ID CVE-2018-1000004
Summary In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.
References
Vulnerable Configurations
  • Linux Kernel 2.6.0
    cpe:2.3:o:linux:linux_kernel:2.6.0
  • Linux Kernel 3.10
    cpe:2.3:o:linux:linux_kernel:3.10
  • Linux Kernel 4.12
    cpe:2.3:o:linux:linux_kernel:4.12
CVSS
Base: 7.1
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3798-1.NASL
    description Dmitry Vyukov discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is negatively instantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2015-8539) It was discovered that a use-after-free vulnerability existed in the device driver for XCeive xc2028/xc3028 tuners in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2016-7913) Pengfei Ding (Ding Peng Fei ), Chenfu Bao (Bao Chen Fu ), and Lenx Wei (Wei Tao ) discovered a race condition in the generic SCSI driver (sg) of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0794) Eric Biggers discovered that the key management subsystem in the Linux kernel did not properly restrict adding a key that already exists but is uninstantiated. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15299) It was discovered that a NULL pointer dereference could be triggered in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18216) Luo Quan and Wei Yang discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system deadlock). (CVE-2018-1000004) Fan Long Fei discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel that could lead to a use- after-free or an out-of-bounds buffer access. A local attacker with access to /dev/snd/seq could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7566) It was discovered that a buffer overflow existed in the NFC Logical Link Control Protocol (llcp) implementation in the Linux kernel. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-9518). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 118329
    published 2018-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=118329
    title Ubuntu 14.04 LTS : linux vulnerabilities (USN-3798-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3631-1.NASL
    description It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2017-13305) It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16538) Luo Quan and Wei Yang discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system deadlock). (CVE-2018-1000004) Wang Qize discovered that an information disclosure vulnerability existed in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2018-5750) Fan Long Fei discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel that could lead to a use-after-free or an out-of-bounds buffer access. A local attacker with access to /dev/snd/seq could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7566). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109314
    published 2018-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109314
    title Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3631-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1055.NASL
    description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.(CVE-2018-1000004) - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.(CVE-2018-5750) - A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.(CVE-2017-15129) - In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.(CVE-2018-5344) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 108459
    published 2018-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108459
    title EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1055)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-153.NASL
    description The openSUSE Leap 42.3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928). - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a 'pointer leak (bnc#1073928). - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel had a race condition in inet->hdrincl that lead to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229 1073230). - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel The function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2018-1000004: In the Linux kernel versions a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The following non-security bugs were fixed : - 509: fix printing uninitialized stack memory when OID is empty (bsc#1075078). - 8021q: fix a memory leak for VLAN 0 device (bnc#1012382). - acpi / scan: Prefer devices without _HID/_CID for _ADR matching (bnc#1012382). - af_key: fix buffer overread in parse_exthdrs() (bnc#1012382). - af_key: fix buffer overread in verify_address_len() (bnc#1012382). - afs: Adjust mode bits processing (bnc#1012382). - afs: Connect up the CB.ProbeUuid (bnc#1012382). - afs: Fix afs_kill_pages() (bnc#1012382). - afs: Fix missing put_page() (bnc#1012382). - afs: Fix page leak in afs_write_begin() (bnc#1012382). - afs: Fix the maths in afs_fs_store_data() (bnc#1012382). - afs: Flush outstanding writes when an fd is closed (bnc#1012382). - afs: Migrate vlocation fields to 64-bit (bnc#1012382). - afs: Populate and use client modification time (bnc#1012382). - afs: Populate group ID from vnode status (bnc#1012382). - afs: Prevent callback expiry timer overflow (bnc#1012382). - alpha: fix build failures (bnc#1012382). - alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1031717). - alsa: aloop: Fix racy hw constraints adjustment (bsc#1031717). - alsa: aloop: Release cable upon open error path (bsc#1031717). - alsa: hda - Apply headphone noise quirk for another Dell XPS 13 variant (bsc#1031717). - alsa: hda - Apply the existing quirk to iMac 14,1 (bsc#1031717). - alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1031717). - alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1031717). - alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1031717). - alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1031717). - alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1031717). - arc: uaccess: dont use 'l' gcc inline asm constraint modifier (bnc#1012382). - arm64: Add skeleton to harden the branch predictor against aliasing attacks (bsc#1068032). - arm64: Add trace_hardirqs_off annotation in ret_to_user (bsc#1068032). - arm64: Branch predictor hardening for Cavium ThunderX2 (bsc#1068032). - arm64/cpufeature: do not use mutex in bringup path (bsc#1068032). - arm64: cpufeature: Pass capability structure to ->enable callback (bsc#1068032). - arm64: cputype: Add MIDR values for Cavium ThunderX2 CPUs (bsc#1068032). - arm64: cputype: Add missing MIDR values for Cortex-A72 and Cortex-A75 (bsc#1068032). - arm64: debug: remove unused local_dbg_{enable, disable} macros (bsc#1068032). - arm64: Define cputype macros for Falkor CPU (bsc#1068032). - arm64: Disable TTBR0_EL1 during normal kernel execution (bsc#1068032). - arm64: Do not force KPTI for CPUs that are not vulnerable (bsc#1076187). - arm64: do not pull uaccess.h into *.S (bsc#1068032). - arm64: Enable CONFIG_ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: entry: Add exception trampoline page for exceptions from EL0 (bsc#1068032). - arm64: entry: Add fake CPU feature for unmapping the kernel at EL0 (bsc#1068032). - arm64: entry: Explicitly pass exception level to kernel_ventry macro (bsc#1068032). - arm64: entry: Hook up entry trampoline to exception vectors (bsc#1068032). - arm64: entry: remove pointless SPSR mode check (bsc#1068032). - arm64: entry.S convert el0_sync (bsc#1068032). - arm64: entry.S: convert el1_sync (bsc#1068032). - arm64: entry.S: convert elX_irq (bsc#1068032). - arm64: entry.S: move SError handling into a C function for future expansion (bsc#1068032). - arm64: entry.S: Remove disable_dbg (bsc#1068032). - arm64: erratum: Work around Falkor erratum #E1003 in trampoline code (bsc#1068032). - arm64: explicitly mask all exceptions (bsc#1068032). - arm64: factor out entry stack manipulation (bsc#1068032). - arm64: factor out PAGE_* and CONT_* definitions (bsc#1068032). - arm64: Factor out PAN enabling/disabling into separate uaccess_* macros (bsc#1068032). - arm64: Factor out TTBR0_EL1 post-update workaround into a specific asm macro (bsc#1068032). - arm64: factor work_pending state machine to C (bsc#1068032). - arm64: fpsimd: Prevent registers leaking from dead tasks (bnc#1012382). - arm64: Handle el1 synchronous instruction aborts cleanly (bsc#1068032). - arm64: Handle faults caused by inadvertent user access with PAN enabled (bsc#1068032). - arm64: head.S: get rid of x25 and x26 with 'global' scope (bsc#1068032). - arm64: Implement branch predictor hardening for affected Cortex-A CPUs (bsc#1068032). - arm64: Implement branch predictor hardening for Falkor (bsc#1068032). - arm64: Initialise high_memory global variable earlier (bnc#1012382). - arm64: introduce an order for exceptions (bsc#1068032). - arm64: introduce mov_q macro to move a constant into a 64-bit register (bsc#1068032). - arm64: Introduce uaccess_{disable,enable} functionality based on TTBR0_EL1 (bsc#1068032). - arm64: kaslr: Put kernel vectors address in separate data page (bsc#1068032). - arm64: Kconfig: Add CONFIG_UNMAP_KERNEL_AT_EL0 (bsc#1068032). - arm64: Kconfig: Reword UNMAP_KERNEL_AT_EL0 kconfig entry (bsc#1068032). - arm64: kill ESR_LNX_EXEC (bsc#1068032). - arm64: kpti: Fix the interaction between ASID switching and software PAN (bsc#1068032). - arm64: KVM: Fix SMCCC handling of unimplemented SMC/HVC calls (bsc#1076232). - arm64: KVM: fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm64: KVM: Make PSCI_VERSION a fast path (bsc#1068032). - arm64: KVM: Use per-CPU vector when BP hardening is enabled (bsc#1068032). - arm64: Mask all exceptions during kernel_exit (bsc#1068032). - arm64: mm: Add arm64_kernel_unmapped_at_el0 helper (bsc#1068032). - arm64: mm: Allocate ASIDs in pairs (bsc#1068032). - arm64: mm: Fix and re-enable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: hardcode rodata=true (bsc#1068032). - arm64: mm: Introduce TTBR_ASID_MASK for getting at the ASID in the TTBR (bsc#1068032). - arm64: mm: Invalidate both kernel and user ASIDs when performing TLBI (bsc#1068032). - arm64: mm: Map entry trampoline into trampoline and kernel page tables (bsc#1068032). - arm64: mm: Move ASID from TTBR0 to TTBR1 (bsc#1068032). - arm64: mm: Remove pre_ttbr0_update_workaround for Falkor erratum #E1003 (bsc#1068032). - arm64: mm: Rename post_ttbr0_update_workaround (bsc#1068032). - arm64: mm: Temporarily disable ARM64_SW_TTBR0_PAN (bsc#1068032). - arm64: mm: Use non-global mappings for kernel space (bsc#1068032). - arm64: Move BP hardening to check_and_switch_context (bsc#1068032). - arm64: Move post_ttbr_update_workaround to C code (bsc#1068032). - arm64: Move the async/fiq helpers to explicitly set process context flags (bsc#1068032). - arm64: SW PAN: Point saved ttbr0 at the zero page when switching to init_mm (bsc#1068032). - arm64: SW PAN: Update saved ttbr0 value on enter_lazy_tlb (bsc#1068032). - arm64: swp emulation: bound LL/SC retries before rescheduling (bsc#1068032). - arm64: sysreg: Fix unprotected macro argmuent in write_sysreg (bsc#1068032). - arm64: Take into account ID_AA64PFR0_EL1.CSV3 (bsc#1068032). - arm64: thunderx2: remove branch predictor hardening References: bsc#1076232 This causes undefined instruction abort on the smc call from guest kernel. Disable until kvm is fixed. - arm64: tls: Avoid unconditional zeroing of tpidrro_el0 for native tasks (bsc#1068032). - arm64: Turn on KPTI only on CPUs that need it (bsc#1076187). - arm64: use alternative auto-nop (bsc#1068032). - arm64: use RET instruction for exiting the trampoline (bsc#1068032). - arm64: xen: Enable user access before a privcmd hvc call (bsc#1068032). - arm/arm64: KVM: Make default HYP mappings non-excutable (bsc#1068032). - arm: avoid faulting on qemu (bnc#1012382). - arm: BUG if jumping to usermode address in kernel mode (bnc#1012382). - arm-ccn: perf: Prevent module unload while PMU is in use (bnc#1012382). - arm: dma-mapping: disallow dma_get_sgtable() for non-kernel managed memory (bnc#1012382). - arm: dts: am335x-evmsk: adjust mmc2 param to allow suspend (bnc#1012382). - arm: dts: kirkwood: fix pin-muxing of MPP7 on OpenBlocks A7 (bnc#1012382). - arm: dts: ti: fix PCI bus dtc warnings (bnc#1012382). - arm: kprobes: Align stack to 8-bytes in test code (bnc#1012382). - arm: kprobes: Fix the return address of multiple kretprobes (bnc#1012382). - arm: KVM: Fix VTTBR_BADDR_MASK BUG_ON off-by-one (bnc#1012382). - arm: OMAP1: DMA: Correct the number of logical channels (bnc#1012382). - arm: OMAP2+: Fix device node reference counts (bnc#1012382). - arm: OMAP2+: gpmc-onenand: propagate error on initialization failure (bnc#1012382). - arm: OMAP2+: Release device node after it is no longer needed (bnc#1012382). - asm-prototypes: Clear any CPP defines before declaring the functions (git-fixes). - asn.1: check for error from ASN1_OP_END__ACT actions (bnc#1012382). - asn.1: fix out-of-bounds read when parsing indefinite length item (bnc#1012382). - ath9k: fix tx99 potential info leak (bnc#1012382). - atm: horizon: Fix irq release error (bnc#1012382). - audit: ensure that 'audit=1' actually enables audit for PID 1 (bnc#1012382). - axonram: Fix gendisk handling (bnc#1012382). - backlight: pwm_bl: Fix overflow condition (bnc#1012382). - bcache: add a comment in journal bucket reading (bsc#1076110). - bcache: Avoid nested function definition (bsc#1076110). - bcache: bch_allocator_thread() is not freezable (bsc#1076110). - bcache: bch_writeback_thread() is not freezable (bsc#1076110). - bcache: check return value of register_shrinker (bsc#1076110). - bcache: documentation formatting, edited for clarity, stripe alignment notes (bsc#1076110). - bcache: documentation updates and corrections (bsc#1076110). - bcache: Do not reinvent the wheel but use existing llist API (bsc#1076110). - bcache: do not write back data if reading it failed (bsc#1076110). - bcache: explicitly destroy mutex while exiting (bnc#1012382). - bcache: fix a comments typo in bch_alloc_sectors() (bsc#1076110). - bcache: fix sequential large write IO bypass (bsc#1076110). - bcache: fix wrong cache_misses statistics (bnc#1012382). - bcache: gc does not work when triggering by manual command (bsc#1076110, bsc#1038078). - bcache: implement PI controller for writeback rate (bsc#1076110). - bcache: increase the number of open buckets (bsc#1076110). - bcache: only permit to recovery read error when cache device is clean (bnc#1012382 bsc#1043652). - bcache: partition support: add 16 minors per bcacheN device (bsc#1076110, bsc#1019784). - bcache: rearrange writeback main thread ratelimit (bsc#1076110). - bcache: recover data from backing when data is clean (bnc#1012382 bsc#1043652). - bcache: Remove redundant set_capacity (bsc#1076110). - bcache: remove unused parameter (bsc#1076110). - bcache: rewrite multiple partitions support (bsc#1076110, bsc#1038085). - bcache: safeguard a dangerous addressing in closure_queue (bsc#1076110). - bcache: silence static checker warning (bsc#1076110). - bcache: smooth writeback rate control (bsc#1076110). - bcache.txt: standardize document format (bsc#1076110). - bcache: update bio->bi_opf bypass/writeback REQ_ flag hints (bsc#1076110). - bcache: update bucket_in_use in real time (bsc#1076110). - bcache: Update continue_at() documentation (bsc#1076110). - bcache: use kmalloc to allocate bio in bch_data_verify() (bsc#1076110). - bcache: use llist_for_each_entry_safe() in __closure_wake_up() (bsc#1076110). - bcache: writeback rate clamping: make 32 bit safe (bsc#1076110). - bcache: writeback rate shouldn't artifically clamp (bsc#1076110). - be2net: restore properly promisc mode after queues reconfiguration (bsc#963844 FATE#320192). - block: wake up all tasks blocked in get_request() (bnc#1012382). - bluetooth: btusb: driver to enable the usb-wakeup feature (bnc#1012382). - bnx2x: do not rollback VF MAC/VLAN filters we did not configure (bnc#1012382). - bnx2x: fix possible overrun of VFPF multicast addresses array (bnc#1012382). - bnx2x: prevent crash when accessing PTP with interface down (bnc#1012382). - btrfs: add missing memset while reading compressed inline extents (bnc#1012382). - can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: af_can: can_rcv(): replace WARN_ONCE by pr_warn_once (bnc#1012382). - can: ems_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: esd_usb2: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: gs_usb: fix return value of the 'set_bittiming' callback (bnc#1012382). - can: kvaser_usb: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - can: kvaser_usb: Fix comparison bug in kvaser_usb_read_bulk_callback() (bnc#1012382). - can: kvaser_usb: free buf in error paths (bnc#1012382). - can: kvaser_usb: ratelimit errors if incomplete messages are received (bnc#1012382). - can: peak: fix potential bug in packet fragmentation (bnc#1012382). - can: ti_hecc: Fix napi poll return value for repoll (bnc#1012382). - can: usb_8dev: cancel urb on -EPIPE and -EPROTO (bnc#1012382). - cdc-acm: apply quirk for card reader (bsc#1060279). - cdrom: factor out common open_for_* code (bsc#1048585). - cdrom: wait for tray to close (bsc#1048585). - ceph: more accurate statfs (bsc#1077068). - clk: imx6: refine hdmi_isfr's parent to make HDMI work on i.MX6 SoCs w/o VPU (bnc#1012382). - clk: mediatek: add the option for determining PLL source clock (bnc#1012382). - clk: tegra: Fix cclk_lp divisor register (bnc#1012382). - config: arm64: enable HARDEN_BRANCH_PREDICTOR - config: arm64: enable UNMAP_KERNEL_AT_EL0 - cpuidle: fix broadcast control when broadcast can not be entered (bnc#1012382). - cpuidle: powernv: Pass correct drv->cpumask for registration (bnc#1012382). - cpuidle: Validate cpu_dev in cpuidle_add_sysfs() (bnc#1012382). - crypto: algapi - fix NULL dereference in crypto_remove_spawns() (bnc#1012382). - crypto: chacha20poly1305 - validate the digest size (bnc#1012382). - crypto: chelsio - select CRYPTO_GF128MUL (bsc#1048325). - crypto: crypto4xx - increase context and scatter ring buffer elements (bnc#1012382). - crypto: deadlock between crypto_alg_sem/rtnl_mutex/genl_mutex (bnc#1012382). - crypto: mcryptd - protect the per-CPU queue with a lock (bnc#1012382). - crypto: n2 - cure use after free (bnc#1012382). - crypto: pcrypt - fix freeing pcrypt instances (bnc#1012382). - crypto: s5p-sss - Fix completing crypto request in IRQ handler (bnc#1012382). - crypto: tcrypt - fix buffer lengths in test_aead_speed() (bnc#1012382). - cxl: Check if vphb exists before iterating over AFU devices (bsc#1066223). - dax: Pass detailed error code from __dax_fault() (bsc#1072484). - dccp: do not restart ccid2_hc_tx_rto_expire() if sk in closed state (bnc#1012382). - delay: add poll_event_interruptible (bsc#1048585). - dlm: fix malfunction of dlm_tool caused by debugfs changes (bsc#1077704). - dmaengine: dmatest: move callback wait queue to thread context (bnc#1012382). - dmaengine: Fix array index out of bounds warning in __get_unmap_pool() (bnc#1012382). - dmaengine: pl330: fix double lock (bnc#1012382). - dmaengine: ti-dma-crossbar: Correct am335x/am43xx mux value type (bnc#1012382). - dm btree: fix serious bug in btree_split_beneath() (bnc#1012382). - dm bufio: fix shrinker scans when (nr_to_scan < retain_target) (bnc#1012382). - dm thin metadata: THIN_MAX_CONCURRENT_LOCKS should be 6 (bnc#1012382). - drivers/firmware: Expose psci_get_version through psci_ops structure (bsc#1068032). - drm/amd/amdgpu: fix console deadlock if late init failed (bnc#1012382). - drm: extra printk() wrapper macros (bnc#1012382). - drm/exynos/decon5433: set STANDALONE_UPDATE_F on output enablement (bnc#1012382). - drm/exynos: gem: Drop NONCONTIG flag for buffers allocated without IOMMU (bnc#1012382). - drm/omap: fix dmabuf mmap for dma_alloc'ed buffers (bnc#1012382). - drm/radeon: reinstate oland workaround for sclk (bnc#1012382). - drm/radeon/si: add dpm quirk for Oland (bnc#1012382). - drm/vmwgfx: Potential off by one in vmw_view_add() (bnc#1012382). - dynamic-debug-howto: fix optional/omitted ending line number to be LARGE instead of 0 (bnc#1012382). - edac, i5000, i5400: Fix definition of NRECMEMB register (bnc#1012382). - edac, i5000, i5400: Fix use of MTR_DRAM_WIDTH macro (bnc#1012382). - edac, sb_edac: Fix missing break in switch (bnc#1012382). - efi/esrt: Cleanup bad memory map log messages (bnc#1012382). - efi: Move some sysfs files to be read-only by root (bnc#1012382). - eventpoll.h: add missing epoll event masks (bnc#1012382). - ext4: fix crash when a directory's i_size is too small (bnc#1012382). - ext4: Fix ENOSPC handling in DAX page fault handle (bsc#1072484). - ext4: fix fdatasync(2) after fallocate(2) operation (bnc#1012382). - fbdev: controlfb: Add missing modes to fix out of bounds access (bnc#1012382). - Fix build error in vma.c (bnc#1012382). - Fixup hang when calling 'nvme list' on all paths down (bsc#1070052). - fjes: Fix wrong netdevice feature flags (bnc#1012382). - flow_dissector: properly cap thoff field (bnc#1012382). - fm10k: ensure we process SM mbx when processing VF mbx (bnc#1012382). - fork: clear thread stack upon allocation (bsc#1077560). - fscache: Fix the default for fscache_maybe_release_page() (bnc#1012382). - futex: Prevent overflow by strengthen input validation (bnc#1012382). - gcov: disable for COMPILE_TEST (bnc#1012382). - gfs2: Take inode off order_write list when setting jdata flag (bnc#1012382). - gpio: altera: Use handle_level_irq when configured as a level_high (bnc#1012382). - hid: chicony: Add support for another ASUS Zen AiO keyboard (bnc#1012382). - hid: xinmo: fix for out of range for THT 2P arcade controller (bnc#1012382). - hrtimer: Reset hrtimer cpu base proper on CPU hotplug (bnc#1012382). - hv: kvp: Avoid reading past allocated blocks from KVP file (bnc#1012382). - hwmon: (asus_atk0110) fix uninitialized data access (bnc#1012382). - i40iw: Account for IPv6 header when setting MSS (bsc#1024376 FATE#321249). - i40iw: Allocate a sdbuf per CQP WQE (bsc#1024376 FATE#321249). - i40iw: Cleanup AE processing (bsc#1024376 FATE#321249). - i40iw: Clear CQP Head/Tail during initialization (bsc#1024376 FATE#321249). - i40iw: Correct ARP index mask (bsc#1024376 FATE#321249). - i40iw: Correct Q1/XF object count equation (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Do not allow posting WR after QP is flushed (bsc#1024376 FATE#321249). - i40iw: Do not free sqbuf when event is I40IW_TIMER_TYPE_CLOSE (bsc#1024376 FATE#321249). - i40iw: Do not generate CQE for RTR on QP flush (bsc#1024376 FATE#321249). - i40iw: Do not retransmit MPA request after it is ACKed (bsc#1024376 FATE#321249). - i40iw: Fixes for static checker warnings (bsc#1024376 FATE#321249). - i40iw: Fix sequence number for the first partial FPDU (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Fix the connection ORD value for loopback (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Ignore AE source field in AEQE for some AEs (bsc#1024376 FATE#321249). - i40iw: Move cqp_cmd_head init to CQP initialization (bsc#1024376 FATE#321249). - i40iw: Move exception_lan_queue to VSI structure (bsc#1024376 FATE#321249). - i40iw: Move MPA request event for loopback after connect (bsc#1024376 FATE#321249). - i40iw: Notify user of established connection after QP in RTS (bsc#1024376 FATE#321249). - i40iw: Reinitialize IEQ on MTU change (bsc#1024376 FATE#321249). - i40iw: Remove limit on re-posting AEQ entries to HW (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - i40iw: Selectively teardown QPs on IP addr change event (bsc#1024376 FATE#321249). - i40iw: Validate correct IRD/ORD connection parameters (bsc#969476 FATE#319648 bsc#969477 FATE#319816). - ib/hfi1: Fix misspelling in comment (bsc#973818, fate#319242). - ib/hfi1: Prevent kernel QP post send hard lockups (bsc#973818 FATE#319242). - ib/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush (git-fixes). - ib/ipoib: Fix race condition in neigh creation (bsc#1022595 FATE#322350). - ib/ipoib: Grab rtnl lock on heavy flush when calling ndo_open/stop (bnc#1012382). - ib/mlx4: Increase maximal message size under UD QP (bnc#1012382). - ib/mlx5: Assign send CQ and recv CQ of UMR QP (bnc#1012382). - ib/mlx5: Serialize access to the VMA list (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - ibmvnic: Allocate and request vpd in init_resources (bsc#1076872). - ibmvnic: Do not handle RX interrupts when not up (bsc#1075066). - ibmvnic: fix firmware version when no firmware level has been provided by the VIOS server (bsc#1079038). - ibmvnic: Fix IP offload control buffer (bsc#1076899). - ibmvnic: Fix IPv6 packet descriptors (bsc#1076899). - ibmvnic: Fix pending MAC address changes (bsc#1075627). - ibmvnic: Modify buffer size and number of queues on failover (bsc#1076872). - ibmvnic: Revert to previous mtu when unsupported value requested (bsc#1076872). - ibmvnic: Wait for device response when changing MAC (bsc#1078681). - ib/qib: Fix comparison error with qperf compare/swap test (FATE#321231 FATE#321473). - ib/rdmavt: restore IRQs on error path in rvt_create_ah() (bsc#973818, fate#319242). - ib/srpt: Disable RDMA access by the initiator (bnc#1012382). - ib/srpt: Fix ACL lookup during login (bsc#1024296 FATE#321265). - igb: check memory allocation failure (bnc#1012382). - ima: fix hash algorithm initialization (bnc#1012382). - inet: frag: release spinlock before calling icmp_send() (bnc#1012382). - input: 88pm860x-ts - fix child-node lookup (bnc#1012382). - input: elantech - add new icbody type 15 (bnc#1012382). - input: i8042 - add TUXEDO BU1406 (N24_25BU) to the nomux list (bnc#1012382). - input: trackpoint - force 3 buttons if 0 button is reported (bnc#1012382). - input: twl4030-vibra - fix sibling-node lookup (bnc#1012382). - input: twl6040-vibra - fix child-node lookup (bnc#1012382). - input: twl6040-vibra - fix DT node memory management (bnc#1012382). - intel_th: pci: Add Gemini Lake support (bnc#1012382). - iommu/arm-smmu-v3: Do not free page table ops twice (bnc#1012382). - iommu/vt-d: Fix scatterlist offset handling (bnc#1012382). - ip6_gre: remove the incorrect mtu limit for ipgre tap (bsc#1022912 FATE#321246). - ip6_tunnel: disable dst caching if tunnel is dual-stack (bnc#1012382). - ipmi: Stop timers before cleaning up the module (bnc#1012382). - ipv4: Fix use-after-free when flushing FIB tables (bnc#1012382). - ipv4: igmp: guard against silly MTU values (bnc#1012382). - ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY (bnc#1012382). - ipv6: Fix getsockopt() for sockets with default IPV6_AUTOFLOWLABEL (bnc#1012382). - ipv6: fix possible mem leaks in ipv6_make_skb() (bnc#1012382). - ipv6: fix udpv6 sendmsg crash caused by too small MTU (bnc#1012382). - ipv6: ip6_make_skb() needs to clear cork.base.dst (git-fixes). - ipv6: mcast: better catch silly mtu values (bnc#1012382). - ipv6: reorder icmpv6_init() and ip6_mr_init() (bnc#1012382). - ipvlan: fix ipv6 outbound device (bnc#1012382). - ipvlan: remove excessive packet scrubbing (bsc#1070799). - irda: vlsi_ir: fix check for DMA mapping errors (bnc#1012382). - irqchip/crossbar: Fix incorrect type of register size (bnc#1012382). - iscsi_iser: Re-enable 'iser_pi_guard' module parameter (bsc#1062129). - iscsi-target: fix memory leak in lio_target_tiqn_addtpg() (bnc#1012382). - iscsi-target: Make TASK_REASSIGN use proper se_cmd->cmd_kref (bnc#1012382). - isdn: kcapi: avoid uninitialized data (bnc#1012382). - iser-target: Fix possible use-after-free in connection establishment error (FATE#321732). - iw_cxgb4: Only validate the MSN for successful completions (bnc#1012382). - ixgbe: fix use of uninitialized padding (bnc#1012382). - jump_label: Invoke jump_label_test() via early_initcall() (bnc#1012382). - kabi: Keep KVM stable after enable s390 wire up bpb feature (bsc#1076805). - kABI: protect struct bpf_map (kabi). - kABI: protect struct ipv6_pinfo (kabi). - kABI: protect struct t10_alua_tg_pt_gp (kabi). - kABI: protect struct usbip_device (kabi). - kabi/severities: arm64: ignore cpu capability array - kabi/severities: do not care about stuff_RSB - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kaiser: Set _PAGE_NX only if supported (bnc#1012382). - kbuild: add '-fno-stack-check' to kernel build options (bnc#1012382). - kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032). - kbuild: pkg: use --transform option to prefix paths in tar (bnc#1012382). - kdb: Fix handling of kallsyms_symbol_next() return value (bnc#1012382). - kernel/acct.c: fix the acct->needcheck check in check_free_space() (bnc#1012382). - kernel: make groups_sort calling a responsibility group_info allocators (bnc#1012382). - kernel/signal.c: protect the SIGNAL_UNKILLABLE tasks from !sig_kernel_only() signals (bnc#1012382). - kernel/signal.c: protect the traced SIGNAL_UNKILLABLE tasks from SIGKILL (bnc#1012382). - kernel/signal.c: remove the no longer needed SIGNAL_UNKILLABLE check in complete_signal() (bnc#1012382). - keys: add missing permission check for request_key() destination (bnc#1012382). - kprobes/x86: Disable preemption in ftrace-based jprobes (bnc#1012382). - kpti: Rename to PAGE_TABLE_ISOLATION (bnc#1012382). - kpti: Report when enabled (bnc#1012382). - kvm: Fix stack-out-of-bounds read in write_mmio (bnc#1012382). - kvm: nVMX: reset nested_run_pending if the vCPU is going to be reset (bnc#1012382). - kvm: nVMX: VMCLEAR should not cause the vCPU to shut down (bnc#1012382). - kvm: pci-assign: do not map smm memory slot pages in vt-d page tables (bnc#1012382). - kvm: s390: Enable all facility bits that are known good for passthrough (bsc#1076805). - kvm: s390: wire up bpb feature (bsc#1076805). - kvm: VMX: Fix enable VPID conditions (bnc#1012382). - kvm: VMX: remove I/O port 0x80 bypass on Intel hosts (bnc#1012382). - kvm: vmx: Scrub hardware GPRs at VM-exit (bnc#1012382 bsc#1068032). - kvm: x86: Add memory barrier on vmcs field lookup (bnc#1012382). - kvm: x86: correct async page present tracepoint (bnc#1012382). - kvm: X86: Fix load RFLAGS w/o the fixed bit (bnc#1012382). - kvm: x86: fix RSM when PCID is non-zero (bnc#1012382). - l2tp: cleanup l2tp_tunnel_delete calls (bnc#1012382). - lan78xx: Fix failure in USB Full Speed (bnc#1012382). - libata: apply MAX_SEC_1024 to all LITEON EP1 series devices (bnc#1012382). - libata: drop WARN from protocol error in ata_sff_qc_issue() (bnc#1012382). - lib/genalloc.c: make the avail variable an atomic_long_t (bnc#1012382). - macvlan: Only deliver one copy of the frame to the macvlan interface (bnc#1012382). - md: more open-coded offset_in_page() (bsc#1076110). - media: dvb: i2c transfers over usb cannot be done from stack (bnc#1012382). - mfd: cros ec: spi: Do not send first message too soon (bnc#1012382). - mfd: twl4030-audio: Fix sibling-node lookup (bnc#1012382). - mfd: twl6040: Fix child-node lookup (bnc#1012382). - mlxsw: reg: Fix SPVMLR max record count (bnc#1012382). - mlxsw: reg: Fix SPVM max record count (bnc#1012382). - mm: avoid returning VM_FAULT_RETRY from ->page_mkwrite handlers (bnc#1012382). - mmc: mediatek: Fixed bug where clock frequency could be set wrong (bnc#1012382). - mm: drop unused pmdp_huge_get_and_clear_notify() (bnc#1012382). - mm: Handle 0 flags in _calc_vm_trans() macro (bnc#1012382). - mm/mprotect: add a cond_resched() inside change_pmd_range() (bnc#1077871, bnc#1078002). - mm/vmstat: Make NR_TLB_REMOTE_FLUSH_RECEIVED available even on UP (bnc#1012382). - module: Add retpoline tag to VERMAGIC (bnc#1012382). - module: set __jump_table alignment to 8 (bnc#1012382). - more bio_map_user_iov() leak fixes (bnc#1012382). - net: Allow neigh contructor functions ability to modify the primary_key (bnc#1012382). - net/appletalk: Fix kernel memory disclosure (bnc#1012382). - net: bcmgenet: correct MIB access of UniMAC RUNT counters (bnc#1012382). - net: bcmgenet: correct the RBUF_OVFL_CNT and RBUF_ERR_CNT MIB values (bnc#1012382). - net: bcmgenet: power down internal phy if open or resume fails (bnc#1012382). - net: bcmgenet: Power up the internal PHY before probing the MII (bnc#1012382). - net: bcmgenet: reserved phy revisions must be checked first (bnc#1012382). - net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks (bnc#1012382). - net: core: fix module type in sock_diag_bind (bnc#1012382). - net: Do not allow negative values for busy_read and busy_poll sysctl interfaces (bnc#1012382). - net: fec: fix multicast filtering hardware setup (bnc#1012382). - netfilter: bridge: honor frag_max_size when refragmenting (bnc#1012382). - netfilter: do not track fragmented packets (bnc#1012382). - netfilter: ipvs: Fix inappropriate output of procfs (bnc#1012382). - netfilter: nfnetlink_queue: fix secctx memory leak (bnc#1012382). - netfilter: nfnetlink_queue: fix timestamp attribute (bsc#1074134). - netfilter: nfnl_cthelper: fix a race when walk the nf_ct_helper_hash table (bnc#1012382). - netfilter: nfnl_cthelper: Fix memory leak (bnc#1012382). - netfilter: nfnl_cthelper: fix runtime expectation policy updates (bnc#1012382). - net: Fix double free and memory corruption in get_net_ns_by_id() (bnc#1012382). - net: igmp: fix source address check for IGMPv3 reports (bnc#1012382). - net: igmp: Use correct source address on IGMPv3 reports (bnc#1012382). - net: initialize msg.msg_flags in recvfrom (bnc#1012382). - net: ipv4: fix for a race condition in raw_sendmsg (bnc#1012382). - net/mac80211/debugfs.c: prevent build failure with CONFIG_UBSAN=y (bnc#1012382). - net/mlx5: Avoid NULL pointer dereference on steering cleanup (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Cleanup IRQs in case of unload failure (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Add refcount to VXLAN structure (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix features check of IPv6 traffic (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Fix fixpoint divide exception in mlx5e_am_stats_compare (bsc#1015342). - net/mlx5e: Fix possible deadlock of VXLAN lock (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5e: Prevent possible races in VXLAN control flow (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net/mlx5: Fix rate limit packet pacing naming and struct (bsc#1015342 FATE#321688 bsc#1015343 FATE#321689). - net/mlx5: Stay in polling mode when command EQ destroy fails (bsc#966170 FATE#320225 bsc#966172 FATE#320226). - net: mvmdio: disable/unprepare clocks in EPROBE_DEFER case (bnc#1012382). - net: mvneta: clear interface link status on port disable (bnc#1012382). - net: mvneta: eliminate wrong call to handle rx descriptor error (fate#319899). - net: mvneta: use proper rxq_number in loop on rx queues (fate#319899). - net/packet: fix a race in packet_bind() and packet_notifier() (bnc#1012382). - net: phy: at803x: Change error to EINVAL for invalid MAC (bnc#1012382). - net: phy: micrel: ksz9031: reconfigure autoneg after phy autoneg workaround (bnc#1012382). - net: qdisc_pkt_len_init() should be more robust (bnc#1012382). - net: qmi_wwan: add Sierra EM7565 1199:9091 (bnc#1012382). - net: qmi_wwan: Add USB IDs for MDM6600 modem on Motorola Droid 4 (bnc#1012382). - net: reevalulate autoflowlabel setting after sysctl setting (bnc#1012382). - net: Resend IGMP memberships upon peer notification (bnc#1012382). - net: sctp: fix array overrun read on sctp_timer_tbl (bnc#1012382). - net: stmmac: enable EEE in MII, GMII or RGMII only (bnc#1012382). - net: systemport: Pad packet before inserting TSB (bnc#1012382). - net: systemport: Utilize skb_put_padto() (bnc#1012382). - net: tcp: close sock if net namespace is exiting (bnc#1012382). - net: wimax/i2400m: fix NULL-deref at probe (bnc#1012382). - nfs: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779). - nfsd: auth: Fix gid sorting when rootsquash enabled (bnc#1012382). - nfsd: fix nfsd_minorversion(.., NFSD_AVAIL) (bnc#1012382). - nfsd: fix nfsd_reset_versions for NFSv4 (bnc#1012382). - nfs: Do not take a reference on fl->fl_file for LOCK operation (bnc#1012382). - nfs: Fix a typo in nfs_rename() (bnc#1012382). - nfsv4.1 respect server's max size in CREATE_SESSION (bnc#1012382). - nfsv4: Fix client recovery when server reboots multiple times (bnc#1012382). - nohz: Prevent a timer interrupt storm in tick_nohz_stop_sched_tick() (bnc#1012382). - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (bnc#1012382). - nvme_fc: correct hang in nvme_ns_remove() (bsc#1075811). - nvme_fc: fix rogue admin cmds stalling teardown (bsc#1075811). - nvme-fc: merge error on sles12sp3 for reset_work (bsc#1079195). - nvme-pci: Remove watchdog timer (bsc#1066163). - openrisc: fix issue handling 8 byte get_user calls (bnc#1012382). - packet: fix crash in fanout_demux_rollover() (bnc#1012382). - parisc: Fix alignment of pa_tlb_lock in assembly on 32-bit SMP kernel (bnc#1012382). - parisc: Hide Diva-built-in serial aux and graphics card (bnc#1012382). - partially revert tipc improve link resiliency when rps is activated (bsc#1068038). - pci/AER: Report non-fatal errors only to the affected endpoint (bnc#1012382). - pci: Avoid bus reset if bridge itself is broken (bnc#1012382). - pci: Create SR-IOV virtfn/physfn links before attaching driver (bnc#1012382). - pci: Detach driver before procfs & sysfs teardown on device remove (bnc#1012382). - pci/PME: Handle invalid data when reading Root Status (bnc#1012382). - pci / PM: Force devices to D0 in pci_pm_thaw_noirq() (bnc#1012382). - perf symbols: Fix symbols__fixup_end heuristic for corner cases (bnc#1012382). - perf test attr: Fix ignored test case result (bnc#1012382). - phy: work around 'phys' references to usb-nop-xceiv devices (bnc#1012382). - pinctrl: adi2: Fix Kconfig build problem (bnc#1012382). - pinctrl: st: add irq_request/release_resources callbacks (bnc#1012382). - pipe: avoid round_pipe_size() nr_pages overflow on 32-bit (bnc#1012382). - powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075087). - powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075087). - powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075087). - powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075087). - powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075087). - powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075087). - powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075087). - powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032). - powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075087). - powerpc/ipic: Fix status get and status clear (bnc#1012382). - powerpc/perf: Dereference BHRB entries safely (bsc#1066223). - powerpc/perf/hv-24x7: Fix incorrect comparison in memord (bnc#1012382). - powerpc/powernv: Check device-tree for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/powernv/cpufreq: Fix the frequency read by /proc/cpuinfo (bnc#1012382). - powerpc/powernv/ioda2: Gracefully fail if too many TCE levels requested (bnc#1012382). - powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075087). - powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075087). - powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075087). - powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075087). - powerpc/rfi-flush: prevent crash when changing flush type to fallback after system boot (bsc#1068032, bsc#1075087). - ppp: Destroy the mutex when cleanup (bnc#1012382). - pppoe: take ->needed_headroom of lower device into account on xmit (bnc#1012382). - pti: unbreak EFI (bsc#1074709). - r8152: fix the list rx_done may be used without initialization (bnc#1012382). - r8152: prevent the driver from transmitting packets with carrier off (bnc#1012382). - r8169: fix memory corruption on retrieval of hardware statistics (bnc#1012382). - raid5: Set R5_Expanded on parity devices as well as data (bnc#1012382). - ravb: Remove Rx overflow log messages (bnc#1012382). - rbd: set max_segments to USHRT_MAX (bnc#1012382). - rdma/cma: Avoid triggering undefined behavior (bnc#1012382). - rdma/i40iw: Remove MSS change support (bsc#1024376 FATE#321249). - rds: Fix NULL pointer dereference in __rds_rdma_map (bnc#1012382). - rds: Heap OOB write in rds_message_alloc_sgs() (bnc#1012382). - rds: NULL pointer dereference in rds_atomic_free_op (bnc#1012382). - regulator: core: Rely on regulator_dev_release to free constraints (bsc#1074847). - regulator: da9063: Return an error code on probe failure (bsc#1074847). - regulator: pwm: Fix regulator ramp delay for continuous mode (bsc#1074847). - regulator: Try to resolve regulators supplies on registration (bsc#1074847). - Revert 'Bluetooth: btusb: driver to enable the usb-wakeup feature' (bnc#1012382). - Revert 'drm/armada: Fix compile fail' (bnc#1012382). - Revert 'kaiser: vmstat show NR_KAISERTABLE as nr_overhead' (kabi). - Revert 'lib/genalloc.c: make the avail variable an atomic_long_t' (kabi). - Revert 'module: Add retpoline tag to VERMAGIC' (bnc#1012382 kabi). - Revert 'module: Add retpoline tag to VERMAGIC' (kabi). - Revert 'ocfs2: should wait dio before inode lock in ocfs2_setattr()' (bnc#1012382). - Revert 's390/kbuild: enable modversions for symbols exported from asm' (bnc#1012382). - Revert 'sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks' (kabi). - Revert 'scsi: libsas: align sata_device's rps_resp on a cacheline' (kabi). - Revert 'spi: SPI_FSL_DSPI should depend on HAS_DMA' (bnc#1012382). - Revert 'userfaultfd: selftest: vm: allow to build in vm/ directory' (bnc#1012382). - Revert 'x86/efi: Build our own page table structures' (bnc#1012382). - Revert 'x86/efi: Hoist page table switching code into efi_call_virt()' (bnc#1012382). - Revert 'x86/mm/pat: Ensure cpa->pfn only contains page frame numbers' (bnc#1012382). - rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075087). - ring-buffer: Mask out the info bits when returning buffer page length (bnc#1012382). - route: also update fnhe_genid when updating a route cache (bnc#1012382). - route: update fnhe_expires for redirect when the fnhe exists (bnc#1012382). - rtc: cmos: Initialize hpet timer before irq is registered (bsc#1077592). - rtc: pcf8563: fix output clock rate (bnc#1012382). - rtc: pl031: make interrupt optional (bnc#1012382). - rtc: set the alarm to the next expiring timer (bnc#1012382). - s390: always save and restore all registers on context switch (bnc#1012382). - s390/cpuinfo: show facilities as reported by stfle (bnc#1076847, LTC#163740). - s390: fix compat system call table (bnc#1012382). - s390/pci: do not require AIS facility (bnc#1012382). - s390/qeth: no ETH header for outbound AF_IUCV (LTC#156276 bnc#1012382 bnc#1053472). - s390/runtime instrumentation: simplify task exit handling (bnc#1012382). - sch_dsmark: fix invalid skb_cow() usage (bnc#1012382). - sched/deadline: Make sure the replenishment timer fires in the next period (bnc#1012382). - sched/deadline: Throttle a constrained deadline task activated after the deadline (bnc#1012382). - sched/deadline: Use deadline instead of period when calculating overflow (bnc#1012382). - sched/deadline: Use the revised wakeup rule for suspending constrained dl tasks (bnc#1012382). - sched/deadline: Zero out positive runtime after throttling constrained tasks (git-fixes). - scsi: bfa: integer overflow in debugfs (bnc#1012382). - scsi: cxgb4i: fix Tx skb leak (bnc#1012382). - scsi: handle ABORTED_COMMAND on Fujitsu ETERNUS (bsc#1069138). - scsi: hpsa: cleanup sas_phy structures in sysfs when unloading (bnc#1012382). - scsi: hpsa: destroy sas transport properties before scsi_host (bnc#1012382). - scsi: libsas: align sata_device's rps_resp on a cacheline (bnc#1012382). - scsi: lpfc: Use after free in lpfc_rq_buf_free() (bsc#1037838). - scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (bnc#1012382). - scsi: sd: change allow_restart to bool in sysfs interface (bnc#1012382). - scsi: sd: change manage_start_stop to bool in sysfs interface (bnc#1012382). - scsi: sg: disable SET_FORCE_LOW_DMA (bnc#1012382). - scsi: sr: wait for the medium to become ready (bsc#1048585). - sctp: do not allow the v4 socket to bind a v4mapped v6 address (bnc#1012382). - sctp: do not free asoc when it is already dead in sctp_sendmsg (bnc#1012382). - sctp: Replace use of sockets_allocated with specified macro (bnc#1012382). - sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf (bnc#1012382). - sctp: use the right sk after waking up from wait_buf sleep (bnc#1012382). - selftest/powerpc: Fix false failures for skipped tests (bnc#1012382). - selftests/x86: Add test_vsyscall (bnc#1012382). - selftests/x86/ldt_get: Add a few additional tests for limits (bnc#1012382). - serial: 8250_pci: Add Amazon PCI serial device ID (bnc#1012382). - serial: 8250: Preserve DLD[7:4] for PORT_XR17V35X (bnc#1012382). - series.conf: move core networking (including netfilter) into sorted section - series.conf: whitespace cleanup - Set supported_modules_check 1 (bsc#1072163). - sfc: do not warn on successful change of MAC (bnc#1012382). - sh_eth: fix SH7757 GEther initialization (bnc#1012382). - sh_eth: fix TSU resource handling (bnc#1012382). - sit: update frag_off info (bnc#1012382). - sock: free skb in skb_complete_tx_timestamp on error (bnc#1012382). - sparc64/mm: set fields in deferred pages (bnc#1012382). - spi_ks8995: fix 'BUG: key accdaa28 not in .data!' (bnc#1012382). - spi: sh-msiof: Fix DMA transfer size check (bnc#1012382). - spi: xilinx: Detect stall with Unknown commands (bnc#1012382). - staging: android: ashmem: fix a race condition in ASHMEM_SET_SIZE ioctl (bnc#1012382). - sunrpc: Fix rpc_task_begin trace point (bnc#1012382). - sunxi-rsb: Include OF based modalias in device uevent (bnc#1012382). - sysfs/cpu: Add vulnerability folder (bnc#1012382). - sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382). - sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091). - sysrq : fix Show Regs call trace on ARM (bnc#1012382). - target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK (bnc#1012382). - target/file: Do not return error for UNMAP if length is zero (bnc#1012382). - target: fix ALUA transition timeout handling (bnc#1012382). - target:fix condition return in core_pr_dump_initiator_port() (bnc#1012382). - target: fix race during implicit transition work flushes (bnc#1012382). - target/iscsi: Fix a race condition in iscsit_add_reject_from_cmd() (bnc#1012382). - target: Use system workqueue for ALUA transitions (bnc#1012382). - tcp: correct memory barrier usage in tcp_check_space() (bnc#1012382). - tcp: fix under-evaluated ssthresh in TCP Vegas (bnc#1012382). - tcp md5sig: Use skb's saddr when replying to an incoming segment (bnc#1012382). - tcp: __tcp_hdrlen() helper (bnc#1012382). - tg3: Fix rx hang on MTU change with 5717/5719 (bnc#1012382). - thermal/drivers/step_wise: Fix temperature regulation misbehavior (bnc#1012382). - thermal: hisilicon: Handle return value of clk_prepare_enable (bnc#1012382). - tipc: fix cleanup at module unload (bnc#1012382). - tipc: fix memory leak in tipc_accept_from_sock() (bnc#1012382). - tipc: improve link resiliency when rps is activated (bsc#1068038). - tracing: Allocate mask_str buffer dynamically (bnc#1012382). - tracing: Fix converting enum's from the map in trace_event_eval_update() (bnc#1012382). - tracing: Fix crash when it fails to alloc ring buffer (bnc#1012382). - tracing: Fix possible double free on failure of allocating trace buffer (bnc#1012382). - tracing: Remove extra zeroing out of the ring buffer page (bnc#1012382). - tty fix oops when rmmod 8250 (bnc#1012382). - uas: Always apply US_FL_NO_ATA_1X quirk to Seagate devices (bnc#1012382). - uas: ignore UAS for Norelsys NS1068(X) chips (bnc#1012382). - udf: Avoid overflow when session starts at large offset (bnc#1012382). - um: link vmlinux with -no-pie (bnc#1012382). - usb: Add device quirk for Logitech HD Pro Webcam C925e (bnc#1012382). - usb: add RESET_RESUME for ELSA MicroLink 56K (bnc#1012382). - usb: core: Add type-specific length check of BOS descriptors (bnc#1012382). - usb: core: prevent malicious bNumInterfaces overflow (bnc#1012382). - usb: devio: Prevent integer overflow in proc_do_submiturb() (bnc#1012382). - usb: Fix off by one in type-specific length check of BOS SSP capability (git-fixes). - usb: fix usbmon BUG trigger (bnc#1012382). - usb: gadget: configs: plug memory leak (bnc#1012382). - usb: gadget: ffs: Forbid usb_ep_alloc_request from sleeping (bnc#1012382). - usb: gadgetfs: Fix a potential memory leak in 'dev_config()' (bnc#1012382). - usb: gadget: f_uvc: Sanity check wMaxPacketSize for SuperSpeed (bnc#1012382). - usb: gadget: udc: remove pointer dereference after free (bnc#1012382). - usb: hub: Cycle HUB power when initialization fails (bnc#1012382). - usb: Increase usbfs transfer limit (bnc#1012382). - usbip: Fix implicit fallthrough warning (bnc#1012382). - usbip: Fix potential format overflow in userspace tools (bnc#1012382). - usbip: fix stub_rx: get_pipe() to validate endpoint number (bnc#1012382). - usbip: fix stub_rx: harden CMD_SUBMIT path to handle malicious input (bnc#1012382). - usbip: fix stub_send_ret_submit() vulnerability to null transfer_buffer (bnc#1012382). - usbip: fix usbip bind writing random string after command in match_busid (bnc#1012382). - usbip: prevent leaking socket pointer address in messages (bnc#1012382). - usbip: prevent vhci_hcd driver from leaking a socket pointer address (bnc#1012382). - usbip: remove kernel addresses from usb device and urb debug msgs (bnc#1012382). - usbip: stub: stop printing kernel pointer addresses in messages (bnc#1012382). - usbip: vhci: stop printing kernel pointer addresses in messages (bnc#1012382). - usb: misc: usb3503: make sure reset is low for at least 100us (bnc#1012382). - usb: musb: da8xx: fix babble condition handling (bnc#1012382). - usb: phy: isp1301: Add OF device ID table (bnc#1012382). - usb: phy: isp1301: Fix build warning when CONFIG_OF is disabled (git-fixes). - usb: phy: tahvo: fix error handling in tahvo_usb_probe() (bnc#1012382). - usb: quirks: Add no-lpm quirk for KY-688 USB 3.1 Type-C Hub (bnc#1012382). - usb: serial: cp210x: add IDs for LifeScan OneTouch Verio IQ (bnc#1012382). - usb: serial: cp210x: add new device ID ELV ALC 8xxx (bnc#1012382). - usb: serial: ftdi_sio: add id for Airbus DS P8GR (bnc#1012382). - usb: serial: option: adding support for YUGA CLM920-NC5 (bnc#1012382). - usb: serial: option: add Quectel BG96 id (bnc#1012382). - usb: serial: option: add support for Telit ME910 PID 0x1101 (bnc#1012382). - usb: serial: qcserial: add Sierra Wireless EM7565 (bnc#1012382). - usb: uas and storage: Add US_FL_BROKEN_FUA for another JMicron JMS567 ID (bnc#1012382). - usb: usbfs: Filter flags passed in from user space (bnc#1012382). - usb: usbip: Fix possible deadlocks reported by lockdep (bnc#1012382). - usb: xhci: Add XHCI_TRUST_TX_LENGTH for Renesas uPD720201 (bnc#1012382). - usb: xhci: fix panic in xhci_free_virt_devices_depth_first (bnc#1012382). - userfaultfd: selftest: vm: allow to build in vm/ directory (bnc#1012382). - userfaultfd: shmem: __do_fault requires VM_FAULT_NOPAGE (bnc#1012382). - video: fbdev: au1200fb: Release some resources if a memory allocation fails (bnc#1012382). - video: fbdev: au1200fb: Return an error code if a memory allocation fails (bnc#1012382). - virtio: release virtio index when fail to device_register (bnc#1012382). - vmxnet3: repair memory leak (bnc#1012382). - vsyscall: Fix permissions for emulate mode with KAISER/PTI (bnc#1012382). - vt6655: Fix a possible sleep-in-atomic bug in vt6655_suspend (bnc#1012382). - vti6: Do not report path MTU below IPV6_MIN_MTU (bnc#1012382). - vti6: fix device register to report IFLA_INFO_KIND (bnc#1012382). - workqueue: trigger WARN if queue_delayed_work() is called with NULL @wq (bnc#1012382). - writeback: fix memory leak in wb_queue_work() (bnc#1012382). - x.509: fix buffer overflow detection in sprint_oid() (bsc#1075078). - x.509: reject invalid BIT STRING for subjectPublicKey (bnc#1012382). - x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984). - x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984). - x86/alternatives: Add missing '\n' at end of ALTERNATIVE inline asm (bnc#1012382). - x86/alternatives: Fix optimize_nops() checking (bnc#1012382). - x86/apic/vector: Fix off by one in error path (bnc#1012382). - x86/asm/32: Make sync_core() handle missing CPUID on all 32-bit kernels (bnc#1012382). - x86/boot: Fix early command-line parsing when matching at end (bsc#1068032). - x86/cpu: Factor out application of forced CPU caps (bnc#1012382). - x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382). - x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382). - x86/cpufeatures: Make CPU bugs sticky (bnc#1012382). - x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382). - x86/cpu: Merge bugs.c and bugs_64.c (bnc#1012382). - x86/cpu: Rename Merrifield2 to Moorefield (bsc#985025). - x86/cpu: Rename 'WESTMERE2' family to 'NEHALEM_G' (bsc#985025). - x86/cpu, x86/pti: Do not enable PTI on AMD processors (bnc#1012382). - x86/Documentation: Add PTI description (bnc#1012382). - x86/efi: Build our own page table structures (fate#320512). - x86/efi: Hoist page table switching code into efi_call_virt() (fate#320512). - x86/entry: Use SYSCALL_DEFINE() macros for sys_modify_ldt() (bnc#1012382). - x86/hpet: Prevent might sleep splat on resume (bnc#1012382). - x86/kasan: Clear kasan_zero_page after TLB flush (bnc#1012382). - x86/kasan: Write protect kasan zero shadow (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading further with LLC size check (bnc#1012382). - x86/microcode/intel: Extend BDW late-loading with a revision check (bnc#1012382). - x86/microcode/intel: Fix BDW late-loading revision check (bnc#1012382). - x86/mm/32: Move setup_clear_cpu_cap(X86_FEATURE_PCID) earlier (git-fixes). - x86/mm: Disable PCID on 32-bit kernels (bnc#1012382). - x86/mm/pat: Ensure cpa->pfn only contains page frame numbers (fate#320588). - x86/PCI: Make broadcom_postcore_init() check acpi_disabled (bnc#1012382). - x86/pti: Document fix wrong index (bnc#1012382). - x86/pti/efi: broken conversion from efi to kernel page table (bnc#1012382). - x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382). - x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032). - x86/smpboot: Remove stale TLB flush invocations (bnc#1012382). - x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091). - x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091). - x86/tlb: Drop the _GPL from the cpu_tlbstate export (bnc#1012382). - x86/vm86/32: Switch to flush_tlb_mm_range() in mark_screen_rdonly() (bnc#1012382). - xen-netfront: avoid crashing on resume after a failure in talk_to_netback() (bnc#1012382). - xen-netfront: Improve error handling during initialization (bnc#1012382). - xfrm: Copy policy family in clone_policy (bnc#1012382). - xfs: add configurable error support to metadata buffers (bsc#1068569). - xfs: add configuration handlers for specific errors (bsc#1068569). - xfs: add configuration of error failure speed (bsc#1068569). - xfs: add 'fail at unmount' error handling configuration (bsc#1068569). - xfs: Add infrastructure needed for error propagation during buffer IO failure (bsc#1068569). - xfs: address kabi for xfs buffer retry infrastructure (kabi). - xfs: configurable error behavior via sysfs (bsc#1068569). - xfs: fix incorrect extent state in xfs_bmap_add_extent_unwritten_real (bnc#1012382). - xfs: fix log block underflow during recovery cycle verification (bnc#1012382). - xfs: fix up inode32/64 (re)mount handling (bsc#1069160). - xfs: introduce metadata IO error class (bsc#1068569). - xfs: introduce table-based init for error behaviors (bsc#1068569). - xfs: Properly retry failed inode items in case of error during buffer writeback (bsc#1068569). - xfs: reinit btree pointer on attr tree inactivation walk (bsc#1078787). - xfs: remove xfs_trans_ail_delete_bulk (bsc#1068569). - xfs: validate sb_logsunit is a multiple of the fs blocksize (bsc#1077513). - xhci: Do not add a virt_dev to the devs array before it's fully allocated (bnc#1012382). - xhci: Fix ring leak in failure path of xhci_alloc_virt_device() (bnc#1012382). - xhci: plat: Register shutdown for xhci_plat (bnc#1012382). - zram: set physical queue limits to avoid array out of bounds accesses (bnc#1012382).
    last seen 2019-02-21
    modified 2018-02-14
    plugin id 106740
    published 2018-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106740
    title openSUSE Security Update : the Linux Kernel (openSUSE-2018-153) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0383-1.NASL
    description The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel in the function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839). - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229). - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928). - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a 'pointer leak (bnc#1073928). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106672
    published 2018-02-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106672
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0383-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0555-1.NASL
    description The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. (bnc#1077355). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 107055
    published 2018-02-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107055
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0555-1) (Meltdown) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1001-1.NASL
    description This update for the Linux Kernel 3.12.61-52_92 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109251
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109251
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1001-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1006-1.NASL
    description This update for the Linux Kernel 3.12.61-52_80 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109255
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109255
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1006-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-4187.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2015-9016 Ming Lei reported a race condition in the multiqueue block layer (blk-mq). On a system with a driver using blk-mq (mtip32xx, null_blk, or virtio_blk), a local user might be able to use this for denial of service or possibly for privilege escalation. - CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. - CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the 'retpoline' compiler feature which allows indirect branches to be isolated from speculative execution. - CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function. More use sites will be added over time. - CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 ioctl handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing destination addresses to be in kernel space. On a 64-bit kernel a local user with access to a suitable video device can exploit this to overwrite kernel memory, leading to privilege escalation. - CVE-2017-13220 Al Viro reported that the Bluetooth HIDP implementation could dereference a pointer before performing the necessary type check. A local user could use this to cause a denial of service. - CVE-2017-16526 Andrey Konovalov reported that the UWB subsystem may dereference an invalid pointer in an error case. A local user might be able to use this for denial of service. - CVE-2017-16911 Secunia Research reported that the USB/IP vhci_hcd driver exposed kernel heap addresses to local users. This information could aid the exploitation of other vulnerabilities. - CVE-2017-16912 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to an out-of-bounds read. A remote user able to connect to the USB/IP server could use this for denial of service. - CVE-2017-16913 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to excessive memory allocation. A remote user able to connect to the USB/IP server could use this for denial of service. - CVE-2017-16914 Secunia Research reported that the USB/IP stub driver failed to check for an invalid combination of fields in a received packet, leading to a NULL pointer dereference. A remote user able to connect to the USB/IP server could use this for denial of service. - CVE-2017-18017 Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module failed to validate TCP header lengths, potentially leading to a use-after-free. If this module is loaded, it could be used by a remote attacker for denial of service or possibly for code execution. - CVE-2017-18203 Hou Tao reported that there was a race condition in creation and deletion of device-mapper (DM) devices. A local user could potentially use this for denial of service. - CVE-2017-18216 Alex Chen reported that the OCFS2 filesystem failed to hold a necessary lock during nodemanager sysfs file operations, potentially leading to a NULL pointer dereference. A local user could use this for denial of service. - CVE-2017-18232 Jason Yan reported a race condition in the SAS (Serial-Attached SCSI) subsystem, between probing and destroying a port. This could lead to a deadlock. A physically present attacker could use this to cause a denial of service. - CVE-2017-18241 Yunlei He reported that the f2fs implementation does not properly initialise its state if the 'noflush_merge' mount option is used. A local user with access to a filesystem mounted with this option could use this to cause a denial of service. - CVE-2018-1066 Dan Aloni reported to Red Hat that the CIFS client implementation would dereference a NULL pointer if the server sent an invalid response during NTLMSSP setup negotiation. This could be used by a malicious server for denial of service. - CVE-2018-1068 The syzkaller tool found that the 32-bit compatibility layer of ebtables did not sufficiently validate offset values. On a 64-bit kernel, a local user with the CAP_NET_ADMIN capability (in any user namespace) could use this to overwrite kernel memory, possibly leading to privilege escalation. Debian disables unprivileged user namespaces by default. - CVE-2018-1092 Wen Xu reported that a crafted ext4 filesystem image would trigger a null dereference when mounted. A local user able to mount arbitrary filesystems could use this for denial of service. - CVE-2018-5332 Mohamed Ghannam reported that the RDS protocol did not sufficiently validate RDMA requests, leading to an out-of-bounds write. A local attacker on a system with the rds module loaded could use this for denial of service or possibly for privilege escalation. - CVE-2018-5333 Mohamed Ghannam reported that the RDS protocol did not properly handle an error case, leading to a NULL pointer dereference. A local attacker on a system with the rds module loaded could possibly use this for denial of service. - CVE-2018-5750 Wang Qize reported that the ACPI sbshc driver logged a kernel heap address. This information could aid the exploitation of other vulnerabilities. - CVE-2018-5803 Alexey Kodanev reported that the SCTP protocol did not range-check the length of chunks to be created. A local or remote user could use this to cause a denial of service. - CVE-2018-6927 Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did not check for negative parameter values, which might lead to a denial of service or other security impact. - CVE-2018-7492 The syzkaller tool found that the RDS protocol was lacking a null pointer check. A local attacker on a system with the rds module loaded could use this for denial of service. - CVE-2018-7566 Fan LongFei reported a race condition in the ALSA (sound) sequencer core, between write and ioctl operations. This could lead to an out-of-bounds access or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. - CVE-2018-7740 Nic Losby reported that the hugetlbfs filesystem's mmap operation did not properly range-check the file offset. A local user with access to files on a hugetlbfs filesystem could use this to cause a denial of service. - CVE-2018-7757 Jason Yan reported a memory leak in the SAS (Serial-Attached SCSI) subsystem. A local user on a system with SAS devices could use this to cause a denial of service. - CVE-2018-7995 Seunghun Han reported a race condition in the x86 MCE (Machine Check Exception) driver. This is unlikely to have any security impact. - CVE-2018-8781 Eyal Itkin reported that the udl (DisplayLink) driver's mmap operation did not properly range-check the file offset. A local user with access to a udl framebuffer device could exploit this to overwrite kernel memory, leading to privilege escalation. - CVE-2018-8822 Dr Silvio Cesare of InfoSect reported that the ncpfs client implementation did not validate reply lengths from the server. An ncpfs server could use this to cause a denial of service or remote code execution in the client. - CVE-2018-1000004 Luo Quan reported a race condition in the ALSA (sound) sequencer core, between multiple ioctl operations. This could lead to a deadlock or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. - CVE-2018-1000199 Andy Lutomirski discovered that the ptrace subsystem did not sufficiently validate hardware breakpoint settings. Local users can use this to cause a denial of service, or possibly for privilege escalation, on x86 (amd64 and i386) and possibly other architectures.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 109517
    published 2018-05-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109517
    title Debian DSA-4187-1 : linux - security update (Spectre)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-2390.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16th August 2018] The original errata text was missing reference to CVE-2018-5390 fix. We have updated the errata text to correct this issue. No changes have been made to the packages. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es) : * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111731
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111731
    title RHEL 6 : kernel (RHSA-2018:2390) (Foreshadow)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180410_KERNEL_ON_SL7_X.NASL
    description Security Fix(es) : - hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important, KVM for Power) - kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important) - kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important) - Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important) - kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important) - kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate) - kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate) - kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate) - kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate) - kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate) - kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate) - kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate) - kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate) - kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate) - kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate) - kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate) - kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate) - kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate) - kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate) - Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate) - kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate) - kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate) - kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate) - kernel: multiple Low security impact security issues (CVE-2016-3672, CVE-2017-14140, CVE-2017-15116, CVE-2017-15127, CVE-2018-6927, Low) Additional Changes :
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 109449
    published 2018-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109449
    title Scientific Linux Security Update : kernel on SL7.x x86_64 (Meltdown)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1033-1.NASL
    description This update for the Linux Kernel 4.4.74-92_29 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109275
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109275
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1033-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1023-1.NASL
    description This update for the Linux Kernel 4.4.74-92_32 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109268
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109268
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1023-1)
  • NASL family Junos Local Security Checks
    NASL id JUNIPER_SPACE_JSA10917_184R1.NASL
    description According to its self-reported version number, the remote Junos Space version is 18.4.x prior to 18.4R1. It is, therefore, affected by multiple vulnerabilities : - An integer overflow issue exists in procps-ng. This is related to CVE-2018-1124. (CVE-2018-1126) - A directory traversal issue exits in reposync, a part of yum-utils.tory configuration files. If an attacker controls a repository, they may be able to copy files outside of the destination directory on the targeted system via path traversal. (CVE-2018-10897) - An integer overflow flaw was found in the Linux kernel's create_elf_tables() function. An unprivileged local user with access to SUID binary could use this flaw to escalate their privileges on the system. (CVE-2018-14634) Additionally, Junos Space is affected by several other vulnerabilities exist as noted in the vendor advisory. Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2019-01-10
    plugin id 121068
    published 2019-01-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121068
    title Juniper Junos Space 18.4.x < 18.4R1 Multiple Vulnerabilities (JSA10917)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1029-1.NASL
    description This update for the Linux Kernel 3.12.61-52_106 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109271
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109271
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1029-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1008-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109257
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109257
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1008-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1000-1.NASL
    description This update for the Linux Kernel 3.12.61-52_89 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109250
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109250
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1000-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0992-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109244
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109244
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0992-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1032-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109274
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109274
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1032-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0996-1.NASL
    description This update for the Linux Kernel 3.12.61-52_83 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109248
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109248
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0996-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0994-1.NASL
    description This update for the Linux Kernel 3.12.61-52_111 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109246
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109246
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0994-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1021-1.NASL
    description This update for the Linux Kernel 4.4.59-92_24 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109267
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109267
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1021-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0993-1.NASL
    description This update for the Linux Kernel 4.4.74-92_35 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109245
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109245
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0993-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0416-1.NASL
    description The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.114 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel The function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839). - CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229). - CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928). - CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a 'pointer leak (bnc#1073928). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability existed in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106748
    published 2018-02-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106748
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:0416-1) (Spectre)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2018-142-01.NASL
    description New kernel packages are available for Slackware 14.2 to fix a regression in the getsockopt() function and to fix two denial-of-service security issues.
    last seen 2019-02-21
    modified 2018-05-23
    plugin id 109948
    published 2018-05-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109948
    title Slackware 14.2 : Slackware 14.2 kernel (SSA:2018-142-01)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0995-1.NASL
    description This update for the Linux Kernel 3.12.61-52_101 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109247
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109247
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0995-1)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1054.NASL
    description According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.(CVE-2018-1000004) - drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated.(CVE-2017-18079) - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.(CVE-2018-5750) - The futex_requeue function in kernel/futex.c in the Linux kernel, before 4.14.15, might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impacts by triggering a negative wake or requeue value. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2018-6927) - The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker.(CVE-2017-18203) - The madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.(CVE-2017-18208) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 108458
    published 2018-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108458
    title EulerOS 2.0 SP1 : kernel (EulerOS-SA-2018-1054)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1010-1.NASL
    description This update for the Linux Kernel 3.12.61-52_72 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109259
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109259
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1010-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2019-4316.NASL
    description Description of changes: kernel-uek [3.8.13-118.29.1.el7uek] - Copy secure_boot flag in boot params across kexec reboot (Dave Young) [Orabug: 22066352] {CVE-2015-7837} - ipv6: tcp: add rcu locking in tcp_v6_send_synack() (Eric Dumazet) [Orabug: 25059183] {CVE-2016-3841} - ipv6: add complete rcu protection around np->opt (Eric Dumazet) [Orabug: 25059183] {CVE-2016-3841} - scsi: qla2xxx: Fix an integer overflow in sysfs code (Dan Carpenter) [Orabug: 28220420] {CVE-2017-14051} - ext4: fail ext4_iget for root directory if unallocated (Theodore Ts'o) [Orabug: 28220433] {CVE-2018-1092} {CVE-2018-1092} - certs: Add Oracle's new X509 cert into the kernel keyring (Eric Snowberg) [Orabug: 28926205] - ALSA: seq: Fix regression by incorrect ioctl_mutex usages (Takashi Iwai) [Orabug: 29005190] {CVE-2018-1000004} - netfilter: xt_osf: Add missing permission checks (Kevin Cernekee) [Orabug: 29037832] {CVE-2017-17450} - wil6210: missing length check in wmi_set_ie (Lior David) [Orabug: 29060697] {CVE-2018-5848} - HID: debug: check length before copy_to_user() (Daniel Rosenberg) [Orabug: 29128167] {CVE-2018-9516} - x86/MCE: Serialize sysfs changes (Seunghun Han) [Orabug: 29152249] {CVE-2018-7995} - Input: i8042 - fix crash at boot time (Chen Hong) [Orabug: 29152329] {CVE-2017-18079}
    last seen 2019-02-21
    modified 2019-01-07
    plugin id 120977
    published 2019-01-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=120977
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4316)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1005-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109254
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109254
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1005-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0654.NASL
    description An update for kernel-alt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-alt packages provide the Linux kernel version 4.x. The following packages have been upgraded to a later upstream version: kernel-alt (4.14.0). (BZ#1492717) Security Fix(es) : * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited. Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important, ARM) Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important, ARM) Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important, ARM) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate) * kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate) * kernel: Incorrect updates of uninstantiated keys crash the kernel (CVE-2017-15299, Moderate) * kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate) * kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate) * kernel: Arbitrary stack overwrite causing oops via crafted signal frame (CVE-2017-1000255, Moderate) * kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate) * kernel: Buffer overflow in mp_override_legacy_irq() (CVE-2017-11473, Low) * kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact (CVE-2018-6927, Low) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Google Project Zero for reporting CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754; Vitaly Mayatskih for reporting CVE-2017-12190; Kirill Tkhai for reporting CVE-2017-15129; Michael Ellerman, Gustavo Romero, Breno Leitao, Paul Mackerras, and Cyril Bur for reporting CVE-2017-1000255; and Armis Labs for reporting CVE-2017-1000410. Additional Changes : See the Red Hat Enterprise Linux 7.5 Release Notes linked from References.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 108942
    published 2018-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108942
    title RHEL 7 : kernel-alt (RHSA-2018:0654)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-1062.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important, KVM for Power) * kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important) * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important) * Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important) * kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important) * kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate) * kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate) * kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate) * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate) * kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate) * kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate) * kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate) * kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate) * kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate) * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/ netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate) * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate) * kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate) * Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate) * kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate) * kernel: Kernel address information leak in drivers/acpi/ sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate) * kernel: multiple Low security impact security issues (CVE-2016-3672, CVE-2017-14140, CVE-2017-15116, CVE-2017-15127, CVE-2018-6927, Low) Red Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Google Project Zero for reporting CVE-2017-5754; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson (Google.com) for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli (Engineering) for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. Schonherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat) and the CVE-2017-15116 issue was discovered by ChunYu Wang (Red Hat). For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 108997
    published 2018-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108997
    title RHEL 7 : kernel (RHSA-2018:1062)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1369.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. CVE-2017-0861 Robb Glasser reported a potential use-after-free in the ALSA (sound) PCM core. We believe this was not possible in practice. CVE-2017-5715 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 2 (branch target injection) and is mitigated for the x86 architecture (amd64 and i386) by using the 'retpoline' compiler feature which allows indirect branches to be isolated from speculative execution. CVE-2017-13166 A bug in the 32-bit compatibility layer of the v4l2 ioctl handling code has been found. Memory protections ensuring user-provided buffers always point to userland memory were disabled, allowing destination addresses to be in kernel space. On a 64-bit kernel (amd64 flavour) a local user with access to a suitable video device can exploit this to overwrite kernel memory, leading to privilege escalation. CVE-2017-16526 Andrey Konovalov reported that the UWB subsystem may dereference an invalid pointer in an error case. A local user might be able to use this for denial of service. CVE-2017-16911 Secunia Research reported that the USB/IP vhci_hcd driver exposed kernel heap addresses to local users. This information could aid the exploitation of other vulnerabilities. CVE-2017-16912 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to an out-of-bounds read. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-16913 Secunia Research reported that the USB/IP stub driver failed to perform a range check on a received packet header field, leading to excessive memory allocation. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-16914 Secunia Research reported that the USB/IP stub driver failed to check for an invalid combination of fields in a recieved packet, leading to a NULL pointer dereference. A remote user able to connect to the USB/IP server could use this for denial of service. CVE-2017-18017 Denys Fedoryshchenko reported that the netfilter xt_TCPMSS module failed to validate TCP header lengths, potentially leading to a use-after-free. If this module is loaded, it could be used by a remote attacker for denial of service or possibly for code execution. CVE-2017-18203 Hou Tao reported that there was a race condition in creation and deletion of device-mapper (DM) devices. A local user could potentially use this for denial of service. CVE-2017-18216 Alex Chen reported that the OCFS2 filesystem failed to hold a necessary lock during nodemanager sysfs file operations, potentially leading to a NULL pointer dereference. A local user could use this for denial of service. CVE-2018-1068 The syzkaller tool found that the 32-bit compatibility layer of ebtables did not sufficiently validate offset values. On a 64-bit kernel (amd64 flavour), a local user with the CAP_NET_ADMIN capability could use this to overwrite kernel memory, possibly leading to privilege escalation. CVE-2018-1092 Wen Xu reported that a crafted ext4 filesystem image would trigger a null dereference when mounted. A local user able to mount arbitrary filesystems could use this for denial of service. CVE-2018-5332 Mohamed Ghannam reported that the RDS protocol did not sufficiently validate RDMA requests, leading to an out-of-bounds write. A local attacker on a system with the rds module loaded could use this for denial of service or possibly for privilege escalation. CVE-2018-5333 Mohamed Ghannam reported that the RDS protocol did not properly handle an error case, leading to a NULL pointer dereference. A local attacker on a system with the rds module loaded could possibly use this for denial of service. CVE-2018-5750 Wang Qize reported that the ACPI sbshc driver logged a kernel heap address. This information could aid the exploitation of other vulnerabilities. CVE-2018-5803 Alexey Kodanev reported that the SCTP protocol did not range-check the length of chunks to be created. A local or remote user could use this to cause a denial of service. CVE-2018-6927 Li Jinyue reported that the FUTEX_REQUEUE operation on futexes did not check for negative parameter values, which might lead to a denial of service or other security impact. CVE-2018-7492 The syzkaller tool found that the RDS protocol was lacking a NULL pointer check. A local attacker on a system with the rds module loaded could use this for denial of service. CVE-2018-7566 范龙飞 (Fan LongFei) reported a race condition in the ALSA (sound) sequencer core, between write and ioctl operations. This could lead to an out-of-bounds access or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. CVE-2018-7740 Nic Losby reported that the hugetlbfs filesystem's mmap operation did not properly range-check the file offset. A local user with access to files on a hugetlbfs filesystem could use this to cause a denial of service. CVE-2018-7757 Jason Yan reported a memory leak in the SAS (Serial-Attached SCSI) subsystem. A local user on a system with SAS devices could use this to cause a denial of service. CVE-2018-7995 Seunghun Han reported a race condition in the x86 MCE (Machine Check Exception) driver. This is unlikely to have any security impact. CVE-2018-8781 Eyal Itkin reported that the udl (DisplayLink) driver's mmap operation did not properly range-check the file offset. A local user with access to a udl framebuffer device could exploit this to overwrite kernel memory, leading to privilege escalation. CVE-2018-8822 Dr Silvio Cesare of InfoSect reported that the ncpfs client implementation did not validate reply lengths from the server. An ncpfs server could use this to cause a denial of service or remote code execution in the client. CVE-2018-1000004 Luo Quan reported a race condition in the ALSA (sound) sequencer core, between multiple ioctl operations. This could lead to a deadlock or use-after-free. A local user with access to a sequencer device could use this for denial of service or possibly for privilege escalation. CVE-2018-1000199 Andy Lutomirski discovered that the ptrace subsystem did not sufficiently validate hardware breakpoint settings. Local users can use this to cause a denial of service, or possibly for privilege escalation, on x86 (amd64 and i386) and possibly other architectures. Additionally, some mitigations for CVE-2017-5753 are included in this release : CVE-2017-5753 Multiple researchers have discovered a vulnerability in various processors supporting speculative execution, enabling an attacker controlling an unprivileged process to read memory from arbitrary addresses, including from the kernel and all other processes running on the system. This specific attack has been named Spectre variant 1 (bounds-check bypass) and is mitigated by identifying vulnerable code sections (array bounds checking followed by array access) and replacing the array access with the speculation-safe array_index_nospec() function. More use sites will be added over time. For Debian 7 'Wheezy', these problems have been fixed in version 3.2.101-1. This version also includes bug fixes from upstream versions up to and including 3.2.101. It also fixes a regression in the procfs hidepid option in the previous version (Debian bug #887106). We recommend that you upgrade your linux packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 109531
    published 2018-05-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109531
    title Debian DLA-1369-1 : linux security update (Spectre)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZA-2018-055.NASL
    description According to the versions of the cpupools / cpupools-features / etc packages installed, the Virtuozzo installation on the remote host is affected by the following vulnerabilities : - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. - A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. - A flaw was found in Linux kernel's KVM virtualization subsystem. The VMX code does not restore the GDT.LIMIT to the previous host value, but instead sets it to 64KB. With a corrupted GDT limit a host's userspace code has an ability to place malicious entries in the GDT, particularly to the per-cpu variables. An attacker can use this to escalate their privileges. - Use-after-free vulnerability in the snd_pcm_info() function in the ALSA subsystem in the Linux kernel allows attackers to induce a kernel memory corruption and possibly crash or lock up a system. Due to the nature of the flaw, a privilege escalation cannot be fully ruled out, although we believe it is unlikely. - ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access. - In the Linux kernel versions 4.12, 3.10, 2.6, and possibly earlier, a race condition vulnerability exists in the sound system allowing for a potential deadlock and memory corruption due to use-after-free condition and thus denial of service. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-14
    plugin id 112018
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112018
    title Virtuozzo 6 : cpupools / cpupools-features / etc (VZA-2018-055)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2018-1245.NASL
    description According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.(CVE-2018-1000004) - The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.(CVE-2018-5750) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-13
    plugin id 117554
    published 2018-09-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=117554
    title EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1245)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1015-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109263
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109263
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1015-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D82B617D6C.NASL
    description The 4.14.16 stable kernel update contains a number of important fixes across the tree. ---- The 4.14.15-301 update reverts the retpoline VERMAGIC ABI change for modules. ---- The 4.14.15 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-05
    plugin id 106596
    published 2018-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106596
    title Fedora 26 : kernel (2018-d82b617d6c)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1009-1.NASL
    description This update for the Linux Kernel 3.12.61-52_86 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109258
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109258
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1009-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1004-1.NASL
    description This update for the Linux Kernel 4.4.103-92_53 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109253
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109253
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1004-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D09A73CE72.NASL
    description The 4.14.16 stable kernel update contains a number of important fixes across the tree. ---- The 4.14.15-301 update reverts the retpoline VERMAGIC ABI change for modules. ---- The 4.14.15 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-02-05
    plugin id 106595
    published 2018-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106595
    title Fedora 27 : kernel (2018-d09a73ce72)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2018-0676.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important) * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important) * Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important) * kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important) * kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate) * kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate) * kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate) * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate) * kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate) * kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate) * kernel: Incorrect handling in arch/x86/include/asm/ mmu_context.h:init_new_context function allowing use-after-free (CVE-2017-17053, Moderate) * kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate) * kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate) * kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate) * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/ netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate) * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate) * kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate) * Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate) * kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate) * kernel: Kernel address information leak in drivers/acpi/ sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate) * kernel: unlimiting the stack disables ASLR (CVE-2016-3672, Low) * kernel: Missing permission check in move_pages system call (CVE-2017-14140, Low) * kernel: NULL pointer dereference in rngapi_reset function (CVE-2017-15116, Low) * kernel: Improper error handling of VM_SHARED hugetlbfs mapping in mm/ hugetlb.c (CVE-2017-15127, Low) * kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact (CVE-2018-6927, Low) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson (Google.com) for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli (Engineering) for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. Schonherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat) and the CVE-2017-15116 issue was discovered by ChunYu Wang (Red Hat). Additional Changes : See the Red Hat Enterprise Linux 7.5 Release Notes linked from References.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 108984
    published 2018-04-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108984
    title RHEL 7 : kernel-rt (RHSA-2018:0676)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-2390.NASL
    description From Red Hat Security Advisory 2018:2390 : An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16th August 2018] The original errata text was missing reference to CVE-2018-5390 fix. We have updated the errata text to correct this issue. No changes have been made to the packages. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es) : * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819)
    last seen 2019-02-21
    modified 2018-10-12
    plugin id 111724
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111724
    title Oracle Linux 6 : kernel (ELSA-2018-2390) (Foreshadow)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-1062.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important, KVM for Power) * kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important) * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important) * Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important) * kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important) * kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate) * kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate) * kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate) * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate) * kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate) * kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate) * kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate) * kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate) * kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate) * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/ netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate) * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate) * kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate) * Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate) * kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate) * kernel: Kernel address information leak in drivers/acpi/ sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate) * kernel: multiple Low security impact security issues (CVE-2016-3672, CVE-2017-14140, CVE-2017-15116, CVE-2017-15127, CVE-2018-6927, Low) Red Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Google Project Zero for reporting CVE-2017-5754; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson (Google.com) for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli (Engineering) for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. Schonherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat) and the CVE-2017-15116 issue was discovered by ChunYu Wang (Red Hat). For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 109380
    published 2018-04-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109380
    title CentOS 7 : kernel (CESA-2018:1062)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0660-1.NASL
    description The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621). - CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617). - CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488). - CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311). - CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908). - CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108279
    published 2018-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108279
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2018:0660-1) (Spectre)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20180814_KERNEL_ON_SL6_X.NASL
    description Security Fix(es) : - Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) - An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side- channel attacks. (CVE-2018-3693) - kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) - kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) - kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) - kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) - kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) Bug Fix(es) : - The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur.
    last seen 2019-02-21
    modified 2018-12-27
    plugin id 111777
    published 2018-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111777
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (Foreshadow)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-4307.NASL
    description Description of changes: [4.1.12-124.23.2.el7uek] - n_tty: fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) (Linus Torvalds) [Orabug: 28855335] {CVE-2018-18386} - nfs: Don't take a reference on fl->fl_file for LOCK operation (Benjamin Coddington) [Orabug: 28887442] - x86/topology: Update the 'cpu cores' field in /proc/cpuinfo correctly across CPU hotplug operations (Samuel Neves) [Orabug: 28933009] - ALSA: seq: Fix regression by incorrect ioctl_mutex usages (Takashi Iwai) [Orabug: 29005188] {CVE-2018-1000004} - net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() (Wei Yongjun) [Orabug: 29012346] {CVE-2018-8043}
    last seen 2018-12-14
    modified 2018-12-13
    plugin id 119639
    published 2018-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=119639
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4307)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1011-1.NASL
    description This update for the Linux Kernel 4.4.90-92_50 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109260
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109260
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1011-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1007-1.NASL
    description This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109256
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109256
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1007-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1014-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_60 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109262
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109262
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1014-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1018-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_66 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109265
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109265
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1018-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1012-1.NASL
    description This update for the Linux Kernel 4.4.59-92_17 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109261
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109261
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1012-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1019-1.NASL
    description This update for the Linux Kernel 4.4.59-92_20 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109266
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109266
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1019-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1034-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_63 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109276
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109276
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1034-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0525-1.NASL
    description The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922). - CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355). - CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311). - CVE-2017-13215: Prevent elevation of privilege (bnc#1075908). - CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017). - CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874). - CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106967
    published 2018-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106967
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0525-1) (Spectre)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0988-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_69 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109240
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109240
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0988-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3631-2.NASL
    description USN-3631-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. It was discovered that a buffer overread vulnerability existed in the keyring subsystem of the Linux kernel. A local attacker could possibly use this to expose sensitive information (kernel memory). (CVE-2017-13305) It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16538) Luo Quan and Wei Yang discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel when handling ioctl()s. A local attacker could use this to cause a denial of service (system deadlock). (CVE-2018-1000004) Wang Qize discovered that an information disclosure vulnerability existed in the SMBus driver for ACPI Embedded Controllers in the Linux kernel. A local attacker could use this to expose sensitive information (kernel pointer addresses). (CVE-2018-5750) Fan Long Fei discovered that a race condition existed in the Advanced Linux Sound Architecture (ALSA) subsystem of the Linux kernel that could lead to a use-after-free or an out-of-bounds buffer access. A local attacker with access to /dev/snd/seq could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-7566). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109315
    published 2018-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109315
    title Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3631-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1025-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109269
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109269
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1025-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-1031-1.NASL
    description This update for the Linux Kernel 4.4.103-92_56 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109273
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109273
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1031-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0999-1.NASL
    description This update for the Linux Kernel 3.12.61-52_77 fixes several issues. The following security issues were fixed : - CVE-2017-13166: An elevation of privilege vulnerability was fixed in the kernel v4l2 video driver. (bsc#1085447). - CVE-2018-1068: A flaw was found in the Linux kernels implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-1000004: A race condition vulnerability existed in the sound system, which could lead to a deadlock and denial of service condition (bsc#1076017) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109249
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109249
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0999-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2018-2390.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. [Updated 16th August 2018] The original errata text was missing reference to CVE-2018-5390 fix. We have updated the errata text to correct this issue. No changes have been made to the packages. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * Modern operating systems implement virtualization of physical memory to efficiently use available system resources and provide inter-domain protection through access control and isolation. The L1TF issue was found in the way the x86 microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimisation) in combination with handling of page-faults caused by terminated virtual to physical address resolving process. As a result, an unprivileged attacker could use this flaw to read privileged memory of the kernel or other processes and/or cross guest/host boundaries to read host memory by conducting targeted cache side-channel attacks. (CVE-2018-3620, CVE-2018-3646) * An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions past bounds check. The flaw relies on the presence of a precisely-defined instruction sequence in the privileged code and the fact that memory writes occur to an address which depends on the untrusted value. Such writes cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to influence speculative execution and/or read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3693) * A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390) * kernel: kvm: vmx: host GDT limit corruption (CVE-2018-10901) * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265) * kernel: race condition in snd_seq_write() may lead to UAF or OOB-access (CVE-2018-7566) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Red Hat would like to thank Intel OSSIRT (Intel.com) for reporting CVE-2018-3620 and CVE-2018-3646; Vladimir Kiriansky (MIT) and Carl Waldspurger (Carl Waldspurger Consulting) for reporting CVE-2018-3693; Juha-Matti Tilli (Aalto University, Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390; and Vegard Nossum (Oracle Corporation) for reporting CVE-2018-10901. Bug Fix(es) : * The Least recently used (LRU) operations are batched by caching pages in per-cpu page vectors to prevent contention of the heavily used lru_lock spinlock. The page vectors can hold even the compound pages. Previously, the page vectors were cleared only if they were full. Subsequently, the amount of memory held in page vectors, which is not reclaimable, was sometimes too high. Consequently the page reclamation started the Out of Memory (OOM) killing processes. With this update, the underlying source code has been fixed to clear LRU page vectors each time when a compound page is added to them. As a result, OOM killing processes due to high amounts of memory held in page vectors no longer occur. (BZ#1575819)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 111704
    published 2018-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=111704
    title CentOS 6 : kernel (CESA-2018:2390) (Foreshadow)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0989-1.NASL
    description This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issues were fixed : - CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447). - CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114). - CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488). - CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 109241
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109241
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0989-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2018-1062.NASL
    description From Red Hat Security Advisory 2018:1062 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important, KVM for Power) * kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important) * kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important) * Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important) * kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important) * kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate) * kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate) * kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate) * kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate) * kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate) * kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate) * kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate) * kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate) * kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate) * kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate) * kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate) * kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/ netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate) * kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate) * kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate) * Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate) * kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate) * kernel: Kernel address information leak in drivers/acpi/ sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate) * kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate) * kernel: multiple Low security impact security issues (CVE-2016-3672, CVE-2017-14140, CVE-2017-15116, CVE-2017-15127, CVE-2018-6927, Low) Red Hat would like to thank Eyal Itkin for reporting CVE-2016-8633; Google Project Zero for reporting CVE-2017-5754; Mohamed Ghannam for reporting CVE-2017-8824; Jim Mattson (Google.com) for reporting CVE-2017-12154; Vitaly Mayatskih for reporting CVE-2017-12190; Andrea Arcangeli (Engineering) for reporting CVE-2017-15126; Kirill Tkhai for reporting CVE-2017-15129; Jan H. Schonherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410. The CVE-2017-15121 issue was discovered by Miklos Szeredi (Red Hat) and the CVE-2017-15116 issue was discovered by ChunYu Wang (Red Hat). For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.5 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-10-17
    plugin id 109113
    published 2018-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109113
    title Oracle Linux 7 : kernel (ELSA-2018-1062)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0437-1.NASL
    description The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032). The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'. - CVE-2017-18079: drivers/input/serio/i8042.c allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922) - CVE-2015-1142857: Prevent guests from sending ethernet flow control pause frames via the PF (bnc#1077355) - CVE-2017-17741: KVM allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311) - CVE-2017-13215: Prevent elevation of privilege (bnc#1075908) - CVE-2018-1000004: Prevent race condition in the sound system, this could have lead a deadlock and denial of service condition (bnc#1076017) - CVE-2017-17806: The HMAC implementation did not validate that the underlying cryptographic hash algorithm is unkeyed, allowing a local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) to cause a kernel stack-based buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization (bnc#1073874) - CVE-2017-17805: The Salsa20 encryption algorithm did not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable (bnc#1073792) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 106815
    published 2018-02-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106815
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2018:0437-1) (Spectre)
redhat via4
advisories
  • bugzilla
    id 1550811
    title CVE-2017-18203 kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel-rt is earlier than 0:3.10.0-862.rt56.804.el7
          oval oval:com.redhat.rhsa:tst:20180676007
        • comment kernel-rt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727006
      • AND
        • comment kernel-rt-debug is earlier than 0:3.10.0-862.rt56.804.el7
          oval oval:com.redhat.rhsa:tst:20180676009
        • comment kernel-rt-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727014
      • AND
        • comment kernel-rt-debug-devel is earlier than 0:3.10.0-862.rt56.804.el7
          oval oval:com.redhat.rhsa:tst:20180676013
        • comment kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727016
      • AND
        • comment kernel-rt-debug-kvm is earlier than 0:3.10.0-862.rt56.804.el7
          oval oval:com.redhat.rhsa:tst:20180676017
        • comment kernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20161051024
      • AND
        • comment kernel-rt-devel is earlier than 0:3.10.0-862.rt56.804.el7
          oval oval:com.redhat.rhsa:tst:20180676015
        • comment kernel-rt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727012
      • AND
        • comment kernel-rt-doc is earlier than 0:3.10.0-862.rt56.804.el7
          oval oval:com.redhat.rhsa:tst:20180676005
        • comment kernel-rt-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727018
      • AND
        • comment kernel-rt-kvm is earlier than 0:3.10.0-862.rt56.804.el7
          oval oval:com.redhat.rhsa:tst:20180676021
        • comment kernel-rt-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20161051016
      • AND
        • comment kernel-rt-trace is earlier than 0:3.10.0-862.rt56.804.el7
          oval oval:com.redhat.rhsa:tst:20180676023
        • comment kernel-rt-trace is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727008
      • AND
        • comment kernel-rt-trace-devel is earlier than 0:3.10.0-862.rt56.804.el7
          oval oval:com.redhat.rhsa:tst:20180676019
        • comment kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727010
      • AND
        • comment kernel-rt-trace-kvm is earlier than 0:3.10.0-862.rt56.804.el7
          oval oval:com.redhat.rhsa:tst:20180676011
        • comment kernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20161051018
    rhsa
    id RHSA-2018:0676
    released 2018-04-10
    severity Important
    title RHSA-2018:0676: kernel-rt security, bug fix, and enhancement update (Important)
  • bugzilla
    id 1550811
    title CVE-2017-18203 kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062011
        • comment kernel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842006
      • AND
        • comment kernel-abi-whitelists is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062005
        • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131645028
      • AND
        • comment kernel-bootwrapper is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062033
        • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842010
      • AND
        • comment kernel-debug is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062015
        • comment kernel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842012
      • AND
        • comment kernel-debug-devel is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062013
        • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842014
      • AND
        • comment kernel-devel is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062009
        • comment kernel-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842016
      • AND
        • comment kernel-doc is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062007
        • comment kernel-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842024
      • AND
        • comment kernel-headers is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062025
        • comment kernel-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842008
      • AND
        • comment kernel-kdump is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062019
        • comment kernel-kdump is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842018
      • AND
        • comment kernel-kdump-devel is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062017
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842020
      • AND
        • comment kernel-tools is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062031
        • comment kernel-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678010
      • AND
        • comment kernel-tools-libs is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062029
        • comment kernel-tools-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678012
      • AND
        • comment kernel-tools-libs-devel is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062027
        • comment kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678020
      • AND
        • comment perf is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062021
        • comment perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842022
      • AND
        • comment python-perf is earlier than 0:3.10.0-862.el7
          oval oval:com.redhat.rhsa:tst:20181062023
        • comment python-perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111530020
    rhsa
    id RHSA-2018:1062
    released 2018-04-10
    severity Important
    title RHSA-2018:1062: kernel security, bug fix, and enhancement update (Important)
  • bugzilla
    id 1601849
    title CVE-2018-10901 kernel: kvm: vmx: host GDT limit corruption
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment kernel is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390017
        • comment kernel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842006
      • AND
        • comment kernel-abi-whitelists is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390007
        • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131645028
      • AND
        • comment kernel-bootwrapper is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390029
        • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842010
      • AND
        • comment kernel-debug is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390019
        • comment kernel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842012
      • AND
        • comment kernel-debug-devel is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390011
        • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842014
      • AND
        • comment kernel-devel is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390025
        • comment kernel-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842016
      • AND
        • comment kernel-doc is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390005
        • comment kernel-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842024
      • AND
        • comment kernel-firmware is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390009
        • comment kernel-firmware is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842026
      • AND
        • comment kernel-headers is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390013
        • comment kernel-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842008
      • AND
        • comment kernel-kdump is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390021
        • comment kernel-kdump is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842018
      • AND
        • comment kernel-kdump-devel is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390027
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842020
      • AND
        • comment perf is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390023
        • comment perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842022
      • AND
        • comment python-perf is earlier than 0:2.6.32-754.3.5.el6
          oval oval:com.redhat.rhsa:tst:20182390015
        • comment python-perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111530020
    rhsa
    id RHSA-2018:2390
    released 2018-08-14
    severity Important
    title RHSA-2018:2390: kernel security and bug fix update (Important)
  • rhsa
    id RHSA-2018:0654
rpms
  • kernel-rt-0:3.10.0-862.rt56.804.el7
  • kernel-rt-debug-0:3.10.0-862.rt56.804.el7
  • kernel-rt-debug-devel-0:3.10.0-862.rt56.804.el7
  • kernel-rt-debug-kvm-0:3.10.0-862.rt56.804.el7
  • kernel-rt-devel-0:3.10.0-862.rt56.804.el7
  • kernel-rt-doc-0:3.10.0-862.rt56.804.el7
  • kernel-rt-kvm-0:3.10.0-862.rt56.804.el7
  • kernel-rt-trace-0:3.10.0-862.rt56.804.el7
  • kernel-rt-trace-devel-0:3.10.0-862.rt56.804.el7
  • kernel-rt-trace-kvm-0:3.10.0-862.rt56.804.el7
  • kernel-0:3.10.0-862.el7
  • kernel-abi-whitelists-0:3.10.0-862.el7
  • kernel-bootwrapper-0:3.10.0-862.el7
  • kernel-debug-0:3.10.0-862.el7
  • kernel-debug-devel-0:3.10.0-862.el7
  • kernel-devel-0:3.10.0-862.el7
  • kernel-doc-0:3.10.0-862.el7
  • kernel-headers-0:3.10.0-862.el7
  • kernel-kdump-0:3.10.0-862.el7
  • kernel-kdump-devel-0:3.10.0-862.el7
  • kernel-tools-0:3.10.0-862.el7
  • kernel-tools-libs-0:3.10.0-862.el7
  • kernel-tools-libs-devel-0:3.10.0-862.el7
  • perf-0:3.10.0-862.el7
  • python-perf-0:3.10.0-862.el7
  • kernel-0:2.6.32-754.3.5.el6
  • kernel-abi-whitelists-0:2.6.32-754.3.5.el6
  • kernel-bootwrapper-0:2.6.32-754.3.5.el6
  • kernel-debug-0:2.6.32-754.3.5.el6
  • kernel-debug-devel-0:2.6.32-754.3.5.el6
  • kernel-devel-0:2.6.32-754.3.5.el6
  • kernel-doc-0:2.6.32-754.3.5.el6
  • kernel-firmware-0:2.6.32-754.3.5.el6
  • kernel-headers-0:2.6.32-754.3.5.el6
  • kernel-kdump-0:2.6.32-754.3.5.el6
  • kernel-kdump-devel-0:2.6.32-754.3.5.el6
  • perf-0:2.6.32-754.3.5.el6
  • python-perf-0:2.6.32-754.3.5.el6
refmap via4
bid 104606
confirm https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
debian DSA-4187
mlist
  • [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
  • [oss-security] 20180116 sound driver Conditional competition
ubuntu
  • USN-3631-1
  • USN-3631-2
  • USN-3798-1
  • USN-3798-2
Last major update 16-01-2018 - 15:29
Published 16-01-2018 - 15:29
Last modified 19-01-2019 - 06:29
Back to Top