| Description: | Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:3689-1 advisory.
Vulnerability Insight:
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.162 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-14633: A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. (bnc#1107829).
- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).
- CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).
- CVE-2018-18690: A local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by triggering an unchecked error condition during an xfs attribute change, because xfs_attr_shortform_addname in fs/xfs/libxfs/xfs_attr.c mishandled ATTR_REPLACE operations with conversion of an attr from short to long form (bnc#1105025).
- CVE-2018-18710: An issue was discovered in the Linux kernel An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).
- CVE-2018-9516: A lack of certain checks in the hid_debug_events_read() function in the drivers/hid/hid-debug.c file might have resulted in receiving userspace buffer overflow and an out-of-bounds write or to the infinite loop. (bnc#1108498).
The following non-security bugs were fixed:
- 6lowpan: iphc: reset mac_header after decompress to fix panic (bnc#1012382).
- alsa: bebob: use address returned by kmalloc() instead of kernel stack for streaming DMA mapping (bnc#1012382).
- alsa: emu10k1: fix possible info leak to userspace on SNDRV_EMU10K1_IOCTL_INFO (bnc#1012382).
- alsa: hda: Add AZX_DCAPS_PM_RUNTIME for AMD Raven Ridge (bnc#1012382).
- alsa: hda - Fix cancel_work_sync() stall ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Desktop 12-SP3, SUSE Linux Enterprise Server 12-SP3, SUSE Linux Enterprise Server for SAP Applications 12-SP3.
Solution:
Please install the updated package(s).
CVSS Score:
8.3
CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:C
|
