1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2018:2940-1

[SUSE-SU-2018:2940-1] Security update for the Linux Kernel (Live Patch 1 for SLE 15)

Severity Important
CVEs 2
Info References Vulnerabilities

Security update for the Linux Kernel (Live Patch 1 for SLE 15)

This update for the Linux Kernel 4.12.14-25_3 fixes several issues.

The following security issues were fixed:

  • CVE-2018-10938: It was found that a crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system an attacker could leverage this flaw.
  • CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323).
ID
SUSE-SU-2018:2940-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2018/suse-su-20182940-1/
Published
2018-09-28T11:14:36
(6 years ago)
Modified
2018-09-28T11:14:36
(6 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date