- Home
- CVEs with nessus.description==The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to
receive various security and bugfixes.
The following security bugs were fixed :
CVE-2018-8781: The udl_fb_mmap function in
drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability
that allowed local users with access to the udldrmfb driver to obtain
full read and write permissions on kernel physical pages, resulting in
a code execution in kernel space (bnc#1090643).
CVE-2018-10124: The kill_something_info function in kernel/signal.c
might have allowed local users to cause a denial of service via an
INT_MIN argument (bnc#1089752).
CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have
allowed local users to cause a denial of service by triggering an
attempted use of the -INT_MIN value (bnc#1089608).
CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the
Linux kernel allowed local users to cause a denial of service (integer
overflow and loop) via crafted use of the open and fallocate system
calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241)
CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel
function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious
NCPFS servers to crash the kernel or execute code (bnc#1086162).
CVE-2018-8043: The unimac_mdio_probe function in
drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource
availability, which allowed local users to cause a denial of service
(NULL pointer dereference) (bnc#1084829).
CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed
local users to cause a denial of service (BUG) via a crafted
application that made mmap system calls and has a large pgoff argument
to the remap_file_pages system call (bnc#1084353).
CVE-2018-1087: And an unprivileged KVM guest user could use this flaw
to potentially escalate their privileges inside a guest. (bsc#1087088)
CVE-2018-8897: An unprivileged system user could use incorrect set up
interrupt stacks to crash the Linux kernel resulting in DoS issue.
(bsc#1087088)
The update package also includes non-security fixes. See advisory for
details.
Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top