Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-12307

kernel update [SLES12 SP3 4.4.178-94.91.2]

    XMLWordPrintable

Details

    • Bug
    • Resolution: Won't Fix
    • Minor
    • None
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.178 to receive various security and bugfixes.

      Four new speculative execution issues have been identified in Intel CPUs. (bsc#1111331)

      • CVE-2018-12126: Microarchitectural Store Buffer Data Sampling (MSBDS)
      • CVE-2018-12127: Microarchitectural Fill Buffer Data Sampling (MFBDS)
      • CVE-2018-12130: Microarchitectural Load Port Data Samling (MLPDS)
      • CVE-2019-11091: Microarchitectural Data Sampling Uncacheable Memory (MDSUM)

      This kernel update contains software mitigations, utilizing CPU microcode updates shipped in parallel.

      For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736

      The following security issues fixed:

      • CVE-2018-5814: Multiple race condition errors when handling probe,
        disconnect, and rebind operations could be exploited to trigger a
        use-after-free condition or a NULL pointer dereference by sending
        multiple USB over IP packets (bnc#1096480).
      • CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the
        SG_IO ioctl (bsc#1096728)
      • CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated
        instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current
        privilege(CPL) level while emulating unprivileged instructions. An
        unprivileged guest user/process could use this flaw to potentially
        escalate privileges inside guest (bnc#1097104).
      • CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect
        calls, which made it easier for attackers to conduct Spectre-v2 attacks
        against paravirtual guests (bnc#1105348).
      • CVE-2019-9503: A brcmfmac frame validation bypass was fixed
        (bnc#1132828).
      • CVE-2019-3882: A flaw was fixed in the vfio interface implementation
        that permitted violation of the user's locked memory limit. If a device
        is bound to a vfio driver, such as vfio-pci, and the local attacker is
        administratively granted ownership of the device, it may cause a system
        memory exhaustion and thus a denial of service (DoS). Versions 3.10,
        4.14 and 4.18 are vulnerable (bnc#1131416 bnc#1131427).

      For fixed non-security bugs, please refer to http://lists.suse.com/pipermail/sle-security-updates/2019-May/005462.html.

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-12498 kernel update [SLES12 SP3 4.4.180-94.97.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          is related to

          Bug - A problem which impairs or prevents the functions of the product. LU-12139 kernel update [SLES12 SP3 4.4.176-94.88.1]

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              yujian Jian Yu
              yujian Jian Yu
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: