| Revision Date: | 2019-10-08 | Version: | 1 |
| Title: | Security update for the Linux Kernel (Live Patch 32 for SLE 12 SP2) (Important) |
| Description: |
This update for the Linux Kernel 4.4.121-92_120 fixes several issues.
The following security issues were fixed:
- CVE-2019-14835: A buffer overflow flaw was found in the way vhost functionality, that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host (bsc#1151021). - CVE-2018-5390: Fixed a denial of service ('SegmentSmack') in tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet (bsc#1102682).
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1102682
1151021
CVE-2018-5390
CVE-2019-14835
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP2-ESPOS
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND kgraft-patch-4_4_121-92_120-default-2-2.1 is installed
|