[LU-12307] kernel update [SLES12 SP3 4.4.178-94.91.2]

Related — Sun, 30 Jun 2019 19:19:43 +0000

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.178 to receive various security and bugfixes.

Four new speculative execution issues have been identified in Intel CPUs. (bsc#1111331)

This kernel update contains software mitigations, utilizing CPU microcode updates shipped in parallel.

For more information on this set of information leaks, check out https://www.suse.com/support/kb/doc/?id=7023736

The following security issues fixed:

CVE-2018-5814: Multiple race condition errors when handling probe,
disconnect, and rebind operations could be exploited to trigger a
use-after-free condition or a NULL pointer dereference by sending
multiple USB over IP packets (bnc#1096480).
CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the
SG_IO ioctl (bsc#1096728)
CVE-2018-10853: A flaw was found in the way the KVM hypervisor emulated
instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current
privilege(CPL) level while emulating unprivileged instructions. An
unprivileged guest user/process could use this flaw to potentially
escalate privileges inside guest (bnc#1097104).
CVE-2018-15594: arch/x86/kernel/paravirt.c mishandled certain indirect
calls, which made it easier for attackers to conduct Spectre-v2 attacks
against paravirtual guests (bnc#1105348).
CVE-2019-9503: A brcmfmac frame validation bypass was fixed
(bnc#1132828).
CVE-2019-3882: A flaw was fixed in the vfio interface implementation
that permitted violation of the user's locked memory limit. If a device
is bound to a vfio driver, such as vfio-pci, and the local attacker is
administratively granted ownership of the device, it may cause a system
memory exhaustion and thus a denial of service (DoS). Versions 3.10,
4.14 and 4.18 are vulnerable (bnc#1131416 bnc#1131427).

Whamcloud Community JIRA