{"affected":[{"ecosystem_specific":{"binaries":[{"kernel-ec2":"3.12.61-52.136.1","kernel-ec2-devel":"3.12.61-52.136.1","kernel-ec2-extra":"3.12.61-52.136.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 12","name":"kernel-ec2","purl":"pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.136.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.136.1","kernel-default-base":"3.12.61-52.136.1","kernel-default-devel":"3.12.61-52.136.1","kernel-default-man":"3.12.61-52.136.1","kernel-devel":"3.12.61-52.136.1","kernel-macros":"3.12.61-52.136.1","kernel-source":"3.12.61-52.136.1","kernel-syms":"3.12.61-52.136.1","kernel-xen":"3.12.61-52.136.1","kernel-xen-base":"3.12.61-52.136.1","kernel-xen-devel":"3.12.61-52.136.1","kgraft-patch-3_12_61-52_136-default":"1-1.3.1","kgraft-patch-3_12_61-52_136-xen":"1-1.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-default","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.136.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.136.1","kernel-default-base":"3.12.61-52.136.1","kernel-default-devel":"3.12.61-52.136.1","kernel-default-man":"3.12.61-52.136.1","kernel-devel":"3.12.61-52.136.1","kernel-macros":"3.12.61-52.136.1","kernel-source":"3.12.61-52.136.1","kernel-syms":"3.12.61-52.136.1","kernel-xen":"3.12.61-52.136.1","kernel-xen-base":"3.12.61-52.136.1","kernel-xen-devel":"3.12.61-52.136.1","kgraft-patch-3_12_61-52_136-default":"1-1.3.1","kgraft-patch-3_12_61-52_136-xen":"1-1.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-source","purl":"pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.136.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.136.1","kernel-default-base":"3.12.61-52.136.1","kernel-default-devel":"3.12.61-52.136.1","kernel-default-man":"3.12.61-52.136.1","kernel-devel":"3.12.61-52.136.1","kernel-macros":"3.12.61-52.136.1","kernel-source":"3.12.61-52.136.1","kernel-syms":"3.12.61-52.136.1","kernel-xen":"3.12.61-52.136.1","kernel-xen-base":"3.12.61-52.136.1","kernel-xen-devel":"3.12.61-52.136.1","kgraft-patch-3_12_61-52_136-default":"1-1.3.1","kgraft-patch-3_12_61-52_136-xen":"1-1.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-syms","purl":"pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.136.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.136.1","kernel-default-base":"3.12.61-52.136.1","kernel-default-devel":"3.12.61-52.136.1","kernel-default-man":"3.12.61-52.136.1","kernel-devel":"3.12.61-52.136.1","kernel-macros":"3.12.61-52.136.1","kernel-source":"3.12.61-52.136.1","kernel-syms":"3.12.61-52.136.1","kernel-xen":"3.12.61-52.136.1","kernel-xen-base":"3.12.61-52.136.1","kernel-xen-devel":"3.12.61-52.136.1","kgraft-patch-3_12_61-52_136-default":"1-1.3.1","kgraft-patch-3_12_61-52_136-xen":"1-1.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-xen","purl":"pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.136.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.136.1","kernel-default-base":"3.12.61-52.136.1","kernel-default-devel":"3.12.61-52.136.1","kernel-default-man":"3.12.61-52.136.1","kernel-devel":"3.12.61-52.136.1","kernel-macros":"3.12.61-52.136.1","kernel-source":"3.12.61-52.136.1","kernel-syms":"3.12.61-52.136.1","kernel-xen":"3.12.61-52.136.1","kernel-xen-base":"3.12.61-52.136.1","kernel-xen-devel":"3.12.61-52.136.1","kgraft-patch-3_12_61-52_136-default":"1-1.3.1","kgraft-patch-3_12_61-52_136-xen":"1-1.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kgraft-patch-SLE12_Update_36","purl":"pkg:rpm/suse/kgraft-patch-SLE12_Update_36&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1-1.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThe SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX\n  registers) between processes. These registers might contain encryption keys\n  when doing SSE accelerated AES enc/decryption (bsc#1087086)\n- CVE-2018-5848: In the function wmi_set_ie(), the length validation code did\n  not handle unsigned integer overflow properly. As a result, a large value of\n  the 'ie_len' argument could have caused a buffer overflow (bnc#1097356)\n- CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO\n  ioctl (bsc#1096728)\n- CVE-2017-13305: Prevent information disclosure vulnerability in\n  encrypted-keys (bsc#1094353)\n- CVE-2018-1094: The ext4_fill_super function did not always initialize the\n  crc32c checksum driver, which allowed attackers to cause a denial of service\n  (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted\n  ext4 image (bsc#1087007)\n- CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to\n  cause a denial of service (out-of-bounds read and system crash) via a crafted\n  ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers\n  (bsc#1087095)\n- CVE-2018-1092: The ext4_iget function mishandled the case of a root directory\n  with a zero i_links_count, which allowed attackers to cause a denial of service\n  (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4\n  image (bsc#1087012)\n- CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that\n  allowed a local user to cause a denial of service by a number of certain\n  crafted system calls (bsc#1092904)\n- CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when\n  handling SCTP packets length that could have been exploited to cause a kernel\n  crash (bnc#1083900)\n- CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c\n  __rds_rdma_map() function that allowed local attackers to cause a system panic\n  and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST\n  (bsc#1082962)\n\nThe following non-security bugs were fixed:\n\n- Fix excessive newline in /proc/*/status (bsc#1094823).\n- KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281).\n- ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552).\n- kABI: work around BPF SSBD removal (bsc#1087082).\n- kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033).\n- mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152).\n- usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bsc#1096480).\n- usbip: usbip_host: fix bad unlock balance during stub_probe() (bsc#1096480).\n- x86/boot: Fix early command-line parsing when matching at end (bsc#1096281).\n- x86/boot: Fix early command-line parsing when partial word matches (bsc#1096281).\n- x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140).\n- x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)\n- xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610).\n","id":"SUSE-SU-2018:1762-1","modified":"2018-06-20T09:43:56Z","published":"2018-06-20T09:43:56Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20181762-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1046610"},{"type":"REPORT","url":"https://bugzilla.suse.com/1079152"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082962"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083900"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087007"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087012"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087082"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087086"},{"type":"REPORT","url":"https://bugzilla.suse.com/1087095"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092552"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092813"},{"type":"REPORT","url":"https://bugzilla.suse.com/1092904"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094033"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094353"},{"type":"REPORT","url":"https://bugzilla.suse.com/1094823"},{"type":"REPORT","url":"https://bugzilla.suse.com/1096140"},{"type":"REPORT","url":"https://bugzilla.suse.com/1096242"},{"type":"REPORT","url":"https://bugzilla.suse.com/1096281"},{"type":"REPORT","url":"https://bugzilla.suse.com/1096480"},{"type":"REPORT","url":"https://bugzilla.suse.com/1096728"},{"type":"REPORT","url":"https://bugzilla.suse.com/1097356"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13305"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1000204"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1092"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1093"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1094"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1130"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-3665"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5803"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5848"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7492"}],"related":["CVE-2017-13305","CVE-2018-1000204","CVE-2018-1092","CVE-2018-1093","CVE-2018-1094","CVE-2018-1130","CVE-2018-3665","CVE-2018-5803","CVE-2018-5848","CVE-2018-7492"],"summary":"Security update for the Linux Kernel","upstream":["CVE-2017-13305","CVE-2018-1000204","CVE-2018-1092","CVE-2018-1093","CVE-2018-1094","CVE-2018-1130","CVE-2018-3665","CVE-2018-5803","CVE-2018-5848","CVE-2018-7492"]}