| Description: | Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2019:0224-1 advisory.
Vulnerability Insight:
The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.
This update brings following features:
Support for Enhanced-IBRS on new Intel CPUs (fate#326564)
The following security bugs were fixed:
CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
corruption due to type confusion. This could lead to local escalation of
privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. (bnc#1118319).
CVE-2018-12232: In net/socket.c there is a race condition between
fchownat and close in cases where they target the same socket file
descriptor, related to the sock_close and sockfs_setattr functions.
fchownat did not increment the file descriptor reference count, which
allowed close to set the socket to NULL during fchownat's execution,
leading to a NULL pointer dereference and system crash (bnc#1097593).
CVE-2018-14625: A flaw was found where an attacker may be able to have
an uncontrolled read to kernel-memory from within a vm guest. A race
condition between connect() and close() function may allow an attacker
using the AF_VSOCK protocol to gather a 4 byte information leak or
possibly intercept or corrupt AF_VSOCK messages destined to other
clients (bnc#1106615).
CVE-2018-16862: A security flaw was found in the way that the cleancache
subsystem clears an inode after the final file truncation (removal). The
new file created with the same inode may contain leftover pages from
cleancache and the old file data instead of the new one (bnc#1117186).
CVE-2018-16884: NFS41+ shares mounted in different network namespaces at
the same time can make bc_svc_process() use wrong back-channel IDs and
cause a use-after-free vulnerability. Thus a malicious container user
can cause a host kernel memory corruption and a system panic. Due to the
nature of the flaw, privilege escalation cannot be fully ruled out
(bnc#1119946).
CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping
pagetable locks. If a syscall such as ftruncate() removes entries from
the pagetables of a task that is in the middle of mremap(), a stale TLB
entry can remain for a short time that permits access to a physical page
after it has been released back to the page allocator and reused.
(bnc#1113769).
CVE-2018-18397: The userfaultfd implementation mishandled access control
for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users
to write data into holes in a tmpfs file (if the user has read-only
access to that file, and that file contains holes), related to
fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).
CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
drivers/cdrom/cdrom.c could be used by local attackers to read kernel
memory because a cast from unsigned long to int interferes with bounds
checking. This is similar to CVE-2018-10940 and ... [Please see the references for more information on the vulnerabilities]
Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise High Availability 15, SUSE Linux Enterprise Module for Basesystem 15, SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Module for Legacy Software 15, SUSE Linux Enterprise Module for Live Patching 15, SUSE Linux Enterprise Module for Open Buildservice Development Tools 15, SUSE Linux Enterprise Workstation Extension 15.
Solution:
Please install the updated package(s).
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
