Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.2907.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:2907-1)
Summary:The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:2907-1 advisory.
Description:Summary:
The remote host is missing an update for the 'Linux Kernel' package(s) announced via the SUSE-SU-2018:2907-1 advisory.

Vulnerability Insight:
The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:
CVE-2018-14634: Prevent integer overflow in create_elf_tables that
allowed a local attacker to exploit this vulnerability via a SUID-root
binary and obtain full root privileges (bsc#1108912).

CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local
attackers to use a incorrect bounds check in the CDROM driver
CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)

CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status
that could have been used by local attackers to read kernel memory
(bnc#1107689)

CVE-2018-6555: The irda_setsockopt function allowed local users to cause
a denial of service (ias_object use-after-free and system crash) or
possibly have unspecified other impact via an AF_IRDA socket
(bnc#1106511)

CVE-2018-6554: Prevent memory leak in the irda_bind function that
allowed local users to cause a denial of service (memory consumption) by
repeatedly binding an AF_IRDA socket (bnc#1106509)

CVE-2018-15572: The spectre_v2_select_mitigation function did not always
fill RSB upon a context switch, which made it easier for attackers to
conduct userspace-userspace spectreRSB attacks (bnc#1102517)

CVE-2018-10902: Protect against concurrent access to prevent double
realloc (double free) in snd_rawmidi_input_params() and
snd_rawmidi_output_status(). A malicious local attacker could have used
this for privilege escalation (bnc#1105322).

CVE-2018-14734: ucma_leave_multicast accessed a certain data structure
after a cleanup step in ucma_process_join, which allowed attackers to
cause a denial
of service (use-after-free) (bsc#1103119).

The following non-security bugs were fixed:
KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state'
(bsc#1106369).

KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369).

KVM: x86: Free vmx_msr_bitmap_longmode while kvm_init failed
(bsc#1104367).

Refresh patches.xen/xen3-x86-l1tf-04-protect-PROT_NONE-ptes.patch
(bsc#1105100).

kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
(bnc#1105536).

kabi: x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
(bnc#1105536).

ptrace: fix PTRACE_LISTEN race corrupting task->state (bnc#1107001).

rpm/kernel-docs.spec.in: Expand kernel tree directly from sources
(bsc#1057199)

x86, l1tf: Protect PROT_NONE PTEs against speculation fixup
(bnc#1104684, bnc#1104818).

x86/speculation/l1tf: Fix off-by-one error when warning that system has
too much RAM (bnc#1105536).

x86/speculation/l1tf: Fix overflow in l1tf_pfn_limit() on 32bit
(bnc#1087081).

x86/speculation/l1tf: Increase l1tf memory limit for Nehalem+
(bnc#1105536).

x86/speculation/l1tf: Suggest what to do on systems with too much RAM
(bnc#1105536).

xen x86/speculation/l1tf: Fix off-by-one error when wa... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'Linux Kernel' package(s) on SUSE Linux Enterprise Server 11-SP3, SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Point of Sale 11-SP3, SUSE Linux Enterprise Debuginfo 11-SP3

Solution:
Please install the updated package(s).

CVSS Score:
7.2

CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2018-6554
BugTraq ID: 105302
http://www.securityfocus.com/bid/105302
Debian Security Information: DSA-4308 (Google Search)
https://www.debian.org/security/2018/dsa-4308
https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html
https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
https://www.spinics.net/lists/stable/msg255030.html
https://www.spinics.net/lists/stable/msg255034.html
https://usn.ubuntu.com/3775-1/
https://usn.ubuntu.com/3775-2/
https://usn.ubuntu.com/3776-1/
https://usn.ubuntu.com/3776-2/
https://usn.ubuntu.com/3777-1/
https://usn.ubuntu.com/3777-2/
https://usn.ubuntu.com/3777-3/
Common Vulnerability Exposure (CVE) ID: CVE-2018-6555
BugTraq ID: 105304
http://www.securityfocus.com/bid/105304
https://www.spinics.net/lists/stable/msg255031.html
https://www.spinics.net/lists/stable/msg255035.html
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.