Upstream information

CVE-2016-2548 at MITRE

Description

sound/core/timer.c in the Linux kernel before 4.4.1 retains certain linked lists after a close or stop action, which allows local users to cause a denial of service (system crash) via a crafted ioctl call, related to the (1) snd_timer_close and (2) _snd_timer_stop functions.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.9
Vector AV:L/AC:L/Au:N/C:N/I:N/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
CVSS v3 Scores
  National Vulnerability Database
Base Score 6.2
Vector AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Vector Local
Access Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality Impact None
Integrity Impact None
Availability Impact High
SUSE Bugzilla entry: 968012 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 11 SP4
  • kernel-default >= 3.0.101-71.1
  • kernel-default-base >= 3.0.101-71.1
  • kernel-default-devel >= 3.0.101-71.1
  • kernel-default-extra >= 3.0.101-71.1
  • kernel-pae >= 3.0.101-71.1
  • kernel-pae-base >= 3.0.101-71.1
  • kernel-pae-devel >= 3.0.101-71.1
  • kernel-pae-extra >= 3.0.101-71.1
  • kernel-source >= 3.0.101-71.1
  • kernel-syms >= 3.0.101-71.1
  • kernel-trace >= 3.0.101-71.1
  • kernel-trace-devel >= 3.0.101-71.1
  • kernel-xen >= 3.0.101-71.1
  • kernel-xen-base >= 3.0.101-71.1
  • kernel-xen-devel >= 3.0.101-71.1
  • kernel-xen-extra >= 3.0.101-71.1
Patchnames:
sledsp4-kernel-201603-12480
SUSE Linux Enterprise Real Time Extension 11 SP4
  • kernel-rt >= 3.0.101.rt130-51.1
  • kernel-rt-base >= 3.0.101.rt130-51.1
  • kernel-rt-devel >= 3.0.101.rt130-51.1
  • kernel-rt_trace >= 3.0.101.rt130-51.1
  • kernel-rt_trace-base >= 3.0.101.rt130-51.1
  • kernel-rt_trace-devel >= 3.0.101.rt130-51.1
  • kernel-source-rt >= 3.0.101.rt130-51.1
  • kernel-syms-rt >= 3.0.101.rt130-51.1
Patchnames:
slertesp4-kernel-201603-12516
SUSE Linux Enterprise Server 11 SP2-LTSS
  • kernel-default >= 3.0.101-0.7.40.1
  • kernel-default-base >= 3.0.101-0.7.40.1
  • kernel-default-devel >= 3.0.101-0.7.40.1
  • kernel-default-man >= 3.0.101-0.7.40.1
  • kernel-ec2 >= 3.0.101-0.7.40.1
  • kernel-ec2-base >= 3.0.101-0.7.40.1
  • kernel-ec2-devel >= 3.0.101-0.7.40.1
  • kernel-pae >= 3.0.101-0.7.40.1
  • kernel-pae-base >= 3.0.101-0.7.40.1
  • kernel-pae-devel >= 3.0.101-0.7.40.1
  • kernel-source >= 3.0.101-0.7.40.1
  • kernel-syms >= 3.0.101-0.7.40.1
  • kernel-trace >= 3.0.101-0.7.40.1
  • kernel-trace-base >= 3.0.101-0.7.40.1
  • kernel-trace-devel >= 3.0.101-0.7.40.1
  • kernel-xen >= 3.0.101-0.7.40.1
  • kernel-xen-base >= 3.0.101-0.7.40.1
  • kernel-xen-devel >= 3.0.101-0.7.40.1
Patchnames:
slessp2-kernel-source-12693
SUSE Linux Enterprise Server 11 SP3-LTSS
  • kernel-bigsmp >= 3.0.101-0.47.79.1
  • kernel-bigsmp-base >= 3.0.101-0.47.79.1
  • kernel-bigsmp-devel >= 3.0.101-0.47.79.1
  • kernel-default >= 3.0.101-0.47.79.1
  • kernel-default-base >= 3.0.101-0.47.79.1
  • kernel-default-devel >= 3.0.101-0.47.79.1
  • kernel-default-man >= 3.0.101-0.47.79.1
  • kernel-ec2 >= 3.0.101-0.47.79.1
  • kernel-ec2-base >= 3.0.101-0.47.79.1
  • kernel-ec2-devel >= 3.0.101-0.47.79.1
  • kernel-pae >= 3.0.101-0.47.79.1
  • kernel-pae-base >= 3.0.101-0.47.79.1
  • kernel-pae-devel >= 3.0.101-0.47.79.1
  • kernel-source >= 3.0.101-0.47.79.1
  • kernel-syms >= 3.0.101-0.47.79.1
  • kernel-trace >= 3.0.101-0.47.79.1
  • kernel-trace-base >= 3.0.101-0.47.79.1
  • kernel-trace-devel >= 3.0.101-0.47.79.1
  • kernel-xen >= 3.0.101-0.47.79.1
  • kernel-xen-base >= 3.0.101-0.47.79.1
  • kernel-xen-devel >= 3.0.101-0.47.79.1
Patchnames:
slessp3-kernel-20160414-12537
SUSE Linux Enterprise Server 11 SP4
  • kernel-default >= 3.0.101-71.1
  • kernel-default-base >= 3.0.101-71.1
  • kernel-default-devel >= 3.0.101-71.1
  • kernel-default-man >= 3.0.101-71.1
  • kernel-ec2 >= 3.0.101-71.1
  • kernel-ec2-base >= 3.0.101-71.1
  • kernel-ec2-devel >= 3.0.101-71.1
  • kernel-pae >= 3.0.101-71.1
  • kernel-pae-base >= 3.0.101-71.1
  • kernel-pae-devel >= 3.0.101-71.1
  • kernel-ppc64 >= 3.0.101-71.1
  • kernel-ppc64-base >= 3.0.101-71.1
  • kernel-ppc64-devel >= 3.0.101-71.1
  • kernel-source >= 3.0.101-71.1
  • kernel-syms >= 3.0.101-71.1
  • kernel-trace >= 3.0.101-71.1
  • kernel-trace-base >= 3.0.101-71.1
  • kernel-trace-devel >= 3.0.101-71.1
  • kernel-xen >= 3.0.101-71.1
  • kernel-xen-base >= 3.0.101-71.1
  • kernel-xen-devel >= 3.0.101-71.1
Patchnames:
slessp4-kernel-201603-12480
SUSE Linux Enterprise Software Development Kit 11 SP4
  • kernel-docs >= 3.0.101-71.2
Patchnames:
sdksp4-kernel-201603-12480
SUSE Manager 2.1
  • kernel-bigsmp >= 3.0.101-0.47.79.1
  • kernel-bigsmp-base >= 3.0.101-0.47.79.1
  • kernel-bigsmp-devel >= 3.0.101-0.47.79.1
  • kernel-default >= 3.0.101-0.47.79.1
  • kernel-default-base >= 3.0.101-0.47.79.1
  • kernel-default-devel >= 3.0.101-0.47.79.1
  • kernel-default-man >= 3.0.101-0.47.79.1
  • kernel-ec2 >= 3.0.101-0.47.79.1
  • kernel-ec2-base >= 3.0.101-0.47.79.1
  • kernel-ec2-devel >= 3.0.101-0.47.79.1
  • kernel-source >= 3.0.101-0.47.79.1
  • kernel-syms >= 3.0.101-0.47.79.1
  • kernel-trace >= 3.0.101-0.47.79.1
  • kernel-trace-base >= 3.0.101-0.47.79.1
  • kernel-trace-devel >= 3.0.101-0.47.79.1
  • kernel-xen >= 3.0.101-0.47.79.1
  • kernel-xen-base >= 3.0.101-0.47.79.1
  • kernel-xen-devel >= 3.0.101-0.47.79.1
Patchnames:
sleman21-kernel-20160414-12537
SUSE Manager Proxy 2.1
  • kernel-bigsmp >= 3.0.101-0.47.79.1
  • kernel-bigsmp-base >= 3.0.101-0.47.79.1
  • kernel-bigsmp-devel >= 3.0.101-0.47.79.1
  • kernel-default >= 3.0.101-0.47.79.1
  • kernel-default-base >= 3.0.101-0.47.79.1
  • kernel-default-devel >= 3.0.101-0.47.79.1
  • kernel-ec2 >= 3.0.101-0.47.79.1
  • kernel-ec2-base >= 3.0.101-0.47.79.1
  • kernel-ec2-devel >= 3.0.101-0.47.79.1
  • kernel-source >= 3.0.101-0.47.79.1
  • kernel-syms >= 3.0.101-0.47.79.1
  • kernel-trace >= 3.0.101-0.47.79.1
  • kernel-trace-base >= 3.0.101-0.47.79.1
  • kernel-trace-devel >= 3.0.101-0.47.79.1
  • kernel-xen >= 3.0.101-0.47.79.1
  • kernel-xen-base >= 3.0.101-0.47.79.1
  • kernel-xen-devel >= 3.0.101-0.47.79.1
Patchnames:
slemap21-kernel-20160414-12537
SUSE OpenStack Cloud 5
  • kernel-bigsmp >= 3.0.101-0.47.79.1
  • kernel-bigsmp-base >= 3.0.101-0.47.79.1
  • kernel-bigsmp-devel >= 3.0.101-0.47.79.1
  • kernel-default >= 3.0.101-0.47.79.1
  • kernel-default-base >= 3.0.101-0.47.79.1
  • kernel-default-devel >= 3.0.101-0.47.79.1
  • kernel-ec2 >= 3.0.101-0.47.79.1
  • kernel-ec2-base >= 3.0.101-0.47.79.1
  • kernel-ec2-devel >= 3.0.101-0.47.79.1
  • kernel-source >= 3.0.101-0.47.79.1
  • kernel-syms >= 3.0.101-0.47.79.1
  • kernel-trace >= 3.0.101-0.47.79.1
  • kernel-trace-base >= 3.0.101-0.47.79.1
  • kernel-trace-devel >= 3.0.101-0.47.79.1
  • kernel-xen >= 3.0.101-0.47.79.1
  • kernel-xen-base >= 3.0.101-0.47.79.1
  • kernel-xen-devel >= 3.0.101-0.47.79.1
Patchnames:
sleclo50sp3-kernel-20160414-12537


Status of this issue by product and package

Product(s) Source package State
SUSE Linux Enterprise Desktop 11 SP2 kernel-source Released
SUSE Linux Enterprise Desktop 11 SP3 kernel-source Released
SUSE Linux Enterprise Desktop 11 SP4 kernel-source Released
SUSE Linux Enterprise Desktop 12 GA kernel-source Not affected
SUSE Linux Enterprise Desktop 12 SP1 kernel-source Unsupported
SUSE Linux Enterprise Server 11 SP2 kernel-source Released
SUSE Linux Enterprise Server 11 SP2 LTSS kernel-source Released
SUSE Linux Enterprise Server 11 SP3 kernel-source Released
SUSE Linux Enterprise Server 11 SP3 LTSS kernel-source Released
SUSE Linux Enterprise Server 11 SP4 kernel-source Released
SUSE Linux Enterprise Server 12 GA kernel-source Not affected
SUSE Linux Enterprise Server 12 SP1 kernel-source Unsupported
SUSE Linux Enterprise Server for SAP 11 SP2 kernel-source Released