kernel-syms (SUSE:Manager 2.1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Manager 2.1 package kernel-syms, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (95)
CVE-2015-8812 — CVSS 9.8 (critical): drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 does not properly identify error conditions, which allows remote…
CVE-2016-3955 — CVSS 9.8 (critical): The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in the Linux kernel before 4.5.3 allows remote attackers to cause a…
CVE-2016-9555 — CVSS 9.8 (critical): The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux kernel before 4.8.8 lacks chunk-length checking for the first chunk…
CVE-2016-7117 — CVSS 9.8 (critical): Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to…
CVE-2016-3134 — CVSS 8.4 (high): The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain…
CVE-2015-8550 — CVSS 8.2 (high): Xen, when used on a system providing PV backends, allows local guest OS administrators to cause a denial of service (host OS crash) or gain…
CVE-2012-6704 — CVSS 7.8 (high): The sock_setsockopt function in net/core/sock.c in the Linux kernel before 3.5 mishandles negative values of sk_sndbuf and sk_rcvbuf, which…
CVE-2015-8539 — CVSS 7.8 (high): The KEYS subsystem in the Linux kernel before 4.4 allows local users to gain privileges or cause a denial of service (BUG) via crafted…
CVE-2016-7911 — CVSS 7.8 (high): Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel before 4.6.6 allows local users to gain privileges or…
CVE-2016-7910 — CVSS 7.8 (high): Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel before 4.7.1 allows local users to gain…
CVE-2016-7425 — CVSS 7.8 (high): The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel through 4.8.2 does not restrict a certain…
CVE-2016-9794 — CVSS 7.8 (high): Race condition in the snd_pcm_period_elapsed function in sound/core/pcm_lib.c in the ALSA subsystem in the Linux kernel before 4.7 allows…
CVE-2016-4565 — CVSS 7.8 (high): The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 incorrectly relies on the write system call, which allows local users to…
CVE-2016-9793 — CVSS 7.8 (high): The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf…
CVE-2016-9576 — CVSS 7.8 (high): The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator…
CVE-2016-4997 — CVSS 7.8 (high): The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt implementations in the netfilter subsystem in the Linux kernel before…
CVE-2016-4805 — CVSS 7.8 (high): Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the Linux kernel before 4.5.2 allows local users to cause a denial of…
CVE-2016-5829 — CVSS 7.8 (high): Multiple heap-based buffer overflows in the hiddev_ioctl_usage function in drivers/hid/usbhid/hiddev.c in the Linux kernel through 4.6.3…
CVE-2016-0758 — CVSS 7.8 (high): Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 allows local users to gain privileges via crafted ASN.1 data.
CVE-2016-1583 — CVSS 7.8 (high): The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or…
CVE-2016-8632 — CVSS 7.8 (high): The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum…
CVE-2016-2143 — CVSS 7.8 (high): The fork implementation in the Linux kernel before 4.5 on s390 platforms mishandles the case of four page-table levels, which allows local…
CVE-2016-4913 — CVSS 7.8 (high): The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries…
CVE-2016-5244 — CVSS 7.5 (high): The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel through 4.6.3 does not initialize a certain structure member, which…
CVE-2016-4485 — CVSS 7.5 (high): The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel before 4.5.5 does not initialize a certain data structure, which allows…
CVE-2016-4580 — CVSS 7.5 (high): The x25_negotiate_facilities function in net/x25/x25_facilities.c in the Linux kernel before 4.5.5 does not properly initialize a certain…
CVE-2016-2069 — CVSS 7.4 (high): Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 allows local users to gain privileges by triggering access to a paging…
CVE-2015-8962 — CVSS 7.3 (high): Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel before 4.4 allows local users to gain…
CVE-2016-3841 — CVSS 7.3 (high): The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of…
CVE-2017-2636 — CVSS 7.0 (high): Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of…
CVE-2015-8543 — CVSS 7.0 (high): The networking implementation in the Linux kernel through 4.3.3, as used in Android and other products, does not validate protocol…
CVE-2016-8399 — CVSS 7.0 (high): An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary…
CVE-2016-10088 — CVSS 7.0 (high): The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option…
CVE-2016-0723 — CVSS 6.8 (medium): Race condition in the tty_ioctl function in drivers/tty/tty_io.c in the Linux kernel through 4.4.1 allows local users to obtain sensitive…
CVE-2016-8633 — CVSS 6.8 (medium): drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute…
CVE-2015-8816 — CVSS 6.8 (medium): The hub_activate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data…
CVE-2015-7513 — CVSS 6.5 (medium): arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the PIT counter values during state restoration, which allows guest OS…
CVE-2016-2543 — CVSS 6.2 (medium): The snd_seq_ioctl_remove_events function in sound/core/seq/seq_clientmgr.c in the Linux kernel before 4.4.1 does not verify FIFO assignment…
CVE-2013-4312 — CVSS 6.2 (medium): The Linux kernel before 4.4.1 allows local users to bypass file-descriptor limits and cause a denial of service (memory consumption) by…
CVE-2015-8767 — CVSS 6.2 (medium): net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not properly manage the relationship between a lock and a socket, which allows…
CVE-2015-8785 — CVSS 6.2 (medium): The fuse_fill_write_pages function in fs/fuse/file.c in the Linux kernel before 4.4 allows local users to cause a denial of service…
CVE-2016-2548 — CVSS 6.2 (medium): sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to…
CVE-2016-2549 — CVSS 6.2 (medium): sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a…
CVE-2016-7042 — CVSS 6.2 (medium): The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack…
CVE-2016-2847 — CVSS 6.2 (medium): fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of unread data in pipes, which allows local users to cause a denial of…
CVE-2016-4482 — CVSS 6.2 (medium): The proc_connectinfo function in drivers/usb/core/devio.c in the Linux kernel through 4.6 does not initialize a certain data structure…
CVE-2015-8956 — CVSS 6.1 (medium): The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive…
CVE-2015-8551 — CVSS 6.0 (medium): The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest…
CVE-2016-4578 — CVSS 5.5 (medium): sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain…
CVE-2015-1350 — CVSS 5.5 (medium): The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing…
CVE-2015-8970 — CVSS 5.5 (medium): crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not verify that a setkey operation has been performed on an AF_ALG socket…
CVE-2016-6828 — CVSS 5.5 (medium): The tcp_check_send_head function in include/net/tcp.h in the Linux kernel before 4.7.5 does not properly maintain certain SACK state after…
CVE-2015-8964 — CVSS 5.5 (medium): The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel before 4.5 allows local users to obtain sensitive…
CVE-2016-3156 — CVSS 5.5 (medium): The IPv4 implementation in the Linux kernel before 4.5.2 mishandles destruction of device objects, which allows guest OS users to cause a…
CVE-2016-8646 — CVSS 5.5 (medium): The hash_accept function in crypto/algif_hash.c in the Linux kernel before 4.3.6 allows local users to cause a denial of service (OOPS) by…
CVE-2015-7550 — CVSS 5.5 (medium): The keyctl_read_key function in security/keys/keyctl.c in the Linux kernel before 4.3.4 does not properly use a semaphore, which allows…
CVE-2016-4569 — CVSS 5.5 (medium): The snd_timer_user_params function in sound/core/timer.c in the Linux kernel through 4.6 does not initialize a certain data structure…
CVE-2016-4470 — CVSS 5.5 (medium): The key_reject_and_link function in security/keys/key.c in the Linux kernel through 4.6.3 does not ensure that a certain data structure is…
CVE-2016-9685 — CVSS 5.5 (medium): Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the Linux kernel before 4.5.1 allow local users to cause a denial of…
CVE-2016-9756 — CVSS 5.5 (medium): arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not properly initialize Code Segment (CS) in certain error cases, which…
CVE-2016-7916 — CVSS 5.5 (medium): Race condition in the environ_read function in fs/proc/base.c in the Linux kernel before 4.5.4 allows local users to obtain sensitive…
CVE-2013-7446 — CVSS 5.3 (medium): Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel before 4.3.3 allows local users to bypass intended AF_UNIX socket…
CVE-2016-2546 — CVSS 5.1 (medium): sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect type of mutex, which allows local users to cause a denial of service…
CVE-2016-2547 — CVSS 5.1 (medium): sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking approach that does not consider slave timer instances, which allows…
CVE-2016-6480 — CVSS 5.1 (medium): Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows local users to…
CVE-2016-2544 — CVSS 5.1 (medium): Race condition in the queue_delete function in sound/core/seq/seq_queue.c in the Linux kernel before 4.4.1 allows local users to cause a…
CVE-2016-2545 — CVSS 5.1 (medium): The snd_timer_interrupt function in sound/core/timer.c in the Linux kernel before 4.4.1 does not properly maintain a certain linked list…
CVE-2004-0230 — CVSS 5.0 (medium): TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service…
CVE-2015-8215 — CVSS 5.0 (medium): net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows…
CVE-2015-7833 — CVSS 4.9 (medium): The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 through 3.10.0-229.14.1.el7 in Red Hat Enterprise Linux (RHEL) 7.1…
CVE-2015-7799 — CVSS 4.9 (medium): The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel through 4.2.3 does not ensure that certain slot numbers are valid…
CVE-2016-5696 — CVSS 4.8 (medium): net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier…
CVE-2016-2053 — CVSS 4.7 (medium): The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux kernel before 4.3 allows attackers to cause a denial of service (panic)…
CVE-2016-2782 — CVSS 4.6 (medium): The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a…
CVE-2016-3140 — CVSS 4.6 (medium): The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers…
CVE-2016-2384 — CVSS 4.6 (medium): Double free vulnerability in the snd_usbmidi_create function in sound/usb/midi.c in the Linux kernel before 4.5 allows physically proximate…
CVE-2016-2188 — CVSS 4.6 (medium): The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to…
CVE-2016-2187 — CVSS 4.6 (medium): The gtco_probe function in drivers/input/tablet/gtco.c in the Linux kernel through 4.5.2 allows physically proximate attackers to cause a…
CVE-2016-2186 — CVSS 4.6 (medium): The powermate_probe function in drivers/input/misc/powermate.c in the Linux kernel before 4.5.1 allows physically proximate attackers to…
CVE-2016-2185 — CVSS 4.6 (medium): The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in the Linux kernel before 4.5.1 allows physically proximate attackers…
CVE-2016-2184 — CVSS 4.6 (medium): The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically…
CVE-2015-7515 — CVSS 4.6 (medium): The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a…
CVE-2015-7566 — CVSS 4.6 (medium): The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a…
CVE-2016-3139 — CVSS 4.6 (medium): The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause…
CVE-2016-3138 — CVSS 4.6 (medium): The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a…
CVE-2016-3137 — CVSS 4.6 (medium): drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL…
CVE-2017-5551 — CVSS 4.4 (medium): The simple_set_acl function in fs/posix_acl.c in the Linux kernel before 4.9.6 preserves the setgid bit during a setxattr call involving a…
CVE-2016-7097 — CVSS 4.4 (medium): The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a setxattr call, which allows local users…
CVE-2015-8552 — CVSS 4.4 (medium): The PCI backend driver in Xen, when running on an x86 system and using Linux 3.1.x through 4.3.x as the driver domain, allows local guest…
CVE-2015-7509 — CVSS 4.4 (medium): fs/ext4/namei.c in the Linux kernel before 3.7 allows physically proximate attackers to cause a denial of service (system crash) via a…
CVE-2015-8575 — CVSS 4.0 (medium): The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel before 4.3.4 does not verify an address length, which allows local…
CVE-2016-0823 — CVSS 4.0 (medium): The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allows local…
CVE-2016-4486 — CVSS 3.3 (low): The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux kernel before 4.5.5 does not initialize a certain data structure…
CVE-2015-8569 — CVSS 2.3 (low): The (1) pptp_bind and (2) pptp_connect functions in drivers/net/ppp/pptp.c in the Linux kernel through 4.3.3 do not verify an address…