- Home
- CVEs with nessus.description==The+SUSE+Linux+Enterprise+12+SP2+LTSS+kernel+was+updated+receive+various+security+and+bugfixes.+The+following+security+bugs+were+fixed+%3A%0A%0A++-+CVE-2018-5848%3A+In+the+function+wmi_set_ie%28%29%2C+the+length+++++validation+code+did+not+handle+unsigned+integer+overflow+++++properly.+As+a+result%2C+a+large+value+of+the+%27ie_len%27+++++argument+could+have+caused+a+buffer+overflow+++++%28bnc%231097356%29%0A%0A++-+CVE-2018-1000204%3A+Prevent+infoleak+caused+by+incorrect+++++handling+of+the+SG_IO+ioctl+%28bsc%231096728%29.%0A%0A++-+CVE-2017-18249%3A+The+add_free_nid+function+did+not+++++properly+track+an+allocated+nid%2C+which+allowed+local+++++users+to+cause+a+denial+of+service+%28race+condition%29+or+++++possibly+have+unspecified+other+impact+via+concurrent+++++threads+%28bnc%231087036%29%0A%0A++-+CVE-2018-3665%3A+Prevent+disclosure+of+FPU+registers+++++%28including+XMM+and+AVX+registers%29+between+processes.%0A++++These+registers+might+contain+encryption+keys+when+doing+++++SSE+accelerated+AES+enc%2Fdecryption+%28bsc%231087086%29%0A%0A++-+CVE-2017-18241%3A+Prevent+a+NULL+pointer+dereference+by+++++using+a+noflush_merge+option+that+triggers+a+NULL+value+++++for+a+flush_cmd_control+data+structure+%28bnc%231086400%29%0A%0A++-+CVE-2017-13305%3A+Prevent+information+disclosure+++++vulnerability+in+encrypted-keys+%28bsc%231094353%29.%0A%0A++-+CVE-2018-1093%3A+The+ext4_valid_block_bitmap+function+++++allowed+attackers+to+cause+a+denial+of+service+++++%28out-of-bounds+read+and+system+crash%29+via+a+crafted+ext4+++++image+because+balloc.c+and+ialloc.c+did+not+validate+++++bitmap+block+numbers+%28bsc%231087095%29.%0A%0A++-+CVE-2018-1094%3A+The+ext4_fill_super+function+did+not+++++always+initialize+the+crc32c+checksum+driver%2C+which+++++allowed+attackers+to+cause+a+denial+of+service+++++%28ext4_xattr_inode_hash+NULL+pointer+dereference+and+++++system+crash%29+via+a+crafted+ext4+image+%28bsc%231087007%29.%0A%0A++-+CVE-2018-1092%3A+The+ext4_iget+function+mishandled+the+++++case+of+a+root+directory+with+a+zero+i_links_count%2C+++++which+allowed+attackers+to+cause+a+denial+of+service+++++%28ext4_process_freed_data+NULL+pointer+dereference+and+++++OOPS%29+via+a+crafted+ext4+image+%28bsc%231087012%29.%0A%0A++-+CVE-2018-1130%3A+NULL+pointer+dereference+in+++++dccp_write_xmit%28%29+function+that+allowed+a+local+user+to+++++cause+a+denial+of+service+by+a+number+of+certain+crafted+++++system+calls+%28bsc%231092904%29.%0A%0A++-+CVE-2018-1065%3A+The+netfilter+subsystem+mishandled+the+++++case+of+a+rule+blob+that+contains+a+jump+but+lacks+a+++++user-defined+chain%2C+which+allowed+local+users+to+cause+a+++++denial+of+service+%28NULL+pointer+dereference%29+by+++++leveraging+the+CAP_NET_RAW+or+CAP_NET_ADMIN+capability+++++%28bsc%231083650%29.%0A%0A++-+CVE-2018-5803%3A+Prevent+error+in+the+%27_sctp_make_chunk%28%29%27+++++function+when+handling+SCTP+packets+length+that+could+++++have+been+exploited+to+cause+a+kernel+crash+++++%28bnc%231083900%29.%0A%0A++-+CVE-2018-7492%3A+Prevent+NULL+pointer+dereference+in+the+++++net%2Frds%2Frdma.c+__rds_rdma_map%28%29+function+that+allowed+++++local+attackers+to+cause+a+system+panic+and+a+++++denial-of-service%2C+related+to+RDS_GET_MR+and+++++RDS_GET_MR_FOR_DEST+%28bsc%231082962%29.%0A%0A++-+CVE-2018-1000199%3A+Prevent+vulnerability+in+++++modify_user_hw_breakpoint%28%29+that+could+have+caused+a+++++crash+and+possibly+memory+corruption+%28bsc%231089895%29.%0A%0AThe+update+package+also+includes+non-security+fixes.+See+advisory+for+details.%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+SUSE+security+advisory.+Tenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top