| Description: |
The SUSE Linux Enterprise 12 SP3 Teradata kernel was updated to receive various security and bugfixes.
The versioning-scheme was changed to add the TDC identifier in the release-number.
The following security bugs were fixed:
- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bsc#1108399). - CVE-2018-18386: Fix EXTPROC vs ICANON interaction with TIOCINQ (aka FIONREAD) in n_tty (bsc#1012382). - CVE-2018-9516: Check length before copy_to_user() in hid/debug (CVE-2018-9516,bsc#1108498). - CVE-2018-14617: Prevent NULL pointer dereference and panic in hfsplus_lookup() when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory (bsc#1102870) - CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in yurex_read allowed local attackers to use user access read/writes to crash the kernel or potentially escalate privileges (bsc#1106095) - CVE-2018-13093: Prevent NULL pointer dereference and panic in lookup_slow() on a NULL inode->i_ops pointer when doing pathwalks on a corrupted xfs image. This occured because of a lack of proper validation that cached inodes are free during allocation (bsc#1100001) - CVE-2018-13095: Prevent denial of service (memory corruption and BUG) that could have occurred for a corrupted xfs image upon encountering an inode that is in extent format, but has more extents than fit in the inode fork (bnc#1099999) - CVE-2018-13094: Prevent OOPS that may have occured for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp (bnc#1100000) - CVE-2018-6555: The irda_setsockopt function allowed local users to cause a denial of service (ias_object use-after-free and system crash) or possibly have unspecified other impact via an AF_IRDA socket (bnc#1106511) - CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed local users to cause a denial of service (memory consumption) by repeatedly binding an AF_IRDA socket (bnc#1106509) - CVE-2018-10938: A crafted network packet sent remotely by an attacker forced the kernel to enter an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service (bnc#1106016) - CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill RSB upon a context switch, which made it easier for attackers to conduct userspace-userspace spectreRSB attacks (bnc#1102517) - CVE-2018-9363: Prevent buffer overflow in hidp_process_report (bsc#1105292) - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536) - CVE-2018-7480: The blkcg_init_queue function allowed local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure (bsc#1082863).
The following non-security bugs were fixed:
- xen/blkback: Move persistent grants flags to bool (bsc#1085042). - xen/blkfront: Reorder tests in xlblk_init() (bsc#1085042). - xen/blkfront: Cleanup stale persistent grants (bsc#1085042). - xen/blkback: Don't keep persistent grants too long. (bsc#1085042). - xen/grant-table: Log the lack of grants (bsc#1085042). - x86/kaiser: Avoid loosing NMIs when using trampoline stack (bsc#1106293 bsc#1099597 bsc#1110837). - powerpc/tm: Avoid possible userspace r1 corruption on reclaim (bsc#1109333). - powerpc/tm: Fix userspace r13 corruption (bsc#1109333). - usbip/vhci_sysfs: Fix potential Spectre v1 (bsc#1096547). - kabi/x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bsc#1105536). - x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+ (bsc#1105536). - powerpc: Avoid code patching freed init sections (bsc#1107735). - x86/speculation/l1tf: Suggest what to do on systems with too much RAM (bsc#1105536). - x86/speculation/l1tf: Fix off-by-one error when warning that system has too much RAM (bsc#1105536). - x86/entry/64: Remove %ebx handling from error_entry/exit (bsc#1102715). - genirq/proc: Return proper error code when irq_set_affinity() fails (bsc#1105392). - asm/sections: Add helpers to check for section data (bsc#1063026).
Additionally, the following missing references were added:
- bsc#1012382, bsc#1094825, bsc#1110711, CVE-2018-18386
|