- Home
- CVEs with nessus.description==The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various
security and bugfixes. The following security bugs were fixed :
- CVE-2017-5715: Systems with microprocessors utilizing
speculative execution and indirect branch prediction may
allow unauthorized disclosure of information to an
attacker with local user access via a side-channel
analysis (bnc#1068032). Enhancements and bugfixes over
the previous fixes have been added to this kernel.
- CVE-2018-10087: The kernel_wait4 function in
kernel/exit.c might have allowed local users to cause a
denial of service by triggering an attempted use of the
-INT_MIN value (bnc#1089608).
- CVE-2018-7757: Memory leak in the sas_smp_get_phy_events
function in drivers/scsi/libsas/sas_expander.c allowed
local users to cause a denial of service (memory
consumption) via many read accesses to files in the
/sys/class/sas_phy directory, as demonstrated by the
/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file
(bnc#1084536).
- CVE-2018-7566: There was a buffer overflow via an
SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to
/dev/snd/seq by a local user (bnc#1083483).
- CVE-2017-0861: Use-after-free vulnerability in the
snd_pcm_info function in the ALSA subsystem allowed
attackers to gain privileges via unspecified vectors
(bnc#1088260).
- CVE-2018-8822: Incorrect buffer length handling in the
ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c
could be exploited by malicious NCPFS servers to crash
the kernel or execute code (bnc#1086162).
- CVE-2017-13166: An elevation of privilege vulnerability
in the kernel v4l2 video driver. (bnc#1072865).
- CVE-2017-18203: The dm_get_from_kobject function in
drivers/md/dm.c allowed local users to cause a denial of
service (BUG) by leveraging a race condition with
__dm_destroy during creation and removal of DM devices
(bnc#1083242).
- CVE-2017-16911: The vhci_hcd driver allowed allows local
attackers to disclose kernel memory addresses.
Successful exploitation requires that a USB device is
attached over IP (bnc#1078674).
- CVE-2017-18208: The madvise_willneed function in
mm/madvise.c local users to cause a denial of service
(infinite loop) by triggering use of MADVISE_WILLNEED
for a DAX mapping (bnc#1083494).
- CVE-2017-16644: The hdpvr_probe function in
drivers/media/usb/hdpvr/hdpvr-core.c allowed local users
to cause a denial of service (improper error handling
and system crash) or possibly have unspecified other
impact via a crafted USB device (bnc#1067118).
- CVE-2018-6927: The futex_requeue function in
kernel/futex.c in the Linux kernel might allow attackers
to cause a denial of service (integer overflow) or
possibly have unspecified other impact by triggering a
negative wake or requeue value (bnc#1080757).
- CVE-2017-16914: The 'stub_send_ret_submit()' function
(drivers/usb/usbip/stub_tx.c) allowed attackers to cause
a denial of service (NULL pointer dereference) via a
specially crafted USB over IP packet (bnc#1078669).
- CVE-2016-7915: The hid_input_field function in
drivers/hid/hid-core.c allowed physically proximate
attackers to obtain sensitive information from kernel
memory or cause a denial of service (out-of-bounds read)
by connecting a device, as demonstrated by a Logitech DJ
receiver (bnc#1010470).
- CVE-2015-5156: The virtnet_probe function in
drivers/net/virtio_net.c attempted to support a FRAGLIST
feature without proper memory allocation, which allowed
guest OS users to cause a denial of service (buffer
overflow and memory corruption) via a crafted sequence
of fragmented packets (bnc#940776).
- CVE-2017-12190: The bio_map_user_iov and bio_unmap_user
functions in block/bio.c did unbalanced refcounting when
a SCSI I/O vector has small consecutive buffers
belonging to the same page. The bio_add_pc_page function
merges them into one, but the page reference is never
dropped. This causes a memory leak and possible system
lockup (exploitable against the host OS by a guest OS
user, if a SCSI disk is passed through to a virtual
machine) due to an out-of-memory condition
(bnc#1062568).
- CVE-2017-16912: The 'get_pipe()' function
(drivers/usb/usbip/stub_rx.c) allowed attackers to cause
a denial of service (out-of-bounds read) via a specially
crafted USB over IP packet (bnc#1078673).
- CVE-2017-16913: The 'stub_recv_cmd_submit()' function
(drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT
packets allowed attackers to cause a denial of service
(arbitrary memory allocation) via a specially crafted
USB over IP packet (bnc#1078672).
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top