| Description: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the openSUSE-SU-2018:3658-1 advisory.
Vulnerability Insight:
The openSUSE Leap 15.0 kernel was updated to receive various security and
bugfixes.
The following security bugs were fixed:
- CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
drivers/cdrom/cdrom.c could be used by local attackers to read kernel
memory because a cast from unsigned long to int interferes with bounds
checking. This is similar to CVE-2018-10940 and CVE-2018-16658
(bnc#1113751).
- CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier
permitted out-of-bounds memory accesses because
adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit
right shifts (bnc#1112372).
- CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
able to access pseudo terminals) to hang/block further usage of any
pseudo terminal devices due to an EXTPROC versus ICANON confusion in
TIOCINQ (bnc#1094825).
- CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and
consequently has a race condition for access to the extent tree during
read operations in DIRECT mode, which allowed local users to cause a
denial of service (BUG) by modifying a certain e_cpos field
(bnc#1084831).
- CVE-2017-16533: The usbhid_parse function in
drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of
service (out-of-bounds read and system crash) or possibly have
unspecified other impact via a crafted USB device (bnc#1066674).
The following non-security bugs were fixed:
- acpi / processor: Fix the return value of acpi_processor_ids_walk()
(bsc#1051510).
- aio: fix io_destroy(2) vs. lookup_ioctx() race (git-fixes).
- alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510).
- alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905)
(bsc#1051510).
- alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510).
- alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510).
- alsa: hda: fix unused variable warning (bsc#1051510).
- alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715
(bsc#1051510).
- alsa: usb-audio: update quirk for B& W PX to remove microphone
(bsc#1051510).
- apparmor: Check buffer bounds when mapping permissions mask (git-fixes).
- ASoC: intel: skylake: Add missing break in skl_tplg_get_token()
(bsc#1051510).
- ASoC: Intel: Skylake: Reset the controller in probe (bsc#1051510).
- ASoC: rsnd: adg: care clock-frequency size (bsc#1051510).
- ASoC: rsnd: do not fallback to PIO mode when -EPROBE_DEFER (bsc#1051510).
- ASoC: rt5514: Fix the issue of the delay volume applied again
(bsc#1051510).
- ASoC: ...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
the on openSUSE Leap 15.0.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
