Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:0834-1 Final 1 1 2018-03-28T14:17:49Z current 2018-03-28T14:17:49Z 2018-03-28T14:17:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107). - CVE-2017-18221: The __munlock_pagevec function allowed local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls (bnc#1084323). - CVE-2018-1066: Prevent NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response was mishandled during session recovery (bnc#1083640). - CVE-2017-13166: Prevent elevation of privilege vulnerability in the kernel v4l2 video driver (bnc#1072865). - CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose kernel memory addresses. Successful exploitation required that a USB device was attached over IP (bnc#1078674). - CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key that already exists but is uninstantiated, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call (bnc#1063416). - CVE-2017-18208: The madvise_willneed function kernel allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494). - CVE-2018-7566: The ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user could have reset the pool size manually via ioctl concurrently, which may have lead UAF or out-of-bound access (bsc#1083483). - CVE-2017-18204: The ocfs2_setattr function allowed local users to cause a denial of service (deadlock) via DIO requests (bnc#1083244). - CVE-2017-16644: The hdpvr_probe function allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118). - CVE-2018-6927: The futex_requeue function allowed attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757). - CVE-2017-16914: The 'stub_send_ret_submit()' function allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669). - CVE-2016-7915: The hid_input_field function allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device (bnc#1010470). - CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions did unbalanced refcounting when a SCSI I/O vector had small consecutive buffers belonging to the same page. The bio_add_pc_page function merged them into one, but the page reference was never dropped. This caused a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568). - CVE-2017-16912: The 'get_pipe()' function allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673). - CVE-2017-16913: The 'stub_recv_cmd_submit()' function when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672). - CVE-2018-5332: The rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: The rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). The following non-security bugs were fixed: - Fix build on arm64 by defining empty gmb() (bnc#1068032). - KEYS: do not let add_key() update an uninstantiated key (bnc#1063416). - KEYS: fix writing past end of user-supplied buffer in keyring_read() (bsc#1066001). - KEYS: return full count in keyring_read() if buffer is too small (bsc#1066001). - include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header (bsc#1077560). - ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689). - ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689). - ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689). - x86/kaiser: use trampoline stack for kernel entry (bsc#1077560) - leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464). - livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c. Shadow variables support (bsc#1082299). - livepatch: introduce shadow variable API. Shadow variables support (bsc#1082299) - media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF (bnc#1012382). - media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382). - media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 (bnc#1012382). - media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 (bnc#1012382). - media: v4l2-compat-ioctl32.c: do not copy back the result for certain errors (bnc#1012382). - media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type (bnc#1012382). - media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382). - media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 (bnc#1012382). - media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382). - media: v4l2-ioctl.c: do not copy back the result for -ENOTTY (bnc#1012382). - netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets (bsc#1085107). - netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107). - packet: only call dev_add_pack() on freshly allocated fanout instances - pipe: cap initial pipe capacity according to pipe-max-size limit (bsc#1045330). - x86/espfix: Fix return stack in do_double_fault() (bsc#1085279). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Public-Cloud-12-2018-558,SUSE-SLE-SERVER-12-2018-558 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ Link for SUSE-SU-2018:0834-1 https://lists.suse.com/pipermail/sle-security-updates/2018-March/003850.html E-Mail link for SUSE-SU-2018:0834-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1010470 SUSE Bug 1010470 https://bugzilla.suse.com/1012382 SUSE Bug 1012382 https://bugzilla.suse.com/1045330 SUSE Bug 1045330 https://bugzilla.suse.com/1062568 SUSE Bug 1062568 https://bugzilla.suse.com/1063416 SUSE Bug 1063416 https://bugzilla.suse.com/1066001 SUSE Bug 1066001 https://bugzilla.suse.com/1067118 SUSE Bug 1067118 https://bugzilla.suse.com/1068032 SUSE Bug 1068032 https://bugzilla.suse.com/1072689 SUSE Bug 1072689 https://bugzilla.suse.com/1072865 SUSE Bug 1072865 https://bugzilla.suse.com/1074488 SUSE Bug 1074488 https://bugzilla.suse.com/1075617 SUSE Bug 1075617 https://bugzilla.suse.com/1075621 SUSE Bug 1075621 https://bugzilla.suse.com/1077560 SUSE Bug 1077560 https://bugzilla.suse.com/1078669 SUSE Bug 1078669 https://bugzilla.suse.com/1078672 SUSE Bug 1078672 https://bugzilla.suse.com/1078673 SUSE Bug 1078673 https://bugzilla.suse.com/1078674 SUSE Bug 1078674 https://bugzilla.suse.com/1080255 SUSE Bug 1080255 https://bugzilla.suse.com/1080464 SUSE Bug 1080464 https://bugzilla.suse.com/1080757 SUSE Bug 1080757 https://bugzilla.suse.com/1082299 SUSE Bug 1082299 https://bugzilla.suse.com/1083244 SUSE Bug 1083244 https://bugzilla.suse.com/1083483 SUSE Bug 1083483 https://bugzilla.suse.com/1083494 SUSE Bug 1083494 https://bugzilla.suse.com/1083640 SUSE Bug 1083640 https://bugzilla.suse.com/1084323 SUSE Bug 1084323 https://bugzilla.suse.com/1085107 SUSE Bug 1085107 https://bugzilla.suse.com/1085114 SUSE Bug 1085114 https://bugzilla.suse.com/1085279 SUSE Bug 1085279 https://bugzilla.suse.com/1085447 SUSE Bug 1085447 https://www.suse.com/security/cve/CVE-2016-7915/ SUSE CVE CVE-2016-7915 page https://www.suse.com/security/cve/CVE-2017-12190/ SUSE CVE CVE-2017-12190 page https://www.suse.com/security/cve/CVE-2017-13166/ SUSE CVE CVE-2017-13166 page https://www.suse.com/security/cve/CVE-2017-15299/ SUSE CVE CVE-2017-15299 page https://www.suse.com/security/cve/CVE-2017-16644/ SUSE CVE CVE-2017-16644 page https://www.suse.com/security/cve/CVE-2017-16911/ SUSE CVE CVE-2017-16911 page https://www.suse.com/security/cve/CVE-2017-16912/ SUSE CVE CVE-2017-16912 page https://www.suse.com/security/cve/CVE-2017-16913/ SUSE CVE CVE-2017-16913 page https://www.suse.com/security/cve/CVE-2017-16914/ SUSE CVE CVE-2017-16914 page https://www.suse.com/security/cve/CVE-2017-18017/ SUSE CVE CVE-2017-18017 page https://www.suse.com/security/cve/CVE-2017-18204/ SUSE CVE CVE-2017-18204 page https://www.suse.com/security/cve/CVE-2017-18208/ SUSE CVE CVE-2017-18208 page https://www.suse.com/security/cve/CVE-2017-18221/ SUSE CVE CVE-2017-18221 page https://www.suse.com/security/cve/CVE-2018-1066/ SUSE CVE CVE-2018-1066 page https://www.suse.com/security/cve/CVE-2018-1068/ SUSE CVE CVE-2018-1068 page https://www.suse.com/security/cve/CVE-2018-5332/ SUSE CVE CVE-2018-5332 page https://www.suse.com/security/cve/CVE-2018-5333/ SUSE CVE CVE-2018-5333 page https://www.suse.com/security/cve/CVE-2018-6927/ SUSE CVE CVE-2018-6927 page https://www.suse.com/security/cve/CVE-2018-7566/ SUSE CVE CVE-2018-7566 page SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12-LTSS kernel-ec2-3.12.61-52.125.1 kernel-ec2-devel-3.12.61-52.125.1 kernel-ec2-extra-3.12.61-52.125.1 kernel-default-3.12.61-52.125.1 kernel-default-base-3.12.61-52.125.1 kernel-default-devel-3.12.61-52.125.1 kernel-default-man-3.12.61-52.125.1 kernel-devel-3.12.61-52.125.1 kernel-macros-3.12.61-52.125.1 kernel-source-3.12.61-52.125.1 kernel-syms-3.12.61-52.125.1 kernel-xen-3.12.61-52.125.1 kernel-xen-base-3.12.61-52.125.1 kernel-xen-devel-3.12.61-52.125.1 kgraft-patch-3_12_61-52_125-default-1-1.3.1 kgraft-patch-3_12_61-52_125-xen-1-1.3.1 kernel-ec2-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 kernel-ec2-devel-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 kernel-ec2-extra-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Module for Public Cloud 12 kernel-default-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-default-base-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-default-devel-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-default-man-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-devel-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-macros-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-source-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-syms-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-xen-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-xen-base-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Server 12-LTSS kernel-xen-devel-3.12.61-52.125.1 as a component of SUSE Linux Enterprise Server 12-LTSS kgraft-patch-3_12_61-52_125-default-1-1.3.1 as a component of SUSE Linux Enterprise Server 12-LTSS kgraft-patch-3_12_61-52_125-xen-1-1.3.1 as a component of SUSE Linux Enterprise Server 12-LTSS The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver. CVE-2016-7915 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 important 4.7 AV:L/AC:H/Au:N/C:P/I:N/A:C 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2016-7915.html CVE-2016-7915 https://bugzilla.suse.com/1010470 SUSE Bug 1010470 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition. CVE-2017-12190 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 important 5 AV:A/AC:L/Au:M/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-12190.html CVE-2017-12190 https://bugzilla.suse.com/1062568 SUSE Bug 1062568 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167. CVE-2017-13166 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-13166.html CVE-2017-13166 https://bugzilla.suse.com/1072865 SUSE Bug 1072865 https://bugzilla.suse.com/1074488 SUSE Bug 1074488 https://bugzilla.suse.com/1085447 SUSE Bug 1085447 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call. CVE-2017-15299 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 important 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-15299.html CVE-2017-15299 https://bugzilla.suse.com/1063416 SUSE Bug 1063416 The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device. CVE-2017-16644 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 moderate 4.7 AV:L/AC:M/Au:N/C:N/I:N/A:C 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-16644.html CVE-2017-16644 https://bugzilla.suse.com/1067118 SUSE Bug 1067118 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 https://bugzilla.suse.com/1146519 SUSE Bug 1146519 The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP. CVE-2017-16911 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 important 1.9 AV:L/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-16911.html CVE-2017-16911 https://bugzilla.suse.com/1078674 SUSE Bug 1078674 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet. CVE-2017-16912 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-16912.html CVE-2017-16912 https://bugzilla.suse.com/1078673 SUSE Bug 1078673 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet. CVE-2017-16913 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 moderate 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-16913.html CVE-2017-16913 https://bugzilla.suse.com/1078672 SUSE Bug 1078672 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet. CVE-2017-16914 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-16914.html CVE-2017-16914 https://bugzilla.suse.com/1078669 SUSE Bug 1078669 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action. CVE-2017-18017 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 moderate 10 AV:N/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-18017.html CVE-2017-18017 https://bugzilla.suse.com/1074488 SUSE Bug 1074488 https://bugzilla.suse.com/1080255 SUSE Bug 1080255 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 https://bugzilla.suse.com/971126 SUSE Bug 971126 The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests. CVE-2017-18204 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 important 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-18204.html CVE-2017-18204 https://bugzilla.suse.com/1083244 SUSE Bug 1083244 The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping. CVE-2017-18208 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-18208.html CVE-2017-18208 https://bugzilla.suse.com/1083494 SUSE Bug 1083494 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls. CVE-2017-18221 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 important 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2017-18221.html CVE-2017-18221 https://bugzilla.suse.com/1084323 SUSE Bug 1084323 The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery. CVE-2018-1066 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 important 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2018-1066.html CVE-2018-1066 https://bugzilla.suse.com/1083640 SUSE Bug 1083640 A flaw was found in the Linux 4.x kernel's implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory. CVE-2018-1068 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2018-1068.html CVE-2018-1068 https://bugzilla.suse.com/1085107 SUSE Bug 1085107 https://bugzilla.suse.com/1085114 SUSE Bug 1085114 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1123903 SUSE Bug 1123903 In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c). CVE-2018-5332 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 low 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2018-5332.html CVE-2018-5332 https://bugzilla.suse.com/1075621 SUSE Bug 1075621 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 https://bugzilla.suse.com/1115893 SUSE Bug 1115893 In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference. CVE-2018-5333 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 low 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2018-5333.html CVE-2018-5333 https://bugzilla.suse.com/1075617 SUSE Bug 1075617 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value. CVE-2018-6927 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2018-6927.html CVE-2018-6927 https://bugzilla.suse.com/1080757 SUSE Bug 1080757 https://bugzilla.suse.com/1091815 SUSE Bug 1091815 The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user. CVE-2018-7566 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1 SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1 SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/ https://www.suse.com/security/cve/CVE-2018-7566.html CVE-2018-7566 https://bugzilla.suse.com/1083483 SUSE Bug 1083483 https://bugzilla.suse.com/1083488 SUSE Bug 1083488 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 https://bugzilla.suse.com/1091815 SUSE Bug 1091815