orabug: 25136991] \n- ocfs2: fix trans extend while flush truncate log (Junxiao Bi) [Orabug: 25136991] \n- ocfs2: extend enough credits for freeing one truncate record while replaying truncate records (Xue jiufei) [Orabug: 25136991] \n- mpi: Fix NULL ptr dereference in mpi_powm() [ver #3] (Andrey Ryabinin) [Orabug: 25154096] {CVE-2016-8650} {CVE-2016-8650}\n- mlx4: avoid multiple free on id_map_ent (Wengang Wang) [Orabug: 25159035]\n[4.1.12-61.1.21]\n- NVMe: reduce queue depth as workaround for Samsung EPIC SQ errata (Ashok Vairavan) [Orabug: 25144380] \n- sctp: validate chunk len before actually using it (Marcelo Ricardo Leitner) [Orabug: 25142868] {CVE-2016-9555}\n[4.1.12-61.1.20]\n- rebuild bumping release", "published": "2016-12-07T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2016-3648.html", "cvelist": ["CVE-2016-8650", "CVE-2016-9555"], "lastseen": "2016-12-08T01:23:44"}, {"id": "ELSA-2017-0307", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[2.6.32-642.15.1]\n- [net] dccp: fix freeing skb too early for IPV6_RECVPKTINFO (Hannes Frederic Sowa) [1424626 1424628] {CVE-2017-6074}\n[2.6.32-642.14.1]\n- [net] sctp: validate chunk len before actually using it (Hangbin Liu) [1399456 1399457] {CVE-2016-9555}\n- [netdrv] qlcnic: add wmb() call in transmit data path (Harish Patil) [1403143 1342659]\n- [kernel] audit: fix a double fetch in audit_log_single_execve_arg() (Paul Moore) [1359302 1359304] {CVE-2016-6136}\n- [fs] nfs: Kill fscache warnings when mounting without -ofsc (David Howells) [1399172 1353844]\n- [fs] nfs: Fix a compile issue when CONFIG_NFS_FSCACHE was undefined (David Howells) [1399172 1353844]\n- [fs] nfs: Don't pass mount data to nfs_fscache_get_super_cookie() (David Howells) [1399172 1353844]\n- [fs] nfsd: handle fileid wraparound (Dave Wysochanski) [1399174 1397552]\n- [scsi] hpsa: correct logical resets (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: generate a controller NMI (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: update driver version to 3.4.10-0-RH3 (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: Check for null devices in ioaccel submission patch (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: check for null device pointers (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: correct skipping masked peripherals (Joseph Szczypek) [1399175 1083110]\n- [scsi] hpsa: generalize external arrays (Joseph Szczypek) [1399175 1083110]\n- [fs] ext4: fix extent tree corruption caused by hole punch (Lukas Czerner) [1397808 1351798]\n- [hv] do not lose pending heartbeat vmbus packets (Vitaly Kuznetsov) [1397739 1378614]\n- [powerpc] ppc64: Fix incorrect return value from __copy_tofrom_user (Gustavo Duarte) [1398185 1387243]", "published": "2017-02-23T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2017-0307.html", "cvelist": ["CVE-2017-6074", "CVE-2016-9555", "CVE-2016-6136"], "lastseen": "2017-02-24T03:01:34"}], "redhat": [{"id": "RHSA-2017:0004", "type": "redhat", "title": "(RHSA-2017:0004) Important: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* A flaw was found in the way the Linux kernel's networking subsystem handled offloaded packets with multiple layers of encapsulation in the GRO (Generic Receive Offload) code path. A remote attacker could use this flaw to trigger unbounded recursion in the kernel that could lead to stack corruption, resulting in a system crash. (CVE-2016-8666, Important)\n\nBug Fix(es):\n\n* When a virtual machine (VM) with PCI-Passthrough interfaces was recreated, the operating system rebooted. This update fixes the race condition between the eventfd daemon and the virqfd daemon. As a result, the operating system no longer reboots in the described situation. (BZ#1391609)", "published": "2017-01-03T21:31:34", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:0004", "cvelist": ["CVE-2016-8666"], "lastseen": "2017-01-03T17:59:26"}, {"id": "RHSA-2017:0817", "type": "redhat", "title": "(RHSA-2017:0817) Moderate: kernel security, bug fix, and enhancement update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* It was discovered that a remote attacker could leverage the generation of IPv6 atomic fragments to trigger the use of fragmentation in an arbitrary IPv6 flow (in scenarios in which actual fragmentation of packets is not needed) and could subsequently perform any type of a fragmentation-based attack against legacy IPv6 nodes that do not implement RFC6946. (CVE-2016-10142, Moderate)\n\n* A flaw was discovered in the way the Linux kernel dealt with paging structures. When the kernel invalidated a paging structure that was not in use locally, it could, in principle, race against another CPU that is switching to a process that uses the paging structure in question. A local user could use a thread running with a stale cached virtual->physical translation to potentially escalate their privileges if the translation in question were writable and the physical page got reused for something critical (for example, a page table). (CVE-2016-2069, Moderate)\n\n* A race condition flaw was found in the ioctl_send_fib() function in the Linux kernel's aacraid implementation. A local attacker could use this flaw to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value. (CVE-2016-6480, Moderate)\n\n* It was found that when the gcc stack protector was enabled, reading the /proc/keys file could cause a panic in the Linux kernel due to stack corruption. This happened because an incorrect buffer size was used to hold a 64-bit timeout value rendered as weeks. (CVE-2016-7042, Moderate)\n\n* It was found that when file permissions were modified via chmod and the user modifying them was not in the owning group or capable of CAP_FSETID, the setgid bit would be cleared. Setting a POSIX ACL via setxattr sets the file permissions as well as the new ACL, but doesn't clear the setgid bit in a similar way. This could allow a local user to gain group privileges via certain setgid applications. (CVE-2016-7097, Moderate)\n\n* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* It was found that the blk_rq_map_user_iov() function in the Linux kernel's block device implementation did not properly restrict the type of iterator, which could allow a local attacker to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging write access to a /dev/sg device. (CVE-2016-9576, CVE-2016-10088, Moderate)\n\n* A flaw was found in the USB-MIDI Linux kernel driver: a double-free error could be triggered for the 'umidi' object. An attacker with physical access to the system could use this flaw to escalate their privileges. (CVE-2016-2384, Low)\n\nThe CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat) and the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 6.9 Release Notes and Red Hat Enterprise Linux 6.9 Technical Notes linked from the References section.", "published": "2017-03-21T12:09:43", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:0817", "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "lastseen": "2017-04-18T17:21:25"}, {"id": "RHSA-2017:0307", "type": "redhat", "title": "(RHSA-2017:0307) Moderate: kernel security and bug fix update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* When creating audit records for parameters to executed children processes, an attacker can convince the Linux kernel audit subsystem can create corrupt records which may allow an attacker to misrepresent or evade logging of executing commands. (CVE-2016-6136, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n* The qlnic driver previously attempted to fetch pending transmission descriptors before all writes were complete, which lead to firmware hangs. With this update, the qlcnic driver has been fixed to complete all writes before the hardware fetches any pending transmission descriptors. As a result, the firmware no longer hangs with the qlcnic driver. (BZ#1403143)\n\n* Previously, when a NFS share was mounted, the file-system (FS) cache was incorrectly enabled even when the \"-o fsc\" option was not used in the mount command. Consequently, the cachefilesd service stored files in the NFS share even when not instructed to by the user. With this update, NFS does not use the FS cache if not instructed by the \"-o fsc\" option. As a result, NFS no longer enables caching if the \"-o fsc\" option is not used. (BZ#1399172)\n\n* Previously, an NFS client and NFS server got into a NFS4 protocol loop involving a WRITE action and a NFS4ERR_EXPIRED response when the current_fileid counter got to the wraparound point by overflowing the value of 32 bits. This update fixes the NFS server to handle the current_fileid wraparound. As a result, the described NFS4 protocol loop no longer occurs. (BZ#1399174)\n\n* Previously, certain configurations of the Hewlett Packard Smart Array (HPSA) devices caused hardware to be set offline incorrectly when the HPSA driver was expected to wait for existing I/O operations to complete. Consequently, a kernel panic occurred. This update prevents the described problem. As a result, the kernel panic no longer occurs. (BZ#1399175)\n\n* Previously, memory corruption by copying data into the wrong memory locations sometimes occurred, because the __copy_tofrom_user() function was returning incorrect values. This update fixes the __copy_tofrom_user() function so that it no longer returns larger values than the number of bytes it was asked to copy. As a result, memory corruption no longer occurs in he described scenario. (BZ#1398185)\n\n* Previously, guest virtual machines (VMs) on a Hyper-V server cluster got in some cases rebooted during the graceful node failover test, because the host kept sending heartbeat packets independently of guests responding to them. This update fixes the bug by properly responding to all the heartbeat messages in the queue, even if they are pending. As a result, guest VMs no longer get rebooted under the described circumstances. (BZ#1397739)\n\n* When the \"punching hole\" feature of the fallocate utility was used on an ext4 file system inode with extent depth of 1, the extent tree of the inode sometimes became corrupted. With this update, the underlying source code has been fixed, and extent tree corruption no longer occurs in the described situation. (BZ#1397808)", "published": "2017-02-23T21:14:45", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:0307", "cvelist": ["CVE-2016-9555", "CVE-2016-6136"], "lastseen": "2017-03-10T13:18:29"}, {"id": "RHSA-2017:0113", "type": "redhat", "title": "(RHSA-2017:0113) Important: kernel-rt security and bug fix update", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nThe kernel-rt packages have been upgraded to version 3.10.0-514, which provides a number of security and bug fixes over the previous version. (BZ#1400193)\n\nSecurity Fix(es):\n\n* A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)\n\n* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of sctp protocol in which a remote attacker can trigger an out of bounds read with an offset of up to 64kB. This may panic the machine with a page-fault. (CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n* Previously, console warnings from the real-time kernel were generated when a sleeping lock was acquired in atomic context. With this update, the code has been modified to not acquire a sleeping lock in this context. As a result, the console warnings are no longer generated. (BZ#1378982)\n\n* Previously, the device mapper (DM) subsystem was not notified that the real-time kernel changes the way preemption works with spinlocks. This caused a kernel panic when the dm-multipath kernel module was loaded because the interrupt request (IRQ) check was invalid on the real-time kernel. This check has been corrected enabling the system to boot correctly with the dm-multipath module enabled. (BZ#1400305)\n\n* Previously, the kernel could sometimes panic due to a possible division by zero in the scheduler. This bug has been fixed by defining a new div64_ul() division function and correcting the affected calculation in the proc_sched_show_task() function. (BZ#1400975)\n\n* Unlike the standard Linux kernel, the real-time kernel does not disable interrupts inside the Interrupt Service Routines driver. Because of this difference, a New API (NAPI) function for turning interrupt requests (IRQ) off was actually being called with IRQs enabled. Consequently, the NAPI poll list was being corrupted, causing improper networking card operation and potential kernel hangs. With this update, the NAPI function has been corrected to force modifications of the poll list to be protected allowing proper operation of the networking card drivers. (BZ#1401779)\n\nEnhancement(s):\n\n* With this update, the CONFIG_SLUB_DEBUG and CONFIG_SLABINFO kernel configuration options are enabled in the real-time kernel. These options turn on SLUB allocator debugging and slab information tracking, which are helpful when investigating kernel memory allocation problems. (BZ#1357997)", "published": "2017-01-17T22:39:19", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:0113", "cvelist": ["CVE-2016-7117", "CVE-2016-9555", "CVE-2016-6828"], "lastseen": "2017-03-10T13:18:51"}, {"id": "RHSA-2017:0091", "type": "redhat", "title": "(RHSA-2017:0091) Important: kernel-rt security and bug fix update", "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)\n\n* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of sctp protocol in which a remote attacker can trigger an out of bounds read with an offset of up to 64kB. This may panic the machine with a page-fault. (CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to the 3.10.0-514.6.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1401863)\n\n* Previously, the device mapper (DM) subsystem was not notified that the real-time kernel changes the way preemption works with spinlocks. This caused a kernel panic when the dm-multipath kernel module was loaded because the interrupt request (IRQ) check was invalid on the real-time kernel. This check has been corrected enabling the system to boot correctly with the dm-multipath module enabled. (BZ#1400930)\n\n* Unlike the standard Linux kernel, the real-time kernel does not disable interrupts inside the Interrupt Service Routines driver. Because of this difference, a New API (NAPI) function for turning interrupt requests (IRQ) off was actually being called with IRQs enabled. Consequently, the NAPI poll list was being corrupted, causing improper networking card operation and potential kernel hangs. With this update, the NAPI function has been corrected to force modifications of the poll list to be protected allowing proper operation of the networking card drivers. (BZ#1402837)", "published": "2017-01-17T20:24:41", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:0091", "cvelist": ["CVE-2016-7117", "CVE-2016-9555", "CVE-2016-6828"], "lastseen": "2017-01-17T17:01:32"}, {"id": "RHSA-2017:0086", "type": "redhat", "title": "(RHSA-2017:0086) Important: kernel security, bug fix, and enhancement update", "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nThese updated kernel packages include several security issues and numerous bug fixes, some of which you can see below. Space precludes documenting all of these bug fixes in this advisory. To see the complete list of bug fixes, users are directed to the related Knowledge Article: https://access.redhat.com/articles/2857831.\n\nSecurity Fix(es):\n\n* A use-after-free vulnerability was found in the kernel's socket recvmmsg subsystem. This may allow remote attackers to corrupt memory and may allow execution of arbitrary code. This corruption takes place during the error handling routines within __sys_recvmmsg() function. (CVE-2016-7117, Important)\n\n* A use-after-free vulnerability was found in tcp_xmit_retransmit_queue and other tcp_* functions. This condition could allow an attacker to send an incorrect selective acknowledgment to existing connections, possibly resetting a connection. (CVE-2016-6828, Moderate)\n\n* A flaw was found in the Linux kernel's implementation of the SCTP protocol. A remote attacker could trigger an out-of-bounds read with an offset of up to 64kB potentially causing the system to crash. (CVE-2016-9555, Moderate)\n\nBug Fix(es):\n\n* Previously, the performance of Internet Protocol over InfiniBand (IPoIB) was suboptimal due to a conflict of IPoIB with the Generic Receive Offload (GRO) infrastructure. With this update, the data cached by the IPoIB driver has been moved from a control block into the IPoIB hard header, thus avoiding the GRO problem and the corruption of IPoIB address information. As a result, the performance of IPoIB has been improved. (BZ#1390668)\n\n* Previously, when a virtual machine (VM) with PCI-Passthrough interfaces was recreated, a race condition between the eventfd daemon and the virqfd daemon occurred. Consequently, the operating system rebooted. This update fixes the race condition. As a result, the operating system no longer reboots in the described situation. (BZ#1391611)\n\n* Previously, a packet loss occurred when the team driver in round-robin mode was sending a large number of packets. This update fixes counting of the packets in the round-robin runner of the team driver, and the packet loss no longer occurs in the described situation. (BZ#1392023)\n\n* Previously, the virtual network devices contained in the deleted namespace could be deleted in any order. If the loopback device was not deleted as the last item, other netns devices, such as vxlan devices, could end up with dangling references to the loopback device. Consequently, deleting a network namespace (netns) occasionally ended by a kernel oops. With this update, the underlying source code has been fixed to ensure the correct order when deleting the virtual network devices on netns deletion. As a result, the kernel oops no longer occurs under the described circumstances. (BZ#1392024)\n\n* Previously, a Kabylake system with a Sunrise Point Platform Controller Hub (PCH) with a PCI device ID of 0xA149 showed the following warning messages during the boot:\n\n \"Unknown Intel PCH (0xa149) detected.\"\n \"Warning: Intel Kabylake processor with unknown PCH - this hardware has not undergone testing by Red Hat and might not be certified. Please consult https://hardware.redhat.com for certified hardware.\"\n\nThe messages were shown because this PCH was not properly recognized. With this update, the problem has been fixed, and the operating system now boots without displaying the warning messages. (BZ#1392033)\n\n* Previously, the operating system occasionally became unresponsive after a long run. This was caused by a race condition between the try_to_wake_up() function and a woken up task in the core scheduler. With this update, the race condition has been fixed, and the operating system no longer locks up in the described scenario. (BZ#1393719)", "published": "2017-01-17T20:24:29", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2017:0086", "cvelist": ["CVE-2016-7117", "CVE-2016-9555", "CVE-2016-6828"], "lastseen": "2017-01-17T17:01:34"}], "amazon": [{"id": "ALAS-2016-762", "type": "amazon", "title": "Important: kernel", "description": "**Issue Overview:**\n\nThe IP stack in the Linux kernel before 4.6 allows remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to [CVE-2016-7039 __](<https://access.redhat.com/security/cve/CVE-2016-7039>). ([CVE-2016-8666 __](<https://access.redhat.com/security/cve/CVE-2016-8666>))\n\nLinux kernel built with the 802.1Q/802.1ad VLAN(CONFIG_VLAN_8021Q) OR Virtual eXtensible Local Area Network(CONFIG_VXLAN) with Transparent Ethernet Bridging(TEB) GRO support, is vulnerable to a stack overflow issue. It could occur while receiving large packets via GRO path, as an unlimited recursion could unfold in both VLAN and TEB modules, leading to a stack corruption in the kernel. ([CVE-2016-7039 __](<https://access.redhat.com/security/cve/CVE-2016-7039>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running. \n\n \n**New Packages:**\n \n \n i686: \n kernel-tools-devel-4.4.30-32.54.amzn1.i686 \n kernel-debuginfo-4.4.30-32.54.amzn1.i686 \n kernel-headers-4.4.30-32.54.amzn1.i686 \n kernel-tools-4.4.30-32.54.amzn1.i686 \n kernel-devel-4.4.30-32.54.amzn1.i686 \n perf-debuginfo-4.4.30-32.54.amzn1.i686 \n kernel-debuginfo-common-i686-4.4.30-32.54.amzn1.i686 \n perf-4.4.30-32.54.amzn1.i686 \n kernel-4.4.30-32.54.amzn1.i686 \n kernel-tools-debuginfo-4.4.30-32.54.amzn1.i686 \n \n noarch: \n kernel-doc-4.4.30-32.54.amzn1.noarch \n \n src: \n kernel-4.4.30-32.54.amzn1.src \n \n x86_64: \n kernel-4.4.30-32.54.amzn1.x86_64 \n kernel-devel-4.4.30-32.54.amzn1.x86_64 \n perf-debuginfo-4.4.30-32.54.amzn1.x86_64 \n kernel-tools-devel-4.4.30-32.54.amzn1.x86_64 \n kernel-tools-4.4.30-32.54.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.4.30-32.54.amzn1.x86_64 \n kernel-headers-4.4.30-32.54.amzn1.x86_64 \n kernel-tools-debuginfo-4.4.30-32.54.amzn1.x86_64 \n perf-4.4.30-32.54.amzn1.x86_64 \n kernel-debuginfo-4.4.30-32.54.amzn1.x86_64 \n \n \n", "published": "2016-11-10T18:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2016-762.html", "cvelist": ["CVE-2016-8666", "CVE-2016-7039"], "lastseen": "2016-11-11T04:42:26"}, {"id": "ALAS-2017-786", "type": "amazon", "title": "Medium: kernel", "description": "**Issue Overview:**\n\nThe sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for [CVE-2016-9576 __](<https://access.redhat.com/security/cve/CVE-2016-9576>).\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running. \n\n \n**New Packages:**\n \n \n i686: \n kernel-tools-4.4.41-36.55.amzn1.i686 \n perf-4.4.41-36.55.amzn1.i686 \n perf-debuginfo-4.4.41-36.55.amzn1.i686 \n kernel-debuginfo-4.4.41-36.55.amzn1.i686 \n kernel-tools-debuginfo-4.4.41-36.55.amzn1.i686 \n kernel-devel-4.4.41-36.55.amzn1.i686 \n kernel-4.4.41-36.55.amzn1.i686 \n kernel-tools-devel-4.4.41-36.55.amzn1.i686 \n kernel-debuginfo-common-i686-4.4.41-36.55.amzn1.i686 \n kernel-headers-4.4.41-36.55.amzn1.i686 \n \n noarch: \n kernel-doc-4.4.41-36.55.amzn1.noarch \n \n src: \n kernel-4.4.41-36.55.amzn1.src \n \n x86_64: \n perf-4.4.41-36.55.amzn1.x86_64 \n kernel-devel-4.4.41-36.55.amzn1.x86_64 \n perf-debuginfo-4.4.41-36.55.amzn1.x86_64 \n kernel-tools-4.4.41-36.55.amzn1.x86_64 \n kernel-debuginfo-4.4.41-36.55.amzn1.x86_64 \n kernel-headers-4.4.41-36.55.amzn1.x86_64 \n kernel-tools-debuginfo-4.4.41-36.55.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.4.41-36.55.amzn1.x86_64 \n kernel-4.4.41-36.55.amzn1.x86_64 \n kernel-tools-devel-4.4.41-36.55.amzn1.x86_64 \n \n \n", "published": "2017-01-19T16:30:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2017-786.html", "cvelist": ["CVE-2016-10088", "CVE-2016-9576"], "lastseen": "2017-01-20T00:59:39"}, {"id": "ALAS-2017-782", "type": "amazon", "title": "Medium: kernel", "description": "**Issue Overview:**\n\nA flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. ([CVE-2016-8650 __](<https://access.redhat.com/security/cve/CVE-2016-8650>))\n\nThe blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device. ([CVE-2016-9576 __](<https://access.redhat.com/security/cve/CVE-2016-9576>))\n\nThe sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option. ([CVE-2016-9793 __](<https://access.redhat.com/security/cve/CVE-2016-9793>)) \n\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. You will need to reboot your system in order for the new kernel to be running. \n\n \n**New Packages:**\n \n \n i686: \n kernel-debuginfo-4.4.39-34.54.amzn1.i686 \n kernel-headers-4.4.39-34.54.amzn1.i686 \n kernel-tools-debuginfo-4.4.39-34.54.amzn1.i686 \n kernel-tools-4.4.39-34.54.amzn1.i686 \n kernel-debuginfo-common-i686-4.4.39-34.54.amzn1.i686 \n kernel-4.4.39-34.54.amzn1.i686 \n kernel-devel-4.4.39-34.54.amzn1.i686 \n kernel-tools-devel-4.4.39-34.54.amzn1.i686 \n perf-debuginfo-4.4.39-34.54.amzn1.i686 \n perf-4.4.39-34.54.amzn1.i686 \n \n noarch: \n kernel-doc-4.4.39-34.54.amzn1.noarch \n \n src: \n kernel-4.4.39-34.54.amzn1.src \n \n x86_64: \n perf-4.4.39-34.54.amzn1.x86_64 \n kernel-tools-debuginfo-4.4.39-34.54.amzn1.x86_64 \n kernel-4.4.39-34.54.amzn1.x86_64 \n kernel-devel-4.4.39-34.54.amzn1.x86_64 \n kernel-headers-4.4.39-34.54.amzn1.x86_64 \n kernel-tools-4.4.39-34.54.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.4.39-34.54.amzn1.x86_64 \n kernel-tools-devel-4.4.39-34.54.amzn1.x86_64 \n perf-debuginfo-4.4.39-34.54.amzn1.x86_64 \n kernel-debuginfo-4.4.39-34.54.amzn1.x86_64 \n \n \n", "published": "2017-01-04T17:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2017-782.html", "cvelist": ["CVE-2016-8650", "CVE-2016-9793", "CVE-2016-9576"], "lastseen": "2017-01-05T01:58:51"}, {"id": "ALAS-2016-694", "type": "amazon", "title": "Medium: kernel", "description": "**Issue Overview:**\n\nAn integer overflow vulnerability was found in xt_alloc_table_info, which on 32-bit systems can lead to small structure allocation and a copy_from_user based heap corruption. ([CVE-2016-3135 __](<https://access.redhat.com/security/cve/CVE-2016-3135>))\n\nIn the mark_source_chains function (net/ipv4/netfilter/ip_tables.c) it is possible for a user-supplied ipt_entry structure to have a large next_offset field. This field is not bounds checked prior to writing a counter value at the supplied offset. ([CVE-2016-3134 __](<https://access.redhat.com/security/cve/CVE-2016-3134>))\n\nA weakness was found in the Linux ASLR implementation. Any user able to run 32-bit applications in a x86 machine can disable the ASLR by setting the RLIMIT_STACK resource to unlimited. ([CVE-2016-3672 __](<https://access.redhat.com/security/cve/CVE-2016-3672>))\n\nDestroying a network interface with a large number of IPv4 addresses keeps a rtnl_lock for a very long time, which can block many network-related operations. ([CVE-2016-3156 __](<https://access.redhat.com/security/cve/CVE-2016-3156>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n**New Packages:**\n \n \n i686: \n perf-4.4.8-20.46.amzn1.i686 \n kernel-4.4.8-20.46.amzn1.i686 \n kernel-devel-4.4.8-20.46.amzn1.i686 \n kernel-tools-4.4.8-20.46.amzn1.i686 \n perf-debuginfo-4.4.8-20.46.amzn1.i686 \n kernel-debuginfo-common-i686-4.4.8-20.46.amzn1.i686 \n kernel-tools-debuginfo-4.4.8-20.46.amzn1.i686 \n kernel-debuginfo-4.4.8-20.46.amzn1.i686 \n kernel-tools-devel-4.4.8-20.46.amzn1.i686 \n kernel-headers-4.4.8-20.46.amzn1.i686 \n \n noarch: \n kernel-doc-4.4.8-20.46.amzn1.noarch \n \n src: \n kernel-4.4.8-20.46.amzn1.src \n \n x86_64: \n kernel-debuginfo-common-x86_64-4.4.8-20.46.amzn1.x86_64 \n perf-debuginfo-4.4.8-20.46.amzn1.x86_64 \n kernel-tools-debuginfo-4.4.8-20.46.amzn1.x86_64 \n kernel-tools-4.4.8-20.46.amzn1.x86_64 \n kernel-4.4.8-20.46.amzn1.x86_64 \n kernel-tools-devel-4.4.8-20.46.amzn1.x86_64 \n kernel-debuginfo-4.4.8-20.46.amzn1.x86_64 \n perf-4.4.8-20.46.amzn1.x86_64 \n kernel-devel-4.4.8-20.46.amzn1.x86_64 \n kernel-headers-4.4.8-20.46.amzn1.x86_64 \n \n \n", "published": "2016-04-27T16:15:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://alas.aws.amazon.com/ALAS-2016-694.html", "cvelist": ["CVE-2016-3156", "CVE-2016-3135", "CVE-2016-3672", "CVE-2016-3134"], "lastseen": "2016-09-28T21:03:58"}], "f5": [{"id": "F5:K54610514", "type": "f5", "title": "Linux kernel vulnerability CVE-2016-10088", "description": "\nF5 Product Development has assigned ID 640766 and ID 640768 (BIG-IP), and ID 640766 and ID 640768 (BIG-IQ, Enterprise Manager, iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H54610514 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP AAM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP AFM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP Analytics| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP APM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP ASM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP DNS| 13.0.0 \n12.0.0 - 12.1.2| None| Low| Linux kernel \nBIG-IP Edge Gateway| 11.2.1| None| Low| Linux kernel \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP Link Controller| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP PEM| 13.0.0 \n12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP PSM| 11.4.0 - 11.4.1| None| Low| Linux kernel \nBIG-IP WebAccelerator| 11.2.1| None| Low| Linux kernel \nBIG-IP WebSafe| 13.0.0 \n12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| None| Low \n\n| Linux kernel \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.1.1| None| Low| Linux kernel \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ ADC| 4.5.0| None| Low| Linux kernel \nBIG-IQ Centralized Management| 5.0.0 - 5.2.0 \n4.6.0| None| Low| Linux kernel \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| Linux kernel \nF5 iWorkflow| 2.0.0 - 2.2.0| None| Low| Linux kernel \nLineRate| None| 3.0.0 - 3.1.1| Not vulnerable| None \nTraffix SDC| None| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| Not vulnerable| None\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "published": "2017-01-28T02:39:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K54610514", "cvelist": ["CVE-2016-10088", "CVE-2016-9576"], "lastseen": "2017-07-03T23:58:30"}, {"id": "F5:K54095660", "type": "f5", "title": "Linux kernel vulnerability CVE-2016-9555", "description": "\nF5 Product Development has assigned IDs 641319 and 648879 (BIG-IP), ID 641319-1 (BIG-IQ), ID 643805 (Enterprise Manager), and ID 646642 (F5 iWorkflow) to this vulnerability.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP AAM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable1| None \nBIG-IP AFM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable1| None \nBIG-IP Analytics| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP APM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP ASM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP DNS| None| 12.0.0 - 12.1.2| Not vulnerable1| None \nBIG-IP Edge Gateway| None| 11.2.1| Not vulnerable1| None \nBIG-IP GTM| None| 11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP Link Controller| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| Not vulnerable1| None \nBIG-IP PEM| None| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| Not vulnerable1| None \nBIG-IP PSM| None| 11.4.0 - 11.4.1| Not vulnerable1| None \nBIG-IP WebAccelerator| None| 11.2.1| Not vulnerable1| None \nBIG-IP WebSafe| None| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| Not vulnerable1| None \nARX| None| 6.2.0 - 6.4.0| Not vulnerable1| None \nEnterprise Manager| None| 3.1.1| Not vulnerable1| None \nBIG-IQ Cloud| None| 4.0.0 - 4.5.0| Not vulnerable1| None \nBIG-IQ Device| None| 4.2.0 - 4.5.0| Not vulnerable1| None \nBIG-IQ Security| None| 4.0.0 - 4.5.0| Not vulnerable1| None \nBIG-IQ ADC| None| 4.5.0| Not vulnerable1| None \nBIG-IQ Centralized Management| None| 5.0.0 - 5.1.0 \n4.6.0| Not vulnerable1| None \nBIG-IQ Cloud and Orchestration| None| 1.0.0| Not vulnerable1| None \nF5 iWorkflow| None| 2.0.0 - 2.0.2| Not vulnerable1| None \nLineRate| None| 2.5.0 - 2.6.1| Not vulnerable1| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Low| Linux kernel \n \n1 The specified products contain the affected code. However, F5 identifies the vulnerability status as Not vulnerable because the attacker cannot exploit the code in default, standard, or recommended configurations.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n", "published": "2017-02-23T01:21:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K54095660", "cvelist": ["CVE-2016-9555"], "lastseen": "2017-06-08T00:16:29"}, {"id": "F5:K05513373", "type": "f5", "title": "Linux kernel vulnerability CVE-2016-9576", "description": "\nF5 Product Development has assigned ID 640766 and 640768 (BIG-IP), and ID 640766 and 640768 (BIG-IQ, Enterprise Manager, iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H05513373 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP AAM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP AFM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP Analytics| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP APM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP ASM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP DNS| 12.0.0 - 12.1.2| None| Low| Linux kernel \nBIG-IP Edge Gateway| 11.2.1| None| Low| Linux kernel \nBIG-IP GTM| 11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP Link Controller| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1 \n11.2.1| None| Low| Linux kernel \nBIG-IP PEM| 12.0.0 - 12.1.2 \n11.4.0 - 11.6.1| None| Low| Linux kernel \nBIG-IP PSM| 11.4.0 - 11.4.1| None| Low| Linux kernel \nBIG-IP WebAccelerator| 11.2.1| None| Low| Linux kernel \nBIG-IP WebSafe| 12.0.0 - 12.1.2 \n11.6.0 - 11.6.1| None| Low \n\n| Linux kernel \nARX| None| 6.2.0 - 6.4.0| Not vulnerable| None \nEnterprise Manager| 3.1.1| None| Low| Linux kernel \nBIG-IQ Cloud| 4.0.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ Device| 4.2.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ Security| 4.0.0 - 4.5.0| None| Low| Linux kernel \nBIG-IQ ADC| 4.5.0| None| Low| Linux kernel \nBIG-IQ Centralized Management| 5.0.0 - 5.1.0 \n4.6.0| None| Low| Linux kernel \nBIG-IQ Cloud and Orchestration| 1.0.0| None| Low| Linux kernel \nF5 iWorkflow| 2.0.0 - 2.0.2| None| Low| Linux kernel \nLineRate| None| 3.0.0 - 3.1.1| Not vulnerable| None \nTraffix SDC| 5.0.0 - 5.1.0 \n4.0.0 - 4.4.0| None| Low| Linux Kernel\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Versions known to be not vulnerable** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n * [K167: Downloading software and firmware from F5](<https://support.f5.com/csp/article/K167>)\n * [K13123: Managing BIG-IP product hotfixes (11.x - 13.x)](<https://support.f5.com/csp/article/K13123>)\n * [K9502: BIG-IP hotfix matrix](<https://support.f5.com/csp/article/K9502>)\n * [K15106: Managing BIG-IQ product hotfixes](<https://support.f5.com/csp/article/K15106>)\n * [K15113: BIG-IQ hotfix matrix](<https://support.f5.com/csp/article/K15113>)\n", "published": "2017-01-28T02:28:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://support.f5.com/csp/article/K05513373", "cvelist": ["CVE-2016-9576"], "lastseen": "2017-06-08T00:16:15"}], "centos": [{"id": "CESA-2017:0817", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2017:0817\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2017-March/003811.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0817.html", "published": "2017-03-24T15:34:16", "cvss": {"score": 7.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2017-March/003811.html", "cvelist": ["CVE-2016-2384", "CVE-2016-7097", "CVE-2016-8399", "CVE-2016-6480", "CVE-2016-2069", "CVE-2016-10088", "CVE-2016-9576", "CVE-2016-10142", "CVE-2016-7042"], "lastseen": "2017-04-18T17:24:41"}, {"id": "CESA-2017:0307", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2017:0307\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-February/022281.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0307.html", "published": "2017-02-24T20:45:23", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2017-February/022281.html", "cvelist": ["CVE-2016-9555", "CVE-2016-6136"], "lastseen": "2017-02-24T23:07:44"}, {"id": "CESA-2017:0086", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2017:0086\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-January/022246.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2017-0086.html", "published": "2017-01-19T13:30:14", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2017-January/022246.html", "cvelist": ["CVE-2016-7117", "CVE-2016-9555", "CVE-2016-6828"], "lastseen": "2017-01-19T15:01:58"}], "debian": [{"id": "DSA-3804", "type": "debian", "title": "linux -- security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts.\n\n * [CVE-2016-9588](<https://security-tracker.debian.org/tracker/CVE-2016-9588>)\n\nJim Mattson discovered that the KVM implementation for Intel x86 processors does not properly handle #BP and #OF exceptions in an L2 (nested) virtual machine. A local attacker in an L2 guest VM can take advantage of this flaw to cause a denial of service for the L1 guest VM.\n\n * [CVE-2017-2636](<https://security-tracker.debian.org/tracker/CVE-2017-2636>)\n\nAlexander Popov discovered a race condition flaw in the n_hdlc line discipline that can lead to a double free. A local unprivileged user can take advantage of this flaw for privilege escalation. On systems that do not already have the n_hdlc module loaded, this can be mitigated by disabling it: `echo>> /etc/modprobe.d/disable-n_hdlc.conf install n_hdlc false`\n\n * [CVE-2017-5669](<https://security-tracker.debian.org/tracker/CVE-2017-5669>)\n\nGareth Evans reported that privileged users can map memory at address 0 through the shmat() system call. This could make it easier to exploit other kernel security vulnerabilities via a set-UID program.\n\n * [CVE-2017-5986](<https://security-tracker.debian.org/tracker/CVE-2017-5986>)\n\nAlexander Popov reported a race condition in the SCTP implementation that can be used by local users to cause a denial-of-service (crash). The initial fix for this was incorrect and introduced further security issues ([ CVE-2017-6353](<https://security-tracker.debian.org/tracker/CVE-2017-6353>)). This update includes a later fix that avoids those. On systems that do not already have the sctp module loaded, this can be mitigated by disabling it: `echo>> /etc/modprobe.d/disable-sctp.conf install sctp false`\n\n * [CVE-2017-6214](<https://security-tracker.debian.org/tracker/CVE-2017-6214>)\n\nDmitry Vyukov reported a bug in the TCP implementation's handling of urgent data in the splice() system call. This can be used by a remote attacker for denial-of-service (hang) against applications that read from TCP sockets with splice().\n\n * [CVE-2017-6345](<https://security-tracker.debian.org/tracker/CVE-2017-6345>)\n\nAndrey Konovalov reported that the LLC type 2 implementation incorrectly assigns socket buffer ownership. This can be used by a local user to cause a denial-of-service (crash). On systems that do not already have the llc2 module loaded, this can be mitigated by disabling it: `echo>> /etc/modprobe.d/disable-llc2.conf install llc2 false`\n\n * [CVE-2017-6346](<https://security-tracker.debian.org/tracker/CVE-2017-6346>)\n\nDmitry Vyukov reported a race condition in the raw packet (af_packet) fanout feature. Local users with the CAP_NET_RAW capability (in any user namespace) can use this for denial-of-service and possibly for privilege escalation.\n\n * [CVE-2017-6348](<https://security-tracker.debian.org/tracker/CVE-2017-6348>)\n\nDmitry Vyukov reported that the general queue implementation in the IrDA subsystem does not properly manage multiple locks, possibly allowing local users to cause a denial-of-service (deadlock) via crafted operations on IrDA devices.\n\nFor the stable distribution (jessie), these problems have been fixed in version 3.16.39-1+deb8u2.\n\nWe recommend that you upgrade your linux packages.", "published": "2017-03-08T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3804", "cvelist": ["CVE-2017-2636", "CVE-2017-6348", "CVE-2017-6214", "CVE-2017-6345", "CVE-2017-5669", "CVE-2017-5986", "CVE-2017-6346", "CVE-2016-9588", "CVE-2017-6353"], "lastseen": "2017-03-09T01:13:00"}, {"id": "DSA-3607", "type": "debian", "title": "linux -- security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.\n\n * [CVE-2015-7515](<https://security-tracker.debian.org/tracker/CVE-2015-7515>), [CVE-2016-2184](<https://security-tracker.debian.org/tracker/CVE-2016-2184>), [CVE-2016-2185](<https://security-tracker.debian.org/tracker/CVE-2016-2185>), [CVE-2016-2186](<https://security-tracker.debian.org/tracker/CVE-2016-2186>), [CVE-2016-2187](<https://security-tracker.debian.org/tracker/CVE-2016-2187>), [CVE-2016-3136](<https://security-tracker.debian.org/tracker/CVE-2016-3136>), [CVE-2016-3137](<https://security-tracker.debian.org/tracker/CVE-2016-3137>), [CVE-2016-3138](<https://security-tracker.debian.org/tracker/CVE-2016-3138>), [CVE-2016-3140](<https://security-tracker.debian.org/tracker/CVE-2016-3140>)\n\nRalf Spenneberg of OpenSource Security reported that various USB drivers do not sufficiently validate USB descriptors. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash).\n\n * [CVE-2016-0821](<https://security-tracker.debian.org/tracker/CVE-2016-0821>)\n\nSolar Designer noted that the list poisoning feature, intended to mitigate the effects of bugs in list manipulation in the kernel, used poison values within the range of virtual addresses that can be allocated by user processes.\n\n * [CVE-2016-1237](<https://security-tracker.debian.org/tracker/CVE-2016-1237>)\n\nDavid Sinquin discovered that nfsd does not check permissions when setting ACLs, allowing users to grant themselves permissions to a file by setting the ACL.\n\n * [CVE-2016-1583](<https://security-tracker.debian.org/tracker/CVE-2016-1583>)\n\nJann Horn of Google Project Zero reported that the eCryptfs filesystem could be used together with the proc filesystem to cause a kernel stack overflow. If the ecryptfs-utils package is installed, local users could exploit this, via the mount.ecryptfs_private program, for denial of service (crash) or possibly for privilege escalation.\n\n * [CVE-2016-2117](<https://security-tracker.debian.org/tracker/CVE-2016-2117>)\n\nJustin Yackoski of Cryptonite discovered that the Atheros L2 ethernet driver incorrectly enables scatter/gather I/O. A remote attacker could take advantage of this flaw to obtain potentially sensitive information from kernel memory.\n\n * [CVE-2016-2143](<https://security-tracker.debian.org/tracker/CVE-2016-2143>)\n\nMarcin Koscielnicki discovered that the fork implementation in the Linux kernel on s390 platforms mishandles the case of four page-table levels, which allows local users to cause a denial of service (system crash).\n\n * [CVE-2016-3070](<https://security-tracker.debian.org/tracker/CVE-2016-3070>)\n\nJan Stancek of Red Hat discovered a local denial of service vulnerability in AIO handling.\n\n * [CVE-2016-3134](<https://security-tracker.debian.org/tracker/CVE-2016-3134>)\n\nThe Google Project Zero team found that the netfilter subsystem does not sufficiently validate filter table entries. A user with the CAP_NET_ADMIN capability could use this for denial of service (crash) or possibly for privilege escalation. Debian disables unprivileged user namespaces by default, if locally enabled with the kernel.unprivileged_userns_clone sysctl, this allows privilege escalation.\n\n * [CVE-2016-3156](<https://security-tracker.debian.org/tracker/CVE-2016-3156>)\n\nSolar Designer discovered that the IPv4 implementation in the Linux kernel did not perform the destruction of inet device objects properly. An attacker in a guest OS could use this to cause a denial of service (networking outage) in the host OS.\n\n * [CVE-2016-3157](<https://security-tracker.debian.org/tracker/CVE-2016-3157>) / XSA-171 \n\nAndy Lutomirski discovered that the x86_64 (amd64) task switching implementation did not correctly update the I/O permission level when running as a Xen paravirtual (PV) guest. In some configurations this would allow local users to cause a denial of service (crash) or to escalate their privileges within the guest.\n\n * [CVE-2016-3672](<https://security-tracker.debian.org/tracker/CVE-2016-3672>)\n\nHector Marco and Ismael Ripoll noted that it was possible to disable Address Space Layout Randomisation (ASLR) for x86_32 (i386) programs by removing the stack resource limit. This made it easier for local users to exploit security flaws in programs that have the setuid or setgid flag set.\n\n * [CVE-2016-3951](<https://security-tracker.debian.org/tracker/CVE-2016-3951>)\n\nIt was discovered that the cdc_ncm driver would free memory prematurely if certain errors occurred during its initialisation. This allowed a physically present user with a specially designed USB device to cause a denial of service (crash) or possibly to escalate their privileges.\n\n * [CVE-2016-3955](<https://security-tracker.debian.org/tracker/CVE-2016-3955>)\n\nIgnat Korchagin reported that the usbip subsystem did not check the length of data received for a USB buffer. This allowed denial of service (crash) or privilege escalation on a system configured as a usbip client, by the usbip server or by an attacker able to impersonate it over the network. A system configured as a usbip server might be similarly vulnerable to physically present users.\n\n * [CVE-2016-3961](<https://security-tracker.debian.org/tracker/CVE-2016-3961>) / XSA-174 \n\nVitaly Kuznetsov of Red Hat discovered that Linux allowed the use of hugetlbfs on x86 (i386 and amd64) systems even when running as a Xen paravirtualised (PV) guest, although Xen does not support huge pages. This allowed users with access to /dev/hugepages to cause a denial of service (crash) in the guest.\n\n * [CVE-2016-4470](<https://security-tracker.debian.org/tracker/CVE-2016-4470>)\n\nDavid Howells of Red Hat discovered that a local user can trigger a flaw in the Linux kernel's handling of key lookups in the keychain subsystem, leading to a denial of service (crash) or possibly to privilege escalation.\n\n * [CVE-2016-4482](<https://security-tracker.debian.org/tracker/CVE-2016-4482>), [CVE-2016-4485](<https://security-tracker.debian.org/tracker/CVE-2016-4485>), [CVE-2016-4486](<https://security-tracker.debian.org/tracker/CVE-2016-4486>), [CVE-2016-4569](<https://security-tracker.debian.org/tracker/CVE-2016-4569>), [CVE-2016-4578](<https://security-tracker.debian.org/tracker/CVE-2016-4578>), [CVE-2016-4580](<https://security-tracker.debian.org/tracker/CVE-2016-4580>), [CVE-2016-5243](<https://security-tracker.debian.org/tracker/CVE-2016-5243>), [CVE-2016-5244](<https://security-tracker.debian.org/tracker/CVE-2016-5244>)\n\nKangjie Lu reported that the USB devio, llc, rtnetlink, ALSA timer, x25, tipc, and rds facilities leaked information from the kernel stack.\n\n * [CVE-2016-4565](<https://security-tracker.debian.org/tracker/CVE-2016-4565>)\n\nJann Horn of Google Project Zero reported that various components in the InfiniBand stack implemented unusual semantics for the write() operation. On a system with InfiniBand drivers loaded, local users could use this for denial of service or privilege escalation.\n\n * [CVE-2016-4581](<https://security-tracker.debian.org/tracker/CVE-2016-4581>)\n\nTycho Andersen discovered that in some situations the Linux kernel did not handle propagated mounts correctly. A local user can take advantage of this flaw to cause a denial of service (system crash).\n\n * [CVE-2016-4805](<https://security-tracker.debian.org/tracker/CVE-2016-4805>)\n\nBaozeng Ding discovered a use-after-free in the generic PPP layer in the Linux kernel. A local user can take advantage of this flaw to cause a denial of service (system crash), or potentially escalate their privileges.\n\n * [CVE-2016-4913](<https://security-tracker.debian.org/tracker/CVE-2016-4913>)\n\nAl Viro found that the ISO9660 filesystem implementation did not correctly count the length of certain invalid name entries. Reading a directory containing such name entries would leak information from kernel memory. Users permitted to mount disks or disk images could use this to obtain sensitive information.\n\n * [CVE-2016-4997](<https://security-tracker.debian.org/tracker/CVE-2016-4997>) / [CVE-2016-4998](<https://security-tracker.debian.org/tracker/CVE-2016-4998>)\n\nJesse Hertz and Tim Newsham discovered that missing input sanitising in Netfilter socket handling may result in denial of service. Debian disables unprivileged user namespaces by default, if locally enabled with the kernel.unprivileged_userns_clone sysctl, this also allows privilege escalation.\n\nFor the stable distribution (jessie), these problems have been fixed in version 3.16.7-ckt25-2+deb8u2.\n\nWe recommend that you upgrade your linux packages.", "published": "2016-06-28T00:00:00", "cvss": {"score": 10, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3607", "cvelist": ["CVE-2016-5244", "CVE-2016-3070", "CVE-2016-4913", "CVE-2016-3961", "CVE-2016-4581", "CVE-2016-4486", "CVE-2016-2186", "CVE-2016-2187", "CVE-2016-3156", "CVE-2016-1583", "CVE-2016-4569", "CVE-2016-0821", "CVE-2016-2184", "CVE-2016-5243", "CVE-2016-3951", "CVE-2016-3955", "CVE-2015-7515", "CVE-2016-3137", "CVE-2016-4485", "CVE-2016-4997", "CVE-2016-4482", "CVE-2016-3136", "CVE-2016-1237", "CVE-2016-3138", "CVE-2016-3140", "CVE-2016-2143", "CVE-2016-4578", "CVE-2016-2185", "CVE-2016-4805", "CVE-2016-3157", "CVE-2016-4470", "CVE-2016-2117", "CVE-2016-4565", "CVE-2016-4580", "CVE-2016-3672", "CVE-2016-4998", "CVE-2016-3134"], "lastseen": "2016-09-02T18:34:27"}], "zdt": [{"id": "1337DAY-ID-25173", "type": "zdt", "title": "Linux/x86 - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited", "description": "Exploit for linux platform in category dos / poc", "published": "2016-04-06T00:00:00", "cvss": {"score": 0, "vector": "NONE"}, "href": "http://0day.today/exploit/description/25173", "cvelist": ["CVE-2016-3672"], "lastseen": "2016-04-20T01:28:06"}], "exploitdb": [{"id": "EDB-ID:39669", "type": "exploitdb", "title": "Linux x86 - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited", "description": "Linux x86 - Disable ASLR by Setting the RLIMIT_STACK Resource to Unlimited. CVE-2016-3672. Dos exploit for linux platform", "published": "2016-04-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/39669/", "cvelist": ["CVE-2016-3672"], "lastseen": "2016-04-06T21:00:22"}]}}