Details
-
Bug
-
Resolution: Won't Fix
-
Minor
-
None
-
None
-
None
-
3
-
9223372036854775807
Description
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.175 to receive
various security and bugfixes.
The following security bugs were fixed:
- CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled
reference counting because of a race condition, leading to a
use-after-free. (bnc#1124728)
- CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM
hypervisor related to the emulation of a preemption timer, allowing an
guest user/process to crash the host kernel. (bsc#1124732). - CVE-2019-7222: Fixed an information leakage in the KVM hypervisor
related to handling page fault exceptions, which allowed a guest
user/process to use this flaw to leak the host's stack memory contents
to a guest (bsc#1124735). - CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory
containing command line arguments (or environment strings), an attacker
could have caused utilities from psutils or procps (such as ps, w) or
any other program which made a read() call to the /proc/<pid>/cmdline
(or /proc/<pid>/environ) files to block indefinitely (denial of service)
or for some controlled time (as a synchronization primitive for other
attacks) (bnc#1093158). - CVE-2018-16862: A security flaw was found in a way that the cleancache
subsystem clears an inode after the final file truncation (removal). The
new file created with the same inode may contain leftover pages from
cleancache and the old file data instead of the new one (bnc#1117186). - CVE-2018-16884: NFS41+ shares mounted in different network namespaces at
the same time can make bc_svc_process() use wrong back-channel IDs and
cause a use-after-free vulnerability. Thus a malicious container user
can cause a host kernel memory corruption and a system panic. Due to the
nature of the flaw, privilege escalation cannot be fully ruled out
(bnc#1119946). - CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c
allowed local users to cause a denial of service (NULL pointer
dereference and BUG) via crafted system calls that reach a situation
where ioapic is uninitialized (bnc#1116841). - CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
driver by supplying a malicious USB Sound device (with zero interfaces)
that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152). - CVE-2018-19985: The function hso_probe read if_num from the USB device
(as an u8) and used it without a length check to index an array,
resulting in an OOB memory read in hso_probe or hso_get_config_data that
could be used by local attackers (bnc#1120743). - CVE-2018-20169: The USB subsystem mishandled size checks during the
reading of an extra descriptor, related to __usb_get_extra_descriptor in
drivers/usb/core/usb.c (bnc#1119714). - CVE-2018-5391: The Linux kernel was vulnerable to a denial of service
attack with low rates of specially modified packets targeting IP
fragment re-assembly. An attacker may cause a denial of service
condition by sending specially crafted IP fragments. Various
vulnerabilities in IP fragmentation have been discovered and fixed over
the years. The current vulnerability (CVE-2018-5391) became exploitable
in the Linux kernel with the increase of the IP fragment reassembly
queue size (bnc#1103097). - CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
corruption due to type confusion. This could lead to local escalation of
privilege with no additional execution privileges needed. User
interaction is not needed for exploitation. (bnc#1118319). - CVE-2019-3459,CVE-2019-3460: Two remote information leak vulnerabilities
in the Bluetooth stack were fixed that could potentially leak kernel
information (bsc#1120758)
For fixed non-security bugs, please refer to:
http://lists.suse.com/pipermail/sle-security-updates/2019-March/005168.html
