{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"\nThe SUSE Linux Enterprise 11 SP3 Realtime kernel was updated to receive various security and bugfixes.\n\nFollowing security bugs were fixed:\n- CVE-2015-8104: The KVM subsystem in the Linux kernel allowed guest OS\n  users to cause a denial of service (host OS panic or hang) by triggering\n  many #DB (aka Debug) exceptions, related to svm.c (bnc#954404).\n- CVE-2015-5307: The KVM subsystem in the Linux kernel allowed guest OS\n  users to cause a denial of service (host OS panic or hang) by triggering\n  many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c\n  (bnc#953527).\n- CVE-2015-7990: RDS: Verify the underlying transport exists before\n  creating a connection, preventing possible DoS (bsc#952384, CVE-2015-7990).\n- CVE-2015-5157: arch/x86/entry/entry_64.S in the Linux kernel on\n  the x86_64 platform mishandled IRET faults in processing NMIs that\n  occurred during userspace execution, which might allow local users to\n  gain privileges by triggering an NMI (bnc#937969 bnc#937970 bnc#938706\n  bnc#939207).\n- CVE-2015-7872: The key_gc_unused_keys function in security/keys/gc.c\n  in the Linux kernel allowed local users to cause a denial of service\n  (OOPS) via crafted keyctl commands (bnc#951440).\n- CVE-2015-8215: net/ipv6/addrconf.c in the IPv6 stack in the Linux\n  kernel did not validate attempted changes to the MTU value, which allowed\n  context-dependent attackers to cause a denial of service (packet loss)\n  via a value that is (1) smaller than the minimum compliant value or\n  (2) larger than the MTU of an interface, as demonstrated by a Router\n  Advertisement (RA) message that is not validated by a daemon, a different\n  vulnerability than CVE-2015-0272. NOTE: the scope of CVE-2015-0272 is\n  limited to the NetworkManager product. (bnc#955354).\n- CVE-2015-6937: The __rds_conn_create function in net/rds/connection.c\n  in the Linux kernel allowed local users to cause a denial of service\n  (NULL pointer dereference and system crash) or possibly have unspecified\n  other impact by using a socket that was not properly bound (bnc#945825).\n- CVE-2015-6252: The vhost_dev_ioctl function in drivers/vhost/vhost.c\n  in the Linux kernel allowed local users to cause a denial of service\n  (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers\n  permanent file-descriptor allocation (bnc#942367).\n\nThe following non-security bugs were fixed:\n- alsa: hda - Disable 64bit address for Creative HDA controllers (bnc#814440).\n- btrfs: fix hang when failing to submit bio of directIO (bnc#942688).\n- btrfs: fix memory corruption on failure to submit bio for direct IO (bnc#942688).\n- btrfs: fix put dio bio twice when we submit dio bio fail (bnc#942688).\n- dm: do not start current request if it would've merged with the previous (bsc#904348).\n- dm: impose configurable deadline for dm_request_fn's merge heuristic (bsc#904348).\n- dm-snap: avoid deadock on s->lock when a read is split (bsc#939826).\n- dm sysfs: introduce ability to add writable attributes (bsc#904348).\n- drm/i915: Add bit field to record which pins have received HPD events (v3) (bsc#942938).\n- drm/I915: Add enum hpd_pin to intel_encoder (bsc#942938).\n- drm/i915: add hotplug activation period to hotplug update mask (bsc#953980).\n- drm/i915: Add HPD IRQ storm detection (v5) (bsc#942938).\n- drm/i915: Add messages useful for HPD storm detection debugging (v2) (bsc#942938).\n- drm/i915: Add Reenable Timer to turn Hotplug Detection back on (v4) (bsc#942938).\n- drm/i915: assert_spin_locked for pipestat interrupt enable/disable (bsc#942938).\n- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt (bsc#942938).\n- drm/i915: Avoid race of intel_crt_detect_hotplug() with HPD interrupt, v2 (bsc#942938).\n- drm/i915: clear crt hotplug compare voltage field before setting (bsc#942938).\n- drm/i915: close tiny race in the ilk pcu even interrupt setup (bsc#942938).\n- drm/i915: Convert HPD interrupts to make use of HPD pin assignment in encoders (v2) (bsc#942938).\n- drm/i915: Disable HPD interrupt on pin when irq storm is detected (v3) (bsc#942938).\n- drm/i915: Do not WARN nor handle unexpected hpd interrupts on gmch platforms (bsc#942938).\n- drm/i915: Enable hotplug interrupts after querying hw capabilities (bsc#942938).\n- drm/i915: Fix DDC probe for passive adapters (bsc#900610, fdo#85924).\n- drm/i915: fix hotplug event bit tracking (bsc#942938).\n- drm/i915: Fix hotplug interrupt enabling for SDVOC (bsc#942938).\n- drm/i915: fix hpd interrupt register locking (bsc#942938).\n- drm/i915: fix hpd work vs. flush_work in the pageflip code deadlock (bsc#942938).\n- drm/i915: fix locking around ironlake_enable|disable_display_irq (bsc#942938).\n- drm/i915: Fix up sdvo hpd pins for i965g/gm (bsc#942938).\n- drm/i915: fold the hpd_irq_setup call into intel_hpd_irq_handler (bsc#942938).\n- drm/i915: fold the no-irq check into intel_hpd_irq_handler (bsc#942938).\n- drm/i915: fold the queue_work into intel_hpd_irq_handler (bsc#942938).\n- drm/i915: Get rid if the 'hotplug_supported_mask' in struct drm_i915_private (bsc#942938).\n- drm/i915: implement ibx_hpd_irq_setup (bsc#942938).\n- drm/i915: Make hpd arrays big enough to avoid out of bounds access (bsc#942938).\n- drm/i915: Mask out the HPD irq bits before setting them individually (bsc#942938).\n- drm/i915: Only print hotplug event message when hotplug bit is set (bsc#942938).\n- drm/i915: Only reprobe display on encoder which has received an HPD event (v2) (bsc#942938).\n- drm/i915: Queue reenable timer also when enable_hotplug_processing is false (bsc#942938).\n- drm/i915: (re)init HPD interrupt storm statistics (bsc#942938).\n- drm/i915: Remove i965_hpd_irq_setup (bsc#942938).\n- drm/i915: Remove pch_rq_mask from struct drm_i915_private (bsc#942938).\n- drm/i915: Remove valleyview_hpd_irq_setup (bsc#942938).\n- drm/i915: s/hotplug_irq_storm_detect/intel_hpd_irq_handler/ (bsc#942938).\n- drm/i915: Use an interrupt save spinlock in intel_hpd_irq_handler() (bsc#942938).\n- drm/i915: WARN_ONCE() about unexpected interrupts for all chipsets (bsc#942938).\n- ehci-pci: enable interrupt on BayTrail (bnc926007).\n- Fixing wording in patch comment (bsc#923002)\n- fix lpfc_send_rscn_event allocation size claims bnc#935757\n- hugetlb: simplify migrate_huge_page() (bnc#947957, VM Functionality).\n- hwpoison, hugetlb: lock_page/unlock_page does not match for handling a free hugepage (bnc#947957, VM Functionality).\n- IB/iser: Add Discovery support (bsc#923002).\n- IB/iser: Move informational messages from error to info level (bsc#923002).\n- IB/srp: Avoid skipping srp_reset_host() after a transport error (bsc#904965).\n- IB/srp: Fix a sporadic crash triggered by cable pulling (bsc#904965).\n- inotify: Fix nested sleeps in inotify_read() (bsc#940925).\n- ipv6: fix tunnel error handling (bsc#952579).\n- ipv6: probe routes asynchronous in rt6_probe (bsc#936118).\n- ipvs: drop first packet to dead server (bsc#946078).\n- ipvs: Fix reuse connection if real server is dead (bnc#945827).\n- kabi: patches.fixes/mm-make-page-pfmemalloc-check-more-robust.patch (bnc#920016).\n- KEYS: Fix race between key destruction and finding a keyring by name (bsc#951440).\n- ktime: add ktime_after and ktime_before helpe (bsc#904348).\n- libiscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002).\n- lib/string.c: introduce memchr_inv() (bnc#930788).\n- macvlan: Support bonding events bsc#948521\n- Make sure XPRT_CONNECTING gets cleared when needed (bsc#946309).\n- memory-failure: do code refactor of soft_offline_page() (bnc#947957, VM Functionality).\n- memory-failure: fix an error of mce_bad_pages statistics (bnc#947957, VM Functionality).\n- memory-failure: use num_poisoned_pages instead of mce_bad_pages (bnc#947957, VM Functionality).\n- memory-hotplug: update mce_bad_pages when removing the memory (bnc#947957, VM Functionality).\n- mm: exclude reserved pages from dirtyable memory 32b fix (bnc#940017, bnc#949298).\n- mm: make page pfmemalloc check more robust (bnc#920016).\n- mm/memory-failure.c: fix wrong num_poisoned_pages in handling memory error on thp (bnc#947957, VM Functionality).\n- mm/memory-failure.c: recheck PageHuge() after hugetlb page migrate successfully (bnc#947957, VM Functionality).\n- mm/migrate.c: pair unlock_page() and lock_page() when migrating huge pages (bnc#947957, VM Functionality).\n- Modified -rt patches: 344 of 435, useless noise elided.\n- Moved iscsi kabi patch to patches.kabi (bsc#923002)\n- netfilter: nf_conntrack_proto_sctp: minimal multihoming support (bsc#932350).\n- PCI: Add dev_flags bit to access VPD through function 0 (bnc#943786).\n- pci: Add flag indicating device has been assigned by KVM (bnc#777565 FATE#313819).\n- PCI: Add VPD function 0 quirk for Intel Ethernet devices (bnc#943786).\n- PCI: Clear NumVFs when disabling SR-IOV in sriov_init() (bnc#952084).\n- PCI: delay configuration of SRIOV capability (bnc#952084).\n- PCI: Refresh First VF Offset and VF Stride when updating NumVFs (bnc#952084).\n- PCI: set pci sriov page size before reading SRIOV BAR (bnc#952084).\n- PCI: Update NumVFs register when disabling SR-IOV (bnc#952084).\n- pktgen: clean up ktime_t helpers (bsc#904348).\n- qla2xxx: do not clear slot in outstanding cmd array (bsc#944993).\n- qla2xxx: Do not reset adapter if SRB handle is in range (bsc#944993).\n- qla2xxx: Remove decrement of sp reference count in abort handler (bsc#944993).\n- r8169: remember WOL preferences on driver load (bsc#942305).\n- rcu: Eliminate deadlock between CPU hotplug and expedited grace periods (bsc#949706).\n- Refresh patches.xen/1282-usbback-limit-copying.patch (bsc#941202).\n- Rename kabi patch appropriately (bsc#923002)\n- rtc: cmos: Cancel alarm timer if alarm time is equal to now+1 seconds (bsc#930145).\n- sched/core: Fix task and run queue sched_info::run_delay inconsistencies (bnc#949100).\n- scsi: fix scsi_error_handler vs. scsi_host_dev_release race (bnc#942204).\n- SCSI: hosts: update to use ida_simple for host_no (bsc#939926)\n- SCSI: kabi: allow iscsi disocvery session support (bsc#923002).\n- scsi_transport_iscsi: Exporting new attrs for iscsi session and connection in sysfs (bsc#923002).\n- sg: fix read() error reporting (bsc#926774).\n- Update patches.fixes/fanotify-fix-deadlock-during-thread-exit.patch (bsc#935053, bsc#926709). Add bug reference.\n- usb: xhci: apply XHCI_AVOID_BEI quirk to all Intel xHCI controllers (bnc#944989).\n- USB: xhci: do not start a halted endpoint before its new dequeue is set (bnc#933721).\n- usb: xhci: handle Config Error Change (CEC) in xhci driver (bnc#933721).\n- usb: xhci: Prefer endpoint context dequeue pointer over stopped_trb (bnc#933721).\n- USB: xhci: Reset a halted endpoint immediately when we encounter a stall (bnc#933721).\n- x86: mm: drop TLB flush from ptep_set_access_flags (bsc#948330).\n- x86: mm: only do a local tlb flush in ptep_set_access_flags() (bsc#948330).\n- x86/tsc: Change Fast TSC calibration failed from error to info (bnc#942605).\n- xfs: add background scanning to clear eofblocks inodes (bnc#930788).\n- xfs: add EOFBLOCKS inode tagging/untagging (bnc#930788).\n- xfs: add inode id filtering to eofblocks scan (bnc#930788).\n- xfs: add minimum file size filtering to eofblocks scan (bnc#930788).\n- xfs: add XFS_IOC_FREE_EOFBLOCKS ioctl (bnc#930788).\n- xfs: create function to scan and clear EOFBLOCKS inodes (bnc#930788).\n- xfs: create helper to check whether to free eofblocks on inode (bnc#930788).\n- xfs: Fix lost direct IO write in the last block (bsc#949744).\n- xfs: Fix softlockup in xfs_inode_ag_walk() (bsc#948347).\n- xfs: introduce a common helper xfs_icluster_size_fsb (bsc#932805).\n- xfs: make xfs_free_eofblocks() non-static, return EAGAIN on trylock failure (bnc#930788).\n- xfs: support a tag-based inode_ag_iterator (bnc#930788).\n- xfs: support multiple inode id filtering in eofblocks scan (bnc#930788).\n- xfs: use xfs_icluster_size_fsb in xfs_bulkstat (bsc#932805).\n- xfs: use xfs_icluster_size_fsb in xfs_ialloc_inode_init (bsc#932805).\n- xfs: use xfs_icluster_size_fsb in xfs_ifree_cluster (bsc#932805).\n- xfs: use xfs_icluster_size_fsb in xfs_imap (bsc#932805).\n- xhci: Add spurious wakeup quirk for LynxPoint-LP controllers (bnc#949981).\n- xhci: Allocate correct amount of scratchpad buffers (bnc#933721).\n- xhci: Calculate old endpoints correctly on device reset (bnc#944831).\n- xhci: change xhci 1.0 only restrictions to support xhci 1.1 (bnc#949502).\n- xhci: Do not enable/disable RWE on bus suspend/resume (bnc#933721).\n- xhci: do not report PLC when link is in internal resume state (bnc#933721).\n- xhci: fix isoc endpoint dequeue from advancing too far on transaction error (bnc#944837).\n- xhci: fix reporting of 0-sized URBs in control endpoint (bnc#933721).\n- xhci: For streams the css flag most be read from the stream-ctx on ep stop (bnc#945691).\n- xhci: report U3 when link is in resume state (bnc#933721).\n- xhci: rework cycle bit checking for new dequeue pointers (bnc#933721).\n- xhci: Solve full event ring by increasing TRBS_PER_SEGMENT to 256 (bnc#933721).\n- xhci: Treat not finding the event_seg on COMP_STOP the same as COMP_STOP_INVAL (bnc#933721).\n- XHCI: use uninterruptible sleep for waiting for internal operations (bnc#939955).\n- xhci: Workaround for PME stuck issues in Intel xhci (bnc#933721).\n","title":"Description of the patch"},{"category":"details","text":"slertesp3-kernel-rt-20151204-12390","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2016_0354-1.json"},{"category":"self","summary":"URL for SUSE-SU-2016:0354-1","url":"https://www.suse.com/support/update/announcement/2016/suse-su-20160354-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2016:0354-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2016-February/001855.html"},{"category":"self","summary":"SUSE Bug 777565","url":"https://bugzilla.suse.com/777565"},{"category":"self","summary":"SUSE Bug 814440","url":"https://bugzilla.suse.com/814440"},{"category":"self","summary":"SUSE Bug 900610","url":"https://bugzilla.suse.com/900610"},{"category":"self","summary":"SUSE Bug 904348","url":"https://bugzilla.suse.com/904348"},{"category":"self","summary":"SUSE Bug 904965","url":"https://bugzilla.suse.com/904965"},{"category":"self","summary":"SUSE Bug 920016","url":"https://bugzilla.suse.com/920016"},{"category":"self","summary":"SUSE Bug 923002","url":"https://bugzilla.suse.com/923002"},{"category":"self","summary":"SUSE Bug 926007","url":"https://bugzilla.suse.com/926007"},{"category":"self","summary":"SUSE Bug 926709","url":"https://bugzilla.suse.com/926709"},{"category":"self","summary":"SUSE Bug 926774","url":"https://bugzilla.suse.com/926774"},{"category":"self","summary":"SUSE Bug 930145","url":"https://bugzilla.suse.com/930145"},{"category":"self","summary":"SUSE Bug 930788","url":"https://bugzilla.suse.com/930788"},{"category":"self","summary":"SUSE Bug 932350","url":"https://bugzilla.suse.com/932350"},{"category":"self","summary":"SUSE Bug 932805","url":"https://bugzilla.suse.com/932805"},{"category":"self","summary":"SUSE Bug 933721","url":"https://bugzilla.suse.com/933721"},{"category":"self","summary":"SUSE Bug 935053","url":"https://bugzilla.suse.com/935053"},{"category":"self","summary":"SUSE Bug 935757","url":"https://bugzilla.suse.com/935757"},{"category":"self","summary":"SUSE Bug 936118","url":"https://bugzilla.suse.com/936118"},{"category":"self","summary":"SUSE Bug 937969","url":"https://bugzilla.suse.com/937969"},{"category":"self","summary":"SUSE Bug 937970","url":"https://bugzilla.suse.com/937970"},{"category":"self","summary":"SUSE Bug 938706","url":"https://bugzilla.suse.com/938706"},{"category":"self","summary":"SUSE Bug 939207","url":"https://bugzilla.suse.com/939207"},{"category":"self","summary":"SUSE Bug 939826","url":"https://bugzilla.suse.com/939826"},{"category":"self","summary":"SUSE Bug 939926","url":"https://bugzilla.suse.com/939926"},{"category":"self","summary":"SUSE Bug 939955","url":"https://bugzilla.suse.com/939955"},{"category":"self","summary":"SUSE Bug 940017","url":"https://bugzilla.suse.com/940017"},{"category":"self","summary":"SUSE Bug 940925","url":"https://bugzilla.suse.com/940925"},{"category":"self","summary":"SUSE Bug 941202","url":"https://bugzilla.suse.com/941202"},{"category":"self","summary":"SUSE Bug 942204","url":"https://bugzilla.suse.com/942204"},{"category":"self","summary":"SUSE Bug 942305","url":"https://bugzilla.suse.com/942305"},{"category":"self","summary":"SUSE Bug 942367","url":"https://bugzilla.suse.com/942367"},{"category":"self","summary":"SUSE Bug 942605","url":"https://bugzilla.suse.com/942605"},{"category":"self","summary":"SUSE Bug 942688","url":"https://bugzilla.suse.com/942688"},{"category":"self","summary":"SUSE Bug 942938","url":"https://bugzilla.suse.com/942938"},{"category":"self","summary":"SUSE Bug 943786","url":"https://bugzilla.suse.com/943786"},{"category":"self","summary":"SUSE Bug 944296","url":"https://bugzilla.suse.com/944296"},{"category":"self","summary":"SUSE Bug 944831","url":"https://bugzilla.suse.com/944831"},{"category":"self","summary":"SUSE Bug 944837","url":"https://bugzilla.suse.com/944837"},{"category":"self","summary":"SUSE Bug 944989","url":"https://bugzilla.suse.com/944989"},{"category":"self","summary":"SUSE Bug 944993","url":"https://bugzilla.suse.com/944993"},{"category":"self","summary":"SUSE Bug 945691","url":"https://bugzilla.suse.com/945691"},{"category":"self","summary":"SUSE Bug 945825","url":"https://bugzilla.suse.com/945825"},{"category":"self","summary":"SUSE Bug 945827","url":"https://bugzilla.suse.com/945827"},{"category":"self","summary":"SUSE Bug 946078","url":"https://bugzilla.suse.com/946078"},{"category":"self","summary":"SUSE Bug 946309","url":"https://bugzilla.suse.com/946309"},{"category":"self","summary":"SUSE Bug 947957","url":"https://bugzilla.suse.com/947957"},{"category":"self","summary":"SUSE Bug 948330","url":"https://bugzilla.suse.com/948330"},{"category":"self","summary":"SUSE Bug 948347","url":"https://bugzilla.suse.com/948347"},{"category":"self","summary":"SUSE Bug 948521","url":"https://bugzilla.suse.com/948521"},{"category":"self","summary":"SUSE Bug 949100","url":"https://bugzilla.suse.com/949100"},{"category":"self","summary":"SUSE Bug 949298","url":"https://bugzilla.suse.com/949298"},{"category":"self","summary":"SUSE Bug 949502","url":"https://bugzilla.suse.com/949502"},{"category":"self","summary":"SUSE Bug 949706","url":"https://bugzilla.suse.com/949706"},{"category":"self","summary":"SUSE Bug 949744","url":"https://bugzilla.suse.com/949744"},{"category":"self","summary":"SUSE Bug 949981","url":"https://bugzilla.suse.com/949981"},{"category":"self","summary":"SUSE Bug 951440","url":"https://bugzilla.suse.com/951440"},{"category":"self","summary":"SUSE Bug 952084","url":"https://bugzilla.suse.com/952084"},{"category":"self","summary":"SUSE Bug 952384","url":"https://bugzilla.suse.com/952384"},{"category":"self","summary":"SUSE Bug 952579","url":"https://bugzilla.suse.com/952579"},{"category":"self","summary":"SUSE Bug 953527","url":"https://bugzilla.suse.com/953527"},{"category":"self","summary":"SUSE Bug 953980","url":"https://bugzilla.suse.com/953980"},{"category":"self","summary":"SUSE Bug 954404","url":"https://bugzilla.suse.com/954404"},{"category":"self","summary":"SUSE Bug 955354","url":"https://bugzilla.suse.com/955354"},{"category":"self","summary":"SUSE CVE CVE-2015-0272 page","url":"https://www.suse.com/security/cve/CVE-2015-0272/"},{"category":"self","summary":"SUSE CVE CVE-2015-5157 page","url":"https://www.suse.com/security/cve/CVE-2015-5157/"},{"category":"self","summary":"SUSE CVE CVE-2015-5307 page","url":"https://www.suse.com/security/cve/CVE-2015-5307/"},{"category":"self","summary":"SUSE CVE CVE-2015-6252 page","url":"https://www.suse.com/security/cve/CVE-2015-6252/"},{"category":"self","summary":"SUSE CVE CVE-2015-6937 page","url":"https://www.suse.com/security/cve/CVE-2015-6937/"},{"category":"self","summary":"SUSE CVE CVE-2015-7872 page","url":"https://www.suse.com/security/cve/CVE-2015-7872/"},{"category":"self","summary":"SUSE CVE CVE-2015-7990 page","url":"https://www.suse.com/security/cve/CVE-2015-7990/"},{"category":"self","summary":"SUSE CVE CVE-2015-8104 page","url":"https://www.suse.com/security/cve/CVE-2015-8104/"},{"category":"self","summary":"SUSE CVE CVE-2015-8215 page","url":"https://www.suse.com/security/cve/CVE-2015-8215/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2016-02-05T16:47:26Z","generator":{"date":"2016-02-05T16:47:26Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2016:0354-1","initial_release_date":"2016-02-05T16:47:26Z","revision_history":[{"date":"2016-02-05T16:47:26Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","product":{"name":"kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","product_id":"kernel-rt-3.0.101.rt130-0.33.44.2.x86_64"}},{"category":"product_version","name":"kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","product":{"name":"kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","product_id":"kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64"}},{"category":"product_version","name":"kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","product":{"name":"kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","product_id":"kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","product":{"name":"kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","product_id":"kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","product":{"name":"kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","product_id":"kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64"}},{"category":"product_version","name":"kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","product":{"name":"kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","product_id":"kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64"}},{"category":"product_version","name":"kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","product":{"name":"kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","product_id":"kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64"}},{"category":"product_version","name":"kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64","product":{"name":"kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64","product_id":"kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Real Time 11 SP3","product":{"name":"SUSE Linux Enterprise Real Time 11 SP3","product_id":"SUSE Linux Enterprise Real Time 11 SP3"}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kernel-rt-3.0.101.rt130-0.33.44.2.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP3","product_id":"SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64"},"product_reference":"kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP3","product_id":"SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64"},"product_reference":"kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP3","product_id":"SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64"},"product_reference":"kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP3","product_id":"SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64"},"product_reference":"kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP3","product_id":"SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64"},"product_reference":"kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP3","product_id":"SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64"},"product_reference":"kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP3","product_id":"SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64"},"product_reference":"kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP3"},{"category":"default_component_of","full_product_name":{"name":"kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP3","product_id":"SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"},"product_reference":"kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Real Time 11 SP3"}]},"vulnerabilities":[{"cve":"CVE-2015-0272","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-0272"}],"notes":[{"category":"general","text":"GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-0272","url":"https://www.suse.com/security/cve/CVE-2015-0272"},{"category":"external","summary":"SUSE Bug 1020452 for CVE-2015-0272","url":"https://bugzilla.suse.com/1020452"},{"category":"external","summary":"SUSE Bug 944296 for CVE-2015-0272","url":"https://bugzilla.suse.com/944296"},{"category":"external","summary":"SUSE Bug 951638 for CVE-2015-0272","url":"https://bugzilla.suse.com/951638"},{"category":"external","summary":"SUSE Bug 955354 for CVE-2015-0272","url":"https://bugzilla.suse.com/955354"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-02-05T16:47:26Z","details":"moderate"}],"title":"CVE-2015-0272"},{"cve":"CVE-2015-5157","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-5157"}],"notes":[{"category":"general","text":"arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the x86_64 platform mishandles IRET faults in processing NMIs that occurred during userspace execution, which might allow local users to gain privileges by triggering an NMI.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-5157","url":"https://www.suse.com/security/cve/CVE-2015-5157"},{"category":"external","summary":"SUSE Bug 1072204 for CVE-2015-5157","url":"https://bugzilla.suse.com/1072204"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2015-5157","url":"https://bugzilla.suse.com/1115893"},{"category":"external","summary":"SUSE Bug 937969 for CVE-2015-5157","url":"https://bugzilla.suse.com/937969"},{"category":"external","summary":"SUSE Bug 937970 for CVE-2015-5157","url":"https://bugzilla.suse.com/937970"},{"category":"external","summary":"SUSE Bug 938706 for CVE-2015-5157","url":"https://bugzilla.suse.com/938706"},{"category":"external","summary":"SUSE Bug 939207 for CVE-2015-5157","url":"https://bugzilla.suse.com/939207"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-02-05T16:47:26Z","details":"important"}],"title":"CVE-2015-5157"},{"cve":"CVE-2015-5307","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-5307"}],"notes":[{"category":"general","text":"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #AC (aka Alignment Check) exceptions, related to svm.c and vmx.c.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-5307","url":"https://www.suse.com/security/cve/CVE-2015-5307"},{"category":"external","summary":"SUSE Bug 953527 for CVE-2015-5307","url":"https://bugzilla.suse.com/953527"},{"category":"external","summary":"SUSE Bug 954018 for CVE-2015-5307","url":"https://bugzilla.suse.com/954018"},{"category":"external","summary":"SUSE Bug 954404 for CVE-2015-5307","url":"https://bugzilla.suse.com/954404"},{"category":"external","summary":"SUSE Bug 954405 for CVE-2015-5307","url":"https://bugzilla.suse.com/954405"},{"category":"external","summary":"SUSE Bug 962977 for CVE-2015-5307","url":"https://bugzilla.suse.com/962977"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-02-05T16:47:26Z","details":"moderate"}],"title":"CVE-2015-5307"},{"cve":"CVE-2015-6252","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-6252"}],"notes":[{"category":"general","text":"The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service (memory consumption) via a VHOST_SET_LOG_FD ioctl call that triggers permanent file-descriptor allocation.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-6252","url":"https://www.suse.com/security/cve/CVE-2015-6252"},{"category":"external","summary":"SUSE Bug 942367 for CVE-2015-6252","url":"https://bugzilla.suse.com/942367"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-02-05T16:47:26Z","details":"low"}],"title":"CVE-2015-6252"},{"cve":"CVE-2015-6937","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-6937"}],"notes":[{"category":"general","text":"The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-6937","url":"https://www.suse.com/security/cve/CVE-2015-6937"},{"category":"external","summary":"SUSE Bug 1115893 for CVE-2015-6937","url":"https://bugzilla.suse.com/1115893"},{"category":"external","summary":"SUSE Bug 923755 for CVE-2015-6937","url":"https://bugzilla.suse.com/923755"},{"category":"external","summary":"SUSE Bug 945825 for CVE-2015-6937","url":"https://bugzilla.suse.com/945825"},{"category":"external","summary":"SUSE Bug 952384 for CVE-2015-6937","url":"https://bugzilla.suse.com/952384"},{"category":"external","summary":"SUSE Bug 953052 for CVE-2015-6937","url":"https://bugzilla.suse.com/953052"},{"category":"external","summary":"SUSE Bug 963994 for CVE-2015-6937","url":"https://bugzilla.suse.com/963994"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-02-05T16:47:26Z","details":"low"}],"title":"CVE-2015-6937"},{"cve":"CVE-2015-7872","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-7872"}],"notes":[{"category":"general","text":"The key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 4.2.6 allows local users to cause a denial of service (OOPS) via crafted keyctl commands.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-7872","url":"https://www.suse.com/security/cve/CVE-2015-7872"},{"category":"external","summary":"SUSE Bug 951440 for CVE-2015-7872","url":"https://bugzilla.suse.com/951440"},{"category":"external","summary":"SUSE Bug 951542 for CVE-2015-7872","url":"https://bugzilla.suse.com/951542"},{"category":"external","summary":"SUSE Bug 951638 for CVE-2015-7872","url":"https://bugzilla.suse.com/951638"},{"category":"external","summary":"SUSE Bug 958463 for CVE-2015-7872","url":"https://bugzilla.suse.com/958463"},{"category":"external","summary":"SUSE Bug 958601 for CVE-2015-7872","url":"https://bugzilla.suse.com/958601"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-02-05T16:47:26Z","details":"moderate"}],"title":"CVE-2015-7872"},{"cve":"CVE-2015-7990","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-7990"}],"notes":[{"category":"general","text":"Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the Linux kernel before 4.3.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-6937.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-7990","url":"https://www.suse.com/security/cve/CVE-2015-7990"},{"category":"external","summary":"SUSE Bug 945825 for CVE-2015-7990","url":"https://bugzilla.suse.com/945825"},{"category":"external","summary":"SUSE Bug 952384 for CVE-2015-7990","url":"https://bugzilla.suse.com/952384"},{"category":"external","summary":"SUSE Bug 953052 for CVE-2015-7990","url":"https://bugzilla.suse.com/953052"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.8,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-02-05T16:47:26Z","details":"low"}],"title":"CVE-2015-7990"},{"cve":"CVE-2015-8104","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8104"}],"notes":[{"category":"general","text":"The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8104","url":"https://www.suse.com/security/cve/CVE-2015-8104"},{"category":"external","summary":"SUSE Bug 1215748 for CVE-2015-8104","url":"https://bugzilla.suse.com/1215748"},{"category":"external","summary":"SUSE Bug 953527 for CVE-2015-8104","url":"https://bugzilla.suse.com/953527"},{"category":"external","summary":"SUSE Bug 954018 for CVE-2015-8104","url":"https://bugzilla.suse.com/954018"},{"category":"external","summary":"SUSE Bug 954404 for CVE-2015-8104","url":"https://bugzilla.suse.com/954404"},{"category":"external","summary":"SUSE Bug 954405 for CVE-2015-8104","url":"https://bugzilla.suse.com/954405"},{"category":"external","summary":"SUSE Bug 962977 for CVE-2015-8104","url":"https://bugzilla.suse.com/962977"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-02-05T16:47:26Z","details":"critical"}],"title":"CVE-2015-8104"},{"cve":"CVE-2015-8215","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2015-8215"}],"notes":[{"category":"general","text":"net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 does not validate attempted changes to the MTU value, which allows context-dependent attackers to cause a denial of service (packet loss) via a value that is (1) smaller than the minimum compliant value or (2) larger than the MTU of an interface, as demonstrated by a Router Advertisement (RA) message that is not validated by a daemon, a different vulnerability than CVE-2015-0272.  NOTE: the scope of CVE-2015-0272 is limited to the NetworkManager product.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]},"references":[{"category":"external","summary":"CVE-2015-8215","url":"https://www.suse.com/security/cve/CVE-2015-8215"},{"category":"external","summary":"SUSE Bug 1020452 for CVE-2015-8215","url":"https://bugzilla.suse.com/1020452"},{"category":"external","summary":"SUSE Bug 1052256 for CVE-2015-8215","url":"https://bugzilla.suse.com/1052256"},{"category":"external","summary":"SUSE Bug 944296 for CVE-2015-8215","url":"https://bugzilla.suse.com/944296"},{"category":"external","summary":"SUSE Bug 951638 for CVE-2015-8215","url":"https://bugzilla.suse.com/951638"},{"category":"external","summary":"SUSE Bug 955354 for CVE-2015-8215","url":"https://bugzilla.suse.com/955354"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-base-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-rt_trace-devel-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-source-rt-3.0.101.rt130-0.33.44.2.x86_64","SUSE Linux Enterprise Real Time 11 SP3:kernel-syms-rt-3.0.101.rt130-0.33.44.1.x86_64"]}],"threats":[{"category":"impact","date":"2016-02-05T16:47:26Z","details":"moderate"}],"title":"CVE-2015-8215"}]}