[SUSE-SU-2018:1855-2] Security update for the Linux Kernel
Severity
Important
Affected Packages
8
CVEs
14
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356)
- CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728).
- CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036)
- CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086)
- CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400)
- CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353).
- CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095).
- CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007).
- CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012).
- CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904).
- CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650).
- CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900).
- CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962).
- CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895).
The following non-security bugs were fixed:
- ALSA: timer: Fix pause event notification (bsc#973378).
- Fix excessive newline in /proc/*/status (bsc#1094823).
- Fix the patch content (bsc#1085185)
- KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281).
- Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
- ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552).
- ipv6: omit traffic class when calculating flow hash (bsc#1095042).
- kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033).
- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality).
- x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140).
- x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281).
- x86/bugs: Respect retpoline command line option (bsc#1068032).
- x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
- x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140).
- x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
- xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534).
- xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534).
- xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955).
Package | Affected Version |
---|---|
pkg:rpm/suse/kgraft-patch-4_4_121-92_85-default?arch=x86_64&distro=sles-12&sp=2 | < 1-3.5.1 |
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=2 | < 4.4.121-92.85.1 |
pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=2 | < 4.4.121-92.85.1 |
pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=2 | < 4.4.121-92.85.1 |
pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=2 | < 4.4.121-92.85.1 |
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=2 | < 4.4.121-92.85.1 |
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=2 | < 4.4.121-92.85.1 |
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=2 | < 4.4.121-92.85.1 |
- ID
- SUSE-SU-2018:1855-2
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2018/suse-su-20181855-2/
- Published
-
2018-10-18T12:47:06
(6 years ago) - Modified
-
2018-10-18T12:47:06
(6 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2018-1023
- ALAS-2018-993
- ALAS2-2018-1023
- ALPINE:CVE-2018-3665
- DSA-4187-1
- DSA-4188-1
- DSA-4232-1
- ELSA-2018-1318
- ELSA-2018-1852
- ELSA-2018-1854
- ELSA-2018-2164
- ELSA-2018-3083
- ELSA-2018-4084
- ELSA-2018-4109
- ELSA-2018-4110
- ELSA-2018-4126
- ELSA-2018-4134
- ELSA-2018-4144
- ELSA-2018-4145
- ELSA-2018-4161
- ELSA-2018-4164
- ELSA-2018-4172
- ELSA-2018-4242
- ELSA-2018-4245
- ELSA-2018-4246
- ELSA-2018-4250
- ELSA-2018-4288
- ELSA-2018-4300
- ELSA-2018-4301
- ELSA-2018-4304
- ELSA-2019-4315
- ELSA-2019-4316
- ELSA-2019-4317
- ELSA-2019-4509
- ELSA-2019-4510
- ELSA-2019-4532
- ELSA-2019-4533
- ELSA-2019-4619
- ELSA-2019-4644
- FEDORA-2018-1a467757ce
- FEDORA-2018-1c80fea1cd
- FEDORA-2018-1e033dc308
- FEDORA-2018-2a0f8b2c9d
- FEDORA-2018-2bce10900e
- FEDORA-2018-2ee3411cb8
- FEDORA-2018-2f6df9abfb
- FEDORA-2018-49bda79bd5
- FEDORA-2018-4ca01704a2
- FEDORA-2018-6367a17aa3
- FEDORA-2018-683dfde81a
- FEDORA-2018-73dd8de892
- FEDORA-2018-79d7c3d2df
- FEDORA-2018-8484550fff
- FEDORA-2018-884a105c04
- FEDORA-2018-915602df63
- FEDORA-2018-93c2e74446
- FEDORA-2018-94315e9a6b
- FEDORA-2018-9d0e4e40b5
- FEDORA-2018-a7862a75f5
- FEDORA-2018-b57db4753c
- FEDORA-2018-b68776e5b0
- FEDORA-2018-b997780dca
- FEDORA-2018-c0a1284064
- FEDORA-2018-c449dc1c9c
- FEDORA-2018-d3cb6f113c
- FEDORA-2018-d77cc41f35
- FEDORA-2018-e71875c4aa
- FEDORA-2018-e8f793bbfc
- FEDORA-2018-f20a0cead5
- FEDORA-2018-fe24359b69
- FEDORA-2019-bce6498890
- FREEBSD:4E07D94F-75A5-11E8-85D1-A4BADB2F4699
- openSUSE-SU-2020:0801-1
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1318
- RHSA-2018:1355
- RHSA-2018:1852
- RHSA-2018:1854
- RHSA-2018:1944
- RHSA-2018:2164
- RHSA-2018:3083
- RHSA-2018:3096
- SSA:2018-142-01
- SSA:2019-030-01
- SUSE-SU-2018:1222-1
- SUSE-SU-2018:1223-1
- SUSE-SU-2018:1224-1
- SUSE-SU-2018:1225-1
- SUSE-SU-2018:1226-1
- SUSE-SU-2018:1227-1
- SUSE-SU-2018:1228-1
- SUSE-SU-2018:1229-1
- SUSE-SU-2018:1230-1
- SUSE-SU-2018:1231-1
- SUSE-SU-2018:1232-1
- SUSE-SU-2018:1233-1
- SUSE-SU-2018:1234-1
- SUSE-SU-2018:1235-1
- SUSE-SU-2018:1236-1
- SUSE-SU-2018:1237-1
- SUSE-SU-2018:1238-1
- SUSE-SU-2018:1239-1
- SUSE-SU-2018:1240-1
- SUSE-SU-2018:1241-1
- SUSE-SU-2018:1242-1
- SUSE-SU-2018:1243-1
- SUSE-SU-2018:1244-1
- SUSE-SU-2018:1245-1
- SUSE-SU-2018:1246-1
- SUSE-SU-2018:1247-1
- SUSE-SU-2018:1248-1
- SUSE-SU-2018:1249-1
- SUSE-SU-2018:1250-1
- SUSE-SU-2018:1251-1
- SUSE-SU-2018:1252-1
- SUSE-SU-2018:1253-1
- SUSE-SU-2018:1254-1
- SUSE-SU-2018:1255-1
- SUSE-SU-2018:1256-1
- SUSE-SU-2018:1257-1
- SUSE-SU-2018:1258-1
- SUSE-SU-2018:1259-1
- SUSE-SU-2018:1260-1
- SUSE-SU-2018:1261-1
- SUSE-SU-2018:1262-1
- SUSE-SU-2018:1263-1
- SUSE-SU-2018:1264-1
- SUSE-SU-2018:1266-1
- SUSE-SU-2018:1267-1
- SUSE-SU-2018:1268-1
- SUSE-SU-2018:1269-1
- SUSE-SU-2018:1270-1
- SUSE-SU-2018:1272-1
- SUSE-SU-2018:1273-1
- SUSE-SU-2018:1366-1
- SUSE-SU-2018:1368-1
- SUSE-SU-2018:1374-1
- SUSE-SU-2018:1375-1
- SUSE-SU-2018:1376-1
- SUSE-SU-2018:1508-1
- SUSE-SU-2018:1525-1
- SUSE-SU-2018:1550-1
- SUSE-SU-2018:1551-1
- SUSE-SU-2018:1761-1
- SUSE-SU-2018:1762-1
- SUSE-SU-2018:1772-1
- SUSE-SU-2018:1816-1
- SUSE-SU-2018:1821-1
- SUSE-SU-2018:1846-1
- SUSE-SU-2018:1849-1
- SUSE-SU-2018:1855-1
- SUSE-SU-2018:1940-1
- SUSE-SU-2018:1942-1
- SUSE-SU-2018:1943-1
- SUSE-SU-2018:1944-1
- SUSE-SU-2018:1945-1
- SUSE-SU-2018:1946-1
- SUSE-SU-2018:1947-1
- SUSE-SU-2018:1948-1
- SUSE-SU-2018:1949-1
- SUSE-SU-2018:1981-1
- SUSE-SU-2018:2037-1
- SUSE-SU-2018:2048-1
- SUSE-SU-2018:2056-1
- SUSE-SU-2018:2059-1
- SUSE-SU-2018:2069-1
- SUSE-SU-2018:2081-1
- SUSE-SU-2018:2081-2
- SUSE-SU-2018:2086-1
- SUSE-SU-2018:2087-1
- SUSE-SU-2018:2088-1
- SUSE-SU-2018:2090-1
- SUSE-SU-2018:2091-1
- SUSE-SU-2018:2092-1
- SUSE-SU-2018:2093-1
- SUSE-SU-2018:2094-1
- SUSE-SU-2018:2095-1
- SUSE-SU-2018:2096-1
- SUSE-SU-2018:2097-1
- SUSE-SU-2018:2098-1
- SUSE-SU-2018:2099-1
- SUSE-SU-2018:2100-1
- SUSE-SU-2018:2101-1
- SUSE-SU-2018:2102-1
- SUSE-SU-2018:2103-1
- SUSE-SU-2018:2104-1
- SUSE-SU-2018:2105-1
- SUSE-SU-2018:2106-1
- SUSE-SU-2018:2107-1
- SUSE-SU-2018:2108-1
- SUSE-SU-2018:2109-1
- SUSE-SU-2018:2110-1
- SUSE-SU-2018:2111-1
- SUSE-SU-2018:2112-1
- SUSE-SU-2018:2113-1
- SUSE-SU-2018:2114-1
- SUSE-SU-2018:2115-1
- SUSE-SU-2018:2248-1
- SUSE-SU-2018:2250-1
- SUSE-SU-2018:2254-1
- SUSE-SU-2018:2255-1
- SUSE-SU-2018:2262-1
- SUSE-SU-2018:2263-1
- SUSE-SU-2018:2264-1
- SUSE-SU-2018:2266-1
- SUSE-SU-2018:2267-1
- SUSE-SU-2018:2268-1
- SUSE-SU-2018:2269-1
- SUSE-SU-2018:2270-1
- SUSE-SU-2018:2271-1
- SUSE-SU-2018:2332-1
- SUSE-SU-2018:2366-1
- SUSE-SU-2018:2528-1
- SUSE-SU-2018:2637-1
- SUSE-SU-2018:4127-1
- SUSE-SU-2018:4153-1
- SUSE-SU-2018:4157-1
- SUSE-SU-2018:4195-1
- SUSE-SU-2018:4208-1
- SUSE-SU-2018:4238-1
- SUSE-SU-2019:0470-1
- SUSE-SU-2019:0901-1
- SUSE-SU-2019:1245-1
- SUSE-SU-2020:1587-1
- SUSE-SU-2020:1599-1
- SUSE-SU-2020:1602-1
- SUSE-SU-2020:1603-1
- SUSE-SU-2020:1604-1
- SUSE-SU-2020:1605-1
- SUSE-SU-2020:1646-1
- SUSE-SU-2020:1656-1
- SUSE-SU-2020:1663-1
- SUSE-SU-2020:1671-1
- SUSE-SU-2020:1754-1
- SUSE-SU-2020:1758-1
- SUSE-SU-2020:1775-1
- SUSE-SU-2020:2156-1
- SUSE-SU-2020:2478-1
- SUSE-SU-2020:2487-1
- USN-3619-1
- USN-3619-2
- USN-3631-1
- USN-3631-2
- USN-3641-1
- USN-3641-2
- USN-3654-1
- USN-3654-2
- USN-3655-1
- USN-3655-2
- USN-3656-1
- USN-3674-1
- USN-3674-2
- USN-3676-1
- USN-3676-2
- USN-3677-1
- USN-3677-2
- USN-3678-1
- USN-3678-2
- USN-3678-3
- USN-3678-4
- USN-3695-1
- USN-3695-2
- USN-3696-1
- USN-3696-2
- USN-3697-1
- USN-3697-2
- USN-3698-1
- USN-3698-2
- USN-3752-1
- USN-3752-2
- USN-3752-3
- USN-3754-1
- USN-3910-1
- USN-3910-2
- USN-3932-1
- USN-3932-2
- XSA-267
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/kgraft-patch-4_4_121-92_85-default?arch=x86_64&distro=sles-12&sp=2 | suse | kgraft-patch-4_4_121-92_85-default | < 1-3.5.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=2 | suse | kernel-syms | < 4.4.121-92.85.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=2 | suse | kernel-source | < 4.4.121-92.85.1 | sles-12 | noarch | |
Affected | pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=2 | suse | kernel-macros | < 4.4.121-92.85.1 | sles-12 | noarch | |
Affected | pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=2 | suse | kernel-devel | < 4.4.121-92.85.1 | sles-12 | noarch | |
Affected | pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=2 | suse | kernel-default | < 4.4.121-92.85.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=2 | suse | kernel-default-devel | < 4.4.121-92.85.1 | sles-12 | x86_64 | |
Affected | pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=2 | suse | kernel-default-base | < 4.4.121-92.85.1 | sles-12 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |