Bug 954404 - (CVE-2015-8104) VUL-0: CVE-2015-8104: kernel: kvm: virt: guest to host DoS by triggering an infinite loop in microcode via #DB exception
(CVE-2015-8104)
VUL-0: CVE-2015-8104: kernel: kvm: virt: guest to host DoS by triggering an i...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P1 - Urgent : Normal
: ---
Assigned To: Joerg Roedel
Security Team bot
https://smash.suse.de/issue/158684/
CVSSv2:SUSE:CVE-2015-8104:5.2:(AV:A/A...
:
Depends on:
Blocks: 954405
  Show dependency treegraph
 
Reported: 2015-11-10 08:48 UTC by Sebastian Krahmer
Modified: 2019-08-28 14:41 UTC (History)
10 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
Patch 1 of 2 proposed upstream to address this issue (2.64 KB, text/plain)
2015-11-10 15:57 UTC, Bruce Rogers
Details
Patch 2 of 2 proposed upstream to address this issue (2.45 KB, patch)
2015-11-10 15:57 UTC, Bruce Rogers
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2015-11-10 08:48:40 UTC
This sounds very similar to bsc#953527:

Via oss-sec:

A guest to host DoS issue was found affecting various hypervisors. In that, a a guest can DoS the host by triggering an infinite stream of "debug check" (#DB) exceptions. This causes the microcode to enter an infinite loop where the core never receives another interrupt. The host kernel panics due to this effect.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1278496
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8104
http://seclists.org/oss-sec/2015/q4/249
http://seclists.org/oss-sec/2015/q4/245
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8104.html
Comment 1 Bruce Rogers 2015-11-10 15:57:05 UTC
Created attachment 655404 [details]
Patch 1 of 2 proposed upstream to address this issue
Comment 2 Bruce Rogers 2015-11-10 15:57:58 UTC
Created attachment 655406 [details]
Patch 2 of 2 proposed upstream to address this issue
Comment 3 Swamp Workflow Management 2015-11-10 23:00:36 UTC
bugbot adjusting priority
Comment 4 Bruce Rogers 2015-11-10 23:44:00 UTC
Increasing priority, since any user logged into a host with kvm loaded can trigger this exploit. See also bsc#953527, which is a similar exploit.
Comment 5 Joerg Roedel 2015-11-11 12:51:11 UTC
Backport for SLE12 is pushed to users/jroedel/SLE12/cve.
Comment 6 Joerg Roedel 2015-11-11 16:06:28 UTC
Takashi,

the CVE fix for Leap is in users/jroedel/openSUSE-42.1/for-next
Comment 7 Michal Marek 2015-11-11 17:04:31 UTC
Is it public to be merged to git? bug 953527 had been under embargo until yesterday.
Comment 8 Joerg Roedel 2015-11-11 17:56:15 UTC
Backports for openSUSE 13.1 and 13.2 are available in the branches:

users/jroedel/openSUSE-13.2/for-next
users/jroedel/openSUSE-13.1/for-next
Comment 9 Joerg Roedel 2015-11-11 18:02:50 UTC
(In reply to Michal Marek from comment #7)
> Is it public to be merged to git? bug 953527 had been under embargo until
> yesterday.

I can't find any information on how long this CVE is under embargo. The CVE id was assigned yesterday and the official databases don't show the details yet. But Xen already published the information, not sure they did it because the embargo ended already or for other reasons.
Comment 10 Joerg Roedel 2015-11-11 18:04:43 UTC
Adding Jeff, maintainer of the 13.1 and 13.2 kernel branches.
Comment 11 Takashi Iwai 2015-11-11 19:47:58 UTC
(In reply to Michal Marek from comment #7)
> Is it public to be merged to git? bug 953527 had been under embargo until
> yesterday.

Hrm, I already pushed openSUSE-42.1 branch with Joerg's pull request.

Michal, please take it back if the embergo state is still unclear.  It seems that I can't do forced-push except for users branch.
Comment 13 Marcus Meissner 2015-11-12 08:31:58 UTC
http://seclists.org/oss-sec/2015/q4/249 

  Hello,

A guest to host DoS issue was found affecting various hypervisors. In that, a a guest can DoS the host by triggering an infinite stream of "debug check" (#DB) exceptions. This causes the microcode to enter an infinite loop where the core never receives another interrupt. The host kernel panics due to this effect.


Reference:
- ----------
  -> https://bugzilla.redhat.com/show_bug.cgi?id=1278496

and rh bug has:

It was found that a malicious HVM guest administrator can cause DoS, specifically prevent use of physical CPU for significant, perhaps indefinite period. When a benign exception occurs while delivering another benign exception, it is architecturally specified that these would be delivered sequentially. There are, however, cases where this results in an infinite loop inside the CPU, which (in the virtualized case) can be broken only by intercepting delivery of the respective exception.

When a guest sets up a hardware breakpoint covering a data structure involved in delivering #DB (Debug Exception), upon completion of the delivery of the first exception another #DB will need to be delivered. The effects slightly differ depending on further guest characteristics:

* Guests running in 32-bit mode would be expected to sooner or later encounter another fault due to the stack pointer decreasing during each iteration of the loop. The most likely case would be #PF (Page Fault) due to running into unmapped virtual space. However, an infinite loop cannot be excluded (e.g. when the guest is running with paging disabled).

* Guests running in long mode, but not using the IST (Interrupt Stack Table) feature for the IDT entry corresponding to #DB would behave similarly to guests running in 32-bit mode, just that the larger virtual address space allows for a much longer loop. The loop can't, however, be infinite, as eventually the stack pointer would move into non-canonical address space, causing #SS (Stack Fault) instead.

* Guests running in long mode and using the IST for the IDT entry corresponding to #DB would enter an infinite loop, as the stack pointer wouldn't change between #DB instances.

If a host watchdog (Xen or dom0) is in use, this can lead to a watchdog timeout and consequently a reboot of the host. If another, innocent, guest, is configured with a watchdog, this issue can lead to a reboot of such a guest.

A privileged user inside guest could use this flaw to crash the host kernel resulting in DoS.

For KVM virtualisation, it only affects the AMD processor support, as for Intel it already intercepts the #DB exception.

Upstream KVM patch:
http://permalink.gmane.org/gmane.linux.kernel/2082332
Comment 14 Marcus Meissner 2015-11-12 08:33:13 UTC
-> issue is public
Comment 20 Joerg Roedel 2015-11-26 09:51:02 UTC
Fixes for this are in all relevant kernel trees. Closing.
Comment 21 Swamp Workflow Management 2015-11-26 12:24:48 UTC
SUSE-SU-2015:2108-1: An update that solves 8 vulnerabilities and has 51 fixes is now available.

Category: security (important)
Bug References: 777565,814440,900610,904348,904965,920016,923002,926007,926709,926774,930145,930788,932350,932805,933721,935053,935757,936118,938706,939826,939926,939955,940017,940925,941202,942204,942305,942367,942605,942688,942938,943786,944296,944831,944837,944989,944993,945691,945825,945827,946078,946309,947957,948330,948347,948521,949100,949298,949502,949706,949744,949981,951440,952084,952384,952579,953527,953980,954404
CVE References: CVE-2015-0272,CVE-2015-5157,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    kernel-docs-3.0.101-0.47.71.3
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-source-3.0.101-0.47.71.1, kernel-syms-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1
SUSE Linux Enterprise Server 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-ec2-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-ppc64-3.0.101-0.47.71.1, kernel-source-3.0.101-0.47.71.1, kernel-syms-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-ppc64-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-source-3.0.101-0.47.71.1, kernel-syms-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-ec2-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-ppc64-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1
Comment 22 Swamp Workflow Management 2015-12-08 20:13:17 UTC
openSUSE-SU-2015:2232-1: An update that solves 5 vulnerabilities and has 16 fixes is now available.

Category: security (moderate)
Bug References: 883192,944978,945825,948758,949936,951533,952384,952579,952976,953527,953559,953717,954404,954421,954647,954757,954876,955190,955363,955365,956856
CVE References: CVE-2015-5307,CVE-2015-6937,CVE-2015-7799,CVE-2015-7990,CVE-2015-8104
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.13-5.1, kernel-default-4.1.13-5.1, kernel-docs-4.1.13-5.4, kernel-ec2-4.1.13-5.1, kernel-obs-build-4.1.13-5.2, kernel-obs-qa-4.1.13-5.1, kernel-obs-qa-xen-4.1.13-5.1, kernel-pae-4.1.13-5.1, kernel-pv-4.1.13-5.1, kernel-source-4.1.13-5.1, kernel-syms-4.1.13-5.1, kernel-vanilla-4.1.13-5.1, kernel-xen-4.1.13-5.1
Comment 23 Swamp Workflow Management 2015-12-22 15:26:41 UTC
SUSE-SU-2015:2339-1: An update that solves 10 vulnerabilities and has 57 fixes is now available.

Category: security (important)
Bug References: 814440,879378,879381,900610,904348,904965,921081,926774,930145,930770,930788,930835,932805,935123,935757,937256,937444,938706,939826,939926,939955,940017,940913,940946,941202,942938,943786,944296,944677,944831,944837,944989,944993,945691,945825,945827,946078,946214,946309,947957,948330,948347,948521,949100,949298,949502,949706,949744,949936,949981,950298,950750,950998,951440,952084,952384,952579,952976,953527,953799,953980,954404,954628,954950,954984,955673,956709
CVE References: CVE-2015-0272,CVE-2015-5157,CVE-2015-5307,CVE-2015-6937,CVE-2015-7509,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-68.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-default-3.0.101-68.1, kernel-ec2-3.0.101-68.1, kernel-pae-3.0.101-68.1, kernel-ppc64-3.0.101-68.1, kernel-source-3.0.101-68.1, kernel-syms-3.0.101-68.1, kernel-trace-3.0.101-68.1, kernel-xen-3.0.101-68.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-68.1, kernel-pae-3.0.101-68.1, kernel-ppc64-3.0.101-68.1, kernel-trace-3.0.101-68.1, kernel-xen-3.0.101-68.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    kernel-default-3.0.101-68.1, kernel-pae-3.0.101-68.1, kernel-source-3.0.101-68.1, kernel-syms-3.0.101-68.1, kernel-trace-3.0.101-68.1, kernel-xen-3.0.101-68.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-default-3.0.101-68.1, kernel-ec2-3.0.101-68.1, kernel-pae-3.0.101-68.1, kernel-ppc64-3.0.101-68.1, kernel-trace-3.0.101-68.1, kernel-xen-3.0.101-68.1
Comment 24 Swamp Workflow Management 2015-12-23 17:27:56 UTC
SUSE-SU-2015:2350-1: An update that solves 10 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 814440,879378,879381,900610,904348,904965,921081,926709,926774,930145,930770,930788,930835,932805,935053,935123,935757,937256,937444,937969,937970,938706,939207,939826,939926,939955,940017,940913,940946,941202,942938,943786,944677,944831,944837,944989,944993,945691,945825,945827,946078,946214,946309,947957,948330,948347,948521,949100,949298,949502,949706,949744,949936,949981,950298,950750,950998,951440,952084,952384,952579,952976,953527,953799,953980,954404,954628,954950,954984,955354,955673,956709
CVE References: CVE-2015-0272,CVE-2015-5157,CVE-2015-5307,CVE-2015-6937,CVE-2015-7509,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-48.1, kernel-rt_trace-3.0.101.rt130-48.1, kernel-source-rt-3.0.101.rt130-48.1, kernel-syms-rt-3.0.101.rt130-48.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-48.1, kernel-rt_debug-3.0.101.rt130-48.1, kernel-rt_trace-3.0.101.rt130-48.1
Comment 25 Swamp Workflow Management 2016-02-01 15:25:39 UTC
openSUSE-SU-2016:0301-1: An update that solves 57 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 814440,851610,869564,873385,906545,907818,909077,909477,911326,912202,915517,915577,917830,918333,919007,919018,919463,919596,921313,921949,922583,922936,922944,926238,926240,927780,927786,928130,929525,930399,931988,932348,933896,933904,933907,933934,935542,935705,936502,936831,937032,937033,937969,938706,940338,944296,945825,947155,949936,950998,951194,951440,951627,952384,952579,952976,953052,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075
CVE References: CVE-2014-2568,CVE-2014-8133,CVE-2014-8989,CVE-2014-9090,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2014-9715,CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0272,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-2925,CVE-2015-3212,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4004,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5157,CVE-2015-5283,CVE-2015-5307,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7833,CVE-2015-7872,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.22.2, crash-7.0.2-2.22.2, hdjmod-1.28-16.22.2, ipset-6.21.1-2.26.2, iscsitarget-1.4.20.3-13.22.2, kernel-debug-3.11.10-32.1, kernel-default-3.11.10-32.1, kernel-desktop-3.11.10-32.1, kernel-docs-3.11.10-32.3, kernel-ec2-3.11.10-32.1, kernel-pae-3.11.10-32.1, kernel-source-3.11.10-32.1, kernel-syms-3.11.10-32.1, kernel-trace-3.11.10-32.1, kernel-vanilla-3.11.10-32.1, kernel-xen-3.11.10-32.1, ndiswrapper-1.58-22.1, pcfclock-0.44-258.22.1, vhba-kmp-20130607-2.23.1, virtualbox-4.2.36-2.55.1, xen-4.3.4_10-56.1, xtables-addons-2.3-2.22.1
Comment 26 Swamp Workflow Management 2016-02-03 14:16:31 UTC
openSUSE-SU-2016:0318-1: An update that solves 19 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 814440,906545,912202,921949,937969,937970,938706,944296,945825,949936,950998,951627,951638,952384,952579,952976,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075
CVE References: CVE-2014-8989,CVE-2014-9529,CVE-2015-5157,CVE-2015-5307,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.15.1, cloop-2.639-14.15.1, crash-7.0.8-15.1, hdjmod-1.28-18.16.1, ipset-6.23-15.1, kernel-debug-3.16.7-32.1, kernel-default-3.16.7-32.1, kernel-desktop-3.16.7-32.1, kernel-docs-3.16.7-32.2, kernel-ec2-3.16.7-32.1, kernel-obs-build-3.16.7-32.2, kernel-obs-qa-3.16.7-32.1, kernel-obs-qa-xen-3.16.7-32.1, kernel-pae-3.16.7-32.1, kernel-source-3.16.7-32.1, kernel-syms-3.16.7-32.1, kernel-vanilla-3.16.7-32.1, kernel-xen-3.16.7-32.1, pcfclock-0.44-260.15.1, vhba-kmp-20140629-2.15.1, virtualbox-4.3.34-37.1, xen-4.4.3_08-38.1, xtables-addons-2.6-15.1
Comment 27 Swamp Workflow Management 2016-02-05 20:27:18 UTC
SUSE-SU-2016:0354-1: An update that solves 9 vulnerabilities and has 54 fixes is now available.

Category: security (important)
Bug References: 777565,814440,900610,904348,904965,920016,923002,926007,926709,926774,930145,930788,932350,932805,933721,935053,935757,936118,937969,937970,938706,939207,939826,939926,939955,940017,940925,941202,942204,942305,942367,942605,942688,942938,943786,944296,944831,944837,944989,944993,945691,945825,945827,946078,946309,947957,948330,948347,948521,949100,949298,949502,949706,949744,949981,951440,952084,952384,952579,953527,953980,954404,955354
CVE References: CVE-2015-0272,CVE-2015-5157,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.44.2, kernel-rt_trace-3.0.101.rt130-0.33.44.2, kernel-source-rt-3.0.101.rt130-0.33.44.2, kernel-syms-rt-3.0.101.rt130-0.33.44.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.44.2, kernel-rt_trace-3.0.101.rt130-0.33.44.2
Comment 28 Swamp Workflow Management 2016-04-12 10:11:54 UTC
openSUSE-SU-2016:1008-1: An update that solves 15 vulnerabilities and has 26 fixes is now available.

Category: security (important)
Bug References: 814440,884701,949936,951440,951542,951626,951638,953527,954018,954404,954405,954876,958439,958463,958504,959709,960561,960563,960710,961263,961500,961509,962257,962866,962977,963746,963765,963767,963931,965125,966137,966179,966259,966437,966684,966693,968018,969356,969582,970845,971125
CVE References: CVE-2015-1339,CVE-2015-7799,CVE-2015-7872,CVE-2015-7884,CVE-2015-8104,CVE-2015-8709,CVE-2015-8767,CVE-2015-8785,CVE-2015-8787,CVE-2015-8812,CVE-2016-0723,CVE-2016-2069,CVE-2016-2184,CVE-2016-2383,CVE-2016-2384
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.20-11.1, kernel-default-4.1.20-11.1, kernel-docs-4.1.20-11.3, kernel-ec2-4.1.20-11.1, kernel-obs-build-4.1.20-11.2, kernel-obs-qa-4.1.20-11.1, kernel-obs-qa-xen-4.1.20-11.1, kernel-pae-4.1.20-11.1, kernel-pv-4.1.20-11.1, kernel-source-4.1.20-11.1, kernel-syms-4.1.20-11.1, kernel-vanilla-4.1.20-11.1, kernel-xen-4.1.20-11.1
Comment 29 Swamp Workflow Management 2016-08-15 14:12:40 UTC
SUSE-SU-2016:2074-1: An update that solves 48 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 816446,861093,928130,935757,939826,942367,945825,946117,946309,948562,949744,949936,951440,952384,953527,954404,955354,955654,956708,956709,958463,958886,958951,959190,959399,961500,961509,961512,963765,963767,964201,966437,966460,966662,966693,967972,967973,967974,967975,968010,968011,968012,968013,968670,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,972510,973570,975945,977847,978822
CVE References: CVE-2013-2015,CVE-2013-7446,CVE-2015-0272,CVE-2015-3339,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7509,CVE-2015-7515,CVE-2015-7550,CVE-2015-7566,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8539,CVE-2015-8543,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2016-0723,CVE-2016-2069,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4486
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    kernel-default-3.0.101-0.7.40.1, kernel-ec2-3.0.101-0.7.40.1, kernel-pae-3.0.101-0.7.40.1, kernel-source-3.0.101-0.7.40.1, kernel-syms-3.0.101-0.7.40.1, kernel-trace-3.0.101-0.7.40.1, kernel-xen-3.0.101-0.7.40.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    kernel-default-3.0.101-0.7.40.1, kernel-ec2-3.0.101-0.7.40.1, kernel-pae-3.0.101-0.7.40.1, kernel-trace-3.0.101-0.7.40.1, kernel-xen-3.0.101-0.7.40.1
Comment 30 Swamp Workflow Management 2016-10-26 16:13:23 UTC
openSUSE-SU-2016:2649-1: An update that solves 49 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1004418,758540,816446,861093,917648,928130,935757,939826,942367,944296,945825,946117,946309,948562,949744,949936,951440,952384,953527,954404,955354,955654,956708,956709,958463,958886,958951,959190,959399,961500,961509,961512,963765,963767,964201,966437,966460,966662,966693,967972,967973,967974,967975,968010,968011,968012,968013,968670,969356,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,972510,973570,975945,977847,978822
CVE References: CVE-2013-7446,CVE-2015-0272,CVE-2015-1339,CVE-2015-3339,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7509,CVE-2015-7515,CVE-2015-7550,CVE-2015-7566,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8539,CVE-2015-8543,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2016-0723,CVE-2016-2069,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4486,CVE-2016-5195
Sources used:
openSUSE Evergreen 11.4 (src):    kernel-debug-3.0.101-105.1, kernel-default-3.0.101-105.1, kernel-desktop-3.0.101-105.1, kernel-docs-3.0.101-105.2, kernel-ec2-3.0.101-105.1, kernel-pae-3.0.101-105.1, kernel-source-3.0.101-105.1, kernel-syms-3.0.101-105.1, kernel-trace-3.0.101-105.1, kernel-vanilla-3.0.101-105.1, kernel-vmi-3.0.101-105.1, kernel-xen-3.0.101-105.1, preload-1.2-6.83.1