| Description: | Summary:
The remote host is missing an update for the 'kernel'
package(s) announced via the openSUSE-SU-2018:3817-1 advisory.
Vulnerability Insight:
The openSUSE Leap 42.3 kernel was
updated to 4.4.162 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping
pagetable locks. If a syscall such as ftruncate() removes entries from
the pagetables of a task that is in the middle of mremap(), a stale TLB
entry can remain for a short time that permits access to a physical page
after it has been released back to the page allocator and reused.
(bnc#1113769).
- CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
drivers/cdrom/cdrom.c could be used by local attackers to read kernel
memory because a cast from unsigned long to int interferes with bounds
checking. This is similar to CVE-2018-10940 and CVE-2018-16658
(bnc#1113751).
- CVE-2018-18690: A local attacker able to set attributes on an xfs
filesystem could make this filesystem non-operational until the next
mount by triggering an unchecked error condition during an xfs attribute
change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c
mishandled ATTR_REPLACE operations with conversion of an attr from short
to long form (bnc#1105025).
- CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
able to access pseudo terminals) to hang/block further usage of any
pseudo terminal devices due to an EXTPROC versus ICANON confusion in
TIOCINQ (bnc#1094825).
- CVE-2018-9516: A lack of certain checks in the hid_debug_events_read()
function in the drivers/hid/hid-debug.c file might have resulted in
receiving userspace buffer overflow and an out-of-bounds write or to the
infinite loop. (bnc#1108498).
The following non-security bugs were fixed:
- 6lowpan: iphc: reset mac_header after decompress to fix panic
(bnc#1012382).
- Add azure kernel description.
- Add bug reference to
patches.suse/x86-entry-64-use-a-per-cpu-trampoline-stack-fix1.patch
- Add graphviz to buildreq for image conversion
- Add reference to bsc#1104124 to
patches.fixes/fs-aio-fix-the-increment-of-aio-nr-and-counting-agai.patch
- ALSA: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bnc#1012382).
- ALSA: hda/realtek - Cannot adjust speaker's volume on Dell XPS 27 7760
(bnc#1012382).
- apparmor: remove no-op permission check in policy_unpack (git-fixes).
- ARC: build: Get rid of toolchain check (bnc#1012382).
- ARC: clone syscall to setp r25 as thread pointer (bnc#1012382).
- arch/hexagon: fix kernel/dma.c build warning (bnc#1012382).
- arch-symbols: use bash as interpreter since the script uses bashism.
...
Description truncated, please see the referenced URL(s) for more information.
Affected Software/OS:
the on openSUSE Leap 42.3.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
