The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.175 to receive
various security and bugfixes.

The following security bugs were fixed:

• CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled
  reference counting because of a race condition, leading to a
  use-after-free. (bnc#1124728)

• CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM
  hypervisor related to the emulation of a preemption timer, allowing an
  guest user/process to crash the host kernel. (bsc#1124732).
• CVE-2019-7222: Fixed an information leakage in the KVM hypervisor
  related to handling page fault exceptions, which allowed a guest
  user/process to use this flaw to leak the host's stack memory contents
  to a guest (bsc#1124735).
• CVE-2018-1120: By mmap()ing a FUSE-backed file onto a process's memory
  containing command line arguments (or environment strings), an attacker
  could have caused utilities from psutils or procps (such as ps, w) or
  any other program which made a read() call to the /proc/<pid>/cmdline
  (or /proc/<pid>/environ) files to block indefinitely (denial of service)
  or for some controlled time (as a synchronization primitive for other
  attacks) (bnc#1093158).
• CVE-2018-16862: A security flaw was found in a way that the cleancache
  subsystem clears an inode after the final file truncation (removal). The
  new file created with the same inode may contain leftover pages from
  cleancache and the old file data instead of the new one (bnc#1117186).
• CVE-2018-16884: NFS41+ shares mounted in different network namespaces at
  the same time can make bc_svc_process() use wrong back-channel IDs and
  cause a use-after-free vulnerability. Thus a malicious container user
  can cause a host kernel memory corruption and a system panic. Due to the
  nature of the flaw, privilege escalation cannot be fully ruled out
  (bnc#1119946).
• CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c
  allowed local users to cause a denial of service (NULL pointer
  dereference and BUG) via crafted system calls that reach a situation
  where ioapic is uninitialized (bnc#1116841).
• CVE-2018-19824: A local user could exploit a use-after-free in the ALSA
  driver by supplying a malicious USB Sound device (with zero interfaces)
  that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
• CVE-2018-19985: The function hso_probe read if_num from the USB device
  (as an u8) and used it without a length check to index an array,
  resulting in an OOB memory read in hso_probe or hso_get_config_data that
  could be used by local attackers (bnc#1120743).
• CVE-2018-20169: The USB subsystem mishandled size checks during the
  reading of an extra descriptor, related to __usb_get_extra_descriptor in
  drivers/usb/core/usb.c (bnc#1119714).
• CVE-2018-5391: The Linux kernel was vulnerable to a denial of service
  attack with low rates of specially modified packets targeting IP
  fragment re-assembly. An attacker may cause a denial of service
  condition by sending specially crafted IP fragments. Various
  vulnerabilities in IP fragmentation have been discovered and fixed over
  the years. The current vulnerability (CVE-2018-5391) became exploitable
  in the Linux kernel with the increase of the IP fragment reassembly
  queue size (bnc#1103097).
• CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory
  corruption due to type confusion. This could lead to local escalation of
  privilege with no additional execution privileges needed. User
  interaction is not needed for exploitation. (bnc#1118319).
• CVE-2019-3459,CVE-2019-3460: Two remote information leak vulnerabilities
  in the Bluetooth stack were fixed that could potentially leak kernel
  information (bsc#1120758)

For fixed non-security bugs, please refer to:

http://lists.suse.com/pipermail/sle-security-updates/2019-March/005168.html