- Home
- CVEs with nessus.description==The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive
various security and bugfixes. The following security bugs were
fixed :
- CVE-2018-1087: And an unprivileged KVM guest user could
use this flaw to potentially escalate their privileges
inside a guest. (bsc#1087088)
- CVE-2018-8897: An unprivileged system user could use
incorrect set up interrupt stacks to crash the Linux
kernel resulting in DoS issue. (bsc#1087088)
- CVE-2018-8781: The udl_fb_mmap function in
drivers/gpu/drm/udl/udl_fb.c had an integer-overflow
vulnerability allowing local users with access to the
udldrmfb driver to obtain full read and write
permissions on kernel physical pages, resulting in a
code execution in kernel space (bnc#1090643).
- CVE-2018-10124: The kill_something_info function in
kernel/signal.c might allow local users to cause a
denial of service via an INT_MIN argument (bnc#1089752).
- CVE-2018-10087: The kernel_wait4 function in
kernel/exit.c in might allow local users to cause a
denial of service by triggering an attempted use of the
-INT_MIN value (bnc#1089608).
- CVE-2018-7757: Memory leak in the sas_smp_get_phy_events
function in drivers/scsi/libsas/sas_expander.c allowed
local users to cause a denial of service (memory
consumption) via many read accesses to files in the
/sys/class/sas_phy directory, as demonstrated by the
/sys/class/sas_phy/phy-1:0:12/invalid_dword_count file
(bnc#1084536).
- CVE-2017-13220: An elevation of privilege vulnerability
in the Upstream kernel bluez was fixed. (bnc#1076537).
- CVE-2017-11089: A buffer overread is observed in
nl80211_set_station when user space application sends
attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data
of size less than 4 bytes (bnc#1088261).
- CVE-2017-0861: Use-after-free vulnerability in the
snd_pcm_info function in the ALSA subsystem allowed
attackers to gain privileges via unspecified vectors
(bnc#1088260).
- CVE-2018-8822: Incorrect buffer length handling in the
ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c
could be exploited by malicious NCPFS servers to crash
the kernel or execute code (bnc#1086162).
- CVE-2017-18203: The dm_get_from_kobject function in
drivers/md/dm.c allowed local users to cause a denial of
service (BUG) by leveraging a race condition with
__dm_destroy during creation and removal of DM devices
(bnc#1083242).
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top