[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2017:1247-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":64,"duplicates":65,"related":66,"reserved_at":9,"published_at":92,"modified_at":93,"state":9,"summary":94,"references_raw":96,"kevs":345,"epss":9,"epss_history":346,"metrics":347,"affected":348},"SUSE-SU-2017:1247-1","Security update for the Linux Kernel\n\n\n\nThe SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).\n- CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).\n- CVE-2016-3070: The trace_writeback_dirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacted with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215).\n- CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212).\n- CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077).\n- CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bnc#1015703).\n- CVE-2016-10044: The aio_mount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an io_setup system call (bnc#1023992).\n- CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415).\n- CVE-2016-10208: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377).\n- CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003).\n- CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914).\n- CVE-2017-5897: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bnc#1023762).\n- CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938).\n- CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235).\n- CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024).\n- CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722).\n- CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190).\n- CVE-2017-6346: Race condition in net/packet/af_packet.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKET_FANOUT setsockopt system calls (bnc#1027189).\n- CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178).\n- CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application.  NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066).\n- CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213).\n- CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052).\n- CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).\n- CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579).\n- CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336).\n\nThe following non-security bugs were fixed:\n\n- ext4: fix fencepost in s_first_meta_bg validation (bsc#1029986).\n- hwrng: virtio - ensure reads happen after successful probe (bsc#954763 bsc#1032344).\n- kgr/module: make a taint flag module-specific (fate#313296).\n- l2tp: fix address test in __l2tp_ip6_bind_lookup() (bsc#1028415).\n- l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415).\n- l2tp: fix racy socket lookup in l2tp_ip and l2tp_ip6 bind() (bsc#1028415).\n- l2tp: hold socket before dropping lock in l2tp_ip{, 6}_recv() (bsc#1028415).\n- l2tp: hold tunnel socket when handling control frames in l2tp_ip and l2tp_ip6 (bsc#1028415).\n- l2tp: lock socket before checking flags in connect() (bsc#1028415).\n- mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp (bnc#1030118).\n- module: move add_taint_module() to a header file (fate#313296).\n- netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149).\n- nfs: flush out dirty data on file fput() (bsc#1021762).\n- powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).\n- powerpc: Reject binutils 2.24 when building little endian (boo#1028895).\n- revert 'procfs: mark thread stack correctly in proc/\u003Cpid>/maps' (bnc#1030901).\n- taint/module: Clean up global and module taint flags handling (fate#313296).\n- usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256).\n- xfs_dmapi: fix the debug compilation of xfs_dmapi (bsc#989056).\n- xfs: fix buffer overflow dm_get_dirattrs/dm_get_dirattrs2 (bsc#989056).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52,54,56,58,60,62],{"_key":15},"CVE-2015-1350",{"_key":17},"CVE-2016-10044",{"_key":19},"CVE-2016-10200",{"_key":21},"CVE-2016-10208",{"_key":23},"CVE-2016-2117",{"_key":25},"CVE-2016-3070",{"_key":27},"CVE-2016-5243",{"_key":29},"CVE-2016-7117",{"_key":31},"CVE-2016-9588",{"_key":33},"CVE-2017-2671",{"_key":35},"CVE-2017-5669",{"_key":37},"CVE-2017-5897",{"_key":39},"CVE-2017-5970",{"_key":41},"CVE-2017-5986",{"_key":43},"CVE-2017-6074",{"_key":45},"CVE-2017-6214",{"_key":47},"CVE-2017-6345",{"_key":49},"CVE-2017-6346",{"_key":51},"CVE-2017-6348",{"_key":53},"CVE-2017-6353",{"_key":55},"CVE-2017-7187",{"_key":57},"CVE-2017-7261",{"_key":59},"CVE-2017-7294",{"_key":61},"CVE-2017-7308",{"_key":63},"CVE-2017-7616",[],[],[67,68,69,70,71,72,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},{"_key":55},{"_key":57},{"_key":59},{"_key":61},{"_key":63},"2017-05-11T14:24:14Z","2026-02-04T04:27:50.154633Z",{"cisa_kev":95,"cisa_ransomware":95,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[97,103,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184,188,192,196,200,204,208,212,216,220,224,228,232,236,240,244,249,253,257,261,265,269,273,277,281,285,289,293,297,301,305,309,313,317,321,325,329,333,337,341],{"url":98,"sources":99,"tags":101},"https://www.suse.com/support/update/announcement/2017/suse-su-20171247-1/",[100],"osv_suse",[102],"Advisory",{"url":104,"sources":105,"tags":106},"https://bugzilla.suse.com/1003077",[100],[107],"REPORT",{"url":109,"sources":110,"tags":111},"https://bugzilla.suse.com/1015703",[100],[107],{"url":113,"sources":114,"tags":115},"https://bugzilla.suse.com/1021256",[100],[107],{"url":117,"sources":118,"tags":119},"https://bugzilla.suse.com/1021762",[100],[107],{"url":121,"sources":122,"tags":123},"https://bugzilla.suse.com/1023377",[100],[107],{"url":125,"sources":126,"tags":127},"https://bugzilla.suse.com/1023762",[100],[107],{"url":129,"sources":130,"tags":131},"https://bugzilla.suse.com/1023992",[100],[107],{"url":133,"sources":134,"tags":135},"https://bugzilla.suse.com/1024938",[100],[107],{"url":137,"sources":138,"tags":139},"https://bugzilla.suse.com/1025235",[100],[107],{"url":141,"sources":142,"tags":143},"https://bugzilla.suse.com/1026024",[100],[107],{"url":145,"sources":146,"tags":147},"https://bugzilla.suse.com/1026722",[100],[107],{"url":149,"sources":150,"tags":151},"https://bugzilla.suse.com/1026914",[100],[107],{"url":153,"sources":154,"tags":155},"https://bugzilla.suse.com/1027066",[100],[107],{"url":157,"sources":158,"tags":159},"https://bugzilla.suse.com/1027149",[100],[107],{"url":161,"sources":162,"tags":163},"https://bugzilla.suse.com/1027178",[100],[107],{"url":165,"sources":166,"tags":167},"https://bugzilla.suse.com/1027189",[100],[107],{"url":169,"sources":170,"tags":171},"https://bugzilla.suse.com/1027190",[100],[107],{"url":173,"sources":174,"tags":175},"https://bugzilla.suse.com/1028415",[100],[107],{"url":177,"sources":178,"tags":179},"https://bugzilla.suse.com/1028895",[100],[107],{"url":181,"sources":182,"tags":183},"https://bugzilla.suse.com/1029986",[100],[107],{"url":185,"sources":186,"tags":187},"https://bugzilla.suse.com/1030118",[100],[107],{"url":189,"sources":190,"tags":191},"https://bugzilla.suse.com/1030213",[100],[107],{"url":193,"sources":194,"tags":195},"https://bugzilla.suse.com/1030901",[100],[107],{"url":197,"sources":198,"tags":199},"https://bugzilla.suse.com/1031003",[100],[107],{"url":201,"sources":202,"tags":203},"https://bugzilla.suse.com/1031052",[100],[107],{"url":205,"sources":206,"tags":207},"https://bugzilla.suse.com/1031440",[100],[107],{"url":209,"sources":210,"tags":211},"https://bugzilla.suse.com/1031579",[100],[107],{"url":213,"sources":214,"tags":215},"https://bugzilla.suse.com/1032344",[100],[107],{"url":217,"sources":218,"tags":219},"https://bugzilla.suse.com/1033336",[100],[107],{"url":221,"sources":222,"tags":223},"https://bugzilla.suse.com/914939",[100],[107],{"url":225,"sources":226,"tags":227},"https://bugzilla.suse.com/954763",[100],[107],{"url":229,"sources":230,"tags":231},"https://bugzilla.suse.com/968697",[100],[107],{"url":233,"sources":234,"tags":235},"https://bugzilla.suse.com/979215",[100],[107],{"url":237,"sources":238,"tags":239},"https://bugzilla.suse.com/983212",[100],[107],{"url":241,"sources":242,"tags":243},"https://bugzilla.suse.com/989056",[100],[107],{"url":245,"sources":246,"tags":247},"https://www.suse.com/security/cve/CVE-2015-1350",[100],[248],"WEB",{"url":250,"sources":251,"tags":252},"https://www.suse.com/security/cve/CVE-2016-10044",[100],[248],{"url":254,"sources":255,"tags":256},"https://www.suse.com/security/cve/CVE-2016-10200",[100],[248],{"url":258,"sources":259,"tags":260},"https://www.suse.com/security/cve/CVE-2016-10208",[100],[248],{"url":262,"sources":263,"tags":264},"https://www.suse.com/security/cve/CVE-2016-2117",[100],[248],{"url":266,"sources":267,"tags":268},"https://www.suse.com/security/cve/CVE-2016-3070",[100],[248],{"url":270,"sources":271,"tags":272},"https://www.suse.com/security/cve/CVE-2016-5243",[100],[248],{"url":274,"sources":275,"tags":276},"https://www.suse.com/security/cve/CVE-2016-7117",[100],[248],{"url":278,"sources":279,"tags":280},"https://www.suse.com/security/cve/CVE-2016-9588",[100],[248],{"url":282,"sources":283,"tags":284},"https://www.suse.com/security/cve/CVE-2017-2671",[100],[248],{"url":286,"sources":287,"tags":288},"https://www.suse.com/security/cve/CVE-2017-5669",[100],[248],{"url":290,"sources":291,"tags":292},"https://www.suse.com/security/cve/CVE-2017-5897",[100],[248],{"url":294,"sources":295,"tags":296},"https://www.suse.com/security/cve/CVE-2017-5970",[100],[248],{"url":298,"sources":299,"tags":300},"https://www.suse.com/security/cve/CVE-2017-5986",[100],[248],{"url":302,"sources":303,"tags":304},"https://www.suse.com/security/cve/CVE-2017-6074",[100],[248],{"url":306,"sources":307,"tags":308},"https://www.suse.com/security/cve/CVE-2017-6214",[100],[248],{"url":310,"sources":311,"tags":312},"https://www.suse.com/security/cve/CVE-2017-6345",[100],[248],{"url":314,"sources":315,"tags":316},"https://www.suse.com/security/cve/CVE-2017-6346",[100],[248],{"url":318,"sources":319,"tags":320},"https://www.suse.com/security/cve/CVE-2017-6348",[100],[248],{"url":322,"sources":323,"tags":324},"https://www.suse.com/security/cve/CVE-2017-6353",[100],[248],{"url":326,"sources":327,"tags":328},"https://www.suse.com/security/cve/CVE-2017-7187",[100],[248],{"url":330,"sources":331,"tags":332},"https://www.suse.com/security/cve/CVE-2017-7261",[100],[248],{"url":334,"sources":335,"tags":336},"https://www.suse.com/security/cve/CVE-2017-7294",[100],[248],{"url":338,"sources":339,"tags":340},"https://www.suse.com/security/cve/CVE-2017-7308",[100],[248],{"url":342,"sources":343,"tags":344},"https://www.suse.com/security/cve/CVE-2017-7616",[100],[248],[],[],[],[349,362,366,371,376,380,385,389,394,398,405],{"ecosystem":350,"name":351,"vendor":352,"product":353,"cpe_part":9,"purl_type":354,"purl_namespace":352,"purl_name":353,"source":9,"versions":355},"SUSE Linux Enterprise","kernel-default","suse","kernel-default&distro=SUSE Linux Enterprise Server 12-LTSS","rpm",[356],{"version":357,"is_range":358,"range_type":359,"version_start":9,"version_start_type":9,"version_end":360,"version_end_type":361,"fixed_in":9},"lt3_12_61_52_72_1",true,"ecosystem","3.12.61-52.72.1","excluding",{"ecosystem":350,"name":351,"vendor":352,"product":363,"cpe_part":9,"purl_type":354,"purl_namespace":352,"purl_name":363,"source":9,"versions":364},"kernel-default&distro=SUSE Linux Enterprise Server for SAP Applications 12",[365],{"version":357,"is_range":358,"range_type":359,"version_start":9,"version_start_type":9,"version_end":360,"version_end_type":361,"fixed_in":9},{"ecosystem":350,"name":367,"vendor":352,"product":368,"cpe_part":9,"purl_type":354,"purl_namespace":352,"purl_name":368,"source":9,"versions":369},"kernel-ec2","kernel-ec2&distro=SUSE Linux Enterprise Module for Public Cloud 12",[370],{"version":357,"is_range":358,"range_type":359,"version_start":9,"version_start_type":9,"version_end":360,"version_end_type":361,"fixed_in":9},{"ecosystem":350,"name":372,"vendor":352,"product":373,"cpe_part":9,"purl_type":354,"purl_namespace":352,"purl_name":373,"source":9,"versions":374},"kernel-source","kernel-source&distro=SUSE Linux Enterprise Server 12-LTSS",[375],{"version":357,"is_range":358,"range_type":359,"version_start":9,"version_start_type":9,"version_end":360,"version_end_type":361,"fixed_in":9},{"ecosystem":350,"name":372,"vendor":352,"product":377,"cpe_part":9,"purl_type":354,"purl_namespace":352,"purl_name":377,"source":9,"versions":378},"kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 12",[379],{"version":357,"is_range":358,"range_type":359,"version_start":9,"version_start_type":9,"version_end":360,"version_end_type":361,"fixed_in":9},{"ecosystem":350,"name":381,"vendor":352,"product":382,"cpe_part":9,"purl_type":354,"purl_namespace":352,"purl_name":382,"source":9,"versions":383},"kernel-syms","kernel-syms&distro=SUSE Linux Enterprise Server 12-LTSS",[384],{"version":357,"is_range":358,"range_type":359,"version_start":9,"version_start_type":9,"version_end":360,"version_end_type":361,"fixed_in":9},{"ecosystem":350,"name":381,"vendor":352,"product":386,"cpe_part":9,"purl_type":354,"purl_namespace":352,"purl_name":386,"source":9,"versions":387},"kernel-syms&distro=SUSE Linux Enterprise Server for SAP Applications 12",[388],{"version":357,"is_range":358,"range_type":359,"version_start":9,"version_start_type":9,"version_end":360,"version_end_type":361,"fixed_in":9},{"ecosystem":350,"name":390,"vendor":352,"product":391,"cpe_part":9,"purl_type":354,"purl_namespace":352,"purl_name":391,"source":9,"versions":392},"kernel-xen","kernel-xen&distro=SUSE Linux Enterprise Server 12-LTSS",[393],{"version":357,"is_range":358,"range_type":359,"version_start":9,"version_start_type":9,"version_end":360,"version_end_type":361,"fixed_in":9},{"ecosystem":350,"name":390,"vendor":352,"product":395,"cpe_part":9,"purl_type":354,"purl_namespace":352,"purl_name":395,"source":9,"versions":396},"kernel-xen&distro=SUSE Linux Enterprise Server for SAP Applications 12",[397],{"version":357,"is_range":358,"range_type":359,"version_start":9,"version_start_type":9,"version_end":360,"version_end_type":361,"fixed_in":9},{"ecosystem":350,"name":399,"vendor":352,"product":400,"cpe_part":9,"purl_type":354,"purl_namespace":352,"purl_name":400,"source":9,"versions":401},"kgraft-patch-SLE12_Update_21","kgraft-patch-SLE12_Update_21&distro=SUSE Linux Enterprise Server 12-LTSS",[402],{"version":403,"is_range":358,"range_type":359,"version_start":9,"version_start_type":9,"version_end":404,"version_end_type":361,"fixed_in":9},"lt1_2_1","1-2.1",{"ecosystem":350,"name":399,"vendor":352,"product":406,"cpe_part":9,"purl_type":354,"purl_namespace":352,"purl_name":406,"source":9,"versions":407},"kgraft-patch-SLE12_Update_21&distro=SUSE Linux Enterprise Server for SAP Applications 12",[408],{"version":403,"is_range":358,"range_type":359,"version_start":9,"version_start_type":9,"version_end":404,"version_end_type":361,"fixed_in":9}]