The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2018-3620: Local attackers on baremetal systems     could use speculative code patterns on hyperthreaded     processors to read data present in the L1 Datacache used     by other hyperthreads on the same CPU core, potentially     leaking sensitive data. (bnc#1087081).

  - CVE-2018-3646: Local attackers in virtualized guest     systems could use speculative code patterns on     hyperthreaded processors to read data present in the L1     Datacache used by other hyperthreads on the same CPU     core, potentially leaking sensitive data, even from     other virtual machines or the host system.
    (bnc#1089343).

  - CVE-2018-1000204: A malformed SG_IO ioctl issued for a     SCSI device could lead to a local kernel information     leak manifesting in up to approximately 1000 memory     pages copied to the userspace. The problem has limited     scope as non-privileged users usually have no     permissions to access SCSI device files. (bnc#1096728).

  - CVE-2018-13053: The alarm_timer_nsleep function in     kernel/time/alarmtimer.c had an integer overflow via a     large relative timeout because ktime_add_safe is not     used (bnc#1099924).

  - CVE-2018-13406: An integer overflow in the     uvesafb_setcmap function in     drivers/video/fbdev/uvesafb.c could result in local     attackers being able to crash the kernel or potentially     elevate privileges because kmalloc_array is not used     (bnc#1098016 bnc#1100418).

  - CVE-2016-8405: An information disclosure vulnerability     in kernel components including the ION subsystem,     Binder, USB driver and networking subsystem could enable     a local malicious application to access data outside of     its permission levels. (bnc#1099942).

  - CVE-2018-5814: Multiple race condition errors when     handling probe, disconnect, and rebind operations could     be exploited to trigger a use-after-free condition or a     NULL pointer dereference by sending multiple USB over IP     packets (bnc#1096480).

  - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c     a memory corruption bug in JFS can be triggered by     calling setxattr twice with two different extended     attribute names on the same file. This vulnerability can     be triggered by an unprivileged user with the ability to     create files and execute programs. (bnc#1097234).

  - CVE-2017-13305: A information disclosure vulnerability     in the Upstream kernel encrypted-keys. (bnc#1094353).

  - CVE-2018-1130: A NULL pointer dereference in     dccp_write_xmit() function in net/dccp/output.c allowed     a local user to cause a denial of service by a number of     certain crafted system calls (bnc#1092904).

  - CVE-2018-1068: A flaw was found in the implementation of     32-bit syscall interface for bridging. This allowed a     privileged user to arbitrarily write to a limited range     of kernel memory (bnc#1085107).

  - CVE-2018-5803: An error in the '_sctp_make_chunk()'     function (net/sctp/sm_make_chunk.c) when handling SCTP     packets length could be exploited to cause a kernel     crash (bnc#1083900).

  - CVE-2018-7492: A NULL pointer dereference was found in     the net/rds/rdma.c __rds_rdma_map() function allowed     local attackers to cause a system panic and a     denial-of-service, related to RDS_GET_MR and     RDS_GET_MR_FOR_DEST (bnc#1082962).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Detections

Analytics

SUSE SLES11 Security Update : kernel (SUSE-SU-2018:2332-1) (Foreshadow)

high Nessus Plugin ID 111782

Version 1.7