The SUSE Linux Enterprise 12 SP1 Realtime kernel was updated to 3.12.58 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2015-7566: The treo_attach function in drivers/usb/serial/visor.c
in the Linux kernel allowed physically proximate attackers to cause
a denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact by inserting a USB device that
lacks a (1) bulk-in or (2) interrupt-in endpoint (bnc#961512).
- CVE-2015-8550: Xen, when used on a system providing PV backends,
allowed local guest OS administrators to cause a denial of service
(host OS crash) or gain privileges by writing to memory shared between
the frontend and backend, aka a double fetch vulnerability (bsc#957988).
- CVE-2015-8551: The PCI backend driver in Xen, when running on an x86
system, allowed local guest administrators to hit BUG conditions and
cause a denial of service (NULL pointer dereference and host OS crash)
by leveraging a system with access to a passed-through MSI or MSI-X
capable physical PCI device and a crafted sequence of XEN_PCI_OP_*
operations, aka 'Linux pciback missing sanity checks (bsc#957990).
- CVE-2015-8551: The pci backend driver in Xen, when running on an
x86 system and using Linux 3.1.x through 4.3.x as the driver domain,
allowed local guest administrators to hit BUG conditions and cause
a denial of service (NULL pointer dereference and host OS crash) by
leveraging a system with access to a passed-through MSI or MSI-X capable
physical PCI device and a crafted sequence of XEN_PCI_OP_* operations,
aka 'Linux pciback missing sanity checks (bnc#957990).
- CVE-2015-8552: The PCI backend driver in Xen, when running on an x86
system, allowed local guest administrators to generate a continuous
stream of WARN messages and cause a denial of service (disk consumption)
by leveraging a system with access to a passed-through MSI or MSI-X
capable physical...