Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-12232 (GCVE-0-2018-12232)
Vulnerability from cvelistv5
Published
2018-06-12 12:00
Modified
2024-08-05 08:30
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:30:59.790Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3752-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "USN-3752-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://patchwork.ozlabs.org/patch/926519/"
},
{
"name": "RHSA-2018:2948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lkml.org/lkml/2018/6/5/14"
},
{
"name": "104453",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104453"
},
{
"name": "USN-3752-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-31T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3752-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "USN-3752-3",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://patchwork.ozlabs.org/patch/926519/"
},
{
"name": "RHSA-2018:2948",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lkml.org/lkml/2018/6/5/14"
},
{
"name": "104453",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104453"
},
{
"name": "USN-3752-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3752-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "USN-3752-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"name": "https://patchwork.ozlabs.org/patch/926519/",
"refsource": "MISC",
"url": "https://patchwork.ozlabs.org/patch/926519/"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "https://lkml.org/lkml/2018/6/5/14",
"refsource": "MISC",
"url": "https://lkml.org/lkml/2018/6/5/14"
},
{
"name": "104453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104453"
},
{
"name": "USN-3752-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"name": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12232",
"datePublished": "2018-06-12T12:00:00",
"dateReserved": "2018-06-12T00:00:00",
"dateUpdated": "2024-08-05T08:30:59.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-12232\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2018-06-12T12:29:00.210\",\"lastModified\":\"2024-11-21T03:44:49.673\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.\"},{\"lang\":\"es\",\"value\":\"En net/socket.c en el kernel de Linux hasta la versi\u00f3n 4.17.1, hay una condici\u00f3n de carrera entre fchownat y close en los casos en los que apuntan al mismo descriptor de archivo socket. Esto est\u00e1 relacionado con las funciones sock_close y sockfs_setattr. fchownat no incrementa el conteo de referencia del descriptor de archivos, lo que permite que close establezca el socket como NULL durante la ejecuci\u00f3n de fchownat lo que conduce a una desreferencia de puntero NULL y a un cierre inesperado del sistema.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.17.1\",\"matchCriteriaId\":\"5CF7338D-D530-4EEA-B1D6-926A91AC72BE\"}]}]}],\"references\":[{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104453\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2948\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lkml.org/lkml/2018/6/5/14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchwork.ozlabs.org/patch/926519/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3752-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/3752-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/3752-3/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104453\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2948\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lkml.org/lkml/2018/6/5/14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://patchwork.ozlabs.org/patch/926519/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://usn.ubuntu.com/3752-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3752-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3752-3/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
suse-su-2019:0196-1
Vulnerability from csaf_suse
Published
2019-01-29 12:14
Modified
2019-01-29 12:14
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).
- CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).
- CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).
- CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).
- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).
- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).
- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).
- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).
- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).
- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).
The following non-security bugs were fixed:
- acpi / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115).
- acpi / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).
- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).
- alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510).
- alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- alsa: fireface: fix for state to fetch PCM frames (bsc#1051510).
- alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510).
- alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510).
- alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).
- alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510).
- alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).
- alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510).
- alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).
- alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510).
- alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).
- alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).
- alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).
- alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).
- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).
- alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).
- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).
- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).
- alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).
- alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).
- alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).
- alsa: hda/tegra: clear pending irq handlers (bsc#1051510).
- alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).
- alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510).
- alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).
- alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).
- alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).
- alsa: trident: Suppress gcc string warning (bsc#1051510).
- alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).
- alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).
- alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).
- alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).
- alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).
- apparmor: do not try to replace stale label in ptrace access check (git-fixes).
- apparmor: do not try to replace stale label in ptraceme check (git-fixes).
- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).
- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).
- arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613).
- arm64: cpu_errata: include required headers (bsc#1120615).
- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).
- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).
- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).
- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).
- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).
- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).
- arm64/numa: Unify common error path in numa_init() (bsc#1120621).
- arm64: remove no-op -p linker flag (bsc#1120616).
- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).
- ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510).
- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).
- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).
- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).
- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).
- ASoC: rsnd: fixup clock start checker (bsc#1051510).
- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).
- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).
- ath6kl: Only use match sets when firmware supports it (bsc#1051510).
- b43: Fix error in cordic routine (bsc#1051510).
- bcache: fix miss key refill->end in writeback (Git-fixes).
- bcache: trace missed reading by cache_missed (Git-fixes).
- Blacklist 5182f26f6f74 crypto: ccp - Make function sev_get_firmware() static
- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).
- block: allow max_discard_segments to be stacked (Git-fixes).
- block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes).
- block: really disable runtime-pm for blk-mq (Git-fixes).
- block: reset bi_iter.bi_done after splitting bio (Git-fixes).
- block/swim: Fix array bounds check (Git-fixes).
- bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ).
- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).
- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).
- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).
- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).
- bpf: use per htab salt for bucket hash (git-fixes).
- btrfs: Always try all copies when reading extent buffers (git-fixes).
- btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).
- btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).
- btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).
- btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469).
- btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).
- btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).
- btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).
- btrfs: fix error handling in btrfs_truncate() (bsc#1111469).
- btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).
- btrfs: fix fsync of files with multiple hard links in new directories (1120173).
- btrfs: Fix memory barriers usage with device stats counters (git-fixes).
- btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469).
- btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).
- btrfs: get rid of unused orphan infrastructure (bsc#1111469).
- btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).
- btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).
- btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).
- btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).
- btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).
- btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).
- btrfs: stop creating orphan items for truncate (bsc#1111469).
- btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).
- btrfs: update stale comments referencing vmtruncate() (bsc#1111469).
- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).
- cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510).
- ceph: do not update importing cap's mseq when handing cap export (bsc#1121273).
- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).
- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).
- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).
- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).
- config: arm64: enable erratum 1024718
- cpufeature: avoid warning when compiling with clang (Git-fixes).
- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).
- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).
- cpupower: remove stringop-truncation waring (git-fixes).
- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).
- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().
- crypto: ccp - Add GET_ID SEV command ().
- crypto: ccp - Add psp enabled message when initialization succeeds ().
- crypto: ccp - Add support for new CCP/PSP device ID ().
- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().
- crypto: ccp - Fix static checker warning ().
- crypto: ccp - Remove unused #defines ().
- crypto: ccp - Support register differences between PSP devices ().
- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).
- dax: Check page->mapping isn't NULL (bsc#1120054).
- dax: Do not access a freed inode (bsc#1120055).
- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).
- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).
- disable stringop truncation warnings for now (git-fixes).
- dm: allocate struct mapped_device with kvzalloc (Git-fixes).
- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).
- dm cache: fix resize crash if user does not reload cache table (Git-fixes).
- dm cache metadata: ignore hints array being too small during resize (Git-fixes).
- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).
- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).
- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).
- dm crypt: do not decrease device limits (Git-fixes).
- dm: fix report zone remapping to account for partition offset (Git-fixes).
- dm integrity: change 'suspending' variable from bool to int (Git-fixes).
- dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes).
- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).
- dm linear: fix linear_end_io conditional definition (Git-fixes).
- dm thin: handle running out of data space vs concurrent discard (Git-fixes).
- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).
- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).
- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).
- dm writecache: report start_sector in status line (Git-fixes).
- dm zoned: fix metadata block ref counting (Git-fixes).
- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).
- doc/README.SUSE: correct GIT url No more gitorious, github we use.
- drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).
- drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749).
- drivers/tty: add missing of_node_put() (bsc#1051510).
- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)
- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)
- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)
- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)
- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)
- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)
- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)
- drm: rcar-du: Fix external clock error checks (bsc#1113722)
- drm: rcar-du: Fix vblank initialization (bsc#1113722)
- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)
- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)
- drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722)
- drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)
- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).
- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).
- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).
- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).
- dt-bindings: iio: update STM32 timers clock names (git-fixes).
- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).
- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).
- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).
- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).
- dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes).
- dt-bindings: pwm: Update STM32 timers clock names (git-fixes).
- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).
- efi: Move some sysfs files to be read-only by root (bsc#1051510).
- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).
- exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773).
- ext2: fix potential use after free (bsc#1118775).
- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).
- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).
- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).
- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).
- extable: Consolidate *kernel_text_address() functions (bsc#1120092).
- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).
- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)
- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)
- filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787).
- firmware: add firmware_request_nowarn() - load firmware without warnings ().
- Fix tracing sample code warning (git-fixes).
- fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes).
- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).
- fs: fix lost error code in dio_complete (bsc#1118762).
- fs/xfs: Use %pS printk format for direct addresses (git-fixes).
- fuse: fix blocked_waitq wakeup (git-fixes).
- fuse: fix leaked notify reply (git-fixes).
- fuse: fix possibly missed wake-up after abort (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).
- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).
- fuse: set FR_SENT while locked (git-fixes).
- gcc-plugins: Add include required by GCC release 8 (git-fixes).
- gcc-plugins: Use dynamic initializers (git-fixes).
- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).
- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).
- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).
- gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768).
- gfs2: Put bitmap buffers in put_super (bsc#1118772).
- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).
- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).
- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).
- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).
- hid: Add quirk for Primax PIXART OEM mice (bsc#1119410).
- hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).
- hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).
- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- i2c: axxia: properly handle master timeout (bsc#1051510).
- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).
- ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).
- ibmvnic: Convert reset work item mutex to spin lock ().
- ibmvnic: Fix non-atomic memory allocation in IRQ context ().
- ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387).
- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).
- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).
- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- Include modules.fips in kernel-binary as well as kernel-binary-base ().
- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).
- Input: add official Raspberry Pi's touchscreen driver ().
- Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).
- Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).
- Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).
- Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).
- Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).
- Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).
- Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).
- Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).
- Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).
- Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).
- integrity/security: fix digsig.c build error with header file (bsc#1051510).
- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).
- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).
- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).
- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).
- iwlwifi: fix LED command capability bit (bsc#1119086).
- iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).
- iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).
- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).
- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).
- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).
- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).
- jump_label: Split out code under the hotplug lock (bsc#1106913).
- kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- kabi protect hnae_ae_ops (bsc#1104353).
- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).
- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).
- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).
- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).
- kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).
- kbuild: verify that $DEPMOD is installed (git-fixes).
- kdb: use memmove instead of overlapping memcpy (bsc#1120954).
- kernfs: Replace strncpy with memcpy (bsc#1120053).
- keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes).
- kobject: Replace strncpy with memcpy (git-fixes).
- kprobes: Make list and blacklist root user read only (git-fixes).
- kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).
- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).
- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).
- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).
- libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788).
- lib/raid6: Fix arm64 test build (bsc#1051510).
- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).
- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).
- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).
- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).
- locking/static_keys: Improve uninitialized key warning (bsc#1106913).
- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).
- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).
- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).
- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).
- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).
- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).
- Mark HI and TASKLET softirq synchronous (git-fixes).
- md: fix raid10 hang issue caused by barrier (git-fixes).
- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).
- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).
- media: omap3isp: Unregister media device as first (bsc#1051510).
- mmc: bcm2835: reset host on timeout (bsc#1051510).
- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).
- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).
- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).
- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).
- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).
- MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).
- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).
- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).
- mm: do not miss the last page because of round-off error (bnc#1118798).
- mm: do not warn about large allocations for slab (git fixes (slab)).
- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).
- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).
- mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).
- mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).
- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).
- mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).
- mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).
- mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).
- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).
- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).
- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).
- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).
- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).
- mm: only report isolation failures when offlining memory (generic hotplug debugability).
- mm: print more information about mapping in __dump_page (generic hotplug debugability).
- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).
- mm: sections are not offlined during memory hotremove (bnc#1119968).
- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).
- mm/vmstat.c: fix NUMA statistics updates (git fixes).
- Move dell_rbu fix to sorted section (bsc#1087978).
- mtd: cfi: convert inline functions to macros (git-fixes).
- mtd: Fix comparison in map_word_andequal() (git-fixes).
- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).
- nbd: do not allow invalid blocksize settings (Git-fixes).
- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).
- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).
- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).
- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).
- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).
- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).
- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).
- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).
- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).
- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).
- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).
- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).
- net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353).
- net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353).
- net: hns3: Check hdev state when getting link status (bsc#1104353).
- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).
- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).
- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).
- net: hns3: Fix ets validate issue (bsc#1104353).
- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).
- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).
- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).
- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).
- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).
- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).
- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).
- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).
- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).
- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).
- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).
- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).
- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).
- net: usb: r8152: constify usb_device_id (bsc#1119749).
- net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749).
- nospec: Allow index argument to have const-qualified type (git-fixes)
- nospec: Kill array_index_nospec_mask_check() (git-fixes).
- nvme-fc: resolve io failures during connect (bsc#1116803).
- nvme-multipath: zero out ANA log buffer (bsc#1105168).
- nvme: validate controller state before rescheduling keep alive (bsc#1103257).
- objtool: Detect RIP-relative switch table references (bsc#1058115).
- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).
- objtool: Fix another switch table detection issue (bsc#1058115).
- objtool: Fix double-free in .cold detection error path (bsc#1058115).
- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).
- objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115).
- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).
- objtool: Support GCC 8's cold subfunctions (bsc#1058115).
- objtool: Support GCC 8 switch tables (bsc#1058115).
- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).
- pci: Add ACS quirk for Ampere root ports (bsc#1120058).
- pci: Add ACS quirk for APM X-Gene devices (bsc#1120058).
- pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).
- pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).
- pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).
- pci: Export pcie_has_flr() (bsc#1120058).
- pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).
- pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).
- pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).
- pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).
- perf tools: Fix tracing_path_mount proper path (git-fixes).
- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).
- powerpc/64s: consolidate MCE counter increment (bsc#1094244).
- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).
- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).
- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).
- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).
- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).
- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).
- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).
- power: supply: olpc_battery: correct the temperature units (bsc#1051510).
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).
- qed: Add driver support for 20G link speed (bsc#1110558).
- qed: Add support for virtual link (bsc#1111795).
- qede: Add driver support for 20G link speed (bsc#1110558).
- r8152: add byte_enable for ocp_read_word function (bsc#1119749).
- r8152: add Linksys USB3GIGV1 id (bsc#1119749).
- r8152: add r8153_phy_status function (bsc#1119749).
- r8152: adjust lpm settings for RTL8153 (bsc#1119749).
- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).
- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).
- r8152: adjust U2P3 for RTL8153 (bsc#1119749).
- r8152: avoid rx queue more than 1000 packets (bsc#1119749).
- r8152: check if disabling ALDPS is finished (bsc#1119749).
- r8152: correct the definition (bsc#1119749).
- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).
- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).
- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).
- r8152: move calling delay_autosuspend function (bsc#1119749).
- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).
- r8152: move the initialization to reset_resume function (bsc#1119749).
- r8152: move the setting of rx aggregation (bsc#1119749).
- r8152: replace napi_complete with napi_complete_done (bsc#1119749).
- r8152: set rx mode early when linking on (bsc#1119749).
- r8152: split rtl8152_resume function (bsc#1119749).
- r8152: support new chip 8050 (bsc#1119749).
- r8152: support RTL8153B (bsc#1119749).
- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).
- rcu: Allow for page faults in NMI handlers (bsc#1120092).
- rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).
- rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).
- rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).
- rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).
- rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).
- rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387).
- reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes).
- Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510).
- Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105).
- Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510).
- Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322).
- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).
- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).
- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).
- rtc: hctosys: Add missing range error reporting (bsc#1051510).
- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).
- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).
- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).
- rtl8xxxu: Fix missing break in switch (bsc#1051510).
- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).
- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).
- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).
- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).
- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).
- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).
- sbitmap: fix race in wait batch accounting (Git-fixes).
- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).
- sched/smt: Expose sched_smt_present static key (bsc#1106913).
- sched/smt: Make sched_smt_present track topology (bsc#1106913).
- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).
- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).
- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).
- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).
- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).
- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).
- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).
- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).
- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).
- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).
- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).
- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).
- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).
- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).
- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).
- scsi: lpfc: rport port swap discovery issue (bsc#1118215).
- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).
- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).
- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).
- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).
- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).
- shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).
- shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).
- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).
- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).
- soc: bcm2835: sync firmware properties with downstream ()
- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).
- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).
- spi: bcm2835: Fix race on DMA termination (bsc#1051510).
- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).
- splice: do not read more than available pipe space (bsc#1119212).
- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).
- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).
- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).
- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).
- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).
- supported.conf: add raspberrypi-ts driver
- supported.conf: whitelist bluefield eMMC driver
- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).
- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).
- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).
- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).
- test_hexdump: use memcpy instead of strncpy (bsc#1051510).
- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).
- tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes).
- Tools: hv: Fix a bug in the key delete code (git-fixes).
- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).
- tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973).
- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).
- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).
- tracing/blktrace: Fix to allow setting same value (Git-fixes).
- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).
- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).
- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).
- tracing: Fix double free of event_trigger_data (bsc#1120234).
- tracing: Fix missing return symbol in function_graph output (bsc#1120232).
- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).
- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).
- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).
- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).
- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).
- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).
- tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).
- tty: Do not return -EAGAIN in blocking read (bsc#1116040).
- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).
- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).
- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).
- ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype.
- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).
- unifdef: use memcpy instead of strncpy (bsc#1051510).
- usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510).
- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).
- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).
- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).
- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).
- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).
- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).
- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).
- usb: omap_udc: use devm_request_irq() (bsc#1051510).
- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).
- usb: serial: option: add Fibocom NL668 series (bsc#1051510).
- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).
- usb: serial: option: add HP lt4132 (bsc#1051510).
- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).
- usb: serial: option: add Telit LN940 series (bsc#1051510).
- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).
- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).
- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).
- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).
- userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).
- userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809).
- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).
- vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).
- watchdog/core: Add missing prototypes for weak functions (git-fixes).
- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).
- wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510).
- x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913).
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).
- x86/decoder: Fix and update the opcodes map (bsc#1058115).
- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).
- x86/l1tf: Show actual SMT state (bsc#1106913).
- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).
- x86/pci: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).
- x86/pci: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058).
- x86/pci: Apply VMD's AERSID fixup generically (bsc#1120058).
- x86/pci: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).
- x86/pci: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).
- x86/pci: Enable AMD 64-bit window on resume (bsc#1120058).
- x86/pci: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).
- x86/pci: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).
- x86/pci: Move VMD quirk to x86 fixups (bsc#1120058).
- x86/pci: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).
- x86/pci: Use is_vmd() rather than relying on the domain number (bsc#1120058).
- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).
- x86/pti: Document fix wrong index (git-fixes).
- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).
- x86/retpoline: Remove minimal retpoline support (bsc#1106913).
- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).
- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).
- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).
- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).
- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).
- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).
- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).
- x86/speculation: Mark string arrays const correctly (bsc#1106913).
- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).
- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).
- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).
- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).
- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).
- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).
- x86/speculation: Provide IBPB always command line options (bsc#1106913).
- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).
- x86/speculation: Rename SSBD update functions (bsc#1106913).
- x86/speculation: Reorder the spec_v2 code (bsc#1106913).
- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).
- x86/speculation: Rework SMT state change (bsc#1106913).
- x86/speculation: Split out TIF update (bsc#1106913).
- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).
- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).
- xen/netfront: tolerate frags with no data (bnc#1119804).
- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).
- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).
- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).
- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).
- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).
- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).
- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).
Patchnames
SUSE-2019-196,SUSE-SLE-DESKTOP-12-SP4-2019-196,SUSE-SLE-HA-12-SP4-2019-196,SUSE-SLE-Live-Patching-12-SP4-2019-196,SUSE-SLE-SDK-12-SP4-2019-196,SUSE-SLE-SERVER-12-SP4-2019-196,SUSE-SLE-WE-12-SP4-2019-196
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n- CVE-2018-12232: In net/socket.c in the there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash (bnc#1097593).\n- CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).\n- CVE-2018-16862: A security flaw was found in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).\n- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nThe following non-security bugs were fixed:\n\n- acpi / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115).\n- acpi / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).\n- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).\n- alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510).\n- alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n- alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n- alsa: fireface: fix for state to fetch PCM frames (bsc#1051510).\n- alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510).\n- alsa: firewire-lib: fix wrong assignment for \u0027out_packet_without_header\u0027 tracepoint (bsc#1051510).\n- alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).\n- alsa: firewire-lib: use the same print format for \u0027without_header\u0027 tracepoints (bsc#1051510).\n- alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).\n- alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510).\n- alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).\n- alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510).\n- alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).\n- alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).\n- alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).\n- alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).\n- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).\n- alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).\n- alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).\n- alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).\n- alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).\n- alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).\n- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).\n- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).\n- alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).\n- alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).\n- alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).\n- alsa: hda/tegra: clear pending irq handlers (bsc#1051510).\n- alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).\n- alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510).\n- alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).\n- alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).\n- alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).\n- alsa: trident: Suppress gcc string warning (bsc#1051510).\n- alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).\n- alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).\n- alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).\n- alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).\n- alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).\n- apparmor: do not try to replace stale label in ptrace access check (git-fixes).\n- apparmor: do not try to replace stale label in ptraceme check (git-fixes).\n- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).\n- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).\n- arm64: atomics: Remove \u0027\u0026\u0027 from \u0027+\u0026\u0027 asm constraint in lse atomics (bsc#1120613).\n- arm64: cpu_errata: include required headers (bsc#1120615).\n- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).\n- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).\n- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).\n- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).\n- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).\n- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).\n- arm64/numa: Unify common error path in numa_init() (bsc#1120621).\n- arm64: remove no-op -p linker flag (bsc#1120616).\n- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).\n- ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510).\n- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).\n- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).\n- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).\n- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).\n- ASoC: rsnd: fixup clock start checker (bsc#1051510).\n- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).\n- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).\n- ath6kl: Only use match sets when firmware supports it (bsc#1051510).\n- b43: Fix error in cordic routine (bsc#1051510).\n- bcache: fix miss key refill-\u003eend in writeback (Git-fixes).\n- bcache: trace missed reading by cache_missed (Git-fixes).\n- Blacklist 5182f26f6f74 crypto: ccp - Make function sev_get_firmware() static\n- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).\n- block: allow max_discard_segments to be stacked (Git-fixes).\n- block: blk_init_allocated_queue() set q-\u003efq as NULL in the fail case (Git-fixes).\n- block: really disable runtime-pm for blk-mq (Git-fixes).\n- block: reset bi_iter.bi_done after splitting bio (Git-fixes).\n- block/swim: Fix array bounds check (Git-fixes).\n- bnxt_en: do not try to offload VLAN \u0027modify\u0027 action (bsc#1050242 ).\n- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).\n- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).\n- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).\n- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).\n- bpf: use per htab salt for bucket hash (git-fixes).\n- btrfs: Always try all copies when reading extent buffers (git-fixes).\n- btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).\n- btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).\n- btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).\n- btrfs: do not check inode\u0027s runtime flags under root-\u003eorphan_lock (bsc#1111469).\n- btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).\n- btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).\n- btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).\n- btrfs: fix error handling in btrfs_truncate() (bsc#1111469).\n- btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).\n- btrfs: fix fsync of files with multiple hard links in new directories (1120173).\n- btrfs: Fix memory barriers usage with device stats counters (git-fixes).\n- btrfs: fix use-after-free on root-\u003eorphan_block_rsv (bsc#1111469).\n- btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).\n- btrfs: get rid of unused orphan infrastructure (bsc#1111469).\n- btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).\n- btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).\n- btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).\n- btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).\n- btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).\n- btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).\n- btrfs: stop creating orphan items for truncate (bsc#1111469).\n- btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).\n- btrfs: update stale comments referencing vmtruncate() (bsc#1111469).\n- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).\n- cdrom: do not attempt to fiddle with cdo-\u003ecapability (bsc#1051510).\n- ceph: do not update importing cap\u0027s mseq when handing cap export (bsc#1121273).\n- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).\n- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).\n- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).\n- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).\n- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).\n- config: arm64: enable erratum 1024718\n- cpufeature: avoid warning when compiling with clang (Git-fixes).\n- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).\n- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).\n- cpupower: remove stringop-truncation waring (git-fixes).\n- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).\n- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().\n- crypto: ccp - Add GET_ID SEV command ().\n- crypto: ccp - Add psp enabled message when initialization succeeds ().\n- crypto: ccp - Add support for new CCP/PSP device ID ().\n- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().\n- crypto: ccp - Fix static checker warning ().\n- crypto: ccp - Remove unused #defines ().\n- crypto: ccp - Support register differences between PSP devices ().\n- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).\n- dax: Check page-\u003emapping isn\u0027t NULL (bsc#1120054).\n- dax: Do not access a freed inode (bsc#1120055).\n- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).\n- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).\n- disable stringop truncation warnings for now (git-fixes).\n- dm: allocate struct mapped_device with kvzalloc (Git-fixes).\n- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).\n- dm cache: fix resize crash if user does not reload cache table (Git-fixes).\n- dm cache metadata: ignore hints array being too small during resize (Git-fixes).\n- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).\n- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).\n- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).\n- dm crypt: do not decrease device limits (Git-fixes).\n- dm: fix report zone remapping to account for partition offset (Git-fixes).\n- dm integrity: change \u0027suspending\u0027 variable from bool to int (Git-fixes).\n- dm ioctl: harden copy_params()\u0027s copy_from_user() from malicious users (Git-fixes).\n- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).\n- dm linear: fix linear_end_io conditional definition (Git-fixes).\n- dm thin: handle running out of data space vs concurrent discard (Git-fixes).\n- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).\n- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).\n- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).\n- dm writecache: report start_sector in status line (Git-fixes).\n- dm zoned: fix metadata block ref counting (Git-fixes).\n- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).\n- doc/README.SUSE: correct GIT url No more gitorious, github we use.\n- drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).\n- drivers/net/usb/r8152: remove the unneeded variable \u0027ret\u0027 in rtl8152_system_suspend (bsc#1119749).\n- drivers/tty: add missing of_node_put() (bsc#1051510).\n- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)\n- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)\n- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)\n- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)\n- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)\n- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)\n- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)\n- drm: rcar-du: Fix external clock error checks (bsc#1113722)\n- drm: rcar-du: Fix vblank initialization (bsc#1113722)\n- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)\n- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)\n- drm/vc4: Set -\u003eis_yuv to false when num_planes == 1 (bsc#1113722)\n- drm/vc4: -\u003ex_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)\n- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).\n- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).\n- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).\n- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).\n- dt-bindings: iio: update STM32 timers clock names (git-fixes).\n- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).\n- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).\n- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).\n- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).\n- dt-bindings: pwm: renesas: tpu: Fix \u0027compatible\u0027 prop description (git-fixes).\n- dt-bindings: pwm: Update STM32 timers clock names (git-fixes).\n- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).\n- efi: Move some sysfs files to be read-only by root (bsc#1051510).\n- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).\n- exportfs: fix \u0027passing zero to ERR_PTR()\u0027 warning (bsc#1118773).\n- ext2: fix potential use after free (bsc#1118775).\n- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).\n- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).\n- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).\n- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).\n- extable: Consolidate *kernel_text_address() functions (bsc#1120092).\n- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).\n- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)\n- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)\n- filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787).\n- firmware: add firmware_request_nowarn() - load firmware without warnings ().\n- Fix tracing sample code warning (git-fixes).\n- fscache: Fix race in fscache_op_complete() due to split atomic_sub \u0026 read (Git-fixes).\n- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).\n- fs: fix lost error code in dio_complete (bsc#1118762).\n- fs/xfs: Use %pS printk format for direct addresses (git-fixes).\n- fuse: fix blocked_waitq wakeup (git-fixes).\n- fuse: fix leaked notify reply (git-fixes).\n- fuse: fix possibly missed wake-up after abort (git-fixes).\n- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).\n- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).\n- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).\n- fuse: set FR_SENT while locked (git-fixes).\n- gcc-plugins: Add include required by GCC release 8 (git-fixes).\n- gcc-plugins: Use dynamic initializers (git-fixes).\n- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).\n- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).\n- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).\n- gfs2_meta: -\u003emount() can get NULL dev_name (bsc#1118768).\n- gfs2: Put bitmap buffers in put_super (bsc#1118772).\n- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).\n- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).\n- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).\n- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).\n- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).\n- hid: Add quirk for Primax PIXART OEM mice (bsc#1119410).\n- hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).\n- hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).\n- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n- i2c: axxia: properly handle master timeout (bsc#1051510).\n- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).\n- ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).\n- ibmvnic: Convert reset work item mutex to spin lock ().\n- ibmvnic: Fix non-atomic memory allocation in IRQ context ().\n- ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387).\n- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).\n- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).\n- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n- Include modules.fips in kernel-binary as well as kernel-binary-base ().\n- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).\n- Input: add official Raspberry Pi\u0027s touchscreen driver ().\n- Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).\n- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).\n- Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).\n- Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).\n- Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).\n- Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).\n- Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).\n- Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).\n- Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).\n- Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).\n- Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).\n- integrity/security: fix digsig.c build error with header file (bsc#1051510).\n- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).\n- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).\n- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).\n- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).\n- iwlwifi: fix LED command capability bit (bsc#1119086).\n- iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).\n- iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).\n- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).\n- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).\n- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).\n- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).\n- jump_label: Split out code under the hotplug lock (bsc#1106913).\n- kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n- kabi protect hnae_ae_ops (bsc#1104353).\n- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).\n- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).\n- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).\n- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).\n- kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).\n- kbuild: verify that $DEPMOD is installed (git-fixes).\n- kdb: use memmove instead of overlapping memcpy (bsc#1120954).\n- kernfs: Replace strncpy with memcpy (bsc#1120053).\n- keys: Fix the use of the C++ keyword \u0027private\u0027 in uapi/linux/keyctl.h (Git-fixes).\n- kobject: Replace strncpy with memcpy (git-fixes).\n- kprobes: Make list and blacklist root user read only (git-fixes).\n- kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).\n- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).\n- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).\n- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).\n- libnvdimm, pmem: Fix badblocks population for \u0027raw\u0027 namespaces (bsc#1118788).\n- lib/raid6: Fix arm64 test build (bsc#1051510).\n- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).\n- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).\n- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).\n- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).\n- locking/static_keys: Improve uninitialized key warning (bsc#1106913).\n- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).\n- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).\n- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).\n- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).\n- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).\n- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).\n- Mark HI and TASKLET softirq synchronous (git-fixes).\n- md: fix raid10 hang issue caused by barrier (git-fixes).\n- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).\n- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).\n- media: omap3isp: Unregister media device as first (bsc#1051510).\n- mmc: bcm2835: reset host on timeout (bsc#1051510).\n- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).\n- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).\n- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).\n- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).\n- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).\n- MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).\n- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).\n- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).\n- mm: do not miss the last page because of round-off error (bnc#1118798).\n- mm: do not warn about large allocations for slab (git fixes (slab)).\n- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).\n- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).\n- mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).\n- mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).\n- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).\n- mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).\n- mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).\n- mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).\n- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).\n- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).\n- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).\n- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).\n- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).\n- mm: only report isolation failures when offlining memory (generic hotplug debugability).\n- mm: print more information about mapping in __dump_page (generic hotplug debugability).\n- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).\n- mm: sections are not offlined during memory hotremove (bnc#1119968).\n- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).\n- mm/vmstat.c: fix NUMA statistics updates (git fixes).\n- Move dell_rbu fix to sorted section (bsc#1087978).\n- mtd: cfi: convert inline functions to macros (git-fixes).\n- mtd: Fix comparison in map_word_andequal() (git-fixes).\n- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).\n- nbd: do not allow invalid blocksize settings (Git-fixes).\n- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).\n- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).\n- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).\n- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).\n- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).\n- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).\n- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).\n- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).\n- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).\n- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).\n- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).\n- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).\n- net: hns3: bugfix for rtnl_lock\u0027s range in the hclgevf_reset() (bsc#1104353).\n- net: hns3: bugfix for the initialization of command queue\u0027s spin lock (bsc#1104353).\n- net: hns3: Check hdev state when getting link status (bsc#1104353).\n- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).\n- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).\n- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).\n- net: hns3: Fix ets validate issue (bsc#1104353).\n- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).\n- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).\n- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).\n- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).\n- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).\n- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).\n- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).\n- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).\n- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).\n- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).\n- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).\n- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).\n- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).\n- net: usb: r8152: constify usb_device_id (bsc#1119749).\n- net: usb: r8152: use irqsave() in USB\u0027s complete callback (bsc#1119749).\n- nospec: Allow index argument to have const-qualified type (git-fixes)\n- nospec: Kill array_index_nospec_mask_check() (git-fixes).\n- nvme-fc: resolve io failures during connect (bsc#1116803).\n- nvme-multipath: zero out ANA log buffer (bsc#1105168).\n- nvme: validate controller state before rescheduling keep alive (bsc#1103257).\n- objtool: Detect RIP-relative switch table references (bsc#1058115).\n- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).\n- objtool: Fix another switch table detection issue (bsc#1058115).\n- objtool: Fix double-free in .cold detection error path (bsc#1058115).\n- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).\n- objtool: Fix \u0027noreturn\u0027 detection for recursive sibling calls (bsc#1058115).\n- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).\n- objtool: Support GCC 8\u0027s cold subfunctions (bsc#1058115).\n- objtool: Support GCC 8 switch tables (bsc#1058115).\n- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).\n- pci: Add ACS quirk for Ampere root ports (bsc#1120058).\n- pci: Add ACS quirk for APM X-Gene devices (bsc#1120058).\n- pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).\n- pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).\n- pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).\n- pci: Export pcie_has_flr() (bsc#1120058).\n- pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).\n- pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).\n- pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).\n- pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).\n- perf tools: Fix tracing_path_mount proper path (git-fixes).\n- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).\n- powerpc/64s: consolidate MCE counter increment (bsc#1094244).\n- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).\n- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).\n- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).\n- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).\n- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).\n- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).\n- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).\n- power: supply: olpc_battery: correct the temperature units (bsc#1051510).\n- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).\n- qed: Add driver support for 20G link speed (bsc#1110558).\n- qed: Add support for virtual link (bsc#1111795).\n- qede: Add driver support for 20G link speed (bsc#1110558).\n- r8152: add byte_enable for ocp_read_word function (bsc#1119749).\n- r8152: add Linksys USB3GIGV1 id (bsc#1119749).\n- r8152: add r8153_phy_status function (bsc#1119749).\n- r8152: adjust lpm settings for RTL8153 (bsc#1119749).\n- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).\n- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).\n- r8152: adjust U2P3 for RTL8153 (bsc#1119749).\n- r8152: avoid rx queue more than 1000 packets (bsc#1119749).\n- r8152: check if disabling ALDPS is finished (bsc#1119749).\n- r8152: correct the definition (bsc#1119749).\n- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).\n- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).\n- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).\n- r8152: move calling delay_autosuspend function (bsc#1119749).\n- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).\n- r8152: move the initialization to reset_resume function (bsc#1119749).\n- r8152: move the setting of rx aggregation (bsc#1119749).\n- r8152: replace napi_complete with napi_complete_done (bsc#1119749).\n- r8152: set rx mode early when linking on (bsc#1119749).\n- r8152: split rtl8152_resume function (bsc#1119749).\n- r8152: support new chip 8050 (bsc#1119749).\n- r8152: support RTL8153B (bsc#1119749).\n- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).\n- rcu: Allow for page faults in NMI handlers (bsc#1120092).\n- rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).\n- rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).\n- rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).\n- rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).\n- rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).\n- rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387).\n- reset: remove remaining WARN_ON() in \u003clinux/reset.h\u003e (Git-fixes).\n- Revert commit ef9209b642f \u0027staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c\u0027 (bsc#1051510).\n- Revert \u0027iommu/io-pgtable-arm: Check for v7s-incapable systems\u0027 (bsc#1106105).\n- Revert \u0027PCI/ASPM: Do not initialize link state when aspm_disabled is set\u0027 (bsc#1051510).\n- Revert \u0027scsi: lpfc: ls_rjt erroneus FLOGIs\u0027 (bsc#1119322).\n- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).\n- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).\n- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).\n- rtc: hctosys: Add missing range error reporting (bsc#1051510).\n- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).\n- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).\n- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).\n- rtl8xxxu: Fix missing break in switch (bsc#1051510).\n- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).\n- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).\n- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).\n- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).\n- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).\n- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).\n- sbitmap: fix race in wait batch accounting (Git-fixes).\n- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).\n- sched/smt: Expose sched_smt_present static key (bsc#1106913).\n- sched/smt: Make sched_smt_present track topology (bsc#1106913).\n- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).\n- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).\n- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).\n- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).\n- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).\n- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).\n- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).\n- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).\n- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).\n- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).\n- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).\n- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).\n- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).\n- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).\n- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).\n- scsi: lpfc: rport port swap discovery issue (bsc#1118215).\n- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).\n- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).\n- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).\n- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).\n- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).\n- shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).\n- shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).\n- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).\n- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).\n- soc: bcm2835: sync firmware properties with downstream ()\n- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).\n- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).\n- spi: bcm2835: Fix race on DMA termination (bsc#1051510).\n- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).\n- splice: do not read more than available pipe space (bsc#1119212).\n- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).\n- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).\n- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).\n- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).\n- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).\n- supported.conf: add raspberrypi-ts driver\n- supported.conf: whitelist bluefield eMMC driver\n- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).\n- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).\n- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).\n- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).\n- test_hexdump: use memcpy instead of strncpy (bsc#1051510).\n- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).\n- tools: hv: fcopy: set \u0027error\u0027 in case an unknown operation was requested (git-fixes).\n- Tools: hv: Fix a bug in the key delete code (git-fixes).\n- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).\n- tools/lib/lockdep: Rename \u0027trywlock\u0027 into \u0027trywrlock\u0027 (bsc#1121973).\n- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).\n- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).\n- tracing/blktrace: Fix to allow setting same value (Git-fixes).\n- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).\n- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).\n- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).\n- tracing: Fix double free of event_trigger_data (bsc#1120234).\n- tracing: Fix missing return symbol in function_graph output (bsc#1120232).\n- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).\n- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).\n- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).\n- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).\n- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).\n- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).\n- tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).\n- tty: Do not return -EAGAIN in blocking read (bsc#1116040).\n- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).\n- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).\n- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).\n- ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype.\n- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).\n- unifdef: use memcpy instead of strncpy (bsc#1051510).\n- usb: appledisplay: Add 27\u0027 Apple Cinema Display (bsc#1051510).\n- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).\n- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).\n- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).\n- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).\n- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).\n- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).\n- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).\n- usb: omap_udc: use devm_request_irq() (bsc#1051510).\n- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).\n- usb: serial: option: add Fibocom NL668 series (bsc#1051510).\n- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).\n- usb: serial: option: add HP lt4132 (bsc#1051510).\n- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).\n- usb: serial: option: add Telit LN940 series (bsc#1051510).\n- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).\n- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).\n- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).\n- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).\n- userfaultfd: clear the vma-\u003evm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).\n- userfaultfd: remove uffd flags from vma-\u003evm_flags if UFFD_EVENT_FORK fails (bsc#1118809).\n- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).\n- vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).\n- watchdog/core: Add missing prototypes for weak functions (git-fixes).\n- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).\n- wlcore: Fix the return value in case of error in \u0027wlcore_vendor_cmd_smart_config_start()\u0027 (bsc#1051510).\n- x86/bugs: Add AMD\u0027s SPEC_CTRL MSR usage (bsc#1106913).\n- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).\n- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).\n- x86/decoder: Fix and update the opcodes map (bsc#1058115).\n- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).\n- x86/l1tf: Show actual SMT state (bsc#1106913).\n- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).\n- x86/pci: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).\n- x86/pci: Add \u0027pci=big_root_window\u0027 option for AMD 64-bit windows (bsc#1120058).\n- x86/pci: Apply VMD\u0027s AERSID fixup generically (bsc#1120058).\n- x86/pci: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).\n- x86/pci: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).\n- x86/pci: Enable AMD 64-bit window on resume (bsc#1120058).\n- x86/pci: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).\n- x86/pci: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).\n- x86/pci: Move VMD quirk to x86 fixups (bsc#1120058).\n- x86/pci: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).\n- x86/pci: Use is_vmd() rather than relying on the domain number (bsc#1120058).\n- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).\n- x86/pti: Document fix wrong index (git-fixes).\n- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).\n- x86/retpoline: Remove minimal retpoline support (bsc#1106913).\n- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).\n- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).\n- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).\n- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).\n- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).\n- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).\n- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).\n- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).\n- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).\n- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).\n- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).\n- x86/speculation: Mark string arrays const correctly (bsc#1106913).\n- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).\n- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).\n- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).\n- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).\n- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).\n- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).\n- x86/speculation: Provide IBPB always command line options (bsc#1106913).\n- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).\n- x86/speculation: Rename SSBD update functions (bsc#1106913).\n- x86/speculation: Reorder the spec_v2 code (bsc#1106913).\n- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).\n- x86/speculation: Rework SMT state change (bsc#1106913).\n- x86/speculation: Split out TIF update (bsc#1106913).\n- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).\n- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).\n- xen/netfront: tolerate frags with no data (bnc#1119804).\n- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).\n- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).\n- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).\n- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).\n- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).\n- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).\n- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-196,SUSE-SLE-DESKTOP-12-SP4-2019-196,SUSE-SLE-HA-12-SP4-2019-196,SUSE-SLE-Live-Patching-12-SP4-2019-196,SUSE-SLE-SDK-12-SP4-2019-196,SUSE-SLE-SERVER-12-SP4-2019-196,SUSE-SLE-WE-12-SP4-2019-196",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0196-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0196-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190196-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0196-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-January/005066.html"
},
{
"category": "self",
"summary": "SUSE Bug 1024718",
"url": "https://bugzilla.suse.com/1024718"
},
{
"category": "self",
"summary": "SUSE Bug 1046299",
"url": "https://bugzilla.suse.com/1046299"
},
{
"category": "self",
"summary": "SUSE Bug 1050242",
"url": "https://bugzilla.suse.com/1050242"
},
{
"category": "self",
"summary": "SUSE Bug 1050244",
"url": "https://bugzilla.suse.com/1050244"
},
{
"category": "self",
"summary": "SUSE Bug 1051510",
"url": "https://bugzilla.suse.com/1051510"
},
{
"category": "self",
"summary": "SUSE Bug 1055121",
"url": "https://bugzilla.suse.com/1055121"
},
{
"category": "self",
"summary": "SUSE Bug 1055186",
"url": "https://bugzilla.suse.com/1055186"
},
{
"category": "self",
"summary": "SUSE Bug 1058115",
"url": "https://bugzilla.suse.com/1058115"
},
{
"category": "self",
"summary": "SUSE Bug 1060463",
"url": "https://bugzilla.suse.com/1060463"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1078248",
"url": "https://bugzilla.suse.com/1078248"
},
{
"category": "self",
"summary": "SUSE Bug 1079935",
"url": "https://bugzilla.suse.com/1079935"
},
{
"category": "self",
"summary": "SUSE Bug 1082387",
"url": "https://bugzilla.suse.com/1082387"
},
{
"category": "self",
"summary": "SUSE Bug 1083647",
"url": "https://bugzilla.suse.com/1083647"
},
{
"category": "self",
"summary": "SUSE Bug 1086282",
"url": "https://bugzilla.suse.com/1086282"
},
{
"category": "self",
"summary": "SUSE Bug 1086283",
"url": "https://bugzilla.suse.com/1086283"
},
{
"category": "self",
"summary": "SUSE Bug 1086423",
"url": "https://bugzilla.suse.com/1086423"
},
{
"category": "self",
"summary": "SUSE Bug 1087084",
"url": "https://bugzilla.suse.com/1087084"
},
{
"category": "self",
"summary": "SUSE Bug 1087978",
"url": "https://bugzilla.suse.com/1087978"
},
{
"category": "self",
"summary": "SUSE Bug 1088386",
"url": "https://bugzilla.suse.com/1088386"
},
{
"category": "self",
"summary": "SUSE Bug 1090888",
"url": "https://bugzilla.suse.com/1090888"
},
{
"category": "self",
"summary": "SUSE Bug 1091405",
"url": "https://bugzilla.suse.com/1091405"
},
{
"category": "self",
"summary": "SUSE Bug 1094244",
"url": "https://bugzilla.suse.com/1094244"
},
{
"category": "self",
"summary": "SUSE Bug 1097593",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "self",
"summary": "SUSE Bug 1102875",
"url": "https://bugzilla.suse.com/1102875"
},
{
"category": "self",
"summary": "SUSE Bug 1102877",
"url": "https://bugzilla.suse.com/1102877"
},
{
"category": "self",
"summary": "SUSE Bug 1102879",
"url": "https://bugzilla.suse.com/1102879"
},
{
"category": "self",
"summary": "SUSE Bug 1102882",
"url": "https://bugzilla.suse.com/1102882"
},
{
"category": "self",
"summary": "SUSE Bug 1102896",
"url": "https://bugzilla.suse.com/1102896"
},
{
"category": "self",
"summary": "SUSE Bug 1103257",
"url": "https://bugzilla.suse.com/1103257"
},
{
"category": "self",
"summary": "SUSE Bug 1104353",
"url": "https://bugzilla.suse.com/1104353"
},
{
"category": "self",
"summary": "SUSE Bug 1104427",
"url": "https://bugzilla.suse.com/1104427"
},
{
"category": "self",
"summary": "SUSE Bug 1104967",
"url": "https://bugzilla.suse.com/1104967"
},
{
"category": "self",
"summary": "SUSE Bug 1105168",
"url": "https://bugzilla.suse.com/1105168"
},
{
"category": "self",
"summary": "SUSE Bug 1106105",
"url": "https://bugzilla.suse.com/1106105"
},
{
"category": "self",
"summary": "SUSE Bug 1106110",
"url": "https://bugzilla.suse.com/1106110"
},
{
"category": "self",
"summary": "SUSE Bug 1106615",
"url": "https://bugzilla.suse.com/1106615"
},
{
"category": "self",
"summary": "SUSE Bug 1106913",
"url": "https://bugzilla.suse.com/1106913"
},
{
"category": "self",
"summary": "SUSE Bug 1108270",
"url": "https://bugzilla.suse.com/1108270"
},
{
"category": "self",
"summary": "SUSE Bug 1109272",
"url": "https://bugzilla.suse.com/1109272"
},
{
"category": "self",
"summary": "SUSE Bug 1110558",
"url": "https://bugzilla.suse.com/1110558"
},
{
"category": "self",
"summary": "SUSE Bug 1111188",
"url": "https://bugzilla.suse.com/1111188"
},
{
"category": "self",
"summary": "SUSE Bug 1111469",
"url": "https://bugzilla.suse.com/1111469"
},
{
"category": "self",
"summary": "SUSE Bug 1111696",
"url": "https://bugzilla.suse.com/1111696"
},
{
"category": "self",
"summary": "SUSE Bug 1111795",
"url": "https://bugzilla.suse.com/1111795"
},
{
"category": "self",
"summary": "SUSE Bug 1112128",
"url": "https://bugzilla.suse.com/1112128"
},
{
"category": "self",
"summary": "SUSE Bug 1113722",
"url": "https://bugzilla.suse.com/1113722"
},
{
"category": "self",
"summary": "SUSE Bug 1114648",
"url": "https://bugzilla.suse.com/1114648"
},
{
"category": "self",
"summary": "SUSE Bug 1114871",
"url": "https://bugzilla.suse.com/1114871"
},
{
"category": "self",
"summary": "SUSE Bug 1116040",
"url": "https://bugzilla.suse.com/1116040"
},
{
"category": "self",
"summary": "SUSE Bug 1116336",
"url": "https://bugzilla.suse.com/1116336"
},
{
"category": "self",
"summary": "SUSE Bug 1116803",
"url": "https://bugzilla.suse.com/1116803"
},
{
"category": "self",
"summary": "SUSE Bug 1116841",
"url": "https://bugzilla.suse.com/1116841"
},
{
"category": "self",
"summary": "SUSE Bug 1117115",
"url": "https://bugzilla.suse.com/1117115"
},
{
"category": "self",
"summary": "SUSE Bug 1117162",
"url": "https://bugzilla.suse.com/1117162"
},
{
"category": "self",
"summary": "SUSE Bug 1117165",
"url": "https://bugzilla.suse.com/1117165"
},
{
"category": "self",
"summary": "SUSE Bug 1117186",
"url": "https://bugzilla.suse.com/1117186"
},
{
"category": "self",
"summary": "SUSE Bug 1117561",
"url": "https://bugzilla.suse.com/1117561"
},
{
"category": "self",
"summary": "SUSE Bug 1117656",
"url": "https://bugzilla.suse.com/1117656"
},
{
"category": "self",
"summary": "SUSE Bug 1117953",
"url": "https://bugzilla.suse.com/1117953"
},
{
"category": "self",
"summary": "SUSE Bug 1118215",
"url": "https://bugzilla.suse.com/1118215"
},
{
"category": "self",
"summary": "SUSE Bug 1118319",
"url": "https://bugzilla.suse.com/1118319"
},
{
"category": "self",
"summary": "SUSE Bug 1118428",
"url": "https://bugzilla.suse.com/1118428"
},
{
"category": "self",
"summary": "SUSE Bug 1118484",
"url": "https://bugzilla.suse.com/1118484"
},
{
"category": "self",
"summary": "SUSE Bug 1118505",
"url": "https://bugzilla.suse.com/1118505"
},
{
"category": "self",
"summary": "SUSE Bug 1118752",
"url": "https://bugzilla.suse.com/1118752"
},
{
"category": "self",
"summary": "SUSE Bug 1118760",
"url": "https://bugzilla.suse.com/1118760"
},
{
"category": "self",
"summary": "SUSE Bug 1118761",
"url": "https://bugzilla.suse.com/1118761"
},
{
"category": "self",
"summary": "SUSE Bug 1118762",
"url": "https://bugzilla.suse.com/1118762"
},
{
"category": "self",
"summary": "SUSE Bug 1118766",
"url": "https://bugzilla.suse.com/1118766"
},
{
"category": "self",
"summary": "SUSE Bug 1118767",
"url": "https://bugzilla.suse.com/1118767"
},
{
"category": "self",
"summary": "SUSE Bug 1118768",
"url": "https://bugzilla.suse.com/1118768"
},
{
"category": "self",
"summary": "SUSE Bug 1118769",
"url": "https://bugzilla.suse.com/1118769"
},
{
"category": "self",
"summary": "SUSE Bug 1118771",
"url": "https://bugzilla.suse.com/1118771"
},
{
"category": "self",
"summary": "SUSE Bug 1118772",
"url": "https://bugzilla.suse.com/1118772"
},
{
"category": "self",
"summary": "SUSE Bug 1118773",
"url": "https://bugzilla.suse.com/1118773"
},
{
"category": "self",
"summary": "SUSE Bug 1118774",
"url": "https://bugzilla.suse.com/1118774"
},
{
"category": "self",
"summary": "SUSE Bug 1118775",
"url": "https://bugzilla.suse.com/1118775"
},
{
"category": "self",
"summary": "SUSE Bug 1118787",
"url": "https://bugzilla.suse.com/1118787"
},
{
"category": "self",
"summary": "SUSE Bug 1118788",
"url": "https://bugzilla.suse.com/1118788"
},
{
"category": "self",
"summary": "SUSE Bug 1118798",
"url": "https://bugzilla.suse.com/1118798"
},
{
"category": "self",
"summary": "SUSE Bug 1118809",
"url": "https://bugzilla.suse.com/1118809"
},
{
"category": "self",
"summary": "SUSE Bug 1118962",
"url": "https://bugzilla.suse.com/1118962"
},
{
"category": "self",
"summary": "SUSE Bug 1119017",
"url": "https://bugzilla.suse.com/1119017"
},
{
"category": "self",
"summary": "SUSE Bug 1119086",
"url": "https://bugzilla.suse.com/1119086"
},
{
"category": "self",
"summary": "SUSE Bug 1119212",
"url": "https://bugzilla.suse.com/1119212"
},
{
"category": "self",
"summary": "SUSE Bug 1119322",
"url": "https://bugzilla.suse.com/1119322"
},
{
"category": "self",
"summary": "SUSE Bug 1119410",
"url": "https://bugzilla.suse.com/1119410"
},
{
"category": "self",
"summary": "SUSE Bug 1119714",
"url": "https://bugzilla.suse.com/1119714"
},
{
"category": "self",
"summary": "SUSE Bug 1119749",
"url": "https://bugzilla.suse.com/1119749"
},
{
"category": "self",
"summary": "SUSE Bug 1119804",
"url": "https://bugzilla.suse.com/1119804"
},
{
"category": "self",
"summary": "SUSE Bug 1119946",
"url": "https://bugzilla.suse.com/1119946"
},
{
"category": "self",
"summary": "SUSE Bug 1119962",
"url": "https://bugzilla.suse.com/1119962"
},
{
"category": "self",
"summary": "SUSE Bug 1119968",
"url": "https://bugzilla.suse.com/1119968"
},
{
"category": "self",
"summary": "SUSE Bug 1120036",
"url": "https://bugzilla.suse.com/1120036"
},
{
"category": "self",
"summary": "SUSE Bug 1120046",
"url": "https://bugzilla.suse.com/1120046"
},
{
"category": "self",
"summary": "SUSE Bug 1120053",
"url": "https://bugzilla.suse.com/1120053"
},
{
"category": "self",
"summary": "SUSE Bug 1120054",
"url": "https://bugzilla.suse.com/1120054"
},
{
"category": "self",
"summary": "SUSE Bug 1120055",
"url": "https://bugzilla.suse.com/1120055"
},
{
"category": "self",
"summary": "SUSE Bug 1120058",
"url": "https://bugzilla.suse.com/1120058"
},
{
"category": "self",
"summary": "SUSE Bug 1120088",
"url": "https://bugzilla.suse.com/1120088"
},
{
"category": "self",
"summary": "SUSE Bug 1120092",
"url": "https://bugzilla.suse.com/1120092"
},
{
"category": "self",
"summary": "SUSE Bug 1120094",
"url": "https://bugzilla.suse.com/1120094"
},
{
"category": "self",
"summary": "SUSE Bug 1120096",
"url": "https://bugzilla.suse.com/1120096"
},
{
"category": "self",
"summary": "SUSE Bug 1120097",
"url": "https://bugzilla.suse.com/1120097"
},
{
"category": "self",
"summary": "SUSE Bug 1120173",
"url": "https://bugzilla.suse.com/1120173"
},
{
"category": "self",
"summary": "SUSE Bug 1120214",
"url": "https://bugzilla.suse.com/1120214"
},
{
"category": "self",
"summary": "SUSE Bug 1120223",
"url": "https://bugzilla.suse.com/1120223"
},
{
"category": "self",
"summary": "SUSE Bug 1120228",
"url": "https://bugzilla.suse.com/1120228"
},
{
"category": "self",
"summary": "SUSE Bug 1120230",
"url": "https://bugzilla.suse.com/1120230"
},
{
"category": "self",
"summary": "SUSE Bug 1120232",
"url": "https://bugzilla.suse.com/1120232"
},
{
"category": "self",
"summary": "SUSE Bug 1120234",
"url": "https://bugzilla.suse.com/1120234"
},
{
"category": "self",
"summary": "SUSE Bug 1120235",
"url": "https://bugzilla.suse.com/1120235"
},
{
"category": "self",
"summary": "SUSE Bug 1120238",
"url": "https://bugzilla.suse.com/1120238"
},
{
"category": "self",
"summary": "SUSE Bug 1120594",
"url": "https://bugzilla.suse.com/1120594"
},
{
"category": "self",
"summary": "SUSE Bug 1120598",
"url": "https://bugzilla.suse.com/1120598"
},
{
"category": "self",
"summary": "SUSE Bug 1120600",
"url": "https://bugzilla.suse.com/1120600"
},
{
"category": "self",
"summary": "SUSE Bug 1120601",
"url": "https://bugzilla.suse.com/1120601"
},
{
"category": "self",
"summary": "SUSE Bug 1120602",
"url": "https://bugzilla.suse.com/1120602"
},
{
"category": "self",
"summary": "SUSE Bug 1120603",
"url": "https://bugzilla.suse.com/1120603"
},
{
"category": "self",
"summary": "SUSE Bug 1120604",
"url": "https://bugzilla.suse.com/1120604"
},
{
"category": "self",
"summary": "SUSE Bug 1120606",
"url": "https://bugzilla.suse.com/1120606"
},
{
"category": "self",
"summary": "SUSE Bug 1120612",
"url": "https://bugzilla.suse.com/1120612"
},
{
"category": "self",
"summary": "SUSE Bug 1120613",
"url": "https://bugzilla.suse.com/1120613"
},
{
"category": "self",
"summary": "SUSE Bug 1120614",
"url": "https://bugzilla.suse.com/1120614"
},
{
"category": "self",
"summary": "SUSE Bug 1120615",
"url": "https://bugzilla.suse.com/1120615"
},
{
"category": "self",
"summary": "SUSE Bug 1120616",
"url": "https://bugzilla.suse.com/1120616"
},
{
"category": "self",
"summary": "SUSE Bug 1120617",
"url": "https://bugzilla.suse.com/1120617"
},
{
"category": "self",
"summary": "SUSE Bug 1120618",
"url": "https://bugzilla.suse.com/1120618"
},
{
"category": "self",
"summary": "SUSE Bug 1120620",
"url": "https://bugzilla.suse.com/1120620"
},
{
"category": "self",
"summary": "SUSE Bug 1120621",
"url": "https://bugzilla.suse.com/1120621"
},
{
"category": "self",
"summary": "SUSE Bug 1120632",
"url": "https://bugzilla.suse.com/1120632"
},
{
"category": "self",
"summary": "SUSE Bug 1120633",
"url": "https://bugzilla.suse.com/1120633"
},
{
"category": "self",
"summary": "SUSE Bug 1120743",
"url": "https://bugzilla.suse.com/1120743"
},
{
"category": "self",
"summary": "SUSE Bug 1120954",
"url": "https://bugzilla.suse.com/1120954"
},
{
"category": "self",
"summary": "SUSE Bug 1121017",
"url": "https://bugzilla.suse.com/1121017"
},
{
"category": "self",
"summary": "SUSE Bug 1121058",
"url": "https://bugzilla.suse.com/1121058"
},
{
"category": "self",
"summary": "SUSE Bug 1121263",
"url": "https://bugzilla.suse.com/1121263"
},
{
"category": "self",
"summary": "SUSE Bug 1121273",
"url": "https://bugzilla.suse.com/1121273"
},
{
"category": "self",
"summary": "SUSE Bug 1121477",
"url": "https://bugzilla.suse.com/1121477"
},
{
"category": "self",
"summary": "SUSE Bug 1121483",
"url": "https://bugzilla.suse.com/1121483"
},
{
"category": "self",
"summary": "SUSE Bug 1121599",
"url": "https://bugzilla.suse.com/1121599"
},
{
"category": "self",
"summary": "SUSE Bug 1121621",
"url": "https://bugzilla.suse.com/1121621"
},
{
"category": "self",
"summary": "SUSE Bug 1121714",
"url": "https://bugzilla.suse.com/1121714"
},
{
"category": "self",
"summary": "SUSE Bug 1121715",
"url": "https://bugzilla.suse.com/1121715"
},
{
"category": "self",
"summary": "SUSE Bug 1121973",
"url": "https://bugzilla.suse.com/1121973"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12232 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14625 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16862 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16884 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19854 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19985 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20169 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-9568 page",
"url": "https://www.suse.com/security/cve/CVE-2018-9568/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2019-01-29T12:14:56Z",
"generator": {
"date": "2019-01-29T12:14:56Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0196-1",
"initial_release_date": "2019-01-29T12:14:56Z",
"revision_history": [
{
"date": "2019-01-29T12:14:56Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-95.6.1.aarch64",
"product": {
"name": "cluster-md-kmp-default-4.12.14-95.6.1.aarch64",
"product_id": "cluster-md-kmp-default-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-95.6.1.aarch64",
"product": {
"name": "dlm-kmp-default-4.12.14-95.6.1.aarch64",
"product_id": "dlm-kmp-default-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-al-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-al-4.12.14-95.6.1.aarch64",
"product_id": "dtb-al-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-allwinner-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-allwinner-4.12.14-95.6.1.aarch64",
"product_id": "dtb-allwinner-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-altera-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-altera-4.12.14-95.6.1.aarch64",
"product_id": "dtb-altera-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amd-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-amd-4.12.14-95.6.1.aarch64",
"product_id": "dtb-amd-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amlogic-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-amlogic-4.12.14-95.6.1.aarch64",
"product_id": "dtb-amlogic-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-apm-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-apm-4.12.14-95.6.1.aarch64",
"product_id": "dtb-apm-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-arm-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-arm-4.12.14-95.6.1.aarch64",
"product_id": "dtb-arm-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-broadcom-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-broadcom-4.12.14-95.6.1.aarch64",
"product_id": "dtb-broadcom-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-cavium-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-cavium-4.12.14-95.6.1.aarch64",
"product_id": "dtb-cavium-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-exynos-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-exynos-4.12.14-95.6.1.aarch64",
"product_id": "dtb-exynos-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-freescale-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-freescale-4.12.14-95.6.1.aarch64",
"product_id": "dtb-freescale-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-hisilicon-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-hisilicon-4.12.14-95.6.1.aarch64",
"product_id": "dtb-hisilicon-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-lg-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-lg-4.12.14-95.6.1.aarch64",
"product_id": "dtb-lg-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-marvell-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-marvell-4.12.14-95.6.1.aarch64",
"product_id": "dtb-marvell-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-mediatek-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-mediatek-4.12.14-95.6.1.aarch64",
"product_id": "dtb-mediatek-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-nvidia-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-nvidia-4.12.14-95.6.1.aarch64",
"product_id": "dtb-nvidia-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-qcom-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-qcom-4.12.14-95.6.1.aarch64",
"product_id": "dtb-qcom-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-renesas-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-renesas-4.12.14-95.6.1.aarch64",
"product_id": "dtb-renesas-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-rockchip-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-rockchip-4.12.14-95.6.1.aarch64",
"product_id": "dtb-rockchip-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-socionext-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-socionext-4.12.14-95.6.1.aarch64",
"product_id": "dtb-socionext-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-sprd-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-sprd-4.12.14-95.6.1.aarch64",
"product_id": "dtb-sprd-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-xilinx-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-xilinx-4.12.14-95.6.1.aarch64",
"product_id": "dtb-xilinx-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-zte-4.12.14-95.6.1.aarch64",
"product": {
"name": "dtb-zte-4.12.14-95.6.1.aarch64",
"product_id": "dtb-zte-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-95.6.1.aarch64",
"product": {
"name": "gfs2-kmp-default-4.12.14-95.6.1.aarch64",
"product_id": "gfs2-kmp-default-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-95.6.1.aarch64",
"product": {
"name": "kernel-default-4.12.14-95.6.1.aarch64",
"product_id": "kernel-default-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-95.6.1.aarch64",
"product": {
"name": "kernel-default-base-4.12.14-95.6.1.aarch64",
"product_id": "kernel-default-base-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-95.6.1.aarch64",
"product": {
"name": "kernel-default-devel-4.12.14-95.6.1.aarch64",
"product_id": "kernel-default-devel-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-95.6.1.aarch64",
"product": {
"name": "kernel-default-extra-4.12.14-95.6.1.aarch64",
"product_id": "kernel-default-extra-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-4.12.14-95.6.1.aarch64",
"product": {
"name": "kernel-default-livepatch-4.12.14-95.6.1.aarch64",
"product_id": "kernel-default-livepatch-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-95.6.1.aarch64",
"product": {
"name": "kernel-obs-build-4.12.14-95.6.1.aarch64",
"product_id": "kernel-obs-build-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-95.6.1.aarch64",
"product": {
"name": "kernel-obs-qa-4.12.14-95.6.1.aarch64",
"product_id": "kernel-obs-qa-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-95.6.1.aarch64",
"product": {
"name": "kernel-syms-4.12.14-95.6.1.aarch64",
"product_id": "kernel-syms-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-95.6.1.aarch64",
"product": {
"name": "kernel-vanilla-4.12.14-95.6.1.aarch64",
"product_id": "kernel-vanilla-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-95.6.1.aarch64",
"product": {
"name": "kernel-vanilla-base-4.12.14-95.6.1.aarch64",
"product_id": "kernel-vanilla-base-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-95.6.1.aarch64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-95.6.1.aarch64",
"product_id": "kernel-vanilla-devel-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-95.6.1.aarch64",
"product": {
"name": "kselftests-kmp-default-4.12.14-95.6.1.aarch64",
"product_id": "kselftests-kmp-default-4.12.14-95.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-95.6.1.aarch64",
"product": {
"name": "ocfs2-kmp-default-4.12.14-95.6.1.aarch64",
"product_id": "ocfs2-kmp-default-4.12.14-95.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-4.12.14-95.6.1.noarch",
"product": {
"name": "kernel-devel-4.12.14-95.6.1.noarch",
"product_id": "kernel-devel-4.12.14-95.6.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-4.12.14-95.6.1.noarch",
"product": {
"name": "kernel-docs-4.12.14-95.6.1.noarch",
"product_id": "kernel-docs-4.12.14-95.6.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-4.12.14-95.6.1.noarch",
"product": {
"name": "kernel-docs-html-4.12.14-95.6.1.noarch",
"product_id": "kernel-docs-html-4.12.14-95.6.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-4.12.14-95.6.1.noarch",
"product": {
"name": "kernel-macros-4.12.14-95.6.1.noarch",
"product_id": "kernel-macros-4.12.14-95.6.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-4.12.14-95.6.1.noarch",
"product": {
"name": "kernel-source-4.12.14-95.6.1.noarch",
"product_id": "kernel-source-4.12.14-95.6.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-4.12.14-95.6.1.noarch",
"product": {
"name": "kernel-source-vanilla-4.12.14-95.6.1.noarch",
"product_id": "kernel-source-vanilla-4.12.14-95.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-debug-4.12.14-95.6.1.ppc64le",
"product": {
"name": "cluster-md-kmp-debug-4.12.14-95.6.1.ppc64le",
"product_id": "cluster-md-kmp-debug-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"product": {
"name": "cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"product_id": "cluster-md-kmp-default-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-debug-4.12.14-95.6.1.ppc64le",
"product": {
"name": "dlm-kmp-debug-4.12.14-95.6.1.ppc64le",
"product_id": "dlm-kmp-debug-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"product": {
"name": "dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"product_id": "dlm-kmp-default-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-debug-4.12.14-95.6.1.ppc64le",
"product": {
"name": "gfs2-kmp-debug-4.12.14-95.6.1.ppc64le",
"product_id": "gfs2-kmp-debug-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"product": {
"name": "gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"product_id": "gfs2-kmp-default-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-debug-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-debug-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-debug-base-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-debug-base-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-debug-devel-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-debug-devel-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-extra-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-debug-extra-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-debug-extra-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-livepatch-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-debug-livepatch-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-debug-livepatch-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-default-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-default-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-default-base-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-default-base-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-default-devel-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-default-devel-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-default-extra-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-default-extra-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-default-livepatch-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-default-livepatch-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-obs-build-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-obs-build-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-obs-qa-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-obs-qa-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-syms-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-syms-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-vanilla-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-vanilla-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-vanilla-base-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-vanilla-base-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kernel-vanilla-devel-4.12.14-95.6.1.ppc64le",
"product_id": "kernel-vanilla-devel-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"product": {
"name": "kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"product_id": "kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-debug-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kselftests-kmp-debug-4.12.14-95.6.1.ppc64le",
"product_id": "kselftests-kmp-debug-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-95.6.1.ppc64le",
"product": {
"name": "kselftests-kmp-default-4.12.14-95.6.1.ppc64le",
"product_id": "kselftests-kmp-default-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-debug-4.12.14-95.6.1.ppc64le",
"product": {
"name": "ocfs2-kmp-debug-4.12.14-95.6.1.ppc64le",
"product_id": "ocfs2-kmp-debug-4.12.14-95.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"product": {
"name": "ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"product_id": "ocfs2-kmp-default-4.12.14-95.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"product": {
"name": "cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"product_id": "cluster-md-kmp-default-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-95.6.1.s390x",
"product": {
"name": "dlm-kmp-default-4.12.14-95.6.1.s390x",
"product_id": "dlm-kmp-default-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-95.6.1.s390x",
"product": {
"name": "gfs2-kmp-default-4.12.14-95.6.1.s390x",
"product_id": "gfs2-kmp-default-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-default-4.12.14-95.6.1.s390x",
"product_id": "kernel-default-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-default-base-4.12.14-95.6.1.s390x",
"product_id": "kernel-default-base-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-default-devel-4.12.14-95.6.1.s390x",
"product_id": "kernel-default-devel-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-default-extra-4.12.14-95.6.1.s390x",
"product_id": "kernel-default-extra-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-default-livepatch-4.12.14-95.6.1.s390x",
"product_id": "kernel-default-livepatch-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-man-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-default-man-4.12.14-95.6.1.s390x",
"product_id": "kernel-default-man-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-obs-build-4.12.14-95.6.1.s390x",
"product_id": "kernel-obs-build-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-obs-qa-4.12.14-95.6.1.s390x",
"product_id": "kernel-obs-qa-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-syms-4.12.14-95.6.1.s390x",
"product_id": "kernel-syms-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-vanilla-4.12.14-95.6.1.s390x",
"product_id": "kernel-vanilla-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-vanilla-base-4.12.14-95.6.1.s390x",
"product_id": "kernel-vanilla-base-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-vanilla-devel-4.12.14-95.6.1.s390x",
"product_id": "kernel-vanilla-devel-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-zfcpdump-4.12.14-95.6.1.s390x",
"product_id": "kernel-zfcpdump-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-man-4.12.14-95.6.1.s390x",
"product": {
"name": "kernel-zfcpdump-man-4.12.14-95.6.1.s390x",
"product_id": "kernel-zfcpdump-man-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-95.6.1.s390x",
"product": {
"name": "kselftests-kmp-default-4.12.14-95.6.1.s390x",
"product_id": "kselftests-kmp-default-4.12.14-95.6.1.s390x"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"product": {
"name": "ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"product_id": "ocfs2-kmp-default-4.12.14-95.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-debug-4.12.14-95.6.1.x86_64",
"product": {
"name": "cluster-md-kmp-debug-4.12.14-95.6.1.x86_64",
"product_id": "cluster-md-kmp-debug-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"product": {
"name": "cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"product_id": "cluster-md-kmp-default-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-debug-4.12.14-95.6.1.x86_64",
"product": {
"name": "dlm-kmp-debug-4.12.14-95.6.1.x86_64",
"product_id": "dlm-kmp-debug-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-95.6.1.x86_64",
"product": {
"name": "dlm-kmp-default-4.12.14-95.6.1.x86_64",
"product_id": "dlm-kmp-default-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-debug-4.12.14-95.6.1.x86_64",
"product": {
"name": "gfs2-kmp-debug-4.12.14-95.6.1.x86_64",
"product_id": "gfs2-kmp-debug-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"product": {
"name": "gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"product_id": "gfs2-kmp-default-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-debug-4.12.14-95.6.1.x86_64",
"product_id": "kernel-debug-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-debug-base-4.12.14-95.6.1.x86_64",
"product_id": "kernel-debug-base-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-debug-devel-4.12.14-95.6.1.x86_64",
"product_id": "kernel-debug-devel-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-extra-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-debug-extra-4.12.14-95.6.1.x86_64",
"product_id": "kernel-debug-extra-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-livepatch-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-debug-livepatch-4.12.14-95.6.1.x86_64",
"product_id": "kernel-debug-livepatch-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-default-4.12.14-95.6.1.x86_64",
"product_id": "kernel-default-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-default-base-4.12.14-95.6.1.x86_64",
"product_id": "kernel-default-base-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-default-devel-4.12.14-95.6.1.x86_64",
"product_id": "kernel-default-devel-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-default-extra-4.12.14-95.6.1.x86_64",
"product_id": "kernel-default-extra-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-default-livepatch-4.12.14-95.6.1.x86_64",
"product_id": "kernel-default-livepatch-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-kvmsmall-4.12.14-95.6.1.x86_64",
"product_id": "kernel-kvmsmall-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-base-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-kvmsmall-base-4.12.14-95.6.1.x86_64",
"product_id": "kernel-kvmsmall-base-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-4.12.14-95.6.1.x86_64",
"product_id": "kernel-kvmsmall-devel-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-obs-build-4.12.14-95.6.1.x86_64",
"product_id": "kernel-obs-build-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-obs-qa-4.12.14-95.6.1.x86_64",
"product_id": "kernel-obs-qa-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-syms-4.12.14-95.6.1.x86_64",
"product_id": "kernel-syms-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-vanilla-4.12.14-95.6.1.x86_64",
"product_id": "kernel-vanilla-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-vanilla-base-4.12.14-95.6.1.x86_64",
"product_id": "kernel-vanilla-base-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-95.6.1.x86_64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-95.6.1.x86_64",
"product_id": "kernel-vanilla-devel-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"product": {
"name": "kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"product_id": "kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-debug-4.12.14-95.6.1.x86_64",
"product": {
"name": "kselftests-kmp-debug-4.12.14-95.6.1.x86_64",
"product_id": "kselftests-kmp-debug-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-95.6.1.x86_64",
"product": {
"name": "kselftests-kmp-default-4.12.14-95.6.1.x86_64",
"product_id": "kselftests-kmp-default-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-debug-4.12.14-95.6.1.x86_64",
"product": {
"name": "ocfs2-kmp-debug-4.12.14-95.6.1.x86_64",
"product_id": "ocfs2-kmp-debug-4.12.14-95.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"product": {
"name": "ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"product_id": "ocfs2-kmp-default-4.12.14-95.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 12 SP4",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 12 SP4",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-default-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-default-extra-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-95.6.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-95.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-95.6.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-95.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-95.6.1.noarch as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch"
},
"product_reference": "kernel-source-4.12.14-95.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Desktop 12 SP4",
"product_id": "SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le"
},
"product_reference": "cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x"
},
"product_reference": "cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le"
},
"product_reference": "dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x"
},
"product_reference": "dlm-kmp-default-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64"
},
"product_reference": "dlm-kmp-default-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le"
},
"product_reference": "gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x"
},
"product_reference": "gfs2-kmp-default-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64"
},
"product_reference": "gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le"
},
"product_reference": "ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x"
},
"product_reference": "ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 12 SP4",
"product_id": "SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le"
},
"product_reference": "kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP4",
"product_id": "SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64"
},
"product_reference": "kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-4.12.14-95.6.1.noarch as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch"
},
"product_reference": "kernel-docs-4.12.14-95.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-95.6.1.aarch64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64"
},
"product_reference": "kernel-obs-build-4.12.14-95.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le"
},
"product_reference": "kernel-obs-build-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x"
},
"product_reference": "kernel-obs-build-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12 SP4",
"product_id": "SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-obs-build-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-95.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64"
},
"product_reference": "kernel-default-4.12.14-95.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le"
},
"product_reference": "kernel-default-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x"
},
"product_reference": "kernel-default-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-default-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-95.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64"
},
"product_reference": "kernel-default-base-4.12.14-95.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le"
},
"product_reference": "kernel-default-base-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x"
},
"product_reference": "kernel-default-base-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-95.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64"
},
"product_reference": "kernel-default-devel-4.12.14-95.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le"
},
"product_reference": "kernel-default-devel-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x"
},
"product_reference": "kernel-default-devel-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-man-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x"
},
"product_reference": "kernel-default-man-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-95.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-95.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-95.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-95.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-95.6.1.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch"
},
"product_reference": "kernel-source-4.12.14-95.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-95.6.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64"
},
"product_reference": "kernel-syms-4.12.14-95.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le"
},
"product_reference": "kernel-syms-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x"
},
"product_reference": "kernel-syms-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-95.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64"
},
"product_reference": "kernel-default-4.12.14-95.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le"
},
"product_reference": "kernel-default-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x"
},
"product_reference": "kernel-default-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-default-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-95.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64"
},
"product_reference": "kernel-default-base-4.12.14-95.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le"
},
"product_reference": "kernel-default-base-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x"
},
"product_reference": "kernel-default-base-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-95.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64"
},
"product_reference": "kernel-default-devel-4.12.14-95.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le"
},
"product_reference": "kernel-default-devel-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x"
},
"product_reference": "kernel-default-devel-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-man-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x"
},
"product_reference": "kernel-default-man-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-95.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-95.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-95.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-95.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-95.6.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch"
},
"product_reference": "kernel-source-4.12.14-95.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-95.6.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64"
},
"product_reference": "kernel-syms-4.12.14-95.6.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-95.6.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le"
},
"product_reference": "kernel-syms-4.12.14-95.6.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-95.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x"
},
"product_reference": "kernel-syms-4.12.14-95.6.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-4.12.14-95.6.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 12 SP4",
"product_id": "SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
},
"product_reference": "kernel-default-extra-4.12.14-95.6.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12232"
}
],
"notes": [
{
"category": "general",
"text": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12232",
"url": "https://www.suse.com/security/cve/CVE-2018-12232"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1097593 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "external",
"summary": "SUSE Bug 1125907 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1125907"
},
{
"category": "external",
"summary": "SUSE Bug 1127757 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1127757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-29T12:14:56Z",
"details": "important"
}
],
"title": "CVE-2018-12232"
},
{
"cve": "CVE-2018-14625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14625"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14625",
"url": "https://www.suse.com/security/cve/CVE-2018-14625"
},
{
"category": "external",
"summary": "SUSE Bug 1106615 for CVE-2018-14625",
"url": "https://bugzilla.suse.com/1106615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-29T12:14:56Z",
"details": "moderate"
}
],
"title": "CVE-2018-14625"
},
{
"cve": "CVE-2018-16862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16862"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16862",
"url": "https://www.suse.com/security/cve/CVE-2018-16862"
},
{
"category": "external",
"summary": "SUSE Bug 1117186 for CVE-2018-16862",
"url": "https://bugzilla.suse.com/1117186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-29T12:14:56Z",
"details": "moderate"
}
],
"title": "CVE-2018-16862"
},
{
"cve": "CVE-2018-16884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16884"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16884",
"url": "https://www.suse.com/security/cve/CVE-2018-16884"
},
{
"category": "external",
"summary": "SUSE Bug 1119946 for CVE-2018-16884",
"url": "https://bugzilla.suse.com/1119946"
},
{
"category": "external",
"summary": "SUSE Bug 1119947 for CVE-2018-16884",
"url": "https://bugzilla.suse.com/1119947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-29T12:14:56Z",
"details": "important"
}
],
"title": "CVE-2018-16884"
},
{
"cve": "CVE-2018-18397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18397"
}
],
"notes": [
{
"category": "general",
"text": "The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18397",
"url": "https://www.suse.com/security/cve/CVE-2018-18397"
},
{
"category": "external",
"summary": "SUSE Bug 1117656 for CVE-2018-18397",
"url": "https://bugzilla.suse.com/1117656"
},
{
"category": "external",
"summary": "SUSE Bug 1171522 for CVE-2018-18397",
"url": "https://bugzilla.suse.com/1171522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-29T12:14:56Z",
"details": "moderate"
}
],
"title": "CVE-2018-18397"
},
{
"cve": "CVE-2018-19407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19407"
}
],
"notes": [
{
"category": "general",
"text": "The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19407",
"url": "https://www.suse.com/security/cve/CVE-2018-19407"
},
{
"category": "external",
"summary": "SUSE Bug 1116841 for CVE-2018-19407",
"url": "https://bugzilla.suse.com/1116841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-29T12:14:56Z",
"details": "moderate"
}
],
"title": "CVE-2018-19407"
},
{
"cve": "CVE-2018-19854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19854"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19854",
"url": "https://www.suse.com/security/cve/CVE-2018-19854"
},
{
"category": "external",
"summary": "SUSE Bug 1118428 for CVE-2018-19854",
"url": "https://bugzilla.suse.com/1118428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-29T12:14:56Z",
"details": "low"
}
],
"title": "CVE-2018-19854"
},
{
"cve": "CVE-2018-19985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19985"
}
],
"notes": [
{
"category": "general",
"text": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19985",
"url": "https://www.suse.com/security/cve/CVE-2018-19985"
},
{
"category": "external",
"summary": "SUSE Bug 1120743 for CVE-2018-19985",
"url": "https://bugzilla.suse.com/1120743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-29T12:14:56Z",
"details": "low"
}
],
"title": "CVE-2018-19985"
},
{
"cve": "CVE-2018-20169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20169"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20169",
"url": "https://www.suse.com/security/cve/CVE-2018-20169"
},
{
"category": "external",
"summary": "SUSE Bug 1119714 for CVE-2018-20169",
"url": "https://bugzilla.suse.com/1119714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-29T12:14:56Z",
"details": "moderate"
}
],
"title": "CVE-2018-20169"
},
{
"cve": "CVE-2018-9568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-9568"
}
],
"notes": [
{
"category": "general",
"text": "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-9568",
"url": "https://www.suse.com/security/cve/CVE-2018-9568"
},
{
"category": "external",
"summary": "SUSE Bug 1118319 for CVE-2018-9568",
"url": "https://bugzilla.suse.com/1118319"
},
{
"category": "external",
"summary": "SUSE Bug 1118320 for CVE-2018-9568",
"url": "https://bugzilla.suse.com/1118320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Desktop 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:cluster-md-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:dlm-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:gfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise High Availability Extension 12 SP4:ocfs2-kmp-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 12 SP4:kgraft-patch-4_12_14-95_6-default-1-6.3.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-base-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-devel-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-default-man-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-macros-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-docs-4.12.14-95.6.1.noarch",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.aarch64",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12 SP4:kernel-obs-build-4.12.14-95.6.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 12 SP4:kernel-default-extra-4.12.14-95.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-29T12:14:56Z",
"details": "moderate"
}
],
"title": "CVE-2018-9568"
}
]
}
suse-su-2019:0222-1
Vulnerability from csaf_suse
Published
2019-02-01 14:42
Modified
2019-02-01 14:42
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic was uninitialized (bnc#1116841).
- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).
- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).
- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319).
- CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).
- CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).
- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).
- CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).
- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).
- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).
- CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).
- CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1074578)
The following non-security bugs were fixed:
- ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567).
- ACPICA: Tables: Add WSMT support (bsc#1089350).
- ACPI/CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115).
- ACPI/CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).
- ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).
- ACPI/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).
- ACPI/NFTI: Fix ARS overflow continuation (bsc#1116895).
- ACPI/NFIT: x86/mce: Handle only uncorrectable machine checks (bsc#1114279).
- ACPI/NFIT: x86/mce: Validate a MCE's address before using it (bsc#1114279).
- ACPI/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).
- ACPI/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).
- act_ife: fix a potential use-after-free (networking-stable-18_09_11).
- Add the cherry-picked dup id for PCI dwc fix
- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).
- ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).
- ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).
- ALSA: control: Fix race between adding and removing a user element (bsc#1051510).
- ALSA: cs46xx: Potential NULL dereference in probe (bsc#1051510).
- ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- ALSA: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- ALSA: fireface: fix for state to fetch PCM frames (bsc#1051510).
- ALSA: fireface: fix reference to wrong register for clock configuration (bsc#1051510).
- ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510).
- ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).
- ALSA: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510).
- ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).
- ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).
- ALSA: hda: Add support for AMD Stoney Ridge (bsc#1051510).
- ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).
- ALSA: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).
- ALSA: hda: fix front speakers on Huawei MBXP (bsc#1051510).
- ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).
- ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).
- ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).
- ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).
- ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).
- ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).
- ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510).
- ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).
- ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).
- ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).
- ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).
- ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).
- ALSA: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).
- ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).
- ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).
- ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).
- ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).
- ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).
- ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).
- ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).
- ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).
- ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).
- ALSA: hda/realtek - Support ALC300 (bsc#1051510).
- ALSA: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).
- ALSA: hda/tegra: clear pending irq handlers (bsc#1051510).
- ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).
- ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).
- ALSA: pcm: Fix interval evaluation with openmin/max (bsc#1051510).
- ALSA: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).
- ALSA: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).
- ALSA: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).
- ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).
- ALSA: trident: Suppress gcc string warning (bsc#1051510).
- ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).
- ALSA: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).
- ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).
- ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).
- ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).
- ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).
- ALSA: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).
- amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).
- apparmor: do not try to replace stale label in ptrace access check (git-fixes).
- apparmor: do not try to replace stale label in ptraceme check (git-fixes).
- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).
- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).
- arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613).
- arm64: cpu_errata: include required headers (bsc#1120615).
- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).
- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).
- arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).
- arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).
- arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).
- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).
- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).
- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).
- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).
- arm64/numa: Unify common error path in numa_init() (bsc#1120621).
- arm64: remove no-op -p linker flag (bsc#1120616).
- arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).
- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).
- ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)
- ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).
- ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510).
- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).
- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).
- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).
- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).
- ASoC: rsnd: fixup clock start checker (bsc#1051510).
- ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).
- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).
- ata: Fix racy link clearance (bsc#1107866).
- ataflop: fix error handling during setup (bsc#1051510).
- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).
- ath10k: schedule hardware restart if WMI command times out (bsc#1051510).
- ath6kl: Only use match sets when firmware supports it (bsc#1051510).
- b43: Fix error in cordic routine (bsc#1051510).
- batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).
- batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).
- bcache: fix miss key refill->end in writeback (Git-fixes).
- bcache: trace missed reading by cache_missed (Git-fixes).
- bitops: protect variables in bit_clear_unless() macro (bsc#1051510).
- bitops: protect variables in set_mask_bits() macro (bsc#1051510).
- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).
- block: allow max_discard_segments to be stacked (Git-fixes).
- block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes).
- block: copy ioprio in __bio_clone_fast() (bsc#1082653).
- block: really disable runtime-pm for blk-mq (Git-fixes).
- block: reset bi_iter.bi_done after splitting bio (Git-fixes).
- block: respect virtual boundary mask in bvecs (bsc#1113412).
- block/swim: Fix array bounds check (Git-fixes).
- Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).
- Bluetooth: SMP: fix crash in unpairing (bsc#1051510).
- bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ).
- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).
- bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).
- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).
- bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).
- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).
- bonding: avoid possible dead-lock (networking-stable-18_10_16).
- bonding: fix length of actor system (networking-stable-18_11_02).
- bonding: fix warning message (networking-stable-18_10_16).
- bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).
- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).
- bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).
- bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).
- bpf: use per htab salt for bucket hash (git-fixes).
- bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).
- brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).
- brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).
- brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).
- bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).
- Btrfs: Always try all copies when reading extent buffers (git-fixes).
- Btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).
- Btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).
- Btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).
- Btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469).
- Btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).
- Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).
- Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).
- Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).
- Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).
- Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).
- Btrfs: fix deadlock when writing out free space caches (bsc#1116700).
- Btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).
- btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).
- Btrfs: fix error handling in btrfs_truncate() (bsc#1111469).
- Btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).
- Btrfs: fix fsync of files with multiple hard links in new directories (1120173).
- Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).
- Btrfs: Fix memory barriers usage with device stats counters (git-fixes).
- Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698).
- Btrfs: fix use-after-free during inode eviction (bsc#1116701).
- Btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469).
- Btrfs: fix use-after-free when dumping free space (bsc#1116862).
- Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).
- Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).
- Btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).
- Btrfs: get rid of unused orphan infrastructure (bsc#1111469).
- Btrfs: make sure we create all new block groups (bsc#1116699).
- Btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).
- Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).
- Btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).
- Btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).
- Btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).
- Btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).
- btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).
- Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).
- Btrfs: stop creating orphan items for truncate (bsc#1111469).
- Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).
- Btrfs: update stale comments referencing vmtruncate() (bsc#1111469).
- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).
- can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).
- can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).
- can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).
- can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).
- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).
- can: hi311x: Use level-triggered interrupt (bsc#1051510).
- can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).
- can: rcar_can: Fix erroneous registration (bsc#1051510).
- can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).
- cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).
- cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).
- cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510).
- ceph: do not update importing cap's mseq when handing cap export (bsc#1121273).
- ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).
- ceph: quota: fix null pointer dereference in quota check (bsc#1114839).
- cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).
- cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).
- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).
- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).
- clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).
- clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).
- clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).
- clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).
- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).
- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).
- clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).
- clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).
- clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).
- clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).
- clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).
- config: arm64: enable erratum 1024718
- configfs: replace strncpy with memcpy (bsc#1051510).
- cpufeature: avoid warning when compiling with clang (Git-fixes).
- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).
- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).
- cpupower: remove stringop-truncation waring (git-fixes).
- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).
- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().
- crypto: ccp - Add GET_ID SEV command ().
- crypto: ccp - Add psp enabled message when initialization succeeds ().
- crypto: ccp - Add support for new CCP/PSP device ID ().
- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().
- crypto: ccp - Fix static checker warning ().
- crypto: ccp - Remove unused #defines ().
- crypto: ccp - Support register differences between PSP devices ().
- crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).
- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).
- dax: Check page->mapping isn't NULL (bsc#1120054).
- dax: Do not access a freed inode (bsc#1120055).
- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).
- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).
- disable INFINIBAND_USNIC
- disable SERIAL_NONSTANDARD
- disable stringop truncation warnings for now (git-fixes).
- dm: allocate struct mapped_device with kvzalloc (Git-fixes).
- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).
- dm cache: fix resize crash if user does not reload cache table (Git-fixes).
- dm cache metadata: ignore hints array being too small during resize (Git-fixes).
- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).
- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).
- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).
- dm crypt: do not decrease device limits (Git-fixes).
- dm: fix report zone remapping to account for partition offset (Git-fixes).
- dm integrity: change 'suspending' variable from bool to int (Git-fixes).
- dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes).
- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).
- dm linear: fix linear_end_io conditional definition (Git-fixes).
- dm thin: handle running out of data space vs concurrent discard (Git-fixes).
- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).
- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).
- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).
- dm writecache: report start_sector in status line (Git-fixes).
- dm zoned: fix metadata block ref counting (Git-fixes).
- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).
- doc/README.SUSE: correct GIT url No more gitorious, github we use.
- Documentation/l1tf: Fix typos (bsc#1051510).
- Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).
- driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).
- Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1107207).
- Drivers: hv: vmbus: Add comments on ring buffer signaling (bsc#1107207).
- Drivers: hv: vmbus: add numa_node to sysfs (bsc#1107207).
- Drivers: hv: vmbus: Cleanup synic memory free path (bsc#1107207).
- Drivers: hv: vmbus: enable VMBus protocol version 5.0 (bsc#1107207).
- Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1107207).
- Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1107207).
- Drivers: hv: vmbus: Implement Direct Mode for stimer0 (bsc#1107207).
- Drivers: hv: vmbus: Make TLFS #define names architecture neutral (bsc#1107207).
- Drivers: hv: vmbus: Removed an unnecessary cast from void * (bsc#1107207).
- Drivers: hv: vmbus: Remove use of slow_virt_to_phys() (bsc#1107207).
- Drivers: hv: vmbus: Remove x86-isms from arch independent drivers (bsc#1107207).
- Drivers: hv: vmbus: Remove x86 MSR refs in arch independent code (bsc#1107207).
- Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1107207).
- Drivers: hv: vmbus: respect what we get from hv_get_synint_state() (bsc#1107207).
- Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() (bsc#1107207).
- Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1107207).
- Drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).
- Drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749).
- Drivers/tty: add missing of_node_put() (bsc#1051510).
- drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).
- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)
- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)
- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)
- drm/ast: change resolution may cause screen blurred (boo#1112963).
- drm/ast: fixed cursor may disappear sometimes (bsc#1051510).
- drm/ast: Fix incorrect free on ioregs (bsc#1051510).
- drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
- drm/dp_mst: Check if primary mstb is null (bsc#1051510).
- drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)
- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)
- drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)
- drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).
- drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).
- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)
- drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).
- drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).
- drm/i915/glk: Remove 99% limitation (bsc#1051510).
- drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).
- drm/i915: Large page offsets for pread/pwrite (bsc#1051510).
- drm/i915: Mark pin flags as u64 (bsc#1051510).
- drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).
- drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).
- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)
- drm/meson: add support for 1080p25 mode (bsc#1051510).
- drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).
- drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).
- drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).
- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)
- drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).
- drm: rcar-du: Fix external clock error checks (bsc#1113722)
- drm: rcar-du: Fix vblank initialization (bsc#1113722)
- drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).
- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)
- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)
- drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722)
- drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)
- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).
- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).
- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).
- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).
- dt-bindings: iio: update STM32 timers clock names (git-fixes).
- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).
- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).
- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).
- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).
- dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes).
- dt-bindings: pwm: Update STM32 timers clock names (git-fixes).
- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).
- EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279).
- EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).
- efi: Move some sysfs files to be read-only by root (bsc#1051510).
- enable CONFIG_SCSI_MQ_DEFAULT (bsc#1107207)
- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).
- exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773).
- ext2: fix potential use after free (bsc#1118775).
- ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795).
- ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794).
- ext4: add missing brelse() update_backups()'s error path (bsc#1117796).
- ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).
- ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).
- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).
- ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).
- ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).
- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).
- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).
- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).
- ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).
- ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803).
- ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).
- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).
- ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).
- ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791).
- ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).
- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).
- ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).
- ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).
- extable: Consolidate *kernel_text_address() functions (bsc#1120092).
- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).
- fanotify: fix handling of events on child sub-directory (bsc#1122019).
- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)
- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)
- fbdev: fix broken menu dependencies (bsc#1113722)
- filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787).
- firmware: add firmware_request_nowarn() - load firmware without warnings ().
- firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).
- firmware: dcdbas: include linux/io.h (bsc#1089350).
- Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809).
- Fix the breakage of KMP build on x86_64 (bsc#1121017) The backport of the commit 4cd24de3a098 broke KMP builds because of the failure of make kernelrelease call in spec file. Clear the blacklist and backport the fix from the upstream.
- Fix tracing sample code warning (git-fixes).
- floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).
- flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).
- fscache: fix race between enablement and dropping of object (bsc#1107385).
- fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes).
- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).
- fs: fix lost error code in dio_complete (bsc#1118762).
- fs: Make extension of struct super_block transparent (bsc#1117822).
- fsnotify: Fix busy inodes during unmount (bsc#1117822).
- fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).
- fs/xfs: Use %pS printk format for direct addresses (git-fixes).
- ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172).
- ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).
- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).
- ftrace: Remove incorrect setting of glob search field (bsc#1117184).
- fuse: fix blocked_waitq wakeup (git-fixes).
- fuse: fix leaked notify reply (git-fixes).
- fuse: fix possibly missed wake-up after abort (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).
- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).
- fuse: set FR_SENT while locked (git-fixes).
- gcc-plugins: Add include required by GCC release 8 (git-fixes).
- gcc-plugins: Use dynamic initializers (git-fixes).
- genirq: Fix race on spurious interrupt detection (bsc#1051510).
- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).
- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).
- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).
- gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768).
- gfs2: Put bitmap buffers in put_super (bsc#1118772).
- git_sort.py: Remove non-existent remote tj/libata
- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).
- gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).
- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).
- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).
- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).
- grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).
- gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24).
- HID: Add quirk for Primax PIXART OEM mice (bsc#1119410).
- HID: hiddev: fix potential Spectre v1 (bsc#1051510).
- HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).
- HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).
- HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).
- hv: add SPDX license id to Kconfig (bsc#1107207).
- hv: add SPDX license to trace (bsc#1107207).
- hv_balloon: trace post_status (bsc#1107207).
- hv_netvsc: Add handlers for ethtool get/set msg level (bsc#1107207).
- hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (bsc#1107207).
- hv_netvsc: Add per-cpu ethtool stats for netvsc (bsc#1107207).
- hv_netvsc: Add range checking for rx packet offset and length (bsc#1107207).
- hv_netvsc: add trace points (bsc#1107207).
- hv_netvsc: Clean up extra parameter from rndis_filter_receive_data() (bsc#1107207).
- hv_netvsc: fix bogus ifalias on network device (bsc#1107207).
- hv_netvsc: fix network namespace issues with VF support (bsc#1107207).
- hv_netvsc: Fix the return status in RX path (bsc#1107207).
- hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (bsc#1107207).
- hv_netvsc: fix vf serial matching with pci slot info (bsc#1107207).
- hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).
- hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207).
- hv_netvsc: pair VF based on serial number (bsc#1107207).
- hv_netvsc: Pass net_device parameter to revoke and teardown functions (bsc#1107207).
- hv_netvsc: pass netvsc_device to rndis halt (bsc#1107207).
- hv_netvsc: propogate Hyper-V friendly name into interface alias (bsc#1107207).
- hv_netvsc: select needed ucs2_string routine (bsc#1107207).
- hv_netvsc: simplify receive side calling arguments (bsc#1107207).
- hv_netvsc: typo in NDIS RSS parameters structure (bsc#1107207).
- hv: Synthetic typo correction (bsc#1107207).
- hv_vmbus: Correct the stale comments regarding cpu affinity (bsc#1107207).
- hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510).
- hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).
- hwmon: (ina2xx) Fix current value calculation (bsc#1051510).
- hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).
- hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).
- hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).
- hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).
- hwmon: (raspberrypi) Fix initial notify (bsc#1051510).
- hwmon: (w83795) temp4_type has writable permission (bsc#1051510).
- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- hyper-v: use GFP_KERNEL for hv_context.hv_numa_map (bsc#1107207).
- i2c: axxia: properly handle master timeout (bsc#1051510).
- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).
- IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).
- ibmvnic: Convert reset work item mutex to spin lock ().
- ibmvnic: fix accelerated VLAN handling ().
- ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).
- ibmvnic: Fix non-atomic memory allocation in IRQ context ().
- ibmvnic: remove ndo_poll_controller ().
- ibmvnic: Update driver queues after change in ring size support ().
- IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387).
- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).
- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).
- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).
- iio: ad5064: Fix regulator handling (bsc#1051510).
- iio:st_magn: Fix enable device after trigger (bsc#1051510).
- ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510).
- include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510).
- include modules.fips in kernel-binary as well as kernel-binary-base ().
- inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16).
- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).
- Input: add official Raspberry Pi's touchscreen driver ().
- Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).
- Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).
- Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).
- Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).
- Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).
- Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).
- Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).
- Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).
- Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).
- Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).
- Input: xpad - add PDP device id 0x02a4 (bsc#1051510).
- Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).
- Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).
- Input: xpad - fix some coding style issues (bsc#1051510).
- Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).
- integrity/security: fix digsig.c build error with header file (bsc#1051510).
- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).
- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).
- iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).
- iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).
- iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).
- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).
- iommu/vt-d: Use memunmap to free memremap (bsc#1106105).
- ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).
- ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).
- ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).
- ipmi: Fix timer race with module unload (bsc#1051510).
- ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).
- ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).
- ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21).
- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).
- ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21).
- ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).
- ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).
- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).
- ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).
- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).
- iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).
- iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).
- iwlwifi: fix LED command capability bit (bsc#1119086).
- iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).
- iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).
- iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).
- iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).
- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).
- iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).
- iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).
- iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).
- iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).
- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).
- iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).
- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).
- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).
- jump_label: Split out code under the hotplug lock (bsc#1106913).
- KABI fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes).
- KABI: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- KABI: mask raw in struct bpf_reg_state (bsc#1083647).
- KABI: powerpc: Revert npu callback signature change (bsc#1055120).
- KABI protect hnae_ae_ops (bsc#1104353).
- KABI: protect struct fib_nh_exception (kabi).
- KABI: protect struct rtable (kabi).
- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).
- kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).
- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).
- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).
- kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279).
- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).
- Kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).
- kbuild: verify that $DEPMOD is installed (git-fixes).
- kdb: use memmove instead of overlapping memcpy (bsc#1120954).
- kernfs: Replace strncpy with memcpy (bsc#1120053).
- keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes).
- kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).
- kobject: Replace strncpy with memcpy (git-fixes).
- kprobes: Make list and blacklist root user read only (git-fixes).
- KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).
- KVM: hyperv: idr_find needs RCU protection (bsc#1107207).
- KVM: introduce kvm_make_vcpus_request_mask() API (bsc#1107207).
- KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).
- KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).
- KVM: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).
- KVM: s390: vsie: copy wrapping keys to right place (git-fixes).
- KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279).
- KVM: VMX: re-add ple_gap module parameter (bsc#1106240).
- KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR'd (bsc#1107207).
- KVM: x86: factor out kvm.arch.hyperv (de)init (bsc#1107207).
- KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).
- KVM: x86: hyperv: delete dead code in kvm_hv_hypercall() (bsc#1107207).
- KVM: x86: hyperv: do rep check for each hypercall separately (bsc#1107207).
- KVM: x86: hyperv: guest->host event signaling via eventfd (bsc#1107207).
- KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE}_EX implementation (bsc#1107207).
- KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} implementation (bsc#1107207).
- KVM: x86: hyperv: use defines when parsing hypercall parameters (bsc#1107207).
- KVM: x86: VMX: hyper-v: Enlightened MSR-Bitmap support (bsc#1107207).
- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).
- libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).
- libceph: fall back to sendmsg for slab pages (bsc#1118316).
- libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).
- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).
- libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).
- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).
- libnvdimm, pmem: Fix badblocks population for 'raw' namespaces (bsc#1118788).
- libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).
- lib/raid6: Fix arm64 test build (bsc#1051510).
- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).
- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).
- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).
- llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).
- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).
- locking/static_keys: Improve uninitialized key warning (bsc#1106913).
- mac80211: Always report TX status (bsc#1051510).
- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).
- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).
- mac80211: fix TX status reporting for ieee80211s (bsc#1051510).
- mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).
- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).
- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).
- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).
- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).
- mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).
- mach64: fix display corruption on big endian machines (bsc#1113722)
- mach64: fix image corruption due to reading accelerator registers (bsc#1113722)
- mailbox: PCC: handle parse error (bsc#1051510).
- Mark HI and TASKLET softirq synchronous (git-fixes).
- md: allow metadata updates while suspending an array - fix (git-fixes).
- MD: fix invalid stored role for a disk - try2 (git-fixes).
- md: fix raid10 hang issue caused by barrier (git-fixes).
- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).
- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).
- media: omap3isp: Unregister media device as first (bsc#1051510).
- memory_hotplug: cond_resched in __remove_pages (bnc#1114178).
- mfd: menelaus: Fix possible race condition and leak (bsc#1051510).
- mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).
- mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).
- mmc: bcm2835: reset host on timeout (bsc#1051510).
- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).
- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).
- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).
- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).
- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).
- mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).
- MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).
- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).
- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).
- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).
- mm: do not miss the last page because of round-off error (bnc#1118798).
- mm: do not warn about large allocations for slab (git fixes (slab)).
- mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).
- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).
- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).
- mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).
- mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).
- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).
- mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).
- mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).
- mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).
- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).
- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).
- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).
- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).
- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).
- mm: only report isolation failures when offlining memory (generic hotplug debugability).
- mm: print more information about mapping in __dump_page (generic hotplug debugability).
- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).
- mm: rework memcg kernel stack accounting (bnc#1113677).
- mm: sections are not offlined during memory hotremove (bnc#1119968).
- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).
- mm/vmstat.c: fix NUMA statistics updates (git fixes).
- mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).
- mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).
- mount: Retest MNT_LOCKED in do_umount (bsc#1117818).
- Move dell_rbu fix to sorted section (bsc#1087978).
- Move USB-audio UAF fix patch to sorted section
- mtd: cfi: convert inline functions to macros (git-fixes).
- mtd: Fix comparison in map_word_andequal() (git-fixes).
- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).
- nbd: do not allow invalid blocksize settings (Git-fixes).
- neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).
- net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).
- net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).
- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).
- net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).
- net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).
- net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).
- net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).
- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).
- net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).
- net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).
- net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).
- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).
- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).
- net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).
- net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).
- net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).
- net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).
- net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).
- net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).
- net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).
- net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).
- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).
- net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).
- net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).
- net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).
- net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).
- net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).
- net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).
- net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).
- net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).
- net: ena: minor performance improvement (bsc#1111696 bsc#1117561).
- net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).
- net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).
- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).
- net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).
- net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561).
- net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).
- net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21).
- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).
- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).
- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).
- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).
- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).
- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).
- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).
- net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353).
- net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353).
- net: hns3: Check hdev state when getting link status (bsc#1104353).
- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).
- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).
- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).
- net: hns3: Fix ets validate issue (bsc#1104353).
- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).
- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).
- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).
- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).
- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).
- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).
- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).
- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).
- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).
- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).
- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).
- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).
- net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).
- net: hp100: fix always-true check for link up state (networking-stable-18_09_24).
- net: ibm: fix return type of ndo_start_xmit function ().
- net/ibmnvic: Fix deadlock problem in reset ().
- net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).
- net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).
- net: ipv4: do not let PMTU updates increase route MTU (git-fixes).
- net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).
- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).
- netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).
- net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).
- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).
- net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).
- net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).
- net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).
- net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).
- net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).
- net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).
- net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).
- net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).
- net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).
- net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).
- net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).
- net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).
- net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).
- net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).
- net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).
- net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).
- net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).
- net: sched: Fix for duplicate class dump (networking-stable-18_11_02).
- net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).
- net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).
- net: smsc95xx: Fix MTU range (networking-stable-18_11_21).
- net: socket: fix a missing-check bug (networking-stable-18_11_02).
- net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).
- net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).
- net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).
- net: systemport: Protect stop from timeout (networking-stable-18_11_21).
- net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).
- net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).
- net: usb: r8152: constify usb_device_id (bsc#1119749).
- net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749).
- nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).
- nfs: Avoid RCU usage in tracepoints (git-fixes).
- nfs: commit direct writes even if they fail partially (git-fixes).
- nfsd4: permit layoutget of executable-only files (git-fixes).
- nfsd: check for use of the closed special stateid (git-fixes).
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes).
- nfsd: deal with revoked delegations appropriately (git-fixes).
- nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).
- nfsd: Fix another OPEN stateid race (git-fixes).
- nfsd: fix corrupted reply to badly ordered compound (git-fixes).
- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).
- nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).
- nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).
- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).
- nfs: Ensure we commit after writeback is complete (bsc#1111809).
- nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes).
- nfs: Fix a typo in nfs_rename() (git-fixes).
- nfs: Fix typo in nomigration mount option (git-fixes).
- nfs: Fix unstable write completion (git-fixes).
- nfsv4.0 fix client reference leak in callback (git-fixes).
- nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).
- nfsv4.1 fix infinite loop on I/O (git-fixes).
- nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).
- nfsv4.1: Fix up replays of interrupted requests (git-fixes).
- nfsv4: Fix a typo in nfs41_sequence_process (git-fixes).
- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).
- nospec: Allow index argument to have const-qualified type (git-fixes)
- nospec: Include <asm/barrier.h> dependency (bsc#1114279).
- nospec: Kill array_index_nospec_mask_check() (git-fixes).
- nvme-fc: resolve io failures during connect (bsc#1116803).
- nvme: Free ctrl device name on init failure ().
- nvme-multipath: zero out ANA log buffer (bsc#1105168).
- nvme: validate controller state before rescheduling keep alive (bsc#1103257).
- objtool: Detect RIP-relative switch table references (bsc#1058115).
- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).
- objtool: Fix another switch table detection issue (bsc#1058115).
- objtool: Fix double-free in .cold detection error path (bsc#1058115).
- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).
- objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115).
- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).
- objtool: Support GCC 8's cold subfunctions (bsc#1058115).
- objtool: Support GCC 8 switch tables (bsc#1058115).
- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).
- ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816).
- ocfs2: fix ocfs2 read block panic (bsc#1117815).
- ocfs2: free up write context when direct IO failed (bsc#1117821).
- ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808).
- openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).
- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).
- PCI: Add ACS quirk for Ampere root ports (bsc#1120058).
- PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058).
- PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510).
- PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).
- PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).
- PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).
- PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).
- PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)
- PCI: Export pcie_has_flr() (bsc#1120058).
- PCI: hv: Convert remove_lock to refcount (bsc#1107207).
- PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1107207).
- PCI: hv: Remove unused reason for refcount handler (bsc#1107207).
- PCI: hv: Replace GFP_ATOMIC with GFP_KERNEL in new_pcichild_device() (bsc#1107207).
- PCI: hv: support reporting serial number as slot information (bsc#1107207).
- PCI: hv: Use effective affinity mask (bsc#1109772).
- PCI: hv: Use list_for_each_entry() (bsc#1107207).
- PCI: imx6: Fix link training status detection in link up check (bsc#1109806).
- PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).
- PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).
- PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).
- PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).
- PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).
- PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).
- PCI: vmd: Assign vector zero to all bridges (bsc#1109806).
- PCI: vmd: Detach resources after stopping root bus (bsc#1109806).
- PCI: vmd: White list for fast interrupt handlers (bsc#1109806).
- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).
- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279).
- perf: fix invalid bit in diagnostic entry (git-fixes).
- perf tools: Fix tracing_path_mount proper path (git-fixes).
- pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).
- pinctrl: meson: fix pinconf bias disable (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).
- pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).
- pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).
- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).
- platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).
- platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).
- pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).
- pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes).
- pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).
- powerpc/64s: consolidate MCE counter increment (bsc#1094244).
- powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).
- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).
- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).
- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).
- powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).
- powerpc/mm: Fix typo in comments (bsc#1065729).
- powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).
- powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120).
- powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).
- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).
- powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).
- powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120).
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).
- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).
- powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).
- powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).
- powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).
- powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).
- powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).
- powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).
- powerpc/pseries: Fix DTL buffer registration (bsc#1065729).
- powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).
- powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).
- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).
- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).
- power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).
- power: supply: olpc_battery: correct the temperature units (bsc#1051510).
- pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).
- printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).
- provide linux/set_memory.h (bsc#1113295).
- ptp: fix Spectre v1 vulnerability (bsc#1051510).
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).
- pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510).
- pxa168fb: prepare the clock (bsc#1051510).
- qed: Add driver support for 20G link speed (bsc#1110558).
- qed: Add support for virtual link (bsc#1111795).
- qede: Add driver support for 20G link speed (bsc#1110558).
- qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).
- qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).
- r8152: add byte_enable for ocp_read_word function (bsc#1119749).
- r8152: add Linksys USB3GIGV1 id (bsc#1119749).
- r8152: add r8153_phy_status function (bsc#1119749).
- r8152: adjust lpm settings for RTL8153 (bsc#1119749).
- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).
- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).
- r8152: adjust U2P3 for RTL8153 (bsc#1119749).
- r8152: avoid rx queue more than 1000 packets (bsc#1119749).
- r8152: check if disabling ALDPS is finished (bsc#1119749).
- r8152: correct the definition (bsc#1119749).
- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).
- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).
- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).
- r8152: move calling delay_autosuspend function (bsc#1119749).
- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).
- r8152: move the initialization to reset_resume function (bsc#1119749).
- r8152: move the setting of rx aggregation (bsc#1119749).
- r8152: replace napi_complete with napi_complete_done (bsc#1119749).
- r8152: set rx mode early when linking on (bsc#1119749).
- r8152: split rtl8152_resume function (bsc#1119749).
- r8152: support new chip 8050 (bsc#1119749).
- r8152: support RTL8153B (bsc#1119749).
- r8169: fix NAPI handling under high load (networking-stable-18_11_02).
- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).
- rcu: Allow for page faults in NMI handlers (bsc#1120092).
- RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).
- RDMA/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).
- RDMA/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).
- RDMA/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).
- RDMA/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).
- RDMA/RXE: make rxe work over 802.1q VLAN devices (bsc#1082387).
- rds: fix two RCU related problems (networking-stable-18_09_18).
- README: Clean-up trailing whitespace
- Reenable support for KVM guest Earlier trimming of config-azure disabled also KVM. But since parts of QA are done within KVM guests, this flavor must be able to run within such guest type.
- remoteproc: qcom: Fix potential device node leaks (bsc#1051510).
- reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).
- reset: imx7: Fix always writing bits as 0 (bsc#1051510).
- reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes).
- Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839).
- Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510).
- Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105).
- Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510).
- Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729).
- Revert 'rpm/kernel-binary.spec.in: allow unsupported modules for -extra' This reverts commit 0d585a8c2d17de86869cc695fc7a5d10c6b96abb.
- Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322).
- Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510).
- Revert wlcore patch to follow stable tree develpment
- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).
- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).
- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).
- rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists.
- rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ('kconfig: remove silentoldconfig target'), 'make silentoldconfig' can be no longer used. Use 'make syncconfig' instead if available.
- rtc: hctosys: Add missing range error reporting (bsc#1051510).
- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).
- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).
- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).
- rtl8xxxu: Fix missing break in switch (bsc#1051510).
- rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).
- rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).
- rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).
- s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).
- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).
- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).
- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).
- s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).
- s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).
- s390/mm: correct allocate_pgste proc_handler callback (git-fixes).
- s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).
- s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).
- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).
- s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).
- s390/qeth: handle failure on workqueue creation (git-fixes).
- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).
- s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).
- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).
- s390: revert ELF_ET_DYN_BASE base changes (git-fixes).
- s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).
- s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).
- s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).
- s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).
- sbitmap: fix race in wait batch accounting (Git-fixes).
- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).
- sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)).
- sched/isolcpus: Fix 'isolcpus=' boot parameter handling when !CONFIG_CPUMASK_OFFSTACK (bsc#1107207).
- sched/smt: Expose sched_smt_present static key (bsc#1106913).
- sched/smt: Make sched_smt_present track topology (bsc#1106913).
- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).
- scripts/git-pre-commit: make executable.
- scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue
- scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe.
- scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).
- scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).
- scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).
- scsi: lpfc: add Trunking support (bsc#1114015).
- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).
- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).
- scsi: lpfc: Correct errors accessing fw log (bsc#1114015).
- scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).
- scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).
- scsi: lpfc: Correct LCB RJT handling (bsc#1114015).
- scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).
- scsi: lpfc: Correct race with abort on completion path (bsc#1114015).
- scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).
- scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).
- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).
- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).
- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).
- scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).
- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).
- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).
- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).
- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).
- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).
- scsi: lpfc: Fix errors in log messages (bsc#1114015).
- scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).
- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).
- scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).
- scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).
- scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).
- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).
- scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).
- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).
- scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).
- scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).
- scsi: lpfc: reduce locking when updating statistics (bsc#1114015).
- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).
- scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).
- scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).
- scsi: lpfc: rport port swap discovery issue (bsc#1118215).
- scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).
- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).
- scsi: netvsc: Use the vmbus function to calculate ring buffer percentage (bsc#1107207).
- scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581).
- scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).
- scsi: sg: fix minor memory leak in error path (bsc#1114584).
- scsi: storsvc: do not set a bounce limit (bsc#1107207).
- scsi: storvsc: Avoid allocating memory for temp cpumasks (bsc#1107207).
- scsi: storvsc: Select channel based on available percentage of ring buffer to write (bsc#1107207).
- scsi: storvsc: Set up correct queue depth values for IDE devices (bsc#1107207).
- scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578).
- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).
- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).
- scsi: target: Fix fortify_panic kernel exception (bsc#1114576).
- scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).
- scsi: target: tcmu: add read length support (bsc#1097755).
- scsi: vmbus: Add function to report available ring buffer to write in total ring size percentage (bsc#1107207).
- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).
- sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).
- sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).
- sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).
- sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).
- sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21).
- sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16).
- shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).
- shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).
- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).
- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).
- skip LAYOUTRETURN if layout is invalid (git-fixes).
- soc: bcm2835: sync firmware properties with downstream ()
- soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).
- soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).
- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).
- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).
- spi: bcm2835: Fix race on DMA termination (bsc#1051510).
- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).
- splice: do not read more than available pipe space (bsc#1119212).
- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).
- staging:iio:ad7606: fix voltage scales (bsc#1051510).
- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).
- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).
- staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510).
- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).
- staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).
- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).
- SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).
- sunrpc: Do not use stack buffer with scatterlist (git-fixes).
- sunrpc: Fix rpc_task_begin trace point (git-fixes).
- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).
- supported.conf: add raspberrypi-ts driver
- supported.conf: whitelist bluefield eMMC driver
- target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).
- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).
- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).
- tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).
- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).
- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).
- test_firmware: fix error return getting clobbered (bsc#1051510).
- test_hexdump: use memcpy instead of strncpy (bsc#1051510).
- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).
- thermal: bcm2835: enable hwmon explicitly (bsc#1108468).
- thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).
- thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).
- tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).
- tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).
- tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).
- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).
- tools: hv: fcopy: set 'error' in case an unknown operation was requested (bsc#1107207).
- tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes).
- tools: hv: Fix a bug in the key delete code (bsc#1107207).
- tools: hv: Fix a bug in the key delete code (git-fixes).
- tools: hv: fix compiler warnings about major/target_fname (bsc#1107207).
- tools/hv: Fix IP reporting by KVP daemon with SRIOV (bsc#1107207).
- tools: hv: include string.h in hv_fcopy_daemon (bsc#1107207).
- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).
- tools: hv: update lsvmbus to be compatible with python3 (bsc#1107207).
- tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973).
- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).
- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).
- tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).
- tpm: add retry logic (bsc#1082555).
- tpm: consolidate the TPM startup code (bsc#1082555).
- tpm: do not suspend/resume if power stays on (bsc#1082555).
- tpm: fix intermittent failure with self tests (bsc#1082555).
- tpm: fix response size validation in tpm_get_random() (bsc#1082555).
- tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).
- tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).
- tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).
- tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).
- tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).
- tpm: Restore functionality to xen vtpm driver (bsc#1082555).
- tpm: self test failure should not cause suspend to fail (bsc#1082555).
- tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).
- tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).
- tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).
- tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).
- tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).
- tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).
- tracing/blktrace: Fix to allow setting same value (Git-fixes).
- tracing: Erase irqsoff trace with empty write (bsc#1117189).
- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).
- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).
- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).
- tracing: Fix double free of event_trigger_data (bsc#1120234).
- tracing: Fix missing return symbol in function_graph output (bsc#1120232).
- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).
- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).
- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).
- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).
- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).
- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).
- tty: check name length in tty_find_polling_driver() (bsc#1051510).
- tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).
- tty: Do not return -EAGAIN in blocking read (bsc#1116040).
- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).
- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).
- tty: wipe buffer (bsc#1051510).
- tty: wipe buffer if not echoing data (bsc#1051510).
- tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).
- tuntap: fix multiqueue rx (networking-stable-18_11_21).
- ubifs: Fixup compilation failure due to different ubifs_assert() prototype.
- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).
- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).
- udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).
- udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).
- udp6: fix encap return code for resubmitting (git-fixes).
- uio: ensure class is registered before devices (bsc#1051510).
- uio: Fix an Oops on load (bsc#1051510).
- uio_hv_generic: fix subchannel ring mmap (bsc#1107207).
- uio_hv_generic: make ring buffer attribute for primary channel (bsc#1107207).
- uio_hv_generic: set size of ring buffer attribute (bsc#1107207).
- uio_hv_generic: support sub-channels (bsc#1107207).
- uio_hv_generic: use correct channel in isr (bsc#1107207).
- uio: make symbol 'uio_class_registered' static (bsc#1051510).
- unifdef: use memcpy instead of strncpy (bsc#1051510).
- usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510).
- usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).
- usb: core: Fix hub port connection events lost (bsc#1051510).
- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).
- usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).
- usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).
- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).
- usb: dwc3: core: Clean up ULPI device (bsc#1051510).
- usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).
- usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).
- usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).
- usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).
- usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).
- usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).
- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).
- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).
- usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).
- usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510).
- usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).
- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).
- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).
- usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).
- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).
- usb: omap_udc: use devm_request_irq() (bsc#1051510).
- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).
- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).
- usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).
- usb: serial: option: add Fibocom NL668 series (bsc#1051510).
- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).
- usb: serial: option: add HP lt4132 (bsc#1051510).
- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).
- usb: serial: option: add Telit LN940 series (bsc#1051510).
- usb: serial: option: add two-endpoints device-id flag (bsc#1051510).
- usb: serial: option: drop redundant interface-class test (bsc#1051510).
- usb: serial: option: improve Quectel EP06 detection (bsc#1051510).
- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).
- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).
- usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).
- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).
- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).
- userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).
- userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809).
- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).
- vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).
- vhost: Fix Spectre V1 vulnerability (bsc#1051510).
- vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).
- virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).
- VMCI: Resource wildcard match fixed (bsc#1051510).
- w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).
- watchdog/core: Add missing prototypes for weak functions (git-fixes).
- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).
- wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510).
- x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913).
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).
- x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).
- x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).
- x86/decoder: Fix and update the opcodes map (bsc#1058115).
- x86/headers/UAPI: Use __u64 instead of u64 in <uapi/asm/hyperv.h> (bsc#1107207).
- x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).
- x86/hyperv: Add a function to read both TSC and TSC page value simulateneously (bsc#1107207).
- x86/hyper-v: Add flush HvFlushGuestPhysicalAddressSpace hypercall support (bsc#1107207).
- x86/hyper-v: Add hyperv_nested_flush_guest_mapping ftrace support (bsc#1107207).
- x86/hyperv: Add interrupt handler annotations (bsc#1107207).
- x86/hyper-v: allocate and use Virtual Processor Assist Pages (bsc#1107207).
- x86/hyper-v: Allocate the IDT entry early in boot (bsc#1107207).
- x86/hyper-v: Check cpumask_to_vpset() return value in hyperv_flush_tlb_others_ex() (bsc#1107207).
- x86/hyper-v: Check for VP_INVAL in hyperv_flush_tlb_others() (bsc#1107207).
- x86/hyper-v: Consolidate code for converting cpumask to vpset (bsc#1107207).
- x86/hyper-v: Consolidate the allocation of the hypercall input page (bsc#1107207).
- x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits (bsc#1107207).
- x86/hyper-v: detect nested features (bsc#1107207).
- x86/hyper-v: Enable IPI enlightenments (bsc#1107207).
- x86/hyper-v: Enhanced IPI enlightenment (bsc#1107207).
- x86/hyper-v: Enlighten APIC access (bsc#1107207).
- x86/hyper-v: Fix the circular dependency in IPI enlightenment (bsc#1107207).
- x86/hyper-v: Fix wrong merge conflict resolution (bsc#1107207).
- x86/hyper-v/hv_apic: Build the Hyper-V APIC conditionally (bsc#1107207).
- x86/hyper-v/hv_apic: Include asm/apic.h (bsc#1107207).
- x86/hyper-v: Implement hv_do_fast_hypercall16 (bsc#1107207).
- x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h (bsc#1107207).
- x86/hyper-v: move hyperv.h out of uapi (bsc#1107207).
- x86/hyper-v: move struct hv_flush_pcpu{,ex} definitions to common header (bsc#1107207).
- x86/hyperv: Redirect reenlightment notifications on CPU offlining (bsc#1107207).
- x86/hyperv: Reenlightenment notifications support (bsc#1107207).
- x86/hyper-v: rename ipi_arg_{ex,non_ex} structures (bsc#1107207).
- x86/hyper-v: Trace PV IPI send (bsc#1107207).
- x86/hyper-v: Use cheaper HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} hypercalls when possible (bsc#1107207).
- x86/hyper-v: Use cheaper HVCALL_SEND_IPI hypercall when possible (bsc#1107207).
- x86/hyper-v: Use 'fast' hypercall for HVCALL_SEND_IPI (bsc#1107207).
- x86/irq: Count Hyper-V reenlightenment interrupts (bsc#1107207).
- x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).
- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).
- x86/kvm/hyper-v: add reenlightenment MSRs support (bsc#1107207).
- x86/kvm/hyper-v: inject #GP only when invalid SINTx vector is unmasked (bsc#1107207).
- x86/kvm/hyper-v: remove stale entries from vec_bitmap/auto_eoi_bitmap on vector change (bsc#1107207).
- x86/kvm: rename HV_X64_MSR_APIC_ASSIST_PAGE to HV_X64_MSR_VP_ASSIST_PAGE (bsc#1107207).
- x86/l1tf: Show actual SMT state (bsc#1106913).
- x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).
- x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).
- x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).
- x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279).
- x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).
- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).
- x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).
- x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).
- x86/PCI: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058).
- x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058).
- x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).
- x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).
- x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058).
- x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).
- x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).
- x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).
- x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).
- x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058).
- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).
- x86/pti: Document fix wrong index (git-fixes).
- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).
- x86/retpoline: Remove minimal retpoline support (bsc#1106913).
- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).
- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).
- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).
- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).
- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).
- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).
- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).
- x86/speculation: Mark string arrays const correctly (bsc#1106913).
- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).
- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).
- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).
- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).
- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).
- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).
- x86/speculation: Provide IBPB always command line options (bsc#1106913).
- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).
- x86/speculation: Rename SSBD update functions (bsc#1106913).
- x86/speculation: Reorder the spec_v2 code (bsc#1106913).
- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).
- x86/speculation: Rework SMT state change (bsc#1106913).
- x86/speculation: Split out TIF update (bsc#1106913).
- x86/speculation: Support Enhanced IBRS on future CPUs ().
- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).
- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).
- x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).
- xen/balloon: Support xend-based toolstack (bnc#1065600).
- xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).
- xen: fix race in xen_qlock_wait() (bnc#1107256).
- xen: fix xen_qlock_wait() (bnc#1107256).
- xen: make xen_qlock_wait() nestable (bnc#1107256).
- xen/netfront: do not bug in case of too many frags (bnc#1104824).
- xen/netfront: tolerate frags with no data (bnc#1119804).
- xen/pvh: do not try to unplug emulated devices (bnc#1065600).
- xen/pvh: increase early stack size (bnc#1065600).
- xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).
- xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).
- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).
- xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).
- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).
- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).
- xfs: Properly detect when DAX won't be used on any device (bsc#1115976).
- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).
- xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).
- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).
- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).
- xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).
- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).
- xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).
Patchnames
SUSE-2019-222,SUSE-SLE-SERVER-12-SP4-2019-222
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic was uninitialized (bnc#1116841).\n- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation (bnc#1118319).\n- CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n- CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).\n- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n- CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash (bnc#1097593).\n- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).\n- CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n- CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1074578)\n\nThe following non-security bugs were fixed:\n\n- ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567).\n- ACPICA: Tables: Add WSMT support (bsc#1089350).\n- ACPI/CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115).\n- ACPI/CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).\n- ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).\n- ACPI/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).\n- ACPI/NFTI: Fix ARS overflow continuation (bsc#1116895).\n- ACPI/NFIT: x86/mce: Handle only uncorrectable machine checks (bsc#1114279).\n- ACPI/NFIT: x86/mce: Validate a MCE\u0027s address before using it (bsc#1114279).\n- ACPI/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).\n- ACPI/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).\n- act_ife: fix a potential use-after-free (networking-stable-18_09_11).\n- Add the cherry-picked dup id for PCI dwc fix\n- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).\n- ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).\n- ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).\n- ALSA: control: Fix race between adding and removing a user element (bsc#1051510).\n- ALSA: cs46xx: Potential NULL dereference in probe (bsc#1051510).\n- ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n- ALSA: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n- ALSA: fireface: fix for state to fetch PCM frames (bsc#1051510).\n- ALSA: fireface: fix reference to wrong register for clock configuration (bsc#1051510).\n- ALSA: firewire-lib: fix wrong assignment for \u0027out_packet_without_header\u0027 tracepoint (bsc#1051510).\n- ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).\n- ALSA: firewire-lib: use the same print format for \u0027without_header\u0027 tracepoints (bsc#1051510).\n- ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).\n- ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).\n- ALSA: hda: Add support for AMD Stoney Ridge (bsc#1051510).\n- ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).\n- ALSA: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).\n- ALSA: hda: fix front speakers on Huawei MBXP (bsc#1051510).\n- ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).\n- ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).\n- ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).\n- ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).\n- ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).\n- ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).\n- ALSA: hda/realtek - Allow skipping spec-\u003einit_amp detection (bsc#1051510).\n- ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).\n- ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).\n- ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).\n- ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).\n- ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).\n- ALSA: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).\n- ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).\n- ALSA: hda/realtek - Fix HP Headset Mic can\u0027t record (bsc#1051510).\n- ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).\n- ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).\n- ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).\n- ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).\n- ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).\n- ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).\n- ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).\n- ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n- ALSA: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).\n- ALSA: hda/tegra: clear pending irq handlers (bsc#1051510).\n- ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).\n- ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).\n- ALSA: pcm: Fix interval evaluation with openmin/max (bsc#1051510).\n- ALSA: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).\n- ALSA: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).\n- ALSA: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).\n- ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).\n- ALSA: trident: Suppress gcc string warning (bsc#1051510).\n- ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).\n- ALSA: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).\n- ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).\n- ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).\n- ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).\n- ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).\n- ALSA: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).\n- amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).\n- apparmor: do not try to replace stale label in ptrace access check (git-fixes).\n- apparmor: do not try to replace stale label in ptraceme check (git-fixes).\n- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).\n- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).\n- arm64: atomics: Remove \u0027\u0026\u0027 from \u0027+\u0026\u0027 asm constraint in lse atomics (bsc#1120613).\n- arm64: cpu_errata: include required headers (bsc#1120615).\n- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).\n- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).\n- arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).\n- arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).\n- arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).\n- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).\n- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).\n- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).\n- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).\n- arm64/numa: Unify common error path in numa_init() (bsc#1120621).\n- arm64: remove no-op -p linker flag (bsc#1120616).\n- arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).\n- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).\n- ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)\n- ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).\n- ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510).\n- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).\n- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).\n- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).\n- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).\n- ASoC: rsnd: fixup clock start checker (bsc#1051510).\n- ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).\n- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).\n- ata: Fix racy link clearance (bsc#1107866).\n- ataflop: fix error handling during setup (bsc#1051510).\n- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).\n- ath10k: schedule hardware restart if WMI command times out (bsc#1051510).\n- ath6kl: Only use match sets when firmware supports it (bsc#1051510).\n- b43: Fix error in cordic routine (bsc#1051510).\n- batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).\n- batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).\n- bcache: fix miss key refill-\u003eend in writeback (Git-fixes).\n- bcache: trace missed reading by cache_missed (Git-fixes).\n- bitops: protect variables in bit_clear_unless() macro (bsc#1051510).\n- bitops: protect variables in set_mask_bits() macro (bsc#1051510).\n- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).\n- block: allow max_discard_segments to be stacked (Git-fixes).\n- block: blk_init_allocated_queue() set q-\u003efq as NULL in the fail case (Git-fixes).\n- block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n- block: really disable runtime-pm for blk-mq (Git-fixes).\n- block: reset bi_iter.bi_done after splitting bio (Git-fixes).\n- block: respect virtual boundary mask in bvecs (bsc#1113412).\n- block/swim: Fix array bounds check (Git-fixes).\n- Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).\n- Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n- bnxt_en: do not try to offload VLAN \u0027modify\u0027 action (bsc#1050242 ).\n- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).\n- bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).\n- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).\n- bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).\n- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).\n- bonding: avoid possible dead-lock (networking-stable-18_10_16).\n- bonding: fix length of actor system (networking-stable-18_11_02).\n- bonding: fix warning message (networking-stable-18_10_16).\n- bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).\n- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).\n- bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).\n- bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).\n- bpf: use per htab salt for bucket hash (git-fixes).\n- bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).\n- brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).\n- brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).\n- brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).\n- bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).\n- Btrfs: Always try all copies when reading extent buffers (git-fixes).\n- Btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).\n- Btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).\n- Btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).\n- Btrfs: do not check inode\u0027s runtime flags under root-\u003eorphan_lock (bsc#1111469).\n- Btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).\n- Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).\n- Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).\n- Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).\n- Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).\n- Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).\n- Btrfs: fix deadlock when writing out free space caches (bsc#1116700).\n- Btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).\n- btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).\n- Btrfs: fix error handling in btrfs_truncate() (bsc#1111469).\n- Btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).\n- Btrfs: fix fsync of files with multiple hard links in new directories (1120173).\n- Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).\n- Btrfs: Fix memory barriers usage with device stats counters (git-fixes).\n- Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698).\n- Btrfs: fix use-after-free during inode eviction (bsc#1116701).\n- Btrfs: fix use-after-free on root-\u003eorphan_block_rsv (bsc#1111469).\n- Btrfs: fix use-after-free when dumping free space (bsc#1116862).\n- Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).\n- Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).\n- Btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).\n- Btrfs: get rid of unused orphan infrastructure (bsc#1111469).\n- Btrfs: make sure we create all new block groups (bsc#1116699).\n- Btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).\n- Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).\n- Btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).\n- Btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).\n- Btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).\n- Btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).\n- btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).\n- Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).\n- Btrfs: stop creating orphan items for truncate (bsc#1111469).\n- Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).\n- Btrfs: update stale comments referencing vmtruncate() (bsc#1111469).\n- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n- can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).\n- can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).\n- can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).\n- can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).\n- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).\n- can: hi311x: Use level-triggered interrupt (bsc#1051510).\n- can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).\n- can: rcar_can: Fix erroneous registration (bsc#1051510).\n- can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).\n- cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).\n- cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).\n- cdrom: do not attempt to fiddle with cdo-\u003ecapability (bsc#1051510).\n- ceph: do not update importing cap\u0027s mseq when handing cap export (bsc#1121273).\n- ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).\n- ceph: quota: fix null pointer dereference in quota check (bsc#1114839).\n- cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).\n- cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).\n- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).\n- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).\n- clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).\n- clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).\n- clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).\n- clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).\n- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).\n- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).\n- clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).\n- clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).\n- clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).\n- clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).\n- clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).\n- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).\n- config: arm64: enable erratum 1024718\n- configfs: replace strncpy with memcpy (bsc#1051510).\n- cpufeature: avoid warning when compiling with clang (Git-fixes).\n- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).\n- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).\n- cpupower: remove stringop-truncation waring (git-fixes).\n- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).\n- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().\n- crypto: ccp - Add GET_ID SEV command ().\n- crypto: ccp - Add psp enabled message when initialization succeeds ().\n- crypto: ccp - Add support for new CCP/PSP device ID ().\n- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().\n- crypto: ccp - Fix static checker warning ().\n- crypto: ccp - Remove unused #defines ().\n- crypto: ccp - Support register differences between PSP devices ().\n- crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).\n- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).\n- dax: Check page-\u003emapping isn\u0027t NULL (bsc#1120054).\n- dax: Do not access a freed inode (bsc#1120055).\n- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).\n- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).\n- disable INFINIBAND_USNIC\n- disable SERIAL_NONSTANDARD\n- disable stringop truncation warnings for now (git-fixes).\n- dm: allocate struct mapped_device with kvzalloc (Git-fixes).\n- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).\n- dm cache: fix resize crash if user does not reload cache table (Git-fixes).\n- dm cache metadata: ignore hints array being too small during resize (Git-fixes).\n- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).\n- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).\n- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).\n- dm crypt: do not decrease device limits (Git-fixes).\n- dm: fix report zone remapping to account for partition offset (Git-fixes).\n- dm integrity: change \u0027suspending\u0027 variable from bool to int (Git-fixes).\n- dm ioctl: harden copy_params()\u0027s copy_from_user() from malicious users (Git-fixes).\n- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).\n- dm linear: fix linear_end_io conditional definition (Git-fixes).\n- dm thin: handle running out of data space vs concurrent discard (Git-fixes).\n- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).\n- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).\n- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).\n- dm writecache: report start_sector in status line (Git-fixes).\n- dm zoned: fix metadata block ref counting (Git-fixes).\n- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).\n- doc/README.SUSE: correct GIT url No more gitorious, github we use.\n- Documentation/l1tf: Fix typos (bsc#1051510).\n- Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).\n- driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).\n- Drivers: HV: Send one page worth of kmsg dump over Hyper-V during panic (bsc#1107207).\n- Drivers: hv: vmbus: Add comments on ring buffer signaling (bsc#1107207).\n- Drivers: hv: vmbus: add numa_node to sysfs (bsc#1107207).\n- Drivers: hv: vmbus: Cleanup synic memory free path (bsc#1107207).\n- Drivers: hv: vmbus: enable VMBus protocol version 5.0 (bsc#1107207).\n- Drivers: hv: vmbus: Fix the issue with freeing up hv_ctl_table_hdr (bsc#1107207).\n- Drivers: hv: vmbus: Get rid of MSR access from vmbus_drv.c (bsc#1107207).\n- Drivers: hv: vmbus: Implement Direct Mode for stimer0 (bsc#1107207).\n- Drivers: hv: vmbus: Make TLFS #define names architecture neutral (bsc#1107207).\n- Drivers: hv: vmbus: Removed an unnecessary cast from void * (bsc#1107207).\n- Drivers: hv: vmbus: Remove use of slow_virt_to_phys() (bsc#1107207).\n- Drivers: hv: vmbus: Remove x86-isms from arch independent drivers (bsc#1107207).\n- Drivers: hv: vmbus: Remove x86 MSR refs in arch independent code (bsc#1107207).\n- Drivers: hv: vmbus: Reset the channel callback in vmbus_onoffer_rescind() (bsc#1107207).\n- Drivers: hv: vmbus: respect what we get from hv_get_synint_state() (bsc#1107207).\n- Drivers: hv: vmbus: Use get/put_cpu() in vmbus_connect() (bsc#1107207).\n- Drivers: hv: vmus: Fix the check for return value from kmsg get dump buffer (bsc#1107207).\n- Drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).\n- Drivers/net/usb/r8152: remove the unneeded variable \u0027ret\u0027 in rtl8152_system_suspend (bsc#1119749).\n- Drivers/tty: add missing of_node_put() (bsc#1051510).\n- drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).\n- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)\n- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)\n- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)\n- drm/ast: change resolution may cause screen blurred (boo#1112963).\n- drm/ast: fixed cursor may disappear sometimes (bsc#1051510).\n- drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n- drm/ast: Remove existing framebuffers before loading driver (boo#1112963)\n- drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n- drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).\n- drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n- drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)\n- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)\n- drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)\n- drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).\n- drm/i915: Do not unset intel_connector-\u003emst_port (bsc#1051510).\n- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)\n- drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).\n- drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).\n- drm/i915/glk: Remove 99% limitation (bsc#1051510).\n- drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).\n- drm/i915: Large page offsets for pread/pwrite (bsc#1051510).\n- drm/i915: Mark pin flags as u64 (bsc#1051510).\n- drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).\n- drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).\n- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)\n- drm/meson: add support for 1080p25 mode (bsc#1051510).\n- drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).\n- drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).\n- drm/nouveau: Check backlight IDs are \u003e= 0, not \u003e 0 (bsc#1051510).\n- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)\n- drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).\n- drm: rcar-du: Fix external clock error checks (bsc#1113722)\n- drm: rcar-du: Fix vblank initialization (bsc#1113722)\n- drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).\n- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)\n- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)\n- drm/vc4: Set -\u003eis_yuv to false when num_planes == 1 (bsc#1113722)\n- drm/vc4: -\u003ex_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)\n- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).\n- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).\n- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).\n- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).\n- dt-bindings: iio: update STM32 timers clock names (git-fixes).\n- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).\n- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).\n- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).\n- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).\n- dt-bindings: pwm: renesas: tpu: Fix \u0027compatible\u0027 prop description (git-fixes).\n- dt-bindings: pwm: Update STM32 timers clock names (git-fixes).\n- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).\n- EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279).\n- EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).\n- efi: Move some sysfs files to be read-only by root (bsc#1051510).\n- enable CONFIG_SCSI_MQ_DEFAULT (bsc#1107207)\n- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).\n- exportfs: fix \u0027passing zero to ERR_PTR()\u0027 warning (bsc#1118773).\n- ext2: fix potential use after free (bsc#1118775).\n- ext4: add missing brelse() add_new_gdb_meta_bg()\u0027s error path (bsc#1117795).\n- ext4: add missing brelse() in set_flexbg_block_bitmap()\u0027s error path (bsc#1117794).\n- ext4: add missing brelse() update_backups()\u0027s error path (bsc#1117796).\n- ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).\n- ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).\n- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).\n- ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).\n- ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).\n- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).\n- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).\n- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).\n- ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).\n- ext4: fix possible leak of sbi-\u003es_group_desc_leak in error path (bsc#1117803).\n- ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).\n- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).\n- ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).\n- ext4: fix use-after-free race in ext4_remount()\u0027s error path (bsc#1117791).\n- ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).\n- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).\n- ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).\n- ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).\n- extable: Consolidate *kernel_text_address() functions (bsc#1120092).\n- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).\n- fanotify: fix handling of events on child sub-directory (bsc#1122019).\n- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)\n- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)\n- fbdev: fix broken menu dependencies (bsc#1113722)\n- filesystem-dax: Fix dax_layout_busy_page() livelock (bsc#1118787).\n- firmware: add firmware_request_nowarn() - load firmware without warnings ().\n- firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).\n- firmware: dcdbas: include linux/io.h (bsc#1089350).\n- Fix kABI for \u0027Ensure we commit after writeback is complete\u0027 (bsc#1111809).\n- Fix the breakage of KMP build on x86_64 (bsc#1121017) The backport of the commit 4cd24de3a098 broke KMP builds because of the failure of make kernelrelease call in spec file. Clear the blacklist and backport the fix from the upstream.\n- Fix tracing sample code warning (git-fixes).\n- floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).\n- flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).\n- fscache: fix race between enablement and dropping of object (bsc#1107385).\n- fscache: Fix race in fscache_op_complete() due to split atomic_sub \u0026 read (Git-fixes).\n- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).\n- fs: fix lost error code in dio_complete (bsc#1118762).\n- fs: Make extension of struct super_block transparent (bsc#1117822).\n- fsnotify: Fix busy inodes during unmount (bsc#1117822).\n- fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).\n- fs/xfs: Use %pS printk format for direct addresses (git-fixes).\n- ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172).\n- ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).\n- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).\n- ftrace: Remove incorrect setting of glob search field (bsc#1117184).\n- fuse: fix blocked_waitq wakeup (git-fixes).\n- fuse: fix leaked notify reply (git-fixes).\n- fuse: fix possibly missed wake-up after abort (git-fixes).\n- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).\n- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).\n- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).\n- fuse: set FR_SENT while locked (git-fixes).\n- gcc-plugins: Add include required by GCC release 8 (git-fixes).\n- gcc-plugins: Use dynamic initializers (git-fixes).\n- genirq: Fix race on spurious interrupt detection (bsc#1051510).\n- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).\n- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).\n- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).\n- gfs2_meta: -\u003emount() can get NULL dev_name (bsc#1118768).\n- gfs2: Put bitmap buffers in put_super (bsc#1118772).\n- git_sort.py: Remove non-existent remote tj/libata\n- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).\n- gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).\n- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).\n- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).\n- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).\n- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).\n- grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).\n- gso_segment: Reset skb-\u003emac_len after modifying network header (networking-stable-18_09_24).\n- HID: Add quirk for Primax PIXART OEM mice (bsc#1119410).\n- HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n- HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).\n- HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).\n- HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).\n- hv: add SPDX license id to Kconfig (bsc#1107207).\n- hv: add SPDX license to trace (bsc#1107207).\n- hv_balloon: trace post_status (bsc#1107207).\n- hv_netvsc: Add handlers for ethtool get/set msg level (bsc#1107207).\n- hv_netvsc: Add NetVSP v6 and v6.1 into version negotiation (bsc#1107207).\n- hv_netvsc: Add per-cpu ethtool stats for netvsc (bsc#1107207).\n- hv_netvsc: Add range checking for rx packet offset and length (bsc#1107207).\n- hv_netvsc: add trace points (bsc#1107207).\n- hv_netvsc: Clean up extra parameter from rndis_filter_receive_data() (bsc#1107207).\n- hv_netvsc: fix bogus ifalias on network device (bsc#1107207).\n- hv_netvsc: fix network namespace issues with VF support (bsc#1107207).\n- hv_netvsc: Fix the return status in RX path (bsc#1107207).\n- hv_netvsc: Fix the variable sizes in ipsecv2 and rsc offload (bsc#1107207).\n- hv_netvsc: fix vf serial matching with pci slot info (bsc#1107207).\n- hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).\n- hv_netvsc: move VF to same namespace as netvsc device (bsc#1107207).\n- hv_netvsc: pair VF based on serial number (bsc#1107207).\n- hv_netvsc: Pass net_device parameter to revoke and teardown functions (bsc#1107207).\n- hv_netvsc: pass netvsc_device to rndis halt (bsc#1107207).\n- hv_netvsc: propogate Hyper-V friendly name into interface alias (bsc#1107207).\n- hv_netvsc: select needed ucs2_string routine (bsc#1107207).\n- hv_netvsc: simplify receive side calling arguments (bsc#1107207).\n- hv_netvsc: typo in NDIS RSS parameters structure (bsc#1107207).\n- hv: Synthetic typo correction (bsc#1107207).\n- hv_vmbus: Correct the stale comments regarding cpu affinity (bsc#1107207).\n- hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510).\n- hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).\n- hwmon: (ina2xx) Fix current value calculation (bsc#1051510).\n- hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).\n- hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n- hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).\n- hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).\n- hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n- hwmon: (w83795) temp4_type has writable permission (bsc#1051510).\n- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n- hyper-v: use GFP_KERNEL for hv_context.hv_numa_map (bsc#1107207).\n- i2c: axxia: properly handle master timeout (bsc#1051510).\n- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).\n- IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).\n- ibmvnic: Convert reset work item mutex to spin lock ().\n- ibmvnic: fix accelerated VLAN handling ().\n- ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).\n- ibmvnic: Fix non-atomic memory allocation in IRQ context ().\n- ibmvnic: remove ndo_poll_controller ().\n- ibmvnic: Update driver queues after change in ring size support ().\n- IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387).\n- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).\n- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).\n- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n- iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).\n- iio: ad5064: Fix regulator handling (bsc#1051510).\n- iio:st_magn: Fix enable device after trigger (bsc#1051510).\n- ima: fix showing large \u0027violations\u0027 or \u0027runtime_measurements_count\u0027 (bsc#1051510).\n- include/linux/pfn_t.h: force \u0027~\u0027 to be parsed as an unary operator (bsc#1051510).\n- include modules.fips in kernel-binary as well as kernel-binary-base ().\n- inet: make sure to grab rcu_read_lock before using ireq-\u003eireq_opt (networking-stable-18_10_16).\n- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).\n- Input: add official Raspberry Pi\u0027s touchscreen driver ().\n- Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).\n- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).\n- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).\n- Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).\n- Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).\n- Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).\n- Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).\n- Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).\n- Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).\n- Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).\n- Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).\n- Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).\n- Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n- Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).\n- Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).\n- Input: xpad - fix some coding style issues (bsc#1051510).\n- Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).\n- integrity/security: fix digsig.c build error with header file (bsc#1051510).\n- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).\n- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).\n- iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).\n- iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).\n- iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).\n- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).\n- iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n- ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n- ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).\n- ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).\n- ipmi: Fix timer race with module unload (bsc#1051510).\n- ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n- ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).\n- ipv4: lock mtu in fnhe when received PMTU \u0026lt; net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).\n- ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21).\n- ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).\n- ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).\n- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).\n- ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).\n- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).\n- iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).\n- iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).\n- iwlwifi: fix LED command capability bit (bsc#1119086).\n- iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).\n- iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).\n- iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).\n- iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).\n- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).\n- iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).\n- iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n- iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).\n- iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).\n- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).\n- iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).\n- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).\n- jump_label: Split out code under the hotplug lock (bsc#1106913).\n- KABI fix for \u0027NFSv4.1: Fix up replays of interrupted requests\u0027 (git-fixes).\n- KABI: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n- KABI: mask raw in struct bpf_reg_state (bsc#1083647).\n- KABI: powerpc: Revert npu callback signature change (bsc#1055120).\n- KABI protect hnae_ae_ops (bsc#1104353).\n- KABI: protect struct fib_nh_exception (kabi).\n- KABI: protect struct rtable (kabi).\n- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).\n- kbuild: fix kernel/bounds.c \u0027W=1\u0027 warning (bsc#1051510).\n- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).\n- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).\n- kbuild: move \u0027_all\u0027 target out of $(KBUILD_SRC) conditional (bsc#1114279).\n- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).\n- Kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).\n- kbuild: verify that $DEPMOD is installed (git-fixes).\n- kdb: use memmove instead of overlapping memcpy (bsc#1120954).\n- kernfs: Replace strncpy with memcpy (bsc#1120053).\n- keys: Fix the use of the C++ keyword \u0027private\u0027 in uapi/linux/keyctl.h (Git-fixes).\n- kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).\n- kobject: Replace strncpy with memcpy (git-fixes).\n- kprobes: Make list and blacklist root user read only (git-fixes).\n- KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).\n- KVM: hyperv: idr_find needs RCU protection (bsc#1107207).\n- KVM: introduce kvm_make_vcpus_request_mask() API (bsc#1107207).\n- KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).\n- KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).\n- KVM: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).\n- KVM: s390: vsie: copy wrapping keys to right place (git-fixes).\n- KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279).\n- KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n- KVM: x86: ensure all MSRs can always be KVM_GET/SET_MSR\u0027d (bsc#1107207).\n- KVM: x86: factor out kvm.arch.hyperv (de)init (bsc#1107207).\n- KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).\n- KVM: x86: hyperv: delete dead code in kvm_hv_hypercall() (bsc#1107207).\n- KVM: x86: hyperv: do rep check for each hypercall separately (bsc#1107207).\n- KVM: x86: hyperv: guest-\u003ehost event signaling via eventfd (bsc#1107207).\n- KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE}_EX implementation (bsc#1107207).\n- KVM: x86: hyperv: simplistic HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} implementation (bsc#1107207).\n- KVM: x86: hyperv: use defines when parsing hypercall parameters (bsc#1107207).\n- KVM: x86: VMX: hyper-v: Enlightened MSR-Bitmap support (bsc#1107207).\n- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).\n- libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n- libceph: fall back to sendmsg for slab pages (bsc#1118316).\n- libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).\n- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).\n- libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).\n- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).\n- libnvdimm, pmem: Fix badblocks population for \u0027raw\u0027 namespaces (bsc#1118788).\n- libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).\n- lib/raid6: Fix arm64 test build (bsc#1051510).\n- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).\n- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).\n- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).\n- llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).\n- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).\n- locking/static_keys: Improve uninitialized key warning (bsc#1106913).\n- mac80211: Always report TX status (bsc#1051510).\n- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).\n- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).\n- mac80211: fix TX status reporting for ieee80211s (bsc#1051510).\n- mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).\n- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).\n- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).\n- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).\n- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).\n- mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).\n- mach64: fix display corruption on big endian machines (bsc#1113722)\n- mach64: fix image corruption due to reading accelerator registers (bsc#1113722)\n- mailbox: PCC: handle parse error (bsc#1051510).\n- Mark HI and TASKLET softirq synchronous (git-fixes).\n- md: allow metadata updates while suspending an array - fix (git-fixes).\n- MD: fix invalid stored role for a disk - try2 (git-fixes).\n- md: fix raid10 hang issue caused by barrier (git-fixes).\n- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).\n- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).\n- media: omap3isp: Unregister media device as first (bsc#1051510).\n- memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n- mfd: menelaus: Fix possible race condition and leak (bsc#1051510).\n- mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).\n- mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).\n- mmc: bcm2835: reset host on timeout (bsc#1051510).\n- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).\n- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).\n- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).\n- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).\n- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).\n- mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).\n- MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).\n- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).\n- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).\n- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).\n- mm: do not miss the last page because of round-off error (bnc#1118798).\n- mm: do not warn about large allocations for slab (git fixes (slab)).\n- mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).\n- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).\n- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).\n- mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).\n- mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).\n- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).\n- mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).\n- mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).\n- mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).\n- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).\n- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).\n- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).\n- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).\n- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).\n- mm: only report isolation failures when offlining memory (generic hotplug debugability).\n- mm: print more information about mapping in __dump_page (generic hotplug debugability).\n- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).\n- mm: rework memcg kernel stack accounting (bnc#1113677).\n- mm: sections are not offlined during memory hotremove (bnc#1119968).\n- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).\n- mm/vmstat.c: fix NUMA statistics updates (git fixes).\n- mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).\n- mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).\n- mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n- Move dell_rbu fix to sorted section (bsc#1087978).\n- Move USB-audio UAF fix patch to sorted section\n- mtd: cfi: convert inline functions to macros (git-fixes).\n- mtd: Fix comparison in map_word_andequal() (git-fixes).\n- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).\n- nbd: do not allow invalid blocksize settings (Git-fixes).\n- neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).\n- net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).\n- net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).\n- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).\n- net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).\n- net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).\n- net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).\n- net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).\n- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).\n- net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).\n- net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).\n- net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).\n- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).\n- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).\n- net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).\n- net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).\n- net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).\n- net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).\n- net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).\n- net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).\n- net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).\n- net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).\n- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).\n- net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).\n- net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).\n- net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).\n- net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).\n- net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).\n- net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).\n- net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).\n- net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).\n- net: ena: minor performance improvement (bsc#1111696 bsc#1117561).\n- net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).\n- net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).\n- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).\n- net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).\n- net: ena: use CSUM_CHECKED device indication to report skb\u0027s checksum status (bsc#1111696 bsc#1117561).\n- net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).\n- net-gro: reset skb-\u003epkt_type in napi_reuse_skb() (networking-stable-18_11_21).\n- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).\n- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).\n- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).\n- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).\n- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).\n- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).\n- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).\n- net: hns3: bugfix for rtnl_lock\u0027s range in the hclgevf_reset() (bsc#1104353).\n- net: hns3: bugfix for the initialization of command queue\u0027s spin lock (bsc#1104353).\n- net: hns3: Check hdev state when getting link status (bsc#1104353).\n- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).\n- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).\n- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).\n- net: hns3: Fix ets validate issue (bsc#1104353).\n- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).\n- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).\n- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).\n- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).\n- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).\n- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).\n- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).\n- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).\n- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).\n- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).\n- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).\n- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).\n- net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).\n- net: hp100: fix always-true check for link up state (networking-stable-18_09_24).\n- net: ibm: fix return type of ndo_start_xmit function ().\n- net/ibmnvic: Fix deadlock problem in reset ().\n- net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).\n- net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).\n- net: ipv4: do not let PMTU updates increase route MTU (git-fixes).\n- net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).\n- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).\n- netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).\n- net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).\n- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).\n- net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).\n- net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).\n- net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).\n- net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).\n- net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).\n- net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).\n- net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).\n- net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).\n- net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).\n- net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).\n- net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).\n- net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).\n- net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).\n- net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n- net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).\n- net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).\n- net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).\n- net: sched: Fix for duplicate class dump (networking-stable-18_11_02).\n- net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).\n- net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).\n- net: smsc95xx: Fix MTU range (networking-stable-18_11_21).\n- net: socket: fix a missing-check bug (networking-stable-18_11_02).\n- net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).\n- net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).\n- net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).\n- net: systemport: Protect stop from timeout (networking-stable-18_11_21).\n- net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).\n- net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).\n- net: usb: r8152: constify usb_device_id (bsc#1119749).\n- net: usb: r8152: use irqsave() in USB\u0027s complete callback (bsc#1119749).\n- nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).\n- nfs: Avoid RCU usage in tracepoints (git-fixes).\n- nfs: commit direct writes even if they fail partially (git-fixes).\n- nfsd4: permit layoutget of executable-only files (git-fixes).\n- nfsd: check for use of the closed special stateid (git-fixes).\n- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x\u003e0) (git-fixes).\n- nfsd: deal with revoked delegations appropriately (git-fixes).\n- nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).\n- nfsd: Fix another OPEN stateid race (git-fixes).\n- nfsd: fix corrupted reply to badly ordered compound (git-fixes).\n- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).\n- nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).\n- nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).\n- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).\n- nfs: Ensure we commit after writeback is complete (bsc#1111809).\n- nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes).\n- nfs: Fix a typo in nfs_rename() (git-fixes).\n- nfs: Fix typo in nomigration mount option (git-fixes).\n- nfs: Fix unstable write completion (git-fixes).\n- nfsv4.0 fix client reference leak in callback (git-fixes).\n- nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).\n- nfsv4.1 fix infinite loop on I/O (git-fixes).\n- nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n- nfsv4.1: Fix up replays of interrupted requests (git-fixes).\n- nfsv4: Fix a typo in nfs41_sequence_process (git-fixes).\n- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).\n- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).\n- nospec: Allow index argument to have const-qualified type (git-fixes)\n- nospec: Include \u0026lt;asm/barrier.h\u003e dependency (bsc#1114279).\n- nospec: Kill array_index_nospec_mask_check() (git-fixes).\n- nvme-fc: resolve io failures during connect (bsc#1116803).\n- nvme: Free ctrl device name on init failure ().\n- nvme-multipath: zero out ANA log buffer (bsc#1105168).\n- nvme: validate controller state before rescheduling keep alive (bsc#1103257).\n- objtool: Detect RIP-relative switch table references (bsc#1058115).\n- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).\n- objtool: Fix another switch table detection issue (bsc#1058115).\n- objtool: Fix double-free in .cold detection error path (bsc#1058115).\n- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).\n- objtool: Fix \u0027noreturn\u0027 detection for recursive sibling calls (bsc#1058115).\n- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).\n- objtool: Support GCC 8\u0027s cold subfunctions (bsc#1058115).\n- objtool: Support GCC 8 switch tables (bsc#1058115).\n- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).\n- ocfs2: fix locking for res-\u003etracking and dlm-\u003etracking_list (bsc#1117816).\n- ocfs2: fix ocfs2 read block panic (bsc#1117815).\n- ocfs2: free up write context when direct IO failed (bsc#1117821).\n- ocfs2: subsystem.su_mutex is required while accessing the item-\u003eci_parent (bsc#1117808).\n- openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).\n- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).\n- PCI: Add ACS quirk for Ampere root ports (bsc#1120058).\n- PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058).\n- PCI: Add Device IDs for Intel GPU \u0027spurious interrupt\u0027 quirk (bsc#1051510).\n- PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).\n- PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).\n- PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).\n- PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).\n- PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)\n- PCI: Export pcie_has_flr() (bsc#1120058).\n- PCI: hv: Convert remove_lock to refcount (bsc#1107207).\n- PCI: hv: Fix return value check in hv_pci_assign_slots() (bsc#1107207).\n- PCI: hv: Remove unused reason for refcount handler (bsc#1107207).\n- PCI: hv: Replace GFP_ATOMIC with GFP_KERNEL in new_pcichild_device() (bsc#1107207).\n- PCI: hv: support reporting serial number as slot information (bsc#1107207).\n- PCI: hv: Use effective affinity mask (bsc#1109772).\n- PCI: hv: Use list_for_each_entry() (bsc#1107207).\n- PCI: imx6: Fix link training status detection in link up check (bsc#1109806).\n- PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).\n- PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).\n- PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).\n- PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).\n- PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).\n- PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).\n- PCI: vmd: Assign vector zero to all bridges (bsc#1109806).\n- PCI: vmd: Detach resources after stopping root bus (bsc#1109806).\n- PCI: vmd: White list for fast interrupt handlers (bsc#1109806).\n- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).\n- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279).\n- perf: fix invalid bit in diagnostic entry (git-fixes).\n- perf tools: Fix tracing_path_mount proper path (git-fixes).\n- pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n- pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n- pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).\n- pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).\n- pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).\n- pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).\n- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).\n- platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).\n- platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).\n- pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).\n- pNFS: Do not release the sequence slot until we\u0027ve processed layoutget on open (git-fixes).\n- pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).\n- powerpc/64s: consolidate MCE counter increment (bsc#1094244).\n- powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).\n- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).\n- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).\n- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).\n- powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).\n- powerpc/mm: Fix typo in comments (bsc#1065729).\n- powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).\n- powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120).\n- powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).\n- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).\n- powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).\n- powerpc/powernv: Fix concurrency issue with npu-\u003emmio_atsd_usage (bsc#1055120).\n- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).\n- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).\n- powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).\n- powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).\n- powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).\n- powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).\n- powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).\n- powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).\n- powerpc/pseries: Fix DTL buffer registration (bsc#1065729).\n- powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).\n- powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).\n- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).\n- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).\n- power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).\n- power: supply: olpc_battery: correct the temperature units (bsc#1051510).\n- pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).\n- printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).\n- provide linux/set_memory.h (bsc#1113295).\n- ptp: fix Spectre v1 vulnerability (bsc#1051510).\n- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).\n- pwm: lpss: Release runtime-pm reference from the driver\u0027s remove callback (bsc#1051510).\n- pxa168fb: prepare the clock (bsc#1051510).\n- qed: Add driver support for 20G link speed (bsc#1110558).\n- qed: Add support for virtual link (bsc#1111795).\n- qede: Add driver support for 20G link speed (bsc#1110558).\n- qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).\n- qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).\n- r8152: add byte_enable for ocp_read_word function (bsc#1119749).\n- r8152: add Linksys USB3GIGV1 id (bsc#1119749).\n- r8152: add r8153_phy_status function (bsc#1119749).\n- r8152: adjust lpm settings for RTL8153 (bsc#1119749).\n- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).\n- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).\n- r8152: adjust U2P3 for RTL8153 (bsc#1119749).\n- r8152: avoid rx queue more than 1000 packets (bsc#1119749).\n- r8152: check if disabling ALDPS is finished (bsc#1119749).\n- r8152: correct the definition (bsc#1119749).\n- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).\n- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).\n- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).\n- r8152: move calling delay_autosuspend function (bsc#1119749).\n- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).\n- r8152: move the initialization to reset_resume function (bsc#1119749).\n- r8152: move the setting of rx aggregation (bsc#1119749).\n- r8152: replace napi_complete with napi_complete_done (bsc#1119749).\n- r8152: set rx mode early when linking on (bsc#1119749).\n- r8152: split rtl8152_resume function (bsc#1119749).\n- r8152: support new chip 8050 (bsc#1119749).\n- r8152: support RTL8153B (bsc#1119749).\n- r8169: fix NAPI handling under high load (networking-stable-18_11_02).\n- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).\n- rcu: Allow for page faults in NMI handlers (bsc#1120092).\n- RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).\n- RDMA/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).\n- RDMA/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).\n- RDMA/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).\n- RDMA/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).\n- RDMA/RXE: make rxe work over 802.1q VLAN devices (bsc#1082387).\n- rds: fix two RCU related problems (networking-stable-18_09_18).\n- README: Clean-up trailing whitespace\n- Reenable support for KVM guest Earlier trimming of config-azure disabled also KVM. But since parts of QA are done within KVM guests, this flavor must be able to run within such guest type.\n- remoteproc: qcom: Fix potential device node leaks (bsc#1051510).\n- reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).\n- reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n- reset: remove remaining WARN_ON() in \u0026lt;linux/reset.h\u003e (Git-fixes).\n- Revert \u0027ceph: fix dentry leak in splice_dentry()\u0027 (bsc#1114839).\n- Revert commit ef9209b642f \u0027staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c\u0027 (bsc#1051510).\n- Revert \u0027iommu/io-pgtable-arm: Check for v7s-incapable systems\u0027 (bsc#1106105).\n- Revert \u0027PCI/ASPM: Do not initialize link state when aspm_disabled is set\u0027 (bsc#1051510).\n- Revert \u0027powerpc/64: Fix checksum folding in csum_add()\u0027 (bsc#1065729).\n- Revert \u0027rpm/kernel-binary.spec.in: allow unsupported modules for -extra\u0027 This reverts commit 0d585a8c2d17de86869cc695fc7a5d10c6b96abb.\n- Revert \u0027scsi: lpfc: ls_rjt erroneus FLOGIs\u0027 (bsc#1119322).\n- Revert \u0027usb: dwc3: gadget: skip Set/Clear Halt when invalid\u0027 (bsc#1051510).\n- Revert wlcore patch to follow stable tree develpment\n- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).\n- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).\n- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).\n- rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists.\n- rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e (\u0027kconfig: remove silentoldconfig target\u0027), \u0027make silentoldconfig\u0027 can be no longer used. Use \u0027make syncconfig\u0027 instead if available.\n- rtc: hctosys: Add missing range error reporting (bsc#1051510).\n- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).\n- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).\n- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).\n- rtl8xxxu: Fix missing break in switch (bsc#1051510).\n- rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).\n- rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).\n- rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).\n- s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).\n- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).\n- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).\n- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).\n- s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).\n- s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).\n- s390/mm: correct allocate_pgste proc_handler callback (git-fixes).\n- s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).\n- s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).\n- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).\n- s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).\n- s390/qeth: handle failure on workqueue creation (git-fixes).\n- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).\n- s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).\n- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).\n- s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n- s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).\n- s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).\n- s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).\n- s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).\n- sbitmap: fix race in wait batch accounting (Git-fixes).\n- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).\n- sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)).\n- sched/isolcpus: Fix \u0027isolcpus=\u0027 boot parameter handling when !CONFIG_CPUMASK_OFFSTACK (bsc#1107207).\n- sched/smt: Expose sched_smt_present static key (bsc#1106913).\n- sched/smt: Make sched_smt_present track topology (bsc#1106913).\n- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).\n- scripts/git-pre-commit: make executable.\n- scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue\n- scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe.\n- scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).\n- scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).\n- scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).\n- scsi: lpfc: add Trunking support (bsc#1114015).\n- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).\n- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).\n- scsi: lpfc: Correct errors accessing fw log (bsc#1114015).\n- scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).\n- scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).\n- scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n- scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).\n- scsi: lpfc: Correct race with abort on completion path (bsc#1114015).\n- scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).\n- scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).\n- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).\n- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).\n- scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).\n- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).\n- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).\n- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).\n- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).\n- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).\n- scsi: lpfc: Fix errors in log messages (bsc#1114015).\n- scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).\n- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).\n- scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).\n- scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).\n- scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).\n- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).\n- scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).\n- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).\n- scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).\n- scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).\n- scsi: lpfc: reduce locking when updating statistics (bsc#1114015).\n- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).\n- scsi: lpfc: Remove set but not used variable \u0027sgl_size\u0027 (bsc#1114015).\n- scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).\n- scsi: lpfc: rport port swap discovery issue (bsc#1118215).\n- scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).\n- scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).\n- scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).\n- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).\n- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).\n- scsi: netvsc: Use the vmbus function to calculate ring buffer percentage (bsc#1107207).\n- scsi: qlogicpti: Fix an error handling path in \u0027qpti_sbus_probe()\u0027 (bsc#1114581).\n- scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).\n- scsi: sg: fix minor memory leak in error path (bsc#1114584).\n- scsi: storsvc: do not set a bounce limit (bsc#1107207).\n- scsi: storvsc: Avoid allocating memory for temp cpumasks (bsc#1107207).\n- scsi: storvsc: Select channel based on available percentage of ring buffer to write (bsc#1107207).\n- scsi: storvsc: Set up correct queue depth values for IDE devices (bsc#1107207).\n- scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578).\n- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).\n- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).\n- scsi: target: Fix fortify_panic kernel exception (bsc#1114576).\n- scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).\n- scsi: target: tcmu: add read length support (bsc#1097755).\n- scsi: vmbus: Add function to report available ring buffer to write in total ring size percentage (bsc#1107207).\n- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).\n- sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).\n- sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).\n- sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).\n- sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).\n- sctp: not increase stream\u0027s incnt before sending addstrm_in request (networking-stable-18_11_21).\n- sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16).\n- shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).\n- shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).\n- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).\n- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).\n- skip LAYOUTRETURN if layout is invalid (git-fixes).\n- soc: bcm2835: sync firmware properties with downstream ()\n- soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).\n- soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).\n- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).\n- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).\n- spi: bcm2835: Fix race on DMA termination (bsc#1051510).\n- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).\n- splice: do not read more than available pipe space (bsc#1119212).\n- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).\n- staging:iio:ad7606: fix voltage scales (bsc#1051510).\n- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).\n- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).\n- staging: rtl8723bs: Fix the return value in case of error in \u0027rtw_wx_read32()\u0027 (bsc#1051510).\n- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).\n- staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).\n- SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).\n- sunrpc: Do not use stack buffer with scatterlist (git-fixes).\n- sunrpc: Fix rpc_task_begin trace point (git-fixes).\n- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).\n- supported.conf: add raspberrypi-ts driver\n- supported.conf: whitelist bluefield eMMC driver\n- target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).\n- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).\n- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).\n- tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).\n- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).\n- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).\n- test_firmware: fix error return getting clobbered (bsc#1051510).\n- test_hexdump: use memcpy instead of strncpy (bsc#1051510).\n- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).\n- thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n- thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).\n- thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).\n- tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).\n- tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).\n- tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).\n- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).\n- tools: hv: fcopy: set \u0027error\u0027 in case an unknown operation was requested (bsc#1107207).\n- tools: hv: fcopy: set \u0027error\u0027 in case an unknown operation was requested (git-fixes).\n- tools: hv: Fix a bug in the key delete code (bsc#1107207).\n- tools: hv: Fix a bug in the key delete code (git-fixes).\n- tools: hv: fix compiler warnings about major/target_fname (bsc#1107207).\n- tools/hv: Fix IP reporting by KVP daemon with SRIOV (bsc#1107207).\n- tools: hv: include string.h in hv_fcopy_daemon (bsc#1107207).\n- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).\n- tools: hv: update lsvmbus to be compatible with python3 (bsc#1107207).\n- tools/lib/lockdep: Rename \u0027trywlock\u0027 into \u0027trywrlock\u0027 (bsc#1121973).\n- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).\n- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).\n- tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).\n- tpm: add retry logic (bsc#1082555).\n- tpm: consolidate the TPM startup code (bsc#1082555).\n- tpm: do not suspend/resume if power stays on (bsc#1082555).\n- tpm: fix intermittent failure with self tests (bsc#1082555).\n- tpm: fix response size validation in tpm_get_random() (bsc#1082555).\n- tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).\n- tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).\n- tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).\n- tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).\n- tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).\n- tpm: Restore functionality to xen vtpm driver (bsc#1082555).\n- tpm: self test failure should not cause suspend to fail (bsc#1082555).\n- tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).\n- tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).\n- tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).\n- tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).\n- tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).\n- tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).\n- tracing/blktrace: Fix to allow setting same value (Git-fixes).\n- tracing: Erase irqsoff trace with empty write (bsc#1117189).\n- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).\n- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).\n- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).\n- tracing: Fix double free of event_trigger_data (bsc#1120234).\n- tracing: Fix missing return symbol in function_graph output (bsc#1120232).\n- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).\n- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).\n- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).\n- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).\n- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).\n- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).\n- tty: check name length in tty_find_polling_driver() (bsc#1051510).\n- tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).\n- tty: Do not return -EAGAIN in blocking read (bsc#1116040).\n- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).\n- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).\n- tty: wipe buffer (bsc#1051510).\n- tty: wipe buffer if not echoing data (bsc#1051510).\n- tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).\n- tuntap: fix multiqueue rx (networking-stable-18_11_21).\n- ubifs: Fixup compilation failure due to different ubifs_assert() prototype.\n- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).\n- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).\n- udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).\n- udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).\n- udp6: fix encap return code for resubmitting (git-fixes).\n- uio: ensure class is registered before devices (bsc#1051510).\n- uio: Fix an Oops on load (bsc#1051510).\n- uio_hv_generic: fix subchannel ring mmap (bsc#1107207).\n- uio_hv_generic: make ring buffer attribute for primary channel (bsc#1107207).\n- uio_hv_generic: set size of ring buffer attribute (bsc#1107207).\n- uio_hv_generic: support sub-channels (bsc#1107207).\n- uio_hv_generic: use correct channel in isr (bsc#1107207).\n- uio: make symbol \u0027uio_class_registered\u0027 static (bsc#1051510).\n- unifdef: use memcpy instead of strncpy (bsc#1051510).\n- usb: appledisplay: Add 27\u0027 Apple Cinema Display (bsc#1051510).\n- usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).\n- usb: core: Fix hub port connection events lost (bsc#1051510).\n- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).\n- usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).\n- usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).\n- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).\n- usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n- usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).\n- usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).\n- usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).\n- usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).\n- usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).\n- usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).\n- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).\n- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).\n- usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).\n- usb: misc: appledisplay: add 20\u0027 Apple Cinema Display (bsc#1051510).\n- usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).\n- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).\n- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).\n- usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).\n- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).\n- usb: omap_udc: use devm_request_irq() (bsc#1051510).\n- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).\n- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).\n- usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).\n- usb: serial: option: add Fibocom NL668 series (bsc#1051510).\n- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).\n- usb: serial: option: add HP lt4132 (bsc#1051510).\n- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).\n- usb: serial: option: add Telit LN940 series (bsc#1051510).\n- usb: serial: option: add two-endpoints device-id flag (bsc#1051510).\n- usb: serial: option: drop redundant interface-class test (bsc#1051510).\n- usb: serial: option: improve Quectel EP06 detection (bsc#1051510).\n- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).\n- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).\n- usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).\n- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).\n- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).\n- userfaultfd: clear the vma-\u003evm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).\n- userfaultfd: remove uffd flags from vma-\u003evm_flags if UFFD_EVENT_FORK fails (bsc#1118809).\n- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).\n- vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).\n- vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n- vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).\n- virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).\n- VMCI: Resource wildcard match fixed (bsc#1051510).\n- w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).\n- watchdog/core: Add missing prototypes for weak functions (git-fixes).\n- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).\n- wlcore: Fix the return value in case of error in \u0027wlcore_vendor_cmd_smart_config_start()\u0027 (bsc#1051510).\n- x86/bugs: Add AMD\u0027s SPEC_CTRL MSR usage (bsc#1106913).\n- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).\n- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).\n- x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).\n- x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).\n- x86/decoder: Fix and update the opcodes map (bsc#1058115).\n- x86/headers/UAPI: Use __u64 instead of u64 in \u0026lt;uapi/asm/hyperv.h\u003e (bsc#1107207).\n- x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).\n- x86/hyperv: Add a function to read both TSC and TSC page value simulateneously (bsc#1107207).\n- x86/hyper-v: Add flush HvFlushGuestPhysicalAddressSpace hypercall support (bsc#1107207).\n- x86/hyper-v: Add hyperv_nested_flush_guest_mapping ftrace support (bsc#1107207).\n- x86/hyperv: Add interrupt handler annotations (bsc#1107207).\n- x86/hyper-v: allocate and use Virtual Processor Assist Pages (bsc#1107207).\n- x86/hyper-v: Allocate the IDT entry early in boot (bsc#1107207).\n- x86/hyper-v: Check cpumask_to_vpset() return value in hyperv_flush_tlb_others_ex() (bsc#1107207).\n- x86/hyper-v: Check for VP_INVAL in hyperv_flush_tlb_others() (bsc#1107207).\n- x86/hyper-v: Consolidate code for converting cpumask to vpset (bsc#1107207).\n- x86/hyper-v: Consolidate the allocation of the hypercall input page (bsc#1107207).\n- x86/hyper-v: define struct hv_enlightened_vmcs and clean field bits (bsc#1107207).\n- x86/hyper-v: detect nested features (bsc#1107207).\n- x86/hyper-v: Enable IPI enlightenments (bsc#1107207).\n- x86/hyper-v: Enhanced IPI enlightenment (bsc#1107207).\n- x86/hyper-v: Enlighten APIC access (bsc#1107207).\n- x86/hyper-v: Fix the circular dependency in IPI enlightenment (bsc#1107207).\n- x86/hyper-v: Fix wrong merge conflict resolution (bsc#1107207).\n- x86/hyper-v/hv_apic: Build the Hyper-V APIC conditionally (bsc#1107207).\n- x86/hyper-v/hv_apic: Include asm/apic.h (bsc#1107207).\n- x86/hyper-v: Implement hv_do_fast_hypercall16 (bsc#1107207).\n- x86/hyper-v: move definitions from TLFS to hyperv-tlfs.h (bsc#1107207).\n- x86/hyper-v: move hyperv.h out of uapi (bsc#1107207).\n- x86/hyper-v: move struct hv_flush_pcpu{,ex} definitions to common header (bsc#1107207).\n- x86/hyperv: Redirect reenlightment notifications on CPU offlining (bsc#1107207).\n- x86/hyperv: Reenlightenment notifications support (bsc#1107207).\n- x86/hyper-v: rename ipi_arg_{ex,non_ex} structures (bsc#1107207).\n- x86/hyper-v: Trace PV IPI send (bsc#1107207).\n- x86/hyper-v: Use cheaper HVCALL_FLUSH_VIRTUAL_ADDRESS_{LIST,SPACE} hypercalls when possible (bsc#1107207).\n- x86/hyper-v: Use cheaper HVCALL_SEND_IPI hypercall when possible (bsc#1107207).\n- x86/hyper-v: Use \u0027fast\u0027 hypercall for HVCALL_SEND_IPI (bsc#1107207).\n- x86/irq: Count Hyper-V reenlightenment interrupts (bsc#1107207).\n- x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).\n- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).\n- x86/kvm/hyper-v: add reenlightenment MSRs support (bsc#1107207).\n- x86/kvm/hyper-v: inject #GP only when invalid SINTx vector is unmasked (bsc#1107207).\n- x86/kvm/hyper-v: remove stale entries from vec_bitmap/auto_eoi_bitmap on vector change (bsc#1107207).\n- x86/kvm: rename HV_X64_MSR_APIC_ASSIST_PAGE to HV_X64_MSR_VP_ASSIST_PAGE (bsc#1107207).\n- x86/l1tf: Show actual SMT state (bsc#1106913).\n- x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).\n- x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).\n- x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).\n- x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279).\n- x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).\n- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).\n- x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).\n- x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).\n- x86/PCI: Add \u0027pci=big_root_window\u0027 option for AMD 64-bit windows (bsc#1120058).\n- x86/PCI: Apply VMD\u0027s AERSID fixup generically (bsc#1120058).\n- x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).\n- x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).\n- x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058).\n- x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).\n- x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).\n- x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).\n- x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).\n- x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058).\n- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).\n- x86/pti: Document fix wrong index (git-fixes).\n- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).\n- x86/retpoline: Remove minimal retpoline support (bsc#1106913).\n- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).\n- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).\n- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).\n- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).\n- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).\n- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).\n- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).\n- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).\n- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).\n- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).\n- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).\n- x86/speculation: Mark string arrays const correctly (bsc#1106913).\n- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).\n- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).\n- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).\n- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).\n- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).\n- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).\n- x86/speculation: Provide IBPB always command line options (bsc#1106913).\n- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).\n- x86/speculation: Rename SSBD update functions (bsc#1106913).\n- x86/speculation: Reorder the spec_v2 code (bsc#1106913).\n- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).\n- x86/speculation: Rework SMT state change (bsc#1106913).\n- x86/speculation: Split out TIF update (bsc#1106913).\n- x86/speculation: Support Enhanced IBRS on future CPUs ().\n- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).\n- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).\n- x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).\n- xen/balloon: Support xend-based toolstack (bnc#1065600).\n- xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).\n- xen: fix race in xen_qlock_wait() (bnc#1107256).\n- xen: fix xen_qlock_wait() (bnc#1107256).\n- xen: make xen_qlock_wait() nestable (bnc#1107256).\n- xen/netfront: do not bug in case of too many frags (bnc#1104824).\n- xen/netfront: tolerate frags with no data (bnc#1119804).\n- xen/pvh: do not try to unplug emulated devices (bnc#1065600).\n- xen/pvh: increase early stack size (bnc#1065600).\n- xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).\n- xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).\n- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).\n- xfs: Fix error code in \u0027xfs_ioc_getbmap()\u0027 (git-fixes).\n- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).\n- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).\n- xfs: Properly detect when DAX won\u0027t be used on any device (bsc#1115976).\n- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).\n- xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).\n- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).\n- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).\n- xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).\n- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).\n- xprtrdma: Do not defer fencing an async RPC\u0027s chunks (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-222,SUSE-SLE-SERVER-12-SP4-2019-222",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0222-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0222-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190222-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0222-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005074.html"
},
{
"category": "self",
"summary": "SUSE Bug 1024718",
"url": "https://bugzilla.suse.com/1024718"
},
{
"category": "self",
"summary": "SUSE Bug 1046299",
"url": "https://bugzilla.suse.com/1046299"
},
{
"category": "self",
"summary": "SUSE Bug 1050242",
"url": "https://bugzilla.suse.com/1050242"
},
{
"category": "self",
"summary": "SUSE Bug 1050244",
"url": "https://bugzilla.suse.com/1050244"
},
{
"category": "self",
"summary": "SUSE Bug 1051510",
"url": "https://bugzilla.suse.com/1051510"
},
{
"category": "self",
"summary": "SUSE Bug 1055120",
"url": "https://bugzilla.suse.com/1055120"
},
{
"category": "self",
"summary": "SUSE Bug 1055121",
"url": "https://bugzilla.suse.com/1055121"
},
{
"category": "self",
"summary": "SUSE Bug 1055186",
"url": "https://bugzilla.suse.com/1055186"
},
{
"category": "self",
"summary": "SUSE Bug 1058115",
"url": "https://bugzilla.suse.com/1058115"
},
{
"category": "self",
"summary": "SUSE Bug 1060463",
"url": "https://bugzilla.suse.com/1060463"
},
{
"category": "self",
"summary": "SUSE Bug 1065600",
"url": "https://bugzilla.suse.com/1065600"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1068032",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "self",
"summary": "SUSE Bug 1068273",
"url": "https://bugzilla.suse.com/1068273"
},
{
"category": "self",
"summary": "SUSE Bug 1074562",
"url": "https://bugzilla.suse.com/1074562"
},
{
"category": "self",
"summary": "SUSE Bug 1074578",
"url": "https://bugzilla.suse.com/1074578"
},
{
"category": "self",
"summary": "SUSE Bug 1074701",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "self",
"summary": "SUSE Bug 1075006",
"url": "https://bugzilla.suse.com/1075006"
},
{
"category": "self",
"summary": "SUSE Bug 1075419",
"url": "https://bugzilla.suse.com/1075419"
},
{
"category": "self",
"summary": "SUSE Bug 1075748",
"url": "https://bugzilla.suse.com/1075748"
},
{
"category": "self",
"summary": "SUSE Bug 1078248",
"url": "https://bugzilla.suse.com/1078248"
},
{
"category": "self",
"summary": "SUSE Bug 1079935",
"url": "https://bugzilla.suse.com/1079935"
},
{
"category": "self",
"summary": "SUSE Bug 1080039",
"url": "https://bugzilla.suse.com/1080039"
},
{
"category": "self",
"summary": "SUSE Bug 1082387",
"url": "https://bugzilla.suse.com/1082387"
},
{
"category": "self",
"summary": "SUSE Bug 1082555",
"url": "https://bugzilla.suse.com/1082555"
},
{
"category": "self",
"summary": "SUSE Bug 1082653",
"url": "https://bugzilla.suse.com/1082653"
},
{
"category": "self",
"summary": "SUSE Bug 1083647",
"url": "https://bugzilla.suse.com/1083647"
},
{
"category": "self",
"summary": "SUSE Bug 1085535",
"url": "https://bugzilla.suse.com/1085535"
},
{
"category": "self",
"summary": "SUSE Bug 1086282",
"url": "https://bugzilla.suse.com/1086282"
},
{
"category": "self",
"summary": "SUSE Bug 1086283",
"url": "https://bugzilla.suse.com/1086283"
},
{
"category": "self",
"summary": "SUSE Bug 1086423",
"url": "https://bugzilla.suse.com/1086423"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1087084",
"url": "https://bugzilla.suse.com/1087084"
},
{
"category": "self",
"summary": "SUSE Bug 1087939",
"url": "https://bugzilla.suse.com/1087939"
},
{
"category": "self",
"summary": "SUSE Bug 1087978",
"url": "https://bugzilla.suse.com/1087978"
},
{
"category": "self",
"summary": "SUSE Bug 1088386",
"url": "https://bugzilla.suse.com/1088386"
},
{
"category": "self",
"summary": "SUSE Bug 1089350",
"url": "https://bugzilla.suse.com/1089350"
},
{
"category": "self",
"summary": "SUSE Bug 1090888",
"url": "https://bugzilla.suse.com/1090888"
},
{
"category": "self",
"summary": "SUSE Bug 1091405",
"url": "https://bugzilla.suse.com/1091405"
},
{
"category": "self",
"summary": "SUSE Bug 1094244",
"url": "https://bugzilla.suse.com/1094244"
},
{
"category": "self",
"summary": "SUSE Bug 1097593",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "self",
"summary": "SUSE Bug 1097755",
"url": "https://bugzilla.suse.com/1097755"
},
{
"category": "self",
"summary": "SUSE Bug 1102055",
"url": "https://bugzilla.suse.com/1102055"
},
{
"category": "self",
"summary": "SUSE Bug 1102875",
"url": "https://bugzilla.suse.com/1102875"
},
{
"category": "self",
"summary": "SUSE Bug 1102877",
"url": "https://bugzilla.suse.com/1102877"
},
{
"category": "self",
"summary": "SUSE Bug 1102879",
"url": "https://bugzilla.suse.com/1102879"
},
{
"category": "self",
"summary": "SUSE Bug 1102882",
"url": "https://bugzilla.suse.com/1102882"
},
{
"category": "self",
"summary": "SUSE Bug 1102896",
"url": "https://bugzilla.suse.com/1102896"
},
{
"category": "self",
"summary": "SUSE Bug 1103257",
"url": "https://bugzilla.suse.com/1103257"
},
{
"category": "self",
"summary": "SUSE Bug 1104353",
"url": "https://bugzilla.suse.com/1104353"
},
{
"category": "self",
"summary": "SUSE Bug 1104427",
"url": "https://bugzilla.suse.com/1104427"
},
{
"category": "self",
"summary": "SUSE Bug 1104824",
"url": "https://bugzilla.suse.com/1104824"
},
{
"category": "self",
"summary": "SUSE Bug 1104967",
"url": "https://bugzilla.suse.com/1104967"
},
{
"category": "self",
"summary": "SUSE Bug 1105168",
"url": "https://bugzilla.suse.com/1105168"
},
{
"category": "self",
"summary": "SUSE Bug 1106105",
"url": "https://bugzilla.suse.com/1106105"
},
{
"category": "self",
"summary": "SUSE Bug 1106110",
"url": "https://bugzilla.suse.com/1106110"
},
{
"category": "self",
"summary": "SUSE Bug 1106237",
"url": "https://bugzilla.suse.com/1106237"
},
{
"category": "self",
"summary": "SUSE Bug 1106240",
"url": "https://bugzilla.suse.com/1106240"
},
{
"category": "self",
"summary": "SUSE Bug 1106615",
"url": "https://bugzilla.suse.com/1106615"
},
{
"category": "self",
"summary": "SUSE Bug 1106913",
"url": "https://bugzilla.suse.com/1106913"
},
{
"category": "self",
"summary": "SUSE Bug 1107207",
"url": "https://bugzilla.suse.com/1107207"
},
{
"category": "self",
"summary": "SUSE Bug 1107256",
"url": "https://bugzilla.suse.com/1107256"
},
{
"category": "self",
"summary": "SUSE Bug 1107385",
"url": "https://bugzilla.suse.com/1107385"
},
{
"category": "self",
"summary": "SUSE Bug 1107866",
"url": "https://bugzilla.suse.com/1107866"
},
{
"category": "self",
"summary": "SUSE Bug 1108270",
"url": "https://bugzilla.suse.com/1108270"
},
{
"category": "self",
"summary": "SUSE Bug 1108468",
"url": "https://bugzilla.suse.com/1108468"
},
{
"category": "self",
"summary": "SUSE Bug 1109272",
"url": "https://bugzilla.suse.com/1109272"
},
{
"category": "self",
"summary": "SUSE Bug 1109772",
"url": "https://bugzilla.suse.com/1109772"
},
{
"category": "self",
"summary": "SUSE Bug 1109806",
"url": "https://bugzilla.suse.com/1109806"
},
{
"category": "self",
"summary": "SUSE Bug 1110006",
"url": "https://bugzilla.suse.com/1110006"
},
{
"category": "self",
"summary": "SUSE Bug 1110558",
"url": "https://bugzilla.suse.com/1110558"
},
{
"category": "self",
"summary": "SUSE Bug 1110998",
"url": "https://bugzilla.suse.com/1110998"
},
{
"category": "self",
"summary": "SUSE Bug 1111062",
"url": "https://bugzilla.suse.com/1111062"
},
{
"category": "self",
"summary": "SUSE Bug 1111174",
"url": "https://bugzilla.suse.com/1111174"
},
{
"category": "self",
"summary": "SUSE Bug 1111188",
"url": "https://bugzilla.suse.com/1111188"
},
{
"category": "self",
"summary": "SUSE Bug 1111469",
"url": "https://bugzilla.suse.com/1111469"
},
{
"category": "self",
"summary": "SUSE Bug 1111696",
"url": "https://bugzilla.suse.com/1111696"
},
{
"category": "self",
"summary": "SUSE Bug 1111795",
"url": "https://bugzilla.suse.com/1111795"
},
{
"category": "self",
"summary": "SUSE Bug 1111809",
"url": "https://bugzilla.suse.com/1111809"
},
{
"category": "self",
"summary": "SUSE Bug 1112128",
"url": "https://bugzilla.suse.com/1112128"
},
{
"category": "self",
"summary": "SUSE Bug 1112963",
"url": "https://bugzilla.suse.com/1112963"
},
{
"category": "self",
"summary": "SUSE Bug 1113295",
"url": "https://bugzilla.suse.com/1113295"
},
{
"category": "self",
"summary": "SUSE Bug 1113412",
"url": "https://bugzilla.suse.com/1113412"
},
{
"category": "self",
"summary": "SUSE Bug 1113501",
"url": "https://bugzilla.suse.com/1113501"
},
{
"category": "self",
"summary": "SUSE Bug 1113677",
"url": "https://bugzilla.suse.com/1113677"
},
{
"category": "self",
"summary": "SUSE Bug 1113722",
"url": "https://bugzilla.suse.com/1113722"
},
{
"category": "self",
"summary": "SUSE Bug 1113769",
"url": "https://bugzilla.suse.com/1113769"
},
{
"category": "self",
"summary": "SUSE Bug 1114015",
"url": "https://bugzilla.suse.com/1114015"
},
{
"category": "self",
"summary": "SUSE Bug 1114178",
"url": "https://bugzilla.suse.com/1114178"
},
{
"category": "self",
"summary": "SUSE Bug 1114279",
"url": "https://bugzilla.suse.com/1114279"
},
{
"category": "self",
"summary": "SUSE Bug 1114385",
"url": "https://bugzilla.suse.com/1114385"
},
{
"category": "self",
"summary": "SUSE Bug 1114576",
"url": "https://bugzilla.suse.com/1114576"
},
{
"category": "self",
"summary": "SUSE Bug 1114577",
"url": "https://bugzilla.suse.com/1114577"
},
{
"category": "self",
"summary": "SUSE Bug 1114578",
"url": "https://bugzilla.suse.com/1114578"
},
{
"category": "self",
"summary": "SUSE Bug 1114579",
"url": "https://bugzilla.suse.com/1114579"
},
{
"category": "self",
"summary": "SUSE Bug 1114580",
"url": "https://bugzilla.suse.com/1114580"
},
{
"category": "self",
"summary": "SUSE Bug 1114581",
"url": "https://bugzilla.suse.com/1114581"
},
{
"category": "self",
"summary": "SUSE Bug 1114582",
"url": "https://bugzilla.suse.com/1114582"
},
{
"category": "self",
"summary": "SUSE Bug 1114583",
"url": "https://bugzilla.suse.com/1114583"
},
{
"category": "self",
"summary": "SUSE Bug 1114584",
"url": "https://bugzilla.suse.com/1114584"
},
{
"category": "self",
"summary": "SUSE Bug 1114585",
"url": "https://bugzilla.suse.com/1114585"
},
{
"category": "self",
"summary": "SUSE Bug 1114648",
"url": "https://bugzilla.suse.com/1114648"
},
{
"category": "self",
"summary": "SUSE Bug 1114839",
"url": "https://bugzilla.suse.com/1114839"
},
{
"category": "self",
"summary": "SUSE Bug 1114871",
"url": "https://bugzilla.suse.com/1114871"
},
{
"category": "self",
"summary": "SUSE Bug 1115074",
"url": "https://bugzilla.suse.com/1115074"
},
{
"category": "self",
"summary": "SUSE Bug 1115269",
"url": "https://bugzilla.suse.com/1115269"
},
{
"category": "self",
"summary": "SUSE Bug 1115431",
"url": "https://bugzilla.suse.com/1115431"
},
{
"category": "self",
"summary": "SUSE Bug 1115433",
"url": "https://bugzilla.suse.com/1115433"
},
{
"category": "self",
"summary": "SUSE Bug 1115440",
"url": "https://bugzilla.suse.com/1115440"
},
{
"category": "self",
"summary": "SUSE Bug 1115567",
"url": "https://bugzilla.suse.com/1115567"
},
{
"category": "self",
"summary": "SUSE Bug 1115709",
"url": "https://bugzilla.suse.com/1115709"
},
{
"category": "self",
"summary": "SUSE Bug 1115976",
"url": "https://bugzilla.suse.com/1115976"
},
{
"category": "self",
"summary": "SUSE Bug 1116040",
"url": "https://bugzilla.suse.com/1116040"
},
{
"category": "self",
"summary": "SUSE Bug 1116183",
"url": "https://bugzilla.suse.com/1116183"
},
{
"category": "self",
"summary": "SUSE Bug 1116336",
"url": "https://bugzilla.suse.com/1116336"
},
{
"category": "self",
"summary": "SUSE Bug 1116692",
"url": "https://bugzilla.suse.com/1116692"
},
{
"category": "self",
"summary": "SUSE Bug 1116693",
"url": "https://bugzilla.suse.com/1116693"
},
{
"category": "self",
"summary": "SUSE Bug 1116698",
"url": "https://bugzilla.suse.com/1116698"
},
{
"category": "self",
"summary": "SUSE Bug 1116699",
"url": "https://bugzilla.suse.com/1116699"
},
{
"category": "self",
"summary": "SUSE Bug 1116700",
"url": "https://bugzilla.suse.com/1116700"
},
{
"category": "self",
"summary": "SUSE Bug 1116701",
"url": "https://bugzilla.suse.com/1116701"
},
{
"category": "self",
"summary": "SUSE Bug 1116803",
"url": "https://bugzilla.suse.com/1116803"
},
{
"category": "self",
"summary": "SUSE Bug 1116841",
"url": "https://bugzilla.suse.com/1116841"
},
{
"category": "self",
"summary": "SUSE Bug 1116862",
"url": "https://bugzilla.suse.com/1116862"
},
{
"category": "self",
"summary": "SUSE Bug 1116863",
"url": "https://bugzilla.suse.com/1116863"
},
{
"category": "self",
"summary": "SUSE Bug 1116876",
"url": "https://bugzilla.suse.com/1116876"
},
{
"category": "self",
"summary": "SUSE Bug 1116877",
"url": "https://bugzilla.suse.com/1116877"
},
{
"category": "self",
"summary": "SUSE Bug 1116878",
"url": "https://bugzilla.suse.com/1116878"
},
{
"category": "self",
"summary": "SUSE Bug 1116891",
"url": "https://bugzilla.suse.com/1116891"
},
{
"category": "self",
"summary": "SUSE Bug 1116895",
"url": "https://bugzilla.suse.com/1116895"
},
{
"category": "self",
"summary": "SUSE Bug 1116899",
"url": "https://bugzilla.suse.com/1116899"
},
{
"category": "self",
"summary": "SUSE Bug 1116950",
"url": "https://bugzilla.suse.com/1116950"
},
{
"category": "self",
"summary": "SUSE Bug 1117115",
"url": "https://bugzilla.suse.com/1117115"
},
{
"category": "self",
"summary": "SUSE Bug 1117162",
"url": "https://bugzilla.suse.com/1117162"
},
{
"category": "self",
"summary": "SUSE Bug 1117165",
"url": "https://bugzilla.suse.com/1117165"
},
{
"category": "self",
"summary": "SUSE Bug 1117168",
"url": "https://bugzilla.suse.com/1117168"
},
{
"category": "self",
"summary": "SUSE Bug 1117172",
"url": "https://bugzilla.suse.com/1117172"
},
{
"category": "self",
"summary": "SUSE Bug 1117174",
"url": "https://bugzilla.suse.com/1117174"
},
{
"category": "self",
"summary": "SUSE Bug 1117181",
"url": "https://bugzilla.suse.com/1117181"
},
{
"category": "self",
"summary": "SUSE Bug 1117184",
"url": "https://bugzilla.suse.com/1117184"
},
{
"category": "self",
"summary": "SUSE Bug 1117186",
"url": "https://bugzilla.suse.com/1117186"
},
{
"category": "self",
"summary": "SUSE Bug 1117188",
"url": "https://bugzilla.suse.com/1117188"
},
{
"category": "self",
"summary": "SUSE Bug 1117189",
"url": "https://bugzilla.suse.com/1117189"
},
{
"category": "self",
"summary": "SUSE Bug 1117349",
"url": "https://bugzilla.suse.com/1117349"
},
{
"category": "self",
"summary": "SUSE Bug 1117561",
"url": "https://bugzilla.suse.com/1117561"
},
{
"category": "self",
"summary": "SUSE Bug 1117656",
"url": "https://bugzilla.suse.com/1117656"
},
{
"category": "self",
"summary": "SUSE Bug 1117788",
"url": "https://bugzilla.suse.com/1117788"
},
{
"category": "self",
"summary": "SUSE Bug 1117789",
"url": "https://bugzilla.suse.com/1117789"
},
{
"category": "self",
"summary": "SUSE Bug 1117790",
"url": "https://bugzilla.suse.com/1117790"
},
{
"category": "self",
"summary": "SUSE Bug 1117791",
"url": "https://bugzilla.suse.com/1117791"
},
{
"category": "self",
"summary": "SUSE Bug 1117792",
"url": "https://bugzilla.suse.com/1117792"
},
{
"category": "self",
"summary": "SUSE Bug 1117794",
"url": "https://bugzilla.suse.com/1117794"
},
{
"category": "self",
"summary": "SUSE Bug 1117795",
"url": "https://bugzilla.suse.com/1117795"
},
{
"category": "self",
"summary": "SUSE Bug 1117796",
"url": "https://bugzilla.suse.com/1117796"
},
{
"category": "self",
"summary": "SUSE Bug 1117798",
"url": "https://bugzilla.suse.com/1117798"
},
{
"category": "self",
"summary": "SUSE Bug 1117799",
"url": "https://bugzilla.suse.com/1117799"
},
{
"category": "self",
"summary": "SUSE Bug 1117801",
"url": "https://bugzilla.suse.com/1117801"
},
{
"category": "self",
"summary": "SUSE Bug 1117802",
"url": "https://bugzilla.suse.com/1117802"
},
{
"category": "self",
"summary": "SUSE Bug 1117803",
"url": "https://bugzilla.suse.com/1117803"
},
{
"category": "self",
"summary": "SUSE Bug 1117804",
"url": "https://bugzilla.suse.com/1117804"
},
{
"category": "self",
"summary": "SUSE Bug 1117805",
"url": "https://bugzilla.suse.com/1117805"
},
{
"category": "self",
"summary": "SUSE Bug 1117806",
"url": "https://bugzilla.suse.com/1117806"
},
{
"category": "self",
"summary": "SUSE Bug 1117807",
"url": "https://bugzilla.suse.com/1117807"
},
{
"category": "self",
"summary": "SUSE Bug 1117808",
"url": "https://bugzilla.suse.com/1117808"
},
{
"category": "self",
"summary": "SUSE Bug 1117815",
"url": "https://bugzilla.suse.com/1117815"
},
{
"category": "self",
"summary": "SUSE Bug 1117816",
"url": "https://bugzilla.suse.com/1117816"
},
{
"category": "self",
"summary": "SUSE Bug 1117817",
"url": "https://bugzilla.suse.com/1117817"
},
{
"category": "self",
"summary": "SUSE Bug 1117818",
"url": "https://bugzilla.suse.com/1117818"
},
{
"category": "self",
"summary": "SUSE Bug 1117819",
"url": "https://bugzilla.suse.com/1117819"
},
{
"category": "self",
"summary": "SUSE Bug 1117820",
"url": "https://bugzilla.suse.com/1117820"
},
{
"category": "self",
"summary": "SUSE Bug 1117821",
"url": "https://bugzilla.suse.com/1117821"
},
{
"category": "self",
"summary": "SUSE Bug 1117822",
"url": "https://bugzilla.suse.com/1117822"
},
{
"category": "self",
"summary": "SUSE Bug 1117953",
"url": "https://bugzilla.suse.com/1117953"
},
{
"category": "self",
"summary": "SUSE Bug 1118102",
"url": "https://bugzilla.suse.com/1118102"
},
{
"category": "self",
"summary": "SUSE Bug 1118136",
"url": "https://bugzilla.suse.com/1118136"
},
{
"category": "self",
"summary": "SUSE Bug 1118137",
"url": "https://bugzilla.suse.com/1118137"
},
{
"category": "self",
"summary": "SUSE Bug 1118138",
"url": "https://bugzilla.suse.com/1118138"
},
{
"category": "self",
"summary": "SUSE Bug 1118140",
"url": "https://bugzilla.suse.com/1118140"
},
{
"category": "self",
"summary": "SUSE Bug 1118152",
"url": "https://bugzilla.suse.com/1118152"
},
{
"category": "self",
"summary": "SUSE Bug 1118215",
"url": "https://bugzilla.suse.com/1118215"
},
{
"category": "self",
"summary": "SUSE Bug 1118316",
"url": "https://bugzilla.suse.com/1118316"
},
{
"category": "self",
"summary": "SUSE Bug 1118319",
"url": "https://bugzilla.suse.com/1118319"
},
{
"category": "self",
"summary": "SUSE Bug 1118320",
"url": "https://bugzilla.suse.com/1118320"
},
{
"category": "self",
"summary": "SUSE Bug 1118428",
"url": "https://bugzilla.suse.com/1118428"
},
{
"category": "self",
"summary": "SUSE Bug 1118484",
"url": "https://bugzilla.suse.com/1118484"
},
{
"category": "self",
"summary": "SUSE Bug 1118505",
"url": "https://bugzilla.suse.com/1118505"
},
{
"category": "self",
"summary": "SUSE Bug 1118752",
"url": "https://bugzilla.suse.com/1118752"
},
{
"category": "self",
"summary": "SUSE Bug 1118760",
"url": "https://bugzilla.suse.com/1118760"
},
{
"category": "self",
"summary": "SUSE Bug 1118761",
"url": "https://bugzilla.suse.com/1118761"
},
{
"category": "self",
"summary": "SUSE Bug 1118762",
"url": "https://bugzilla.suse.com/1118762"
},
{
"category": "self",
"summary": "SUSE Bug 1118766",
"url": "https://bugzilla.suse.com/1118766"
},
{
"category": "self",
"summary": "SUSE Bug 1118767",
"url": "https://bugzilla.suse.com/1118767"
},
{
"category": "self",
"summary": "SUSE Bug 1118768",
"url": "https://bugzilla.suse.com/1118768"
},
{
"category": "self",
"summary": "SUSE Bug 1118769",
"url": "https://bugzilla.suse.com/1118769"
},
{
"category": "self",
"summary": "SUSE Bug 1118771",
"url": "https://bugzilla.suse.com/1118771"
},
{
"category": "self",
"summary": "SUSE Bug 1118772",
"url": "https://bugzilla.suse.com/1118772"
},
{
"category": "self",
"summary": "SUSE Bug 1118773",
"url": "https://bugzilla.suse.com/1118773"
},
{
"category": "self",
"summary": "SUSE Bug 1118774",
"url": "https://bugzilla.suse.com/1118774"
},
{
"category": "self",
"summary": "SUSE Bug 1118775",
"url": "https://bugzilla.suse.com/1118775"
},
{
"category": "self",
"summary": "SUSE Bug 1118787",
"url": "https://bugzilla.suse.com/1118787"
},
{
"category": "self",
"summary": "SUSE Bug 1118788",
"url": "https://bugzilla.suse.com/1118788"
},
{
"category": "self",
"summary": "SUSE Bug 1118798",
"url": "https://bugzilla.suse.com/1118798"
},
{
"category": "self",
"summary": "SUSE Bug 1118809",
"url": "https://bugzilla.suse.com/1118809"
},
{
"category": "self",
"summary": "SUSE Bug 1118962",
"url": "https://bugzilla.suse.com/1118962"
},
{
"category": "self",
"summary": "SUSE Bug 1119017",
"url": "https://bugzilla.suse.com/1119017"
},
{
"category": "self",
"summary": "SUSE Bug 1119086",
"url": "https://bugzilla.suse.com/1119086"
},
{
"category": "self",
"summary": "SUSE Bug 1119212",
"url": "https://bugzilla.suse.com/1119212"
},
{
"category": "self",
"summary": "SUSE Bug 1119322",
"url": "https://bugzilla.suse.com/1119322"
},
{
"category": "self",
"summary": "SUSE Bug 1119410",
"url": "https://bugzilla.suse.com/1119410"
},
{
"category": "self",
"summary": "SUSE Bug 1119714",
"url": "https://bugzilla.suse.com/1119714"
},
{
"category": "self",
"summary": "SUSE Bug 1119749",
"url": "https://bugzilla.suse.com/1119749"
},
{
"category": "self",
"summary": "SUSE Bug 1119804",
"url": "https://bugzilla.suse.com/1119804"
},
{
"category": "self",
"summary": "SUSE Bug 1119946",
"url": "https://bugzilla.suse.com/1119946"
},
{
"category": "self",
"summary": "SUSE Bug 1119947",
"url": "https://bugzilla.suse.com/1119947"
},
{
"category": "self",
"summary": "SUSE Bug 1119962",
"url": "https://bugzilla.suse.com/1119962"
},
{
"category": "self",
"summary": "SUSE Bug 1119968",
"url": "https://bugzilla.suse.com/1119968"
},
{
"category": "self",
"summary": "SUSE Bug 1119974",
"url": "https://bugzilla.suse.com/1119974"
},
{
"category": "self",
"summary": "SUSE Bug 1120036",
"url": "https://bugzilla.suse.com/1120036"
},
{
"category": "self",
"summary": "SUSE Bug 1120046",
"url": "https://bugzilla.suse.com/1120046"
},
{
"category": "self",
"summary": "SUSE Bug 1120053",
"url": "https://bugzilla.suse.com/1120053"
},
{
"category": "self",
"summary": "SUSE Bug 1120054",
"url": "https://bugzilla.suse.com/1120054"
},
{
"category": "self",
"summary": "SUSE Bug 1120055",
"url": "https://bugzilla.suse.com/1120055"
},
{
"category": "self",
"summary": "SUSE Bug 1120058",
"url": "https://bugzilla.suse.com/1120058"
},
{
"category": "self",
"summary": "SUSE Bug 1120088",
"url": "https://bugzilla.suse.com/1120088"
},
{
"category": "self",
"summary": "SUSE Bug 1120092",
"url": "https://bugzilla.suse.com/1120092"
},
{
"category": "self",
"summary": "SUSE Bug 1120094",
"url": "https://bugzilla.suse.com/1120094"
},
{
"category": "self",
"summary": "SUSE Bug 1120096",
"url": "https://bugzilla.suse.com/1120096"
},
{
"category": "self",
"summary": "SUSE Bug 1120097",
"url": "https://bugzilla.suse.com/1120097"
},
{
"category": "self",
"summary": "SUSE Bug 1120173",
"url": "https://bugzilla.suse.com/1120173"
},
{
"category": "self",
"summary": "SUSE Bug 1120214",
"url": "https://bugzilla.suse.com/1120214"
},
{
"category": "self",
"summary": "SUSE Bug 1120223",
"url": "https://bugzilla.suse.com/1120223"
},
{
"category": "self",
"summary": "SUSE Bug 1120228",
"url": "https://bugzilla.suse.com/1120228"
},
{
"category": "self",
"summary": "SUSE Bug 1120230",
"url": "https://bugzilla.suse.com/1120230"
},
{
"category": "self",
"summary": "SUSE Bug 1120232",
"url": "https://bugzilla.suse.com/1120232"
},
{
"category": "self",
"summary": "SUSE Bug 1120234",
"url": "https://bugzilla.suse.com/1120234"
},
{
"category": "self",
"summary": "SUSE Bug 1120235",
"url": "https://bugzilla.suse.com/1120235"
},
{
"category": "self",
"summary": "SUSE Bug 1120238",
"url": "https://bugzilla.suse.com/1120238"
},
{
"category": "self",
"summary": "SUSE Bug 1120594",
"url": "https://bugzilla.suse.com/1120594"
},
{
"category": "self",
"summary": "SUSE Bug 1120598",
"url": "https://bugzilla.suse.com/1120598"
},
{
"category": "self",
"summary": "SUSE Bug 1120600",
"url": "https://bugzilla.suse.com/1120600"
},
{
"category": "self",
"summary": "SUSE Bug 1120601",
"url": "https://bugzilla.suse.com/1120601"
},
{
"category": "self",
"summary": "SUSE Bug 1120602",
"url": "https://bugzilla.suse.com/1120602"
},
{
"category": "self",
"summary": "SUSE Bug 1120603",
"url": "https://bugzilla.suse.com/1120603"
},
{
"category": "self",
"summary": "SUSE Bug 1120604",
"url": "https://bugzilla.suse.com/1120604"
},
{
"category": "self",
"summary": "SUSE Bug 1120606",
"url": "https://bugzilla.suse.com/1120606"
},
{
"category": "self",
"summary": "SUSE Bug 1120612",
"url": "https://bugzilla.suse.com/1120612"
},
{
"category": "self",
"summary": "SUSE Bug 1120613",
"url": "https://bugzilla.suse.com/1120613"
},
{
"category": "self",
"summary": "SUSE Bug 1120614",
"url": "https://bugzilla.suse.com/1120614"
},
{
"category": "self",
"summary": "SUSE Bug 1120615",
"url": "https://bugzilla.suse.com/1120615"
},
{
"category": "self",
"summary": "SUSE Bug 1120616",
"url": "https://bugzilla.suse.com/1120616"
},
{
"category": "self",
"summary": "SUSE Bug 1120617",
"url": "https://bugzilla.suse.com/1120617"
},
{
"category": "self",
"summary": "SUSE Bug 1120618",
"url": "https://bugzilla.suse.com/1120618"
},
{
"category": "self",
"summary": "SUSE Bug 1120620",
"url": "https://bugzilla.suse.com/1120620"
},
{
"category": "self",
"summary": "SUSE Bug 1120621",
"url": "https://bugzilla.suse.com/1120621"
},
{
"category": "self",
"summary": "SUSE Bug 1120632",
"url": "https://bugzilla.suse.com/1120632"
},
{
"category": "self",
"summary": "SUSE Bug 1120633",
"url": "https://bugzilla.suse.com/1120633"
},
{
"category": "self",
"summary": "SUSE Bug 1120743",
"url": "https://bugzilla.suse.com/1120743"
},
{
"category": "self",
"summary": "SUSE Bug 1120954",
"url": "https://bugzilla.suse.com/1120954"
},
{
"category": "self",
"summary": "SUSE Bug 1121017",
"url": "https://bugzilla.suse.com/1121017"
},
{
"category": "self",
"summary": "SUSE Bug 1121058",
"url": "https://bugzilla.suse.com/1121058"
},
{
"category": "self",
"summary": "SUSE Bug 1121263",
"url": "https://bugzilla.suse.com/1121263"
},
{
"category": "self",
"summary": "SUSE Bug 1121273",
"url": "https://bugzilla.suse.com/1121273"
},
{
"category": "self",
"summary": "SUSE Bug 1121477",
"url": "https://bugzilla.suse.com/1121477"
},
{
"category": "self",
"summary": "SUSE Bug 1121483",
"url": "https://bugzilla.suse.com/1121483"
},
{
"category": "self",
"summary": "SUSE Bug 1121599",
"url": "https://bugzilla.suse.com/1121599"
},
{
"category": "self",
"summary": "SUSE Bug 1121621",
"url": "https://bugzilla.suse.com/1121621"
},
{
"category": "self",
"summary": "SUSE Bug 1121714",
"url": "https://bugzilla.suse.com/1121714"
},
{
"category": "self",
"summary": "SUSE Bug 1121715",
"url": "https://bugzilla.suse.com/1121715"
},
{
"category": "self",
"summary": "SUSE Bug 1121973",
"url": "https://bugzilla.suse.com/1121973"
},
{
"category": "self",
"summary": "SUSE Bug 1122019",
"url": "https://bugzilla.suse.com/1122019"
},
{
"category": "self",
"summary": "SUSE Bug 1122292",
"url": "https://bugzilla.suse.com/1122292"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5753 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12232 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14625 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16862 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16884 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18281 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18281/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19824 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19854 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19985 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20169 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-9568 page",
"url": "https://www.suse.com/security/cve/CVE-2018-9568/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2019-02-01T14:42:08Z",
"generator": {
"date": "2019-02-01T14:42:08Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0222-1",
"initial_release_date": "2019-02-01T14:42:08Z",
"revision_history": [
{
"date": "2019-02-01T14:42:08Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-4.12.14-6.6.2.noarch",
"product": {
"name": "kernel-devel-azure-4.12.14-6.6.2.noarch",
"product_id": "kernel-devel-azure-4.12.14-6.6.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-4.12.14-6.6.2.noarch",
"product": {
"name": "kernel-source-azure-4.12.14-6.6.2.noarch",
"product_id": "kernel-source-azure-4.12.14-6.6.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-4.12.14-6.6.2.x86_64",
"product": {
"name": "cluster-md-kmp-azure-4.12.14-6.6.2.x86_64",
"product_id": "cluster-md-kmp-azure-4.12.14-6.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-4.12.14-6.6.2.x86_64",
"product": {
"name": "dlm-kmp-azure-4.12.14-6.6.2.x86_64",
"product_id": "dlm-kmp-azure-4.12.14-6.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-4.12.14-6.6.2.x86_64",
"product": {
"name": "gfs2-kmp-azure-4.12.14-6.6.2.x86_64",
"product_id": "gfs2-kmp-azure-4.12.14-6.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-4.12.14-6.6.2.x86_64",
"product": {
"name": "kernel-azure-4.12.14-6.6.2.x86_64",
"product_id": "kernel-azure-4.12.14-6.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-base-4.12.14-6.6.2.x86_64",
"product": {
"name": "kernel-azure-base-4.12.14-6.6.2.x86_64",
"product_id": "kernel-azure-base-4.12.14-6.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-4.12.14-6.6.2.x86_64",
"product": {
"name": "kernel-azure-devel-4.12.14-6.6.2.x86_64",
"product_id": "kernel-azure-devel-4.12.14-6.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-4.12.14-6.6.2.x86_64",
"product": {
"name": "kernel-azure-extra-4.12.14-6.6.2.x86_64",
"product_id": "kernel-azure-extra-4.12.14-6.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-livepatch-4.12.14-6.6.2.x86_64",
"product": {
"name": "kernel-azure-livepatch-4.12.14-6.6.2.x86_64",
"product_id": "kernel-azure-livepatch-4.12.14-6.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-4.12.14-6.6.2.x86_64",
"product": {
"name": "kernel-syms-azure-4.12.14-6.6.2.x86_64",
"product_id": "kernel-syms-azure-4.12.14-6.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-4.12.14-6.6.2.x86_64",
"product": {
"name": "kselftests-kmp-azure-4.12.14-6.6.2.x86_64",
"product_id": "kselftests-kmp-azure-4.12.14-6.6.2.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-4.12.14-6.6.2.x86_64",
"product": {
"name": "ocfs2-kmp-azure-4.12.14-6.6.2.x86_64",
"product_id": "ocfs2-kmp-azure-4.12.14-6.6.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-4.12.14-6.6.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64"
},
"product_reference": "kernel-azure-4.12.14-6.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-base-4.12.14-6.6.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64"
},
"product_reference": "kernel-azure-base-4.12.14-6.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-4.12.14-6.6.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64"
},
"product_reference": "kernel-azure-devel-4.12.14-6.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-4.12.14-6.6.2.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch"
},
"product_reference": "kernel-devel-azure-4.12.14-6.6.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-4.12.14-6.6.2.noarch as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch"
},
"product_reference": "kernel-source-azure-4.12.14-6.6.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-4.12.14-6.6.2.x86_64 as component of SUSE Linux Enterprise Server 12 SP4",
"product_id": "SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
},
"product_reference": "kernel-syms-azure-4.12.14-6.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-4.12.14-6.6.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64"
},
"product_reference": "kernel-azure-4.12.14-6.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-base-4.12.14-6.6.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64"
},
"product_reference": "kernel-azure-base-4.12.14-6.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-4.12.14-6.6.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64"
},
"product_reference": "kernel-azure-devel-4.12.14-6.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-4.12.14-6.6.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch"
},
"product_reference": "kernel-devel-azure-4.12.14-6.6.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-4.12.14-6.6.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch"
},
"product_reference": "kernel-source-azure-4.12.14-6.6.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-4.12.14-6.6.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
},
"product_reference": "kernel-syms-azure-4.12.14-6.6.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-5753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5753"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5753",
"url": "https://www.suse.com/security/cve/CVE-2017-5753"
},
{
"category": "external",
"summary": "SUSE Bug 1068032 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "external",
"summary": "SUSE Bug 1074562 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1074562"
},
{
"category": "external",
"summary": "SUSE Bug 1074578 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1074578"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1075006 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1075006"
},
{
"category": "external",
"summary": "SUSE Bug 1075419 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1075419"
},
{
"category": "external",
"summary": "SUSE Bug 1075748 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1075748"
},
{
"category": "external",
"summary": "SUSE Bug 1080039 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1080039"
},
{
"category": "external",
"summary": "SUSE Bug 1087084 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1087084"
},
{
"category": "external",
"summary": "SUSE Bug 1087939 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1087939"
},
{
"category": "external",
"summary": "SUSE Bug 1089055 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1089055"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1209547 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1209547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "important"
}
],
"title": "CVE-2017-5753"
},
{
"cve": "CVE-2018-12232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12232"
}
],
"notes": [
{
"category": "general",
"text": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12232",
"url": "https://www.suse.com/security/cve/CVE-2018-12232"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1097593 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "external",
"summary": "SUSE Bug 1125907 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1125907"
},
{
"category": "external",
"summary": "SUSE Bug 1127757 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1127757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "important"
}
],
"title": "CVE-2018-12232"
},
{
"cve": "CVE-2018-14625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14625"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14625",
"url": "https://www.suse.com/security/cve/CVE-2018-14625"
},
{
"category": "external",
"summary": "SUSE Bug 1106615 for CVE-2018-14625",
"url": "https://bugzilla.suse.com/1106615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-14625"
},
{
"cve": "CVE-2018-16862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16862"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16862",
"url": "https://www.suse.com/security/cve/CVE-2018-16862"
},
{
"category": "external",
"summary": "SUSE Bug 1117186 for CVE-2018-16862",
"url": "https://bugzilla.suse.com/1117186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-16862"
},
{
"cve": "CVE-2018-16884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16884"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16884",
"url": "https://www.suse.com/security/cve/CVE-2018-16884"
},
{
"category": "external",
"summary": "SUSE Bug 1119946 for CVE-2018-16884",
"url": "https://bugzilla.suse.com/1119946"
},
{
"category": "external",
"summary": "SUSE Bug 1119947 for CVE-2018-16884",
"url": "https://bugzilla.suse.com/1119947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "important"
}
],
"title": "CVE-2018-16884"
},
{
"cve": "CVE-2018-18281",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18281"
}
],
"notes": [
{
"category": "general",
"text": "Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18281",
"url": "https://www.suse.com/security/cve/CVE-2018-18281"
},
{
"category": "external",
"summary": "SUSE Bug 1113769 for CVE-2018-18281",
"url": "https://bugzilla.suse.com/1113769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-18281"
},
{
"cve": "CVE-2018-18397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18397"
}
],
"notes": [
{
"category": "general",
"text": "The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18397",
"url": "https://www.suse.com/security/cve/CVE-2018-18397"
},
{
"category": "external",
"summary": "SUSE Bug 1117656 for CVE-2018-18397",
"url": "https://bugzilla.suse.com/1117656"
},
{
"category": "external",
"summary": "SUSE Bug 1171522 for CVE-2018-18397",
"url": "https://bugzilla.suse.com/1171522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-18397"
},
{
"cve": "CVE-2018-19407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19407"
}
],
"notes": [
{
"category": "general",
"text": "The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19407",
"url": "https://www.suse.com/security/cve/CVE-2018-19407"
},
{
"category": "external",
"summary": "SUSE Bug 1116841 for CVE-2018-19407",
"url": "https://bugzilla.suse.com/1116841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-19407"
},
{
"cve": "CVE-2018-19824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19824",
"url": "https://www.suse.com/security/cve/CVE-2018-19824"
},
{
"category": "external",
"summary": "SUSE Bug 1118152 for CVE-2018-19824",
"url": "https://bugzilla.suse.com/1118152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-19824"
},
{
"cve": "CVE-2018-19854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19854"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19854",
"url": "https://www.suse.com/security/cve/CVE-2018-19854"
},
{
"category": "external",
"summary": "SUSE Bug 1118428 for CVE-2018-19854",
"url": "https://bugzilla.suse.com/1118428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "low"
}
],
"title": "CVE-2018-19854"
},
{
"cve": "CVE-2018-19985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19985"
}
],
"notes": [
{
"category": "general",
"text": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19985",
"url": "https://www.suse.com/security/cve/CVE-2018-19985"
},
{
"category": "external",
"summary": "SUSE Bug 1120743 for CVE-2018-19985",
"url": "https://bugzilla.suse.com/1120743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "low"
}
],
"title": "CVE-2018-19985"
},
{
"cve": "CVE-2018-20169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20169"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20169",
"url": "https://www.suse.com/security/cve/CVE-2018-20169"
},
{
"category": "external",
"summary": "SUSE Bug 1119714 for CVE-2018-20169",
"url": "https://bugzilla.suse.com/1119714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-20169"
},
{
"cve": "CVE-2018-9568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-9568"
}
],
"notes": [
{
"category": "general",
"text": "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-9568",
"url": "https://www.suse.com/security/cve/CVE-2018-9568"
},
{
"category": "external",
"summary": "SUSE Bug 1118319 for CVE-2018-9568",
"url": "https://bugzilla.suse.com/1118319"
},
{
"category": "external",
"summary": "SUSE Bug 1118320 for CVE-2018-9568",
"url": "https://bugzilla.suse.com/1118320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-base-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-azure-devel-4.12.14-6.6.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-devel-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-source-azure-4.12.14-6.6.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:kernel-syms-azure-4.12.14-6.6.2.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T14:42:08Z",
"details": "moderate"
}
],
"title": "CVE-2018-9568"
}
]
}
suse-su-2019:0150-1
Vulnerability from csaf_suse
Published
2019-01-23 16:58
Modified
2019-01-23 16:58
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 kernel for Azure was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).
- CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).
- CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).
- CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).
- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).
- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).
- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).
- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).
- CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).
- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).
- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).
The following non-security bugs were fixed:
- ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567).
- ACPICA: Tables: Add WSMT support (bsc#1089350).
- ACPI / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115).
- ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).
- ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).
- ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).
- ACPI, nfit: Fix ARS overflow continuation (bsc#1116895).
- ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).
- ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279).
- ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).
- ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).
- act_ife: fix a potential use-after-free (networking-stable-18_09_11).
- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).
- ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).
- ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).
- ALSA: control: Fix race between adding and removing a user element (bsc#1051510).
- ALSA: cs46xx: Potential NULL dereference in probe (bsc#1051510).
- ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- ALSA: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- ALSA: fireface: fix for state to fetch PCM frames (bsc#1051510).
- ALSA: fireface: fix reference to wrong register for clock configuration (bsc#1051510).
- ALSA: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510).
- ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).
- ALSA: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510).
- ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).
- ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).
- ALSA: hda: Add support for AMD Stoney Ridge (bsc#1051510).
- ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).
- ALSA: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).
- ALSA: hda: fix front speakers on Huawei MBXP (bsc#1051510).
- ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).
- ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).
- ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).
- ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).
- ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).
- ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).
- ALSA: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510).
- ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).
- ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).
- ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).
- ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).
- ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).
- ALSA: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).
- ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).
- ALSA: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).
- ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).
- ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).
- ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).
- ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).
- ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).
- ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).
- ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).
- ALSA: hda/realtek - Support ALC300 (bsc#1051510).
- ALSA: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).
- ALSA: hda/tegra: clear pending irq handlers (bsc#1051510).
- ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).
- ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).
- ALSA: pcm: Fix interval evaluation with openmin/max (bsc#1051510).
- ALSA: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).
- ALSA: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).
- ALSA: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).
- ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).
- ALSA: trident: Suppress gcc string warning (bsc#1051510).
- ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).
- ALSA: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).
- ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).
- ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).
- ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).
- ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).
- ALSA: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).
- amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).
- apparmor: do not try to replace stale label in ptrace access check (git-fixes).
- apparmor: do not try to replace stale label in ptraceme check (git-fixes).
- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).
- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).
- arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613).
- arm64: cpu_errata: include required headers (bsc#1120615).
- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).
- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).
- arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).
- arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).
- arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).
- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).
- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).
- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).
- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).
- arm64/numa: Unify common error path in numa_init() (bsc#1120621).
- arm64: remove no-op -p linker flag (bsc#1120616).
- arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).
- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).
- ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)
- ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).
- ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510).
- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).
- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).
- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).
- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).
- ASoC: rsnd: fixup clock start checker (bsc#1051510).
- ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).
- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).
- ata: Fix racy link clearance (bsc#1107866).
- ataflop: fix error handling during setup (bsc#1051510).
- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).
- ath10k: schedule hardware restart if WMI command times out (bsc#1051510).
- ath6kl: Only use match sets when firmware supports it (bsc#1051510).
- b43: Fix error in cordic routine (bsc#1051510).
- batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).
- batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).
- bcache: fix miss key refill->end in writeback (Git-fixes).
- bcache: trace missed reading by cache_missed (Git-fixes).
- bitops: protect variables in bit_clear_unless() macro (bsc#1051510).
- bitops: protect variables in set_mask_bits() macro (bsc#1051510).
- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).
- block: allow max_discard_segments to be stacked (Git-fixes).
- block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes).
- block: copy ioprio in __bio_clone_fast() (bsc#1082653).
- block: really disable runtime-pm for blk-mq (Git-fixes).
- block: reset bi_iter.bi_done after splitting bio (Git-fixes).
- block: respect virtual boundary mask in bvecs (bsc#1113412).
- block/swim: Fix array bounds check (Git-fixes).
- Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).
- Bluetooth: SMP: fix crash in unpairing (bsc#1051510).
- bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ).
- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).
- bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).
- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).
- bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).
- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).
- bonding: avoid possible dead-lock (networking-stable-18_10_16).
- bonding: fix length of actor system (networking-stable-18_11_02).
- bonding: fix warning message (networking-stable-18_10_16).
- bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).
- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).
- bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).
- bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).
- bpf: use per htab salt for bucket hash (git-fixes).
- bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).
- brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).
- brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).
- brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).
- bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).
- Btrfs: Always try all copies when reading extent buffers (git-fixes).
- Btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).
- Btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).
- Btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).
- Btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469).
- Btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).
- Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).
- Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).
- Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).
- Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).
- Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).
- Btrfs: fix deadlock when writing out free space caches (bsc#1116700).
- Btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).
- Btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).
- Btrfs: fix error handling in btrfs_truncate() (bsc#1111469).
- Btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).
- Btrfs: fix fsync of files with multiple hard links in new directories (1120173).
- Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).
- Btrfs: Fix memory barriers usage with device stats counters (git-fixes).
- Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698).
- Btrfs: fix use-after-free during inode eviction (bsc#1116701).
- Btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469).
- Btrfs: fix use-after-free when dumping free space (bsc#1116862).
- Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).
- Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).
- Btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).
- Btrfs: get rid of unused orphan infrastructure (bsc#1111469).
- Btrfs: make sure we create all new block groups (bsc#1116699).
- Btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).
- Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).
- Btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).
- Btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).
- Btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).
- Btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).
- Btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).
- Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).
- Btrfs: stop creating orphan items for truncate (bsc#1111469).
- Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).
- Btrfs: update stale comments referencing vmtruncate() (bsc#1111469).
- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).
- can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).
- can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).
- can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).
- can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).
- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).
- can: hi311x: Use level-triggered interrupt (bsc#1051510).
- can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).
- can: rcar_can: Fix erroneous registration (bsc#1051510).
- can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).
- cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).
- cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).
- cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510).
- ceph: do not update importing cap's mseq when handing cap export (bsc#1121273).
- ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).
- ceph: quota: fix null pointer dereference in quota check (bsc#1114839).
- cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).
- cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).
- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).
- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).
- clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).
- clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).
- clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).
- clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).
- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).
- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).
- clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).
- clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).
- clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).
- clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).
- clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).
- config: arm64: enable erratum 1024718
- configfs: replace strncpy with memcpy (bsc#1051510).
- cpufeature: avoid warning when compiling with clang (Git-fixes).
- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).
- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).
- cpupower: remove stringop-truncation waring (git-fixes).
- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).
- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().
- crypto: ccp - Add GET_ID SEV command ().
- crypto: ccp - Add psp enabled message when initialization succeeds ().
- crypto: ccp - Add support for new CCP/PSP device ID ().
- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().
- crypto: ccp - Fix static checker warning ().
- crypto: ccp - Remove unused #defines ().
- crypto: ccp - Support register differences between PSP devices ().
- crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).
- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).
- dax: Check page->mapping isn't NULL (bsc#1120054).
- dax: Do not access a freed inode (bsc#1120055).
- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).
- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).
- disable stringop truncation warnings for now (git-fixes).
- dm: allocate struct mapped_device with kvzalloc (Git-fixes).
- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).
- dm cache: fix resize crash if user does not reload cache table (Git-fixes).
- dm cache metadata: ignore hints array being too small during resize (Git-fixes).
- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).
- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).
- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).
- dm crypt: do not decrease device limits (Git-fixes).
- dm: fix report zone remapping to account for partition offset (Git-fixes).
- dm integrity: change 'suspending' variable from bool to int (Git-fixes).
- dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes).
- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).
- dm linear: fix linear_end_io conditional definition (Git-fixes).
- dm thin: handle running out of data space vs concurrent discard (Git-fixes).
- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).
- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).
- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).
- dm writecache: report start_sector in status line (Git-fixes).
- dm zoned: fix metadata block ref counting (Git-fixes).
- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).
- doc/README.SUSE: correct GIT url No more gitorious, github we use.
- Documentation/l1tf: Fix typos (bsc#1051510).
- Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).
- driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).
- drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).
- drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749).
- drivers/tty: add missing of_node_put() (bsc#1051510).
- drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).
- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)
- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)
- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)
- drm/ast: change resolution may cause screen blurred (boo#1112963).
- drm/ast: fixed cursor may disappear sometimes (bsc#1051510).
- drm/ast: Fix incorrect free on ioregs (bsc#1051510).
- drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
- drm/dp_mst: Check if primary mstb is null (bsc#1051510).
- drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)
- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)
- drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)
- drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).
- drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).
- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)
- drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).
- drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).
- drm/i915/glk: Remove 99% limitation (bsc#1051510).
- drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).
- drm/i915: Large page offsets for pread/pwrite (bsc#1051510).
- drm/i915: Mark pin flags as u64 (bsc#1051510).
- drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).
- drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).
- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)
- drm/meson: add support for 1080p25 mode (bsc#1051510).
- drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).
- drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).
- drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).
- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)
- drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).
- drm: rcar-du: Fix external clock error checks (bsc#1113722)
- drm: rcar-du: Fix vblank initialization (bsc#1113722)
- drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).
- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)
- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)
- drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722)
- drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)
- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).
- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).
- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).
- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).
- dt-bindings: iio: update STM32 timers clock names (git-fixes).
- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).
- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).
- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).
- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).
- dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes).
- dt-bindings: pwm: Update STM32 timers clock names (git-fixes).
- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).
- EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279).
- EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).
- efi: Move some sysfs files to be read-only by root (bsc#1051510).
- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).
- exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773).
- ext2: fix potential use after free (bsc#1118775).
- ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795).
- ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794).
- ext4: add missing brelse() update_backups()'s error path (bsc#1117796).
- ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).
- ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).
- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).
- ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).
- ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).
- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).
- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).
- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).
- ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).
- ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803).
- ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).
- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).
- ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).
- ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791).
- ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).
- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).
- ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).
- ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).
- extable: Consolidate *kernel_text_address() functions (bsc#1120092).
- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).
- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)
- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)
- fbdev: fix broken menu dependencies (bsc#1113722)
- firmware: add firmware_request_nowarn() - load firmware without warnings ().
- firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).
- firmware: dcdbas: include linux/io.h (bsc#1089350).
- Fix kABI for 'Ensure we commit after writeback is complete' (bsc#1111809).
- Fix the breakage of KMP build on x86_64 (bsc#1121017) The backport of the commit 4cd24de3a098 broke KMP builds because of the failure of make kernelrelease call in spec file. Clear the blacklist and backport the fix from the upstream.
- Fix tracing sample code warning (git-fixes).
- floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).
- flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).
- fscache: fix race between enablement and dropping of object (bsc#1107385).
- fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes).
- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).
- fs: fix lost error code in dio_complete (bsc#1118762).
- fs: Make extension of struct super_block transparent (bsc#1117822).
- fsnotify: Fix busy inodes during unmount (bsc#1117822).
- fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).
- fs/xfs: Use %pS printk format for direct addresses (git-fixes).
- ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172).
- ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).
- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).
- ftrace: Remove incorrect setting of glob search field (bsc#1117184).
- fuse: fix blocked_waitq wakeup (git-fixes).
- fuse: fix leaked notify reply (git-fixes).
- fuse: fix possibly missed wake-up after abort (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).
- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).
- fuse: set FR_SENT while locked (git-fixes).
- gcc-plugins: Add include required by GCC release 8 (git-fixes).
- gcc-plugins: Use dynamic initializers (git-fixes).
- genirq: Fix race on spurious interrupt detection (bsc#1051510).
- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).
- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).
- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).
- gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768).
- gfs2: Put bitmap buffers in put_super (bsc#1118772).
- git_sort.py: Remove non-existent remote tj/libata
- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).
- gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).
- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).
- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).
- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).
- grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).
- gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24).
- HID: Add quirk for Primax PIXART OEM mice (bsc#1119410).
- HID: hiddev: fix potential Spectre v1 (bsc#1051510).
- HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).
- HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).
- HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).
- hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).
- hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510).
- hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).
- hwmon: (ina2xx) Fix current value calculation (bsc#1051510).
- hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).
- hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).
- hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).
- hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).
- hwmon: (raspberrypi) Fix initial notify (bsc#1051510).
- hwmon: (w83795) temp4_type has writable permission (bsc#1051510).
- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- i2c: axxia: properly handle master timeout (bsc#1051510).
- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).
- IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).
- ibmvnic: Convert reset work item mutex to spin lock ().
- ibmvnic: fix accelerated VLAN handling ().
- ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).
- ibmvnic: Fix non-atomic memory allocation in IRQ context ().
- ibmvnic: remove ndo_poll_controller ().
- ibmvnic: Update driver queues after change in ring size support ().
- IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387).
- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).
- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).
- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).
- iio: ad5064: Fix regulator handling (bsc#1051510).
- iio:st_magn: Fix enable device after trigger (bsc#1051510).
- ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510).
- include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510).
- Include modules.fips in kernel-binary as well as kernel-binary-base ().
- inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16).
- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).
- Input: add official Raspberry Pi's touchscreen driver ().
- Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).
- Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).
- Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).
- Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).
- Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).
- Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).
- Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).
- Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).
- Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).
- Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).
- Input: xpad - add PDP device id 0x02a4 (bsc#1051510).
- Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).
- Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).
- Input: xpad - fix some coding style issues (bsc#1051510).
- Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).
- integrity/security: fix digsig.c build error with header file (bsc#1051510).
- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).
- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).
- iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).
- iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).
- iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).
- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).
- iommu/vt-d: Use memunmap to free memremap (bsc#1106105).
- ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).
- ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).
- ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).
- ipmi: Fix timer race with module unload (bsc#1051510).
- ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).
- ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).
- ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21).
- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).
- ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21).
- ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).
- ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).
- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).
- ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).
- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).
- iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).
- iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).
- iwlwifi: fix LED command capability bit (bsc#1119086).
- iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).
- iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).
- iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).
- iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).
- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).
- iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).
- iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).
- iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).
- iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).
- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).
- iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).
- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).
- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).
- jump_label: Split out code under the hotplug lock (bsc#1106913).
- kabi fix for 'NFSv4.1: Fix up replays of interrupted requests' (git-fixes).
- kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- kabi: mask raw in struct bpf_reg_state (bsc#1083647).
- kabi: powerpc: Revert npu callback signature change (bsc#1055120).
- kabi protect hnae_ae_ops (bsc#1104353).
- kabi: protect struct fib_nh_exception (kabi).
- kabi: protect struct rtable (kabi).
- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).
- kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).
- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).
- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).
- kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279).
- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).
- Kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).
- kbuild: verify that $DEPMOD is installed (git-fixes).
- kdb: use memmove instead of overlapping memcpy (bsc#1120954).
- kernfs: Replace strncpy with memcpy (bsc#1120053).
- keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes).
- kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).
- kobject: Replace strncpy with memcpy (git-fixes).
- kprobes: Make list and blacklist root user read only (git-fixes).
- KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).
- KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).
- KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).
- KVM: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).
- KVM: s390: vsie: copy wrapping keys to right place (git-fixes).
- KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279).
- KVM: VMX: re-add ple_gap module parameter (bsc#1106240).
- KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).
- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).
- libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).
- libceph: fall back to sendmsg for slab pages (bsc#1118316).
- libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).
- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).
- libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).
- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).
- libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).
- lib/raid6: Fix arm64 test build (bsc#1051510).
- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).
- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).
- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).
- llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).
- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).
- locking/static_keys: Improve uninitialized key warning (bsc#1106913).
- mac80211: Always report TX status (bsc#1051510).
- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).
- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).
- mac80211: fix TX status reporting for ieee80211s (bsc#1051510).
- mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).
- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).
- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).
- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).
- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).
- mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).
- mach64: fix display corruption on big endian machines (bsc#1113722)
- mach64: fix image corruption due to reading accelerator registers (bsc#1113722)
- mailbox: PCC: handle parse error (bsc#1051510).
- Mark HI and TASKLET softirq synchronous (git-fixes).
- md: allow metadata updates while suspending an array - fix (git-fixes).
- MD: fix invalid stored role for a disk - try2 (git-fixes).
- md: fix raid10 hang issue caused by barrier (git-fixes).
- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).
- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).
- media: omap3isp: Unregister media device as first (bsc#1051510).
- memory_hotplug: cond_resched in __remove_pages (bnc#1114178).
- mfd: menelaus: Fix possible race condition and leak (bsc#1051510).
- mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).
- mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).
- mmc: bcm2835: reset host on timeout (bsc#1051510).
- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).
- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).
- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).
- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).
- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).
- mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).
- mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).
- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).
- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).
- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).
- mm: do not miss the last page because of round-off error (bnc#1118798).
- mm: do not warn about large allocations for slab (git fixes (slab)).
- mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).
- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).
- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).
- mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).
- mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).
- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).
- mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).
- mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).
- mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).
- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).
- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).
- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).
- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).
- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).
- mm: only report isolation failures when offlining memory (generic hotplug debugability).
- mm: print more information about mapping in __dump_page (generic hotplug debugability).
- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).
- mm: rework memcg kernel stack accounting (bnc#1113677).
- mm: sections are not offlined during memory hotremove (bnc#1119968).
- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).
- mm/vmstat.c: fix NUMA statistics updates (git fixes).
- mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).
- mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).
- mount: Retest MNT_LOCKED in do_umount (bsc#1117818).
- Move dell_rbu fix to sorted section (bsc#1087978).
- mtd: cfi: convert inline functions to macros (git-fixes).
- mtd: Fix comparison in map_word_andequal() (git-fixes).
- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).
- nbd: do not allow invalid blocksize settings (Git-fixes).
- neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).
- net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).
- net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).
- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).
- net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).
- net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).
- net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).
- net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).
- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).
- net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).
- net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).
- net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).
- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).
- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).
- net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).
- net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).
- net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).
- net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).
- net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).
- net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).
- net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).
- net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).
- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).
- net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).
- net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).
- net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).
- net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).
- net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).
- net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).
- net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).
- net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).
- net: ena: minor performance improvement (bsc#1111696 bsc#1117561).
- net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).
- net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).
- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).
- net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).
- net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561).
- net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).
- net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21).
- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).
- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).
- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).
- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).
- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).
- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).
- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).
- net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353).
- net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353).
- net: hns3: Check hdev state when getting link status (bsc#1104353).
- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).
- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).
- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).
- net: hns3: Fix ets validate issue (bsc#1104353).
- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).
- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).
- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).
- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).
- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).
- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).
- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).
- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).
- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).
- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).
- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).
- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).
- net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).
- net: hp100: fix always-true check for link up state (networking-stable-18_09_24).
- net: ibm: fix return type of ndo_start_xmit function ().
- net/ibmnvic: Fix deadlock problem in reset ().
- net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).
- net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).
- net: ipv4: do not let PMTU updates increase route MTU (git-fixes).
- net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).
- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).
- netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).
- net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).
- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).
- net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).
- net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).
- net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).
- net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).
- net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).
- net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).
- net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).
- net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).
- net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).
- net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).
- net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).
- net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).
- net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).
- net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).
- net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).
- net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).
- net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).
- net: sched: Fix for duplicate class dump (networking-stable-18_11_02).
- net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).
- net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).
- net: smsc95xx: Fix MTU range (networking-stable-18_11_21).
- net: socket: fix a missing-check bug (networking-stable-18_11_02).
- net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).
- net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).
- net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).
- net: systemport: Protect stop from timeout (networking-stable-18_11_21).
- net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).
- net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).
- net: usb: r8152: constify usb_device_id (bsc#1119749).
- net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749).
- nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).
- nfs: Avoid RCU usage in tracepoints (git-fixes).
- nfs: commit direct writes even if they fail partially (git-fixes).
- nfsd4: permit layoutget of executable-only files (git-fixes).
- nfsd: check for use of the closed special stateid (git-fixes).
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes).
- nfsd: deal with revoked delegations appropriately (git-fixes).
- nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).
- nfsd: Fix another OPEN stateid race (git-fixes).
- nfsd: fix corrupted reply to badly ordered compound (git-fixes).
- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).
- nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).
- nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).
- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).
- nfs: Ensure we commit after writeback is complete (bsc#1111809).
- nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes).
- nfs: Fix a typo in nfs_rename() (git-fixes).
- nfs: Fix typo in nomigration mount option (git-fixes).
- nfs: Fix unstable write completion (git-fixes).
- nfsv4.0 fix client reference leak in callback (git-fixes).
- nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).
- nfsv4.1 fix infinite loop on I/O (git-fixes).
- nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).
- nfsv4.1: Fix up replays of interrupted requests (git-fixes).
- nfsv4: Fix a typo in nfs41_sequence_process (git-fixes).
- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).
- nospec: Allow index argument to have const-qualified type (git-fixes)
- nospec: Include <asm/barrier.h> dependency (bsc#1114279).
- nospec: Kill array_index_nospec_mask_check() (git-fixes).
- nvme-fc: resolve io failures during connect (bsc#1116803).
- nvme: Free ctrl device name on init failure ().
- nvme-multipath: zero out ANA log buffer (bsc#1105168).
- nvme: validate controller state before rescheduling keep alive (bsc#1103257).
- objtool: Detect RIP-relative switch table references (bsc#1058115).
- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).
- objtool: Fix another switch table detection issue (bsc#1058115).
- objtool: Fix double-free in .cold detection error path (bsc#1058115).
- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).
- objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115).
- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).
- objtool: Support GCC 8's cold subfunctions (bsc#1058115).
- objtool: Support GCC 8 switch tables (bsc#1058115).
- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).
- ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816).
- ocfs2: fix ocfs2 read block panic (bsc#1117815).
- ocfs2: free up write context when direct IO failed (bsc#1117821).
- ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808).
- openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).
- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).
- PCI: Add ACS quirk for Ampere root ports (bsc#1120058).
- PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058).
- PCI: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510).
- PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).
- PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).
- PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).
- PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).
- PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)
- PCI: Export pcie_has_flr() (bsc#1120058).
- PCI: hv: Use effective affinity mask (bsc#1109772).
- PCI: imx6: Fix link training status detection in link up check (bsc#1109806).
- PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).
- PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).
- PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).
- PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).
- PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).
- PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).
- PCI: vmd: Assign vector zero to all bridges (bsc#1109806).
- PCI: vmd: Detach resources after stopping root bus (bsc#1109806).
- PCI: vmd: White list for fast interrupt handlers (bsc#1109806).
- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).
- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279).
- perf: fix invalid bit in diagnostic entry (git-fixes).
- perf tools: Fix tracing_path_mount proper path (git-fixes).
- pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).
- pinctrl: meson: fix pinconf bias disable (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).
- pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).
- pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).
- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).
- platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).
- platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).
- pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).
- pNFS: Do not release the sequence slot until we've processed layoutget on open (git-fixes).
- pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).
- powerpc/64s: consolidate MCE counter increment (bsc#1094244).
- powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).
- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).
- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).
- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).
- powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).
- powerpc/mm: Fix typo in comments (bsc#1065729).
- powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).
- powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120).
- powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).
- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).
- powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).
- powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120).
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).
- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).
- powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).
- powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).
- powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).
- powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).
- powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).
- powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).
- powerpc/pseries: Fix DTL buffer registration (bsc#1065729).
- powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).
- powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).
- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).
- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).
- power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).
- power: supply: olpc_battery: correct the temperature units (bsc#1051510).
- pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).
- printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).
- provide linux/set_memory.h (bsc#1113295).
- ptp: fix Spectre v1 vulnerability (bsc#1051510).
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).
- pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510).
- pxa168fb: prepare the clock (bsc#1051510).
- qed: Add driver support for 20G link speed (bsc#1110558).
- qed: Add support for virtual link (bsc#1111795).
- qede: Add driver support for 20G link speed (bsc#1110558).
- qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).
- qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).
- r8152: add byte_enable for ocp_read_word function (bsc#1119749).
- r8152: add Linksys USB3GIGV1 id (bsc#1119749).
- r8152: add r8153_phy_status function (bsc#1119749).
- r8152: adjust lpm settings for RTL8153 (bsc#1119749).
- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).
- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).
- r8152: adjust U2P3 for RTL8153 (bsc#1119749).
- r8152: avoid rx queue more than 1000 packets (bsc#1119749).
- r8152: check if disabling ALDPS is finished (bsc#1119749).
- r8152: correct the definition (bsc#1119749).
- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).
- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).
- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).
- r8152: move calling delay_autosuspend function (bsc#1119749).
- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).
- r8152: move the initialization to reset_resume function (bsc#1119749).
- r8152: move the setting of rx aggregation (bsc#1119749).
- r8152: replace napi_complete with napi_complete_done (bsc#1119749).
- r8152: set rx mode early when linking on (bsc#1119749).
- r8152: split rtl8152_resume function (bsc#1119749).
- r8152: support new chip 8050 (bsc#1119749).
- r8152: support RTL8153B (bsc#1119749).
- r8169: fix NAPI handling under high load (networking-stable-18_11_02).
- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).
- rcu: Allow for page faults in NMI handlers (bsc#1120092).
- RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).
- RDMA/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).
- RDMA/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).
- RDMA/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).
- RDMA/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).
- rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387).
- rds: fix two RCU related problems (networking-stable-18_09_18).
- remoteproc: qcom: Fix potential device node leaks (bsc#1051510).
- reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).
- reset: imx7: Fix always writing bits as 0 (bsc#1051510).
- reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes).
- Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839).
- Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510).
- Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105).
- Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510).
- Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729).
- Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322).
- Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510).
- Revert wlcore patch to follow stable tree develpment
- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).
- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).
- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).
- rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists.
- rpm/kernel-binary.spec.in: allow unsupported modules for -extra (bsc#1111183). SLE-15 and later only.
- rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e ('kconfig: remove silentoldconfig target'), 'make silentoldconfig' can be no longer used. Use 'make syncconfig' instead if available.
- rtc: hctosys: Add missing range error reporting (bsc#1051510).
- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).
- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).
- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).
- rtl8xxxu: Fix missing break in switch (bsc#1051510).
- rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).
- rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).
- rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).
- s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).
- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).
- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).
- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).
- s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).
- s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).
- s390/mm: correct allocate_pgste proc_handler callback (git-fixes).
- s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).
- s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).
- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).
- s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).
- s390/qeth: handle failure on workqueue creation (git-fixes).
- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).
- s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).
- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).
- s390: revert ELF_ET_DYN_BASE base changes (git-fixes).
- s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).
- s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).
- s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).
- s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).
- sbitmap: fix race in wait batch accounting (Git-fixes).
- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).
- sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)).
- sched/smt: Expose sched_smt_present static key (bsc#1106913).
- sched/smt: Make sched_smt_present track topology (bsc#1106913).
- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).
- scripts/git-pre-commit: make executable.
- scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue
- scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe.
- scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).
- scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).
- scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).
- scsi: lpfc: add Trunking support (bsc#1114015).
- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).
- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).
- scsi: lpfc: Correct errors accessing fw log (bsc#1114015).
- scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).
- scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).
- scsi: lpfc: Correct LCB RJT handling (bsc#1114015).
- scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).
- scsi: lpfc: Correct race with abort on completion path (bsc#1114015).
- scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).
- scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).
- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).
- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).
- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).
- scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).
- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).
- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).
- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).
- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).
- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).
- scsi: lpfc: Fix errors in log messages (bsc#1114015).
- scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).
- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).
- scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).
- scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).
- scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).
- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).
- scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).
- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).
- scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).
- scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).
- scsi: lpfc: reduce locking when updating statistics (bsc#1114015).
- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).
- scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).
- scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).
- scsi: lpfc: rport port swap discovery issue (bsc#1118215).
- scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).
- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).
- scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581).
- scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).
- scsi: sg: fix minor memory leak in error path (bsc#1114584).
- scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578).
- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).
- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).
- scsi: target: Fix fortify_panic kernel exception (bsc#1114576).
- scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).
- scsi: target: tcmu: add read length support (bsc#1097755).
- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).
- sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).
- sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).
- sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).
- sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).
- sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21).
- sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16).
- shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).
- shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).
- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).
- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).
- skip LAYOUTRETURN if layout is invalid (git-fixes).
- soc: bcm2835: sync firmware properties with downstream ()
- soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).
- soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).
- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).
- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).
- spi: bcm2835: Fix race on DMA termination (bsc#1051510).
- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).
- splice: do not read more than available pipe space (bsc#1119212).
- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).
- staging:iio:ad7606: fix voltage scales (bsc#1051510).
- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).
- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).
- staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510).
- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).
- staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).
- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).
- SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).
- sunrpc: Do not use stack buffer with scatterlist (git-fixes).
- sunrpc: Fix rpc_task_begin trace point (git-fixes).
- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).
- supported.conf: add raspberrypi-ts driver
- supported.conf: whitelist bluefield eMMC driver
- target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).
- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).
- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).
- tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).
- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).
- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).
- test_firmware: fix error return getting clobbered (bsc#1051510).
- test_hexdump: use memcpy instead of strncpy (bsc#1051510).
- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).
- thermal: bcm2835: enable hwmon explicitly (bsc#1108468).
- thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).
- thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).
- tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).
- tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).
- tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).
- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).
- tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes).
- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).
- tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973).
- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).
- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).
- tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).
- tpm: add retry logic (bsc#1082555).
- tpm: consolidate the TPM startup code (bsc#1082555).
- tpm: do not suspend/resume if power stays on (bsc#1082555).
- tpm: fix intermittent failure with self tests (bsc#1082555).
- tpm: fix response size validation in tpm_get_random() (bsc#1082555).
- tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).
- tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).
- tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).
- tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).
- tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).
- tpm: Restore functionality to xen vtpm driver (bsc#1082555).
- tpm: self test failure should not cause suspend to fail (bsc#1082555).
- tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).
- tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).
- tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).
- tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).
- tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).
- tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).
- tracing/blktrace: Fix to allow setting same value (Git-fixes).
- tracing: Erase irqsoff trace with empty write (bsc#1117189).
- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).
- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).
- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).
- tracing: Fix double free of event_trigger_data (bsc#1120234).
- tracing: Fix missing return symbol in function_graph output (bsc#1120232).
- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).
- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).
- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).
- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).
- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).
- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).
- tty: check name length in tty_find_polling_driver() (bsc#1051510).
- tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).
- tty: Do not return -EAGAIN in blocking read (bsc#1116040).
- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).
- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).
- tty: wipe buffer (bsc#1051510).
- tty: wipe buffer if not echoing data (bsc#1051510).
- tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).
- tuntap: fix multiqueue rx (networking-stable-18_11_21).
- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).
- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).
- udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).
- udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).
- udp6: fix encap return code for resubmitting (git-fixes).
- uio: ensure class is registered before devices (bsc#1051510).
- uio: Fix an Oops on load (bsc#1051510).
- uio: make symbol 'uio_class_registered' static (bsc#1051510).
- unifdef: use memcpy instead of strncpy (bsc#1051510).
- Update config files. Enabled ENA (Amazon network driver) for arm64.
- usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510).
- usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).
- usb: core: Fix hub port connection events lost (bsc#1051510).
- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).
- usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).
- usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).
- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).
- usb: dwc3: core: Clean up ULPI device (bsc#1051510).
- usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).
- usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).
- usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).
- usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).
- usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).
- usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).
- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).
- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).
- usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).
- usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510).
- usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).
- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).
- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).
- usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).
- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).
- usb: omap_udc: use devm_request_irq() (bsc#1051510).
- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).
- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).
- usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).
- usb: serial: option: add Fibocom NL668 series (bsc#1051510).
- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).
- usb: serial: option: add HP lt4132 (bsc#1051510).
- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).
- usb: serial: option: add Telit LN940 series (bsc#1051510).
- usb: serial: option: add two-endpoints device-id flag (bsc#1051510).
- usb: serial: option: drop redundant interface-class test (bsc#1051510).
- usb: serial: option: improve Quectel EP06 detection (bsc#1051510).
- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).
- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).
- usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).
- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).
- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).
- userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).
- userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809).
- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).
- vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).
- vhost: Fix Spectre V1 vulnerability (bsc#1051510).
- vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).
- virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).
- VMCI: Resource wildcard match fixed (bsc#1051510).
- w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).
- watchdog/core: Add missing prototypes for weak functions (git-fixes).
- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).
- wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510).
- x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913).
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).
- x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).
- x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).
- x86/decoder: Fix and update the opcodes map (bsc#1058115).
- x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).
- x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).
- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).
- x86/l1tf: Show actual SMT state (bsc#1106913).
- x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).
- x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).
- x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).
- x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279).
- x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).
- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).
- x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).
- x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).
- x86/PCI: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058).
- x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058).
- x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).
- x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).
- x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058).
- x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).
- x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).
- x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).
- x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).
- x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058).
- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).
- x86/pti: Document fix wrong index (git-fixes).
- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).
- x86/retpoline: Remove minimal retpoline support (bsc#1106913).
- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).
- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).
- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).
- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).
- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).
- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).
- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).
- x86/speculation: Mark string arrays const correctly (bsc#1106913).
- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).
- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).
- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).
- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).
- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).
- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).
- x86/speculation: Provide IBPB always command line options (bsc#1106913).
- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).
- x86/speculation: Rename SSBD update functions (bsc#1106913).
- x86/speculation: Reorder the spec_v2 code (bsc#1106913).
- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).
- x86/speculation: Rework SMT state change (bsc#1106913).
- x86/speculation: Split out TIF update (bsc#1106913).
- x86/speculation: Support Enhanced IBRS on future CPUs ().
- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).
- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).
- x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).
- xen/balloon: Support xend-based toolstack (bnc#1065600).
- xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).
- xen: fix race in xen_qlock_wait() (bnc#1107256).
- xen: fix xen_qlock_wait() (bnc#1107256).
- xen: make xen_qlock_wait() nestable (bnc#1107256).
- xen/netfront: do not bug in case of too many frags (bnc#1104824).
- xen/netfront: tolerate frags with no data (bnc#1119804).
- xen/pvh: do not try to unplug emulated devices (bnc#1065600).
- xen/pvh: increase early stack size (bnc#1065600).
- xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).
- xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).
- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).
- xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).
- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).
- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).
- xfs: Properly detect when DAX won't be used on any device (bsc#1115976).
- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).
- xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).
- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).
- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).
- xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).
- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).
- xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).
Patchnames
SUSE-2019-150,SUSE-SLE-Module-Public-Cloud-15-2019-150
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 15 kernel for Azure was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n- CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash (bnc#1097593).\n- CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).\n- CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n- CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).\n- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nThe following non-security bugs were fixed:\n\n- ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567).\n- ACPICA: Tables: Add WSMT support (bsc#1089350).\n- ACPI / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115).\n- ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).\n- ACPI/IORT: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).\n- ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).\n- ACPI, nfit: Fix ARS overflow continuation (bsc#1116895).\n- ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).\n- ACPI/nfit, x86/mce: Validate a MCE\u0027s address before using it (bsc#1114279).\n- ACPI / platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).\n- ACPI / watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).\n- act_ife: fix a potential use-after-free (networking-stable-18_09_11).\n- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).\n- ALSA: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).\n- ALSA: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).\n- ALSA: control: Fix race between adding and removing a user element (bsc#1051510).\n- ALSA: cs46xx: Potential NULL dereference in probe (bsc#1051510).\n- ALSA: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n- ALSA: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n- ALSA: fireface: fix for state to fetch PCM frames (bsc#1051510).\n- ALSA: fireface: fix reference to wrong register for clock configuration (bsc#1051510).\n- ALSA: firewire-lib: fix wrong assignment for \u0027out_packet_without_header\u0027 tracepoint (bsc#1051510).\n- ALSA: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).\n- ALSA: firewire-lib: use the same print format for \u0027without_header\u0027 tracepoints (bsc#1051510).\n- ALSA: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).\n- ALSA: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).\n- ALSA: hda: Add support for AMD Stoney Ridge (bsc#1051510).\n- ALSA: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).\n- ALSA: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).\n- ALSA: hda: fix front speakers on Huawei MBXP (bsc#1051510).\n- ALSA: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).\n- ALSA: hda/realtek - Add GPIO data update helper (bsc#1051510).\n- ALSA: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).\n- ALSA: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).\n- ALSA: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).\n- ALSA: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).\n- ALSA: hda/realtek - Allow skipping spec-\u003einit_amp detection (bsc#1051510).\n- ALSA: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).\n- ALSA: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).\n- ALSA: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).\n- ALSA: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).\n- ALSA: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).\n- ALSA: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).\n- ALSA: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).\n- ALSA: hda/realtek - Fix HP Headset Mic can\u0027t record (bsc#1051510).\n- ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).\n- ALSA: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).\n- ALSA: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).\n- ALSA: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).\n- ALSA: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).\n- ALSA: hda/realtek - Manage GPIO bits commonly (bsc#1051510).\n- ALSA: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).\n- ALSA: hda/realtek - Support ALC300 (bsc#1051510).\n- ALSA: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).\n- ALSA: hda/tegra: clear pending irq handlers (bsc#1051510).\n- ALSA: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).\n- ALSA: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).\n- ALSA: pcm: Fix interval evaluation with openmin/max (bsc#1051510).\n- ALSA: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).\n- ALSA: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).\n- ALSA: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).\n- ALSA: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).\n- ALSA: trident: Suppress gcc string warning (bsc#1051510).\n- ALSA: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).\n- ALSA: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).\n- ALSA: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).\n- ALSA: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).\n- ALSA: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).\n- ALSA: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).\n- ALSA: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).\n- amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).\n- apparmor: do not try to replace stale label in ptrace access check (git-fixes).\n- apparmor: do not try to replace stale label in ptraceme check (git-fixes).\n- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).\n- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).\n- arm64: atomics: Remove \u0027\u0026\u0027 from \u0027+\u0026\u0027 asm constraint in lse atomics (bsc#1120613).\n- arm64: cpu_errata: include required headers (bsc#1120615).\n- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).\n- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).\n- arm64: KVM: Move CPU ID reg trap setup off the world switch path (bsc#1110998).\n- arm64: KVM: Sanitize PSTATE.M when being set from userspace (bsc#1110998).\n- arm64: KVM: Tighten guest core register access from userspace (bsc#1110998).\n- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).\n- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).\n- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).\n- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).\n- arm64/numa: Unify common error path in numa_init() (bsc#1120621).\n- arm64: remove no-op -p linker flag (bsc#1120616).\n- arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).\n- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).\n- ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)\n- ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).\n- ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510).\n- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).\n- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).\n- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).\n- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).\n- ASoC: rsnd: fixup clock start checker (bsc#1051510).\n- ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).\n- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).\n- ata: Fix racy link clearance (bsc#1107866).\n- ataflop: fix error handling during setup (bsc#1051510).\n- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).\n- ath10k: schedule hardware restart if WMI command times out (bsc#1051510).\n- ath6kl: Only use match sets when firmware supports it (bsc#1051510).\n- b43: Fix error in cordic routine (bsc#1051510).\n- batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).\n- batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).\n- bcache: fix miss key refill-\u003eend in writeback (Git-fixes).\n- bcache: trace missed reading by cache_missed (Git-fixes).\n- bitops: protect variables in bit_clear_unless() macro (bsc#1051510).\n- bitops: protect variables in set_mask_bits() macro (bsc#1051510).\n- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).\n- block: allow max_discard_segments to be stacked (Git-fixes).\n- block: blk_init_allocated_queue() set q-\u003efq as NULL in the fail case (Git-fixes).\n- block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n- block: really disable runtime-pm for blk-mq (Git-fixes).\n- block: reset bi_iter.bi_done after splitting bio (Git-fixes).\n- block: respect virtual boundary mask in bvecs (bsc#1113412).\n- block/swim: Fix array bounds check (Git-fixes).\n- Bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).\n- Bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n- bnxt_en: do not try to offload VLAN \u0027modify\u0027 action (bsc#1050242 ).\n- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).\n- bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).\n- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).\n- bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).\n- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).\n- bonding: avoid possible dead-lock (networking-stable-18_10_16).\n- bonding: fix length of actor system (networking-stable-18_11_02).\n- bonding: fix warning message (networking-stable-18_10_16).\n- bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).\n- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).\n- bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).\n- bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).\n- bpf: use per htab salt for bucket hash (git-fixes).\n- bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).\n- brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).\n- brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).\n- brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).\n- bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).\n- Btrfs: Always try all copies when reading extent buffers (git-fixes).\n- Btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).\n- Btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).\n- Btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).\n- Btrfs: do not check inode\u0027s runtime flags under root-\u003eorphan_lock (bsc#1111469).\n- Btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).\n- Btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).\n- Btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).\n- Btrfs: fix cur_offset in the error case for nocow (bsc#1118140).\n- Btrfs: fix data corruption due to cloning of eof block (bsc#1116878).\n- Btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).\n- Btrfs: fix deadlock when writing out free space caches (bsc#1116700).\n- Btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).\n- Btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).\n- Btrfs: fix error handling in btrfs_truncate() (bsc#1111469).\n- Btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).\n- Btrfs: fix fsync of files with multiple hard links in new directories (1120173).\n- Btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).\n- Btrfs: Fix memory barriers usage with device stats counters (git-fixes).\n- Btrfs: fix null pointer dereference on compressed write path error (bsc#1116698).\n- Btrfs: fix use-after-free during inode eviction (bsc#1116701).\n- Btrfs: fix use-after-free on root-\u003eorphan_block_rsv (bsc#1111469).\n- Btrfs: fix use-after-free when dumping free space (bsc#1116862).\n- Btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).\n- Btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).\n- Btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).\n- Btrfs: get rid of unused orphan infrastructure (bsc#1111469).\n- Btrfs: make sure we create all new block groups (bsc#1116699).\n- Btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).\n- Btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).\n- Btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).\n- Btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).\n- Btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).\n- Btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).\n- Btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).\n- Btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).\n- Btrfs: stop creating orphan items for truncate (bsc#1111469).\n- Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).\n- Btrfs: update stale comments referencing vmtruncate() (bsc#1111469).\n- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n- can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).\n- can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).\n- can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).\n- can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).\n- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).\n- can: hi311x: Use level-triggered interrupt (bsc#1051510).\n- can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).\n- can: rcar_can: Fix erroneous registration (bsc#1051510).\n- can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).\n- cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).\n- cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).\n- cdrom: do not attempt to fiddle with cdo-\u003ecapability (bsc#1051510).\n- ceph: do not update importing cap\u0027s mseq when handing cap export (bsc#1121273).\n- ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).\n- ceph: quota: fix null pointer dereference in quota check (bsc#1114839).\n- cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).\n- cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).\n- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).\n- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).\n- clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).\n- clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).\n- clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).\n- clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).\n- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).\n- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).\n- clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).\n- clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).\n- clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).\n- clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).\n- clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).\n- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).\n- config: arm64: enable erratum 1024718\n- configfs: replace strncpy with memcpy (bsc#1051510).\n- cpufeature: avoid warning when compiling with clang (Git-fixes).\n- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).\n- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).\n- cpupower: remove stringop-truncation waring (git-fixes).\n- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).\n- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().\n- crypto: ccp - Add GET_ID SEV command ().\n- crypto: ccp - Add psp enabled message when initialization succeeds ().\n- crypto: ccp - Add support for new CCP/PSP device ID ().\n- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().\n- crypto: ccp - Fix static checker warning ().\n- crypto: ccp - Remove unused #defines ().\n- crypto: ccp - Support register differences between PSP devices ().\n- crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).\n- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).\n- dax: Check page-\u003emapping isn\u0027t NULL (bsc#1120054).\n- dax: Do not access a freed inode (bsc#1120055).\n- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).\n- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).\n- disable stringop truncation warnings for now (git-fixes).\n- dm: allocate struct mapped_device with kvzalloc (Git-fixes).\n- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).\n- dm cache: fix resize crash if user does not reload cache table (Git-fixes).\n- dm cache metadata: ignore hints array being too small during resize (Git-fixes).\n- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).\n- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).\n- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).\n- dm crypt: do not decrease device limits (Git-fixes).\n- dm: fix report zone remapping to account for partition offset (Git-fixes).\n- dm integrity: change \u0027suspending\u0027 variable from bool to int (Git-fixes).\n- dm ioctl: harden copy_params()\u0027s copy_from_user() from malicious users (Git-fixes).\n- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).\n- dm linear: fix linear_end_io conditional definition (Git-fixes).\n- dm thin: handle running out of data space vs concurrent discard (Git-fixes).\n- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).\n- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).\n- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).\n- dm writecache: report start_sector in status line (Git-fixes).\n- dm zoned: fix metadata block ref counting (Git-fixes).\n- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).\n- doc/README.SUSE: correct GIT url No more gitorious, github we use.\n- Documentation/l1tf: Fix typos (bsc#1051510).\n- Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).\n- driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).\n- drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).\n- drivers/net/usb/r8152: remove the unneeded variable \u0027ret\u0027 in rtl8152_system_suspend (bsc#1119749).\n- drivers/tty: add missing of_node_put() (bsc#1051510).\n- drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).\n- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)\n- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)\n- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)\n- drm/ast: change resolution may cause screen blurred (boo#1112963).\n- drm/ast: fixed cursor may disappear sometimes (bsc#1051510).\n- drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n- drm/ast: Remove existing framebuffers before loading driver (boo#1112963)\n- drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n- drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).\n- drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n- drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)\n- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)\n- drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)\n- drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).\n- drm/i915: Do not unset intel_connector-\u003emst_port (bsc#1051510).\n- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)\n- drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).\n- drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).\n- drm/i915/glk: Remove 99% limitation (bsc#1051510).\n- drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).\n- drm/i915: Large page offsets for pread/pwrite (bsc#1051510).\n- drm/i915: Mark pin flags as u64 (bsc#1051510).\n- drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).\n- drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).\n- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)\n- drm/meson: add support for 1080p25 mode (bsc#1051510).\n- drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).\n- drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).\n- drm/nouveau: Check backlight IDs are \u003e= 0, not \u003e 0 (bsc#1051510).\n- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)\n- drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).\n- drm: rcar-du: Fix external clock error checks (bsc#1113722)\n- drm: rcar-du: Fix vblank initialization (bsc#1113722)\n- drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).\n- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)\n- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)\n- drm/vc4: Set -\u003eis_yuv to false when num_planes == 1 (bsc#1113722)\n- drm/vc4: -\u003ex_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)\n- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).\n- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).\n- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).\n- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).\n- dt-bindings: iio: update STM32 timers clock names (git-fixes).\n- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).\n- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).\n- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).\n- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).\n- dt-bindings: pwm: renesas: tpu: Fix \u0027compatible\u0027 prop description (git-fixes).\n- dt-bindings: pwm: Update STM32 timers clock names (git-fixes).\n- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).\n- EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279).\n- EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).\n- efi: Move some sysfs files to be read-only by root (bsc#1051510).\n- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).\n- exportfs: fix \u0027passing zero to ERR_PTR()\u0027 warning (bsc#1118773).\n- ext2: fix potential use after free (bsc#1118775).\n- ext4: add missing brelse() add_new_gdb_meta_bg()\u0027s error path (bsc#1117795).\n- ext4: add missing brelse() in set_flexbg_block_bitmap()\u0027s error path (bsc#1117794).\n- ext4: add missing brelse() update_backups()\u0027s error path (bsc#1117796).\n- ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).\n- ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).\n- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).\n- ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).\n- ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).\n- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).\n- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).\n- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).\n- ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).\n- ext4: fix possible leak of sbi-\u003es_group_desc_leak in error path (bsc#1117803).\n- ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).\n- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).\n- ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).\n- ext4: fix use-after-free race in ext4_remount()\u0027s error path (bsc#1117791).\n- ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).\n- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).\n- ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).\n- ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).\n- extable: Consolidate *kernel_text_address() functions (bsc#1120092).\n- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).\n- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)\n- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)\n- fbdev: fix broken menu dependencies (bsc#1113722)\n- firmware: add firmware_request_nowarn() - load firmware without warnings ().\n- firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).\n- firmware: dcdbas: include linux/io.h (bsc#1089350).\n- Fix kABI for \u0027Ensure we commit after writeback is complete\u0027 (bsc#1111809).\n- Fix the breakage of KMP build on x86_64 (bsc#1121017) The backport of the commit 4cd24de3a098 broke KMP builds because of the failure of make kernelrelease call in spec file. Clear the blacklist and backport the fix from the upstream.\n- Fix tracing sample code warning (git-fixes).\n- floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).\n- flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).\n- fscache: fix race between enablement and dropping of object (bsc#1107385).\n- fscache: Fix race in fscache_op_complete() due to split atomic_sub \u0026 read (Git-fixes).\n- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).\n- fs: fix lost error code in dio_complete (bsc#1118762).\n- fs: Make extension of struct super_block transparent (bsc#1117822).\n- fsnotify: Fix busy inodes during unmount (bsc#1117822).\n- fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).\n- fs/xfs: Use %pS printk format for direct addresses (git-fixes).\n- ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172).\n- ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).\n- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).\n- ftrace: Remove incorrect setting of glob search field (bsc#1117184).\n- fuse: fix blocked_waitq wakeup (git-fixes).\n- fuse: fix leaked notify reply (git-fixes).\n- fuse: fix possibly missed wake-up after abort (git-fixes).\n- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).\n- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).\n- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).\n- fuse: set FR_SENT while locked (git-fixes).\n- gcc-plugins: Add include required by GCC release 8 (git-fixes).\n- gcc-plugins: Use dynamic initializers (git-fixes).\n- genirq: Fix race on spurious interrupt detection (bsc#1051510).\n- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).\n- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).\n- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).\n- gfs2_meta: -\u003emount() can get NULL dev_name (bsc#1118768).\n- gfs2: Put bitmap buffers in put_super (bsc#1118772).\n- git_sort.py: Remove non-existent remote tj/libata\n- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).\n- gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).\n- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).\n- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).\n- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).\n- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).\n- grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).\n- gso_segment: Reset skb-\u003emac_len after modifying network header (networking-stable-18_09_24).\n- HID: Add quirk for Primax PIXART OEM mice (bsc#1119410).\n- HID: hiddev: fix potential Spectre v1 (bsc#1051510).\n- HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).\n- HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).\n- HID: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).\n- hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).\n- hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510).\n- hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).\n- hwmon: (ina2xx) Fix current value calculation (bsc#1051510).\n- hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).\n- hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n- hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).\n- hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).\n- hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n- hwmon: (w83795) temp4_type has writable permission (bsc#1051510).\n- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n- i2c: axxia: properly handle master timeout (bsc#1051510).\n- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).\n- IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).\n- ibmvnic: Convert reset work item mutex to spin lock ().\n- ibmvnic: fix accelerated VLAN handling ().\n- ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).\n- ibmvnic: Fix non-atomic memory allocation in IRQ context ().\n- ibmvnic: remove ndo_poll_controller ().\n- ibmvnic: Update driver queues after change in ring size support ().\n- IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387).\n- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).\n- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).\n- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n- iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).\n- iio: ad5064: Fix regulator handling (bsc#1051510).\n- iio:st_magn: Fix enable device after trigger (bsc#1051510).\n- ima: fix showing large \u0027violations\u0027 or \u0027runtime_measurements_count\u0027 (bsc#1051510).\n- include/linux/pfn_t.h: force \u0027~\u0027 to be parsed as an unary operator (bsc#1051510).\n- Include modules.fips in kernel-binary as well as kernel-binary-base ().\n- inet: make sure to grab rcu_read_lock before using ireq-\u003eireq_opt (networking-stable-18_10_16).\n- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).\n- Input: add official Raspberry Pi\u0027s touchscreen driver ().\n- Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).\n- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).\n- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).\n- Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).\n- Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).\n- Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).\n- Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).\n- Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).\n- Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).\n- Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).\n- Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).\n- Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).\n- Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n- Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).\n- Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).\n- Input: xpad - fix some coding style issues (bsc#1051510).\n- Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).\n- integrity/security: fix digsig.c build error with header file (bsc#1051510).\n- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).\n- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).\n- iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).\n- iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).\n- iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).\n- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).\n- iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n- ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n- ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).\n- ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).\n- ipmi: Fix timer race with module unload (bsc#1051510).\n- ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n- ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).\n- ipv4: lock mtu in fnhe when received PMTU \u0026lt; net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).\n- ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21).\n- ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).\n- ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).\n- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).\n- ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).\n- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).\n- iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).\n- iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).\n- iwlwifi: fix LED command capability bit (bsc#1119086).\n- iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).\n- iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).\n- iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).\n- iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).\n- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).\n- iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).\n- iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n- iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).\n- iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).\n- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).\n- iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).\n- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).\n- jump_label: Split out code under the hotplug lock (bsc#1106913).\n- kabi fix for \u0027NFSv4.1: Fix up replays of interrupted requests\u0027 (git-fixes).\n- kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n- kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n- kabi: powerpc: Revert npu callback signature change (bsc#1055120).\n- kabi protect hnae_ae_ops (bsc#1104353).\n- kabi: protect struct fib_nh_exception (kabi).\n- kabi: protect struct rtable (kabi).\n- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).\n- kbuild: fix kernel/bounds.c \u0027W=1\u0027 warning (bsc#1051510).\n- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).\n- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).\n- kbuild: move \u0027_all\u0027 target out of $(KBUILD_SRC) conditional (bsc#1114279).\n- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).\n- Kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).\n- kbuild: verify that $DEPMOD is installed (git-fixes).\n- kdb: use memmove instead of overlapping memcpy (bsc#1120954).\n- kernfs: Replace strncpy with memcpy (bsc#1120053).\n- keys: Fix the use of the C++ keyword \u0027private\u0027 in uapi/linux/keyctl.h (Git-fixes).\n- kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).\n- kobject: Replace strncpy with memcpy (git-fixes).\n- kprobes: Make list and blacklist root user read only (git-fixes).\n- KVM: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).\n- KVM: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).\n- KVM: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).\n- KVM: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).\n- KVM: s390: vsie: copy wrapping keys to right place (git-fixes).\n- KVM: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279).\n- KVM: VMX: re-add ple_gap module parameter (bsc#1106240).\n- KVM: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).\n- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).\n- libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n- libceph: fall back to sendmsg for slab pages (bsc#1118316).\n- libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).\n- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).\n- libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).\n- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).\n- libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).\n- lib/raid6: Fix arm64 test build (bsc#1051510).\n- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).\n- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).\n- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).\n- llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).\n- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).\n- locking/static_keys: Improve uninitialized key warning (bsc#1106913).\n- mac80211: Always report TX status (bsc#1051510).\n- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).\n- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).\n- mac80211: fix TX status reporting for ieee80211s (bsc#1051510).\n- mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).\n- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).\n- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).\n- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).\n- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).\n- mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).\n- mach64: fix display corruption on big endian machines (bsc#1113722)\n- mach64: fix image corruption due to reading accelerator registers (bsc#1113722)\n- mailbox: PCC: handle parse error (bsc#1051510).\n- Mark HI and TASKLET softirq synchronous (git-fixes).\n- md: allow metadata updates while suspending an array - fix (git-fixes).\n- MD: fix invalid stored role for a disk - try2 (git-fixes).\n- md: fix raid10 hang issue caused by barrier (git-fixes).\n- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).\n- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).\n- media: omap3isp: Unregister media device as first (bsc#1051510).\n- memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n- mfd: menelaus: Fix possible race condition and leak (bsc#1051510).\n- mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).\n- mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).\n- mmc: bcm2835: reset host on timeout (bsc#1051510).\n- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).\n- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).\n- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).\n- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).\n- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).\n- mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).\n- mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).\n- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).\n- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).\n- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).\n- mm: do not miss the last page because of round-off error (bnc#1118798).\n- mm: do not warn about large allocations for slab (git fixes (slab)).\n- mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).\n- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).\n- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).\n- mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).\n- mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).\n- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).\n- mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).\n- mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).\n- mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).\n- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).\n- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).\n- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).\n- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).\n- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).\n- mm: only report isolation failures when offlining memory (generic hotplug debugability).\n- mm: print more information about mapping in __dump_page (generic hotplug debugability).\n- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).\n- mm: rework memcg kernel stack accounting (bnc#1113677).\n- mm: sections are not offlined during memory hotremove (bnc#1119968).\n- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).\n- mm/vmstat.c: fix NUMA statistics updates (git fixes).\n- mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).\n- mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).\n- mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n- Move dell_rbu fix to sorted section (bsc#1087978).\n- mtd: cfi: convert inline functions to macros (git-fixes).\n- mtd: Fix comparison in map_word_andequal() (git-fixes).\n- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).\n- nbd: do not allow invalid blocksize settings (Git-fixes).\n- neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).\n- net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).\n- net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).\n- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).\n- net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).\n- net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).\n- net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).\n- net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).\n- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).\n- net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).\n- net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).\n- net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).\n- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).\n- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).\n- net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).\n- net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).\n- net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).\n- net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).\n- net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).\n- net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).\n- net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).\n- net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).\n- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).\n- net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).\n- net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).\n- net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).\n- net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).\n- net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).\n- net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).\n- net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).\n- net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).\n- net: ena: minor performance improvement (bsc#1111696 bsc#1117561).\n- net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).\n- net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).\n- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).\n- net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).\n- net: ena: use CSUM_CHECKED device indication to report skb\u0027s checksum status (bsc#1111696 bsc#1117561).\n- net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).\n- net-gro: reset skb-\u003epkt_type in napi_reuse_skb() (networking-stable-18_11_21).\n- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).\n- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).\n- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).\n- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).\n- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).\n- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).\n- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).\n- net: hns3: bugfix for rtnl_lock\u0027s range in the hclgevf_reset() (bsc#1104353).\n- net: hns3: bugfix for the initialization of command queue\u0027s spin lock (bsc#1104353).\n- net: hns3: Check hdev state when getting link status (bsc#1104353).\n- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).\n- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).\n- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).\n- net: hns3: Fix ets validate issue (bsc#1104353).\n- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).\n- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).\n- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).\n- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).\n- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).\n- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).\n- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).\n- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).\n- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).\n- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).\n- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).\n- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).\n- net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).\n- net: hp100: fix always-true check for link up state (networking-stable-18_09_24).\n- net: ibm: fix return type of ndo_start_xmit function ().\n- net/ibmnvic: Fix deadlock problem in reset ().\n- net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).\n- net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).\n- net: ipv4: do not let PMTU updates increase route MTU (git-fixes).\n- net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).\n- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).\n- netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).\n- net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).\n- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).\n- net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).\n- net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).\n- net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).\n- net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).\n- net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).\n- net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).\n- net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).\n- net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).\n- net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).\n- net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).\n- net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).\n- net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).\n- net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).\n- net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n- net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).\n- net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).\n- net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).\n- net: sched: Fix for duplicate class dump (networking-stable-18_11_02).\n- net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).\n- net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).\n- net: smsc95xx: Fix MTU range (networking-stable-18_11_21).\n- net: socket: fix a missing-check bug (networking-stable-18_11_02).\n- net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).\n- net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).\n- net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).\n- net: systemport: Protect stop from timeout (networking-stable-18_11_21).\n- net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).\n- net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).\n- net: usb: r8152: constify usb_device_id (bsc#1119749).\n- net: usb: r8152: use irqsave() in USB\u0027s complete callback (bsc#1119749).\n- nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).\n- nfs: Avoid RCU usage in tracepoints (git-fixes).\n- nfs: commit direct writes even if they fail partially (git-fixes).\n- nfsd4: permit layoutget of executable-only files (git-fixes).\n- nfsd: check for use of the closed special stateid (git-fixes).\n- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x\u003e0) (git-fixes).\n- nfsd: deal with revoked delegations appropriately (git-fixes).\n- nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).\n- nfsd: Fix another OPEN stateid race (git-fixes).\n- nfsd: fix corrupted reply to badly ordered compound (git-fixes).\n- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).\n- nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).\n- nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).\n- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).\n- nfs: Ensure we commit after writeback is complete (bsc#1111809).\n- nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes).\n- nfs: Fix a typo in nfs_rename() (git-fixes).\n- nfs: Fix typo in nomigration mount option (git-fixes).\n- nfs: Fix unstable write completion (git-fixes).\n- nfsv4.0 fix client reference leak in callback (git-fixes).\n- nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).\n- nfsv4.1 fix infinite loop on I/O (git-fixes).\n- nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n- nfsv4.1: Fix up replays of interrupted requests (git-fixes).\n- nfsv4: Fix a typo in nfs41_sequence_process (git-fixes).\n- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).\n- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).\n- nospec: Allow index argument to have const-qualified type (git-fixes)\n- nospec: Include \u0026lt;asm/barrier.h\u003e dependency (bsc#1114279).\n- nospec: Kill array_index_nospec_mask_check() (git-fixes).\n- nvme-fc: resolve io failures during connect (bsc#1116803).\n- nvme: Free ctrl device name on init failure ().\n- nvme-multipath: zero out ANA log buffer (bsc#1105168).\n- nvme: validate controller state before rescheduling keep alive (bsc#1103257).\n- objtool: Detect RIP-relative switch table references (bsc#1058115).\n- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).\n- objtool: Fix another switch table detection issue (bsc#1058115).\n- objtool: Fix double-free in .cold detection error path (bsc#1058115).\n- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).\n- objtool: Fix \u0027noreturn\u0027 detection for recursive sibling calls (bsc#1058115).\n- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).\n- objtool: Support GCC 8\u0027s cold subfunctions (bsc#1058115).\n- objtool: Support GCC 8 switch tables (bsc#1058115).\n- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).\n- ocfs2: fix locking for res-\u003etracking and dlm-\u003etracking_list (bsc#1117816).\n- ocfs2: fix ocfs2 read block panic (bsc#1117815).\n- ocfs2: free up write context when direct IO failed (bsc#1117821).\n- ocfs2: subsystem.su_mutex is required while accessing the item-\u003eci_parent (bsc#1117808).\n- openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).\n- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).\n- PCI: Add ACS quirk for Ampere root ports (bsc#1120058).\n- PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058).\n- PCI: Add Device IDs for Intel GPU \u0027spurious interrupt\u0027 quirk (bsc#1051510).\n- PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).\n- PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).\n- PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).\n- PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).\n- PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)\n- PCI: Export pcie_has_flr() (bsc#1120058).\n- PCI: hv: Use effective affinity mask (bsc#1109772).\n- PCI: imx6: Fix link training status detection in link up check (bsc#1109806).\n- PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).\n- PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).\n- PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).\n- PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).\n- PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).\n- PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).\n- PCI: vmd: Assign vector zero to all bridges (bsc#1109806).\n- PCI: vmd: Detach resources after stopping root bus (bsc#1109806).\n- PCI: vmd: White list for fast interrupt handlers (bsc#1109806).\n- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).\n- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279).\n- perf: fix invalid bit in diagnostic entry (git-fixes).\n- perf tools: Fix tracing_path_mount proper path (git-fixes).\n- pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n- pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n- pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).\n- pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).\n- pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).\n- pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).\n- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).\n- platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).\n- platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).\n- pNFS: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).\n- pNFS: Do not release the sequence slot until we\u0027ve processed layoutget on open (git-fixes).\n- pNFS: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).\n- powerpc/64s: consolidate MCE counter increment (bsc#1094244).\n- powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).\n- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).\n- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).\n- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).\n- powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).\n- powerpc/mm: Fix typo in comments (bsc#1065729).\n- powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).\n- powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120).\n- powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).\n- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).\n- powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).\n- powerpc/powernv: Fix concurrency issue with npu-\u003emmio_atsd_usage (bsc#1055120).\n- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).\n- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).\n- powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).\n- powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).\n- powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).\n- powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).\n- powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).\n- powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).\n- powerpc/pseries: Fix DTL buffer registration (bsc#1065729).\n- powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).\n- powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).\n- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).\n- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).\n- power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).\n- power: supply: olpc_battery: correct the temperature units (bsc#1051510).\n- pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).\n- printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).\n- provide linux/set_memory.h (bsc#1113295).\n- ptp: fix Spectre v1 vulnerability (bsc#1051510).\n- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).\n- pwm: lpss: Release runtime-pm reference from the driver\u0027s remove callback (bsc#1051510).\n- pxa168fb: prepare the clock (bsc#1051510).\n- qed: Add driver support for 20G link speed (bsc#1110558).\n- qed: Add support for virtual link (bsc#1111795).\n- qede: Add driver support for 20G link speed (bsc#1110558).\n- qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).\n- qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).\n- r8152: add byte_enable for ocp_read_word function (bsc#1119749).\n- r8152: add Linksys USB3GIGV1 id (bsc#1119749).\n- r8152: add r8153_phy_status function (bsc#1119749).\n- r8152: adjust lpm settings for RTL8153 (bsc#1119749).\n- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).\n- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).\n- r8152: adjust U2P3 for RTL8153 (bsc#1119749).\n- r8152: avoid rx queue more than 1000 packets (bsc#1119749).\n- r8152: check if disabling ALDPS is finished (bsc#1119749).\n- r8152: correct the definition (bsc#1119749).\n- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).\n- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).\n- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).\n- r8152: move calling delay_autosuspend function (bsc#1119749).\n- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).\n- r8152: move the initialization to reset_resume function (bsc#1119749).\n- r8152: move the setting of rx aggregation (bsc#1119749).\n- r8152: replace napi_complete with napi_complete_done (bsc#1119749).\n- r8152: set rx mode early when linking on (bsc#1119749).\n- r8152: split rtl8152_resume function (bsc#1119749).\n- r8152: support new chip 8050 (bsc#1119749).\n- r8152: support RTL8153B (bsc#1119749).\n- r8169: fix NAPI handling under high load (networking-stable-18_11_02).\n- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).\n- rcu: Allow for page faults in NMI handlers (bsc#1120092).\n- RDMA/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).\n- RDMA/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).\n- RDMA/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).\n- RDMA/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).\n- RDMA/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).\n- rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387).\n- rds: fix two RCU related problems (networking-stable-18_09_18).\n- remoteproc: qcom: Fix potential device node leaks (bsc#1051510).\n- reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).\n- reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n- reset: remove remaining WARN_ON() in \u0026lt;linux/reset.h\u003e (Git-fixes).\n- Revert \u0027ceph: fix dentry leak in splice_dentry()\u0027 (bsc#1114839).\n- Revert commit ef9209b642f \u0027staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c\u0027 (bsc#1051510).\n- Revert \u0027iommu/io-pgtable-arm: Check for v7s-incapable systems\u0027 (bsc#1106105).\n- Revert \u0027PCI/ASPM: Do not initialize link state when aspm_disabled is set\u0027 (bsc#1051510).\n- Revert \u0027powerpc/64: Fix checksum folding in csum_add()\u0027 (bsc#1065729).\n- Revert \u0027scsi: lpfc: ls_rjt erroneus FLOGIs\u0027 (bsc#1119322).\n- Revert \u0027usb: dwc3: gadget: skip Set/Clear Halt when invalid\u0027 (bsc#1051510).\n- Revert wlcore patch to follow stable tree develpment\n- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).\n- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).\n- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).\n- rpm/kernel-binary.spec.in: add macros.s into kernel-*-devel Starting with 4.20-rc1, file arch/*/kernel/macros.s is needed to build out of tree modules. Add it to kernel-${flavor}-devel packages if it exists.\n- rpm/kernel-binary.spec.in: allow unsupported modules for -extra (bsc#1111183). SLE-15 and later only.\n- rpm: use syncconfig instead of silentoldconfig where available Since mainline commit 0085b4191f3e (\u0027kconfig: remove silentoldconfig target\u0027), \u0027make silentoldconfig\u0027 can be no longer used. Use \u0027make syncconfig\u0027 instead if available.\n- rtc: hctosys: Add missing range error reporting (bsc#1051510).\n- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).\n- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).\n- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).\n- rtl8xxxu: Fix missing break in switch (bsc#1051510).\n- rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).\n- rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).\n- rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).\n- s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).\n- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).\n- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).\n- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).\n- s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).\n- s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).\n- s390/mm: correct allocate_pgste proc_handler callback (git-fixes).\n- s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).\n- s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).\n- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).\n- s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).\n- s390/qeth: handle failure on workqueue creation (git-fixes).\n- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).\n- s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).\n- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).\n- s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n- s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).\n- s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).\n- s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).\n- s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).\n- sbitmap: fix race in wait batch accounting (Git-fixes).\n- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).\n- sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)).\n- sched/smt: Expose sched_smt_present static key (bsc#1106913).\n- sched/smt: Make sched_smt_present track topology (bsc#1106913).\n- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).\n- scripts/git-pre-commit: make executable.\n- scripts/git_sort/git_sort.py: add mkp/scsi.git 4.21/scsi-queue\n- scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe.\n- scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).\n- scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).\n- scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).\n- scsi: lpfc: add Trunking support (bsc#1114015).\n- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).\n- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).\n- scsi: lpfc: Correct errors accessing fw log (bsc#1114015).\n- scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).\n- scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).\n- scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n- scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).\n- scsi: lpfc: Correct race with abort on completion path (bsc#1114015).\n- scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).\n- scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).\n- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).\n- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).\n- scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).\n- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).\n- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).\n- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).\n- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).\n- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).\n- scsi: lpfc: Fix errors in log messages (bsc#1114015).\n- scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).\n- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).\n- scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).\n- scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).\n- scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).\n- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).\n- scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).\n- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).\n- scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).\n- scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).\n- scsi: lpfc: reduce locking when updating statistics (bsc#1114015).\n- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).\n- scsi: lpfc: Remove set but not used variable \u0027sgl_size\u0027 (bsc#1114015).\n- scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).\n- scsi: lpfc: rport port swap discovery issue (bsc#1118215).\n- scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).\n- scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).\n- scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).\n- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).\n- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).\n- scsi: qlogicpti: Fix an error handling path in \u0027qpti_sbus_probe()\u0027 (bsc#1114581).\n- scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).\n- scsi: sg: fix minor memory leak in error path (bsc#1114584).\n- scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578).\n- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).\n- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).\n- scsi: target: Fix fortify_panic kernel exception (bsc#1114576).\n- scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).\n- scsi: target: tcmu: add read length support (bsc#1097755).\n- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).\n- sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).\n- sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).\n- sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).\n- sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).\n- sctp: not increase stream\u0027s incnt before sending addstrm_in request (networking-stable-18_11_21).\n- sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16).\n- shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).\n- shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).\n- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).\n- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).\n- skip LAYOUTRETURN if layout is invalid (git-fixes).\n- soc: bcm2835: sync firmware properties with downstream ()\n- soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).\n- soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).\n- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).\n- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).\n- spi: bcm2835: Fix race on DMA termination (bsc#1051510).\n- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).\n- splice: do not read more than available pipe space (bsc#1119212).\n- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).\n- staging:iio:ad7606: fix voltage scales (bsc#1051510).\n- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).\n- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).\n- staging: rtl8723bs: Fix the return value in case of error in \u0027rtw_wx_read32()\u0027 (bsc#1051510).\n- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).\n- staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).\n- SUNRPC: Allow connect to return EHOSTUNREACH (git-fixes).\n- sunrpc: Do not use stack buffer with scatterlist (git-fixes).\n- sunrpc: Fix rpc_task_begin trace point (git-fixes).\n- SUNRPC: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).\n- supported.conf: add raspberrypi-ts driver\n- supported.conf: whitelist bluefield eMMC driver\n- target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).\n- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).\n- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).\n- tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).\n- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).\n- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).\n- test_firmware: fix error return getting clobbered (bsc#1051510).\n- test_hexdump: use memcpy instead of strncpy (bsc#1051510).\n- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).\n- thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n- thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).\n- thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).\n- tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).\n- tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).\n- tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).\n- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).\n- tools: hv: fcopy: set \u0027error\u0027 in case an unknown operation was requested (git-fixes).\n- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).\n- tools/lib/lockdep: Rename \u0027trywlock\u0027 into \u0027trywrlock\u0027 (bsc#1121973).\n- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).\n- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).\n- tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).\n- tpm: add retry logic (bsc#1082555).\n- tpm: consolidate the TPM startup code (bsc#1082555).\n- tpm: do not suspend/resume if power stays on (bsc#1082555).\n- tpm: fix intermittent failure with self tests (bsc#1082555).\n- tpm: fix response size validation in tpm_get_random() (bsc#1082555).\n- tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).\n- tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).\n- tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).\n- tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).\n- tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).\n- tpm: Restore functionality to xen vtpm driver (bsc#1082555).\n- tpm: self test failure should not cause suspend to fail (bsc#1082555).\n- tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).\n- tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).\n- tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).\n- tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).\n- tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).\n- tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).\n- tracing/blktrace: Fix to allow setting same value (Git-fixes).\n- tracing: Erase irqsoff trace with empty write (bsc#1117189).\n- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).\n- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).\n- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).\n- tracing: Fix double free of event_trigger_data (bsc#1120234).\n- tracing: Fix missing return symbol in function_graph output (bsc#1120232).\n- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).\n- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).\n- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).\n- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).\n- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).\n- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).\n- tty: check name length in tty_find_polling_driver() (bsc#1051510).\n- tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).\n- tty: Do not return -EAGAIN in blocking read (bsc#1116040).\n- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).\n- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).\n- tty: wipe buffer (bsc#1051510).\n- tty: wipe buffer if not echoing data (bsc#1051510).\n- tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).\n- tuntap: fix multiqueue rx (networking-stable-18_11_21).\n- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).\n- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).\n- udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).\n- udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).\n- udp6: fix encap return code for resubmitting (git-fixes).\n- uio: ensure class is registered before devices (bsc#1051510).\n- uio: Fix an Oops on load (bsc#1051510).\n- uio: make symbol \u0027uio_class_registered\u0027 static (bsc#1051510).\n- unifdef: use memcpy instead of strncpy (bsc#1051510).\n- Update config files. Enabled ENA (Amazon network driver) for arm64.\n- usb: appledisplay: Add 27\u0027 Apple Cinema Display (bsc#1051510).\n- usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).\n- usb: core: Fix hub port connection events lost (bsc#1051510).\n- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).\n- usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).\n- usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).\n- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).\n- usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n- usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).\n- usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).\n- usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).\n- usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).\n- usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).\n- usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).\n- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).\n- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).\n- usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).\n- usb: misc: appledisplay: add 20\u0027 Apple Cinema Display (bsc#1051510).\n- usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).\n- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).\n- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).\n- usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).\n- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).\n- usb: omap_udc: use devm_request_irq() (bsc#1051510).\n- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).\n- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).\n- usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).\n- usb: serial: option: add Fibocom NL668 series (bsc#1051510).\n- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).\n- usb: serial: option: add HP lt4132 (bsc#1051510).\n- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).\n- usb: serial: option: add Telit LN940 series (bsc#1051510).\n- usb: serial: option: add two-endpoints device-id flag (bsc#1051510).\n- usb: serial: option: drop redundant interface-class test (bsc#1051510).\n- usb: serial: option: improve Quectel EP06 detection (bsc#1051510).\n- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).\n- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).\n- usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).\n- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).\n- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).\n- userfaultfd: clear the vma-\u003evm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).\n- userfaultfd: remove uffd flags from vma-\u003evm_flags if UFFD_EVENT_FORK fails (bsc#1118809).\n- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).\n- vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).\n- vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n- vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).\n- virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).\n- VMCI: Resource wildcard match fixed (bsc#1051510).\n- w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).\n- watchdog/core: Add missing prototypes for weak functions (git-fixes).\n- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).\n- wlcore: Fix the return value in case of error in \u0027wlcore_vendor_cmd_smart_config_start()\u0027 (bsc#1051510).\n- x86/bugs: Add AMD\u0027s SPEC_CTRL MSR usage (bsc#1106913).\n- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).\n- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).\n- x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).\n- x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).\n- x86/decoder: Fix and update the opcodes map (bsc#1058115).\n- x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).\n- x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).\n- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).\n- x86/l1tf: Show actual SMT state (bsc#1106913).\n- x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).\n- x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).\n- x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).\n- x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279).\n- x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).\n- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).\n- x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).\n- x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).\n- x86/PCI: Add \u0027pci=big_root_window\u0027 option for AMD 64-bit windows (bsc#1120058).\n- x86/PCI: Apply VMD\u0027s AERSID fixup generically (bsc#1120058).\n- x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).\n- x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).\n- x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058).\n- x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).\n- x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).\n- x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).\n- x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).\n- x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058).\n- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).\n- x86/pti: Document fix wrong index (git-fixes).\n- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).\n- x86/retpoline: Remove minimal retpoline support (bsc#1106913).\n- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).\n- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).\n- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).\n- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).\n- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).\n- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).\n- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).\n- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).\n- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).\n- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).\n- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).\n- x86/speculation: Mark string arrays const correctly (bsc#1106913).\n- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).\n- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).\n- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).\n- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).\n- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).\n- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).\n- x86/speculation: Provide IBPB always command line options (bsc#1106913).\n- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).\n- x86/speculation: Rename SSBD update functions (bsc#1106913).\n- x86/speculation: Reorder the spec_v2 code (bsc#1106913).\n- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).\n- x86/speculation: Rework SMT state change (bsc#1106913).\n- x86/speculation: Split out TIF update (bsc#1106913).\n- x86/speculation: Support Enhanced IBRS on future CPUs ().\n- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).\n- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).\n- x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).\n- xen/balloon: Support xend-based toolstack (bnc#1065600).\n- xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).\n- xen: fix race in xen_qlock_wait() (bnc#1107256).\n- xen: fix xen_qlock_wait() (bnc#1107256).\n- xen: make xen_qlock_wait() nestable (bnc#1107256).\n- xen/netfront: do not bug in case of too many frags (bnc#1104824).\n- xen/netfront: tolerate frags with no data (bnc#1119804).\n- xen/pvh: do not try to unplug emulated devices (bnc#1065600).\n- xen/pvh: increase early stack size (bnc#1065600).\n- xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).\n- xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).\n- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).\n- xfs: Fix error code in \u0027xfs_ioc_getbmap()\u0027 (git-fixes).\n- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).\n- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).\n- xfs: Properly detect when DAX won\u0027t be used on any device (bsc#1115976).\n- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).\n- xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).\n- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).\n- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).\n- xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).\n- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).\n- xprtrdma: Do not defer fencing an async RPC\u0027s chunks (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-150,SUSE-SLE-Module-Public-Cloud-15-2019-150",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0150-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0150-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190150-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0150-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-January/005059.html"
},
{
"category": "self",
"summary": "SUSE Bug 1024718",
"url": "https://bugzilla.suse.com/1024718"
},
{
"category": "self",
"summary": "SUSE Bug 1046299",
"url": "https://bugzilla.suse.com/1046299"
},
{
"category": "self",
"summary": "SUSE Bug 1050242",
"url": "https://bugzilla.suse.com/1050242"
},
{
"category": "self",
"summary": "SUSE Bug 1050244",
"url": "https://bugzilla.suse.com/1050244"
},
{
"category": "self",
"summary": "SUSE Bug 1051510",
"url": "https://bugzilla.suse.com/1051510"
},
{
"category": "self",
"summary": "SUSE Bug 1055120",
"url": "https://bugzilla.suse.com/1055120"
},
{
"category": "self",
"summary": "SUSE Bug 1055121",
"url": "https://bugzilla.suse.com/1055121"
},
{
"category": "self",
"summary": "SUSE Bug 1055186",
"url": "https://bugzilla.suse.com/1055186"
},
{
"category": "self",
"summary": "SUSE Bug 1058115",
"url": "https://bugzilla.suse.com/1058115"
},
{
"category": "self",
"summary": "SUSE Bug 1060463",
"url": "https://bugzilla.suse.com/1060463"
},
{
"category": "self",
"summary": "SUSE Bug 1065600",
"url": "https://bugzilla.suse.com/1065600"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1068273",
"url": "https://bugzilla.suse.com/1068273"
},
{
"category": "self",
"summary": "SUSE Bug 1078248",
"url": "https://bugzilla.suse.com/1078248"
},
{
"category": "self",
"summary": "SUSE Bug 1079935",
"url": "https://bugzilla.suse.com/1079935"
},
{
"category": "self",
"summary": "SUSE Bug 1082387",
"url": "https://bugzilla.suse.com/1082387"
},
{
"category": "self",
"summary": "SUSE Bug 1082555",
"url": "https://bugzilla.suse.com/1082555"
},
{
"category": "self",
"summary": "SUSE Bug 1082653",
"url": "https://bugzilla.suse.com/1082653"
},
{
"category": "self",
"summary": "SUSE Bug 1083647",
"url": "https://bugzilla.suse.com/1083647"
},
{
"category": "self",
"summary": "SUSE Bug 1085535",
"url": "https://bugzilla.suse.com/1085535"
},
{
"category": "self",
"summary": "SUSE Bug 1086282",
"url": "https://bugzilla.suse.com/1086282"
},
{
"category": "self",
"summary": "SUSE Bug 1086283",
"url": "https://bugzilla.suse.com/1086283"
},
{
"category": "self",
"summary": "SUSE Bug 1086423",
"url": "https://bugzilla.suse.com/1086423"
},
{
"category": "self",
"summary": "SUSE Bug 1087082",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "self",
"summary": "SUSE Bug 1087978",
"url": "https://bugzilla.suse.com/1087978"
},
{
"category": "self",
"summary": "SUSE Bug 1088386",
"url": "https://bugzilla.suse.com/1088386"
},
{
"category": "self",
"summary": "SUSE Bug 1089350",
"url": "https://bugzilla.suse.com/1089350"
},
{
"category": "self",
"summary": "SUSE Bug 1090888",
"url": "https://bugzilla.suse.com/1090888"
},
{
"category": "self",
"summary": "SUSE Bug 1091405",
"url": "https://bugzilla.suse.com/1091405"
},
{
"category": "self",
"summary": "SUSE Bug 1094244",
"url": "https://bugzilla.suse.com/1094244"
},
{
"category": "self",
"summary": "SUSE Bug 1097593",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "self",
"summary": "SUSE Bug 1097755",
"url": "https://bugzilla.suse.com/1097755"
},
{
"category": "self",
"summary": "SUSE Bug 1102875",
"url": "https://bugzilla.suse.com/1102875"
},
{
"category": "self",
"summary": "SUSE Bug 1102877",
"url": "https://bugzilla.suse.com/1102877"
},
{
"category": "self",
"summary": "SUSE Bug 1102879",
"url": "https://bugzilla.suse.com/1102879"
},
{
"category": "self",
"summary": "SUSE Bug 1102882",
"url": "https://bugzilla.suse.com/1102882"
},
{
"category": "self",
"summary": "SUSE Bug 1102896",
"url": "https://bugzilla.suse.com/1102896"
},
{
"category": "self",
"summary": "SUSE Bug 1103257",
"url": "https://bugzilla.suse.com/1103257"
},
{
"category": "self",
"summary": "SUSE Bug 1104353",
"url": "https://bugzilla.suse.com/1104353"
},
{
"category": "self",
"summary": "SUSE Bug 1104427",
"url": "https://bugzilla.suse.com/1104427"
},
{
"category": "self",
"summary": "SUSE Bug 1104824",
"url": "https://bugzilla.suse.com/1104824"
},
{
"category": "self",
"summary": "SUSE Bug 1104967",
"url": "https://bugzilla.suse.com/1104967"
},
{
"category": "self",
"summary": "SUSE Bug 1105168",
"url": "https://bugzilla.suse.com/1105168"
},
{
"category": "self",
"summary": "SUSE Bug 1106105",
"url": "https://bugzilla.suse.com/1106105"
},
{
"category": "self",
"summary": "SUSE Bug 1106110",
"url": "https://bugzilla.suse.com/1106110"
},
{
"category": "self",
"summary": "SUSE Bug 1106237",
"url": "https://bugzilla.suse.com/1106237"
},
{
"category": "self",
"summary": "SUSE Bug 1106240",
"url": "https://bugzilla.suse.com/1106240"
},
{
"category": "self",
"summary": "SUSE Bug 1106615",
"url": "https://bugzilla.suse.com/1106615"
},
{
"category": "self",
"summary": "SUSE Bug 1106913",
"url": "https://bugzilla.suse.com/1106913"
},
{
"category": "self",
"summary": "SUSE Bug 1107256",
"url": "https://bugzilla.suse.com/1107256"
},
{
"category": "self",
"summary": "SUSE Bug 1107385",
"url": "https://bugzilla.suse.com/1107385"
},
{
"category": "self",
"summary": "SUSE Bug 1107866",
"url": "https://bugzilla.suse.com/1107866"
},
{
"category": "self",
"summary": "SUSE Bug 1108270",
"url": "https://bugzilla.suse.com/1108270"
},
{
"category": "self",
"summary": "SUSE Bug 1108468",
"url": "https://bugzilla.suse.com/1108468"
},
{
"category": "self",
"summary": "SUSE Bug 1109272",
"url": "https://bugzilla.suse.com/1109272"
},
{
"category": "self",
"summary": "SUSE Bug 1109772",
"url": "https://bugzilla.suse.com/1109772"
},
{
"category": "self",
"summary": "SUSE Bug 1109806",
"url": "https://bugzilla.suse.com/1109806"
},
{
"category": "self",
"summary": "SUSE Bug 1110006",
"url": "https://bugzilla.suse.com/1110006"
},
{
"category": "self",
"summary": "SUSE Bug 1110558",
"url": "https://bugzilla.suse.com/1110558"
},
{
"category": "self",
"summary": "SUSE Bug 1110998",
"url": "https://bugzilla.suse.com/1110998"
},
{
"category": "self",
"summary": "SUSE Bug 1111062",
"url": "https://bugzilla.suse.com/1111062"
},
{
"category": "self",
"summary": "SUSE Bug 1111174",
"url": "https://bugzilla.suse.com/1111174"
},
{
"category": "self",
"summary": "SUSE Bug 1111183",
"url": "https://bugzilla.suse.com/1111183"
},
{
"category": "self",
"summary": "SUSE Bug 1111188",
"url": "https://bugzilla.suse.com/1111188"
},
{
"category": "self",
"summary": "SUSE Bug 1111469",
"url": "https://bugzilla.suse.com/1111469"
},
{
"category": "self",
"summary": "SUSE Bug 1111696",
"url": "https://bugzilla.suse.com/1111696"
},
{
"category": "self",
"summary": "SUSE Bug 1111795",
"url": "https://bugzilla.suse.com/1111795"
},
{
"category": "self",
"summary": "SUSE Bug 1111809",
"url": "https://bugzilla.suse.com/1111809"
},
{
"category": "self",
"summary": "SUSE Bug 1112963",
"url": "https://bugzilla.suse.com/1112963"
},
{
"category": "self",
"summary": "SUSE Bug 1113295",
"url": "https://bugzilla.suse.com/1113295"
},
{
"category": "self",
"summary": "SUSE Bug 1113412",
"url": "https://bugzilla.suse.com/1113412"
},
{
"category": "self",
"summary": "SUSE Bug 1113501",
"url": "https://bugzilla.suse.com/1113501"
},
{
"category": "self",
"summary": "SUSE Bug 1113677",
"url": "https://bugzilla.suse.com/1113677"
},
{
"category": "self",
"summary": "SUSE Bug 1113722",
"url": "https://bugzilla.suse.com/1113722"
},
{
"category": "self",
"summary": "SUSE Bug 1113769",
"url": "https://bugzilla.suse.com/1113769"
},
{
"category": "self",
"summary": "SUSE Bug 1114015",
"url": "https://bugzilla.suse.com/1114015"
},
{
"category": "self",
"summary": "SUSE Bug 1114178",
"url": "https://bugzilla.suse.com/1114178"
},
{
"category": "self",
"summary": "SUSE Bug 1114279",
"url": "https://bugzilla.suse.com/1114279"
},
{
"category": "self",
"summary": "SUSE Bug 1114385",
"url": "https://bugzilla.suse.com/1114385"
},
{
"category": "self",
"summary": "SUSE Bug 1114576",
"url": "https://bugzilla.suse.com/1114576"
},
{
"category": "self",
"summary": "SUSE Bug 1114577",
"url": "https://bugzilla.suse.com/1114577"
},
{
"category": "self",
"summary": "SUSE Bug 1114578",
"url": "https://bugzilla.suse.com/1114578"
},
{
"category": "self",
"summary": "SUSE Bug 1114579",
"url": "https://bugzilla.suse.com/1114579"
},
{
"category": "self",
"summary": "SUSE Bug 1114580",
"url": "https://bugzilla.suse.com/1114580"
},
{
"category": "self",
"summary": "SUSE Bug 1114581",
"url": "https://bugzilla.suse.com/1114581"
},
{
"category": "self",
"summary": "SUSE Bug 1114582",
"url": "https://bugzilla.suse.com/1114582"
},
{
"category": "self",
"summary": "SUSE Bug 1114583",
"url": "https://bugzilla.suse.com/1114583"
},
{
"category": "self",
"summary": "SUSE Bug 1114584",
"url": "https://bugzilla.suse.com/1114584"
},
{
"category": "self",
"summary": "SUSE Bug 1114585",
"url": "https://bugzilla.suse.com/1114585"
},
{
"category": "self",
"summary": "SUSE Bug 1114839",
"url": "https://bugzilla.suse.com/1114839"
},
{
"category": "self",
"summary": "SUSE Bug 1114871",
"url": "https://bugzilla.suse.com/1114871"
},
{
"category": "self",
"summary": "SUSE Bug 1115074",
"url": "https://bugzilla.suse.com/1115074"
},
{
"category": "self",
"summary": "SUSE Bug 1115269",
"url": "https://bugzilla.suse.com/1115269"
},
{
"category": "self",
"summary": "SUSE Bug 1115431",
"url": "https://bugzilla.suse.com/1115431"
},
{
"category": "self",
"summary": "SUSE Bug 1115433",
"url": "https://bugzilla.suse.com/1115433"
},
{
"category": "self",
"summary": "SUSE Bug 1115440",
"url": "https://bugzilla.suse.com/1115440"
},
{
"category": "self",
"summary": "SUSE Bug 1115567",
"url": "https://bugzilla.suse.com/1115567"
},
{
"category": "self",
"summary": "SUSE Bug 1115709",
"url": "https://bugzilla.suse.com/1115709"
},
{
"category": "self",
"summary": "SUSE Bug 1115976",
"url": "https://bugzilla.suse.com/1115976"
},
{
"category": "self",
"summary": "SUSE Bug 1116040",
"url": "https://bugzilla.suse.com/1116040"
},
{
"category": "self",
"summary": "SUSE Bug 1116183",
"url": "https://bugzilla.suse.com/1116183"
},
{
"category": "self",
"summary": "SUSE Bug 1116336",
"url": "https://bugzilla.suse.com/1116336"
},
{
"category": "self",
"summary": "SUSE Bug 1116692",
"url": "https://bugzilla.suse.com/1116692"
},
{
"category": "self",
"summary": "SUSE Bug 1116693",
"url": "https://bugzilla.suse.com/1116693"
},
{
"category": "self",
"summary": "SUSE Bug 1116698",
"url": "https://bugzilla.suse.com/1116698"
},
{
"category": "self",
"summary": "SUSE Bug 1116699",
"url": "https://bugzilla.suse.com/1116699"
},
{
"category": "self",
"summary": "SUSE Bug 1116700",
"url": "https://bugzilla.suse.com/1116700"
},
{
"category": "self",
"summary": "SUSE Bug 1116701",
"url": "https://bugzilla.suse.com/1116701"
},
{
"category": "self",
"summary": "SUSE Bug 1116803",
"url": "https://bugzilla.suse.com/1116803"
},
{
"category": "self",
"summary": "SUSE Bug 1116841",
"url": "https://bugzilla.suse.com/1116841"
},
{
"category": "self",
"summary": "SUSE Bug 1116862",
"url": "https://bugzilla.suse.com/1116862"
},
{
"category": "self",
"summary": "SUSE Bug 1116863",
"url": "https://bugzilla.suse.com/1116863"
},
{
"category": "self",
"summary": "SUSE Bug 1116876",
"url": "https://bugzilla.suse.com/1116876"
},
{
"category": "self",
"summary": "SUSE Bug 1116877",
"url": "https://bugzilla.suse.com/1116877"
},
{
"category": "self",
"summary": "SUSE Bug 1116878",
"url": "https://bugzilla.suse.com/1116878"
},
{
"category": "self",
"summary": "SUSE Bug 1116891",
"url": "https://bugzilla.suse.com/1116891"
},
{
"category": "self",
"summary": "SUSE Bug 1116895",
"url": "https://bugzilla.suse.com/1116895"
},
{
"category": "self",
"summary": "SUSE Bug 1116899",
"url": "https://bugzilla.suse.com/1116899"
},
{
"category": "self",
"summary": "SUSE Bug 1116950",
"url": "https://bugzilla.suse.com/1116950"
},
{
"category": "self",
"summary": "SUSE Bug 1117115",
"url": "https://bugzilla.suse.com/1117115"
},
{
"category": "self",
"summary": "SUSE Bug 1117162",
"url": "https://bugzilla.suse.com/1117162"
},
{
"category": "self",
"summary": "SUSE Bug 1117165",
"url": "https://bugzilla.suse.com/1117165"
},
{
"category": "self",
"summary": "SUSE Bug 1117168",
"url": "https://bugzilla.suse.com/1117168"
},
{
"category": "self",
"summary": "SUSE Bug 1117172",
"url": "https://bugzilla.suse.com/1117172"
},
{
"category": "self",
"summary": "SUSE Bug 1117174",
"url": "https://bugzilla.suse.com/1117174"
},
{
"category": "self",
"summary": "SUSE Bug 1117181",
"url": "https://bugzilla.suse.com/1117181"
},
{
"category": "self",
"summary": "SUSE Bug 1117184",
"url": "https://bugzilla.suse.com/1117184"
},
{
"category": "self",
"summary": "SUSE Bug 1117186",
"url": "https://bugzilla.suse.com/1117186"
},
{
"category": "self",
"summary": "SUSE Bug 1117188",
"url": "https://bugzilla.suse.com/1117188"
},
{
"category": "self",
"summary": "SUSE Bug 1117189",
"url": "https://bugzilla.suse.com/1117189"
},
{
"category": "self",
"summary": "SUSE Bug 1117349",
"url": "https://bugzilla.suse.com/1117349"
},
{
"category": "self",
"summary": "SUSE Bug 1117561",
"url": "https://bugzilla.suse.com/1117561"
},
{
"category": "self",
"summary": "SUSE Bug 1117656",
"url": "https://bugzilla.suse.com/1117656"
},
{
"category": "self",
"summary": "SUSE Bug 1117788",
"url": "https://bugzilla.suse.com/1117788"
},
{
"category": "self",
"summary": "SUSE Bug 1117789",
"url": "https://bugzilla.suse.com/1117789"
},
{
"category": "self",
"summary": "SUSE Bug 1117790",
"url": "https://bugzilla.suse.com/1117790"
},
{
"category": "self",
"summary": "SUSE Bug 1117791",
"url": "https://bugzilla.suse.com/1117791"
},
{
"category": "self",
"summary": "SUSE Bug 1117792",
"url": "https://bugzilla.suse.com/1117792"
},
{
"category": "self",
"summary": "SUSE Bug 1117794",
"url": "https://bugzilla.suse.com/1117794"
},
{
"category": "self",
"summary": "SUSE Bug 1117795",
"url": "https://bugzilla.suse.com/1117795"
},
{
"category": "self",
"summary": "SUSE Bug 1117796",
"url": "https://bugzilla.suse.com/1117796"
},
{
"category": "self",
"summary": "SUSE Bug 1117798",
"url": "https://bugzilla.suse.com/1117798"
},
{
"category": "self",
"summary": "SUSE Bug 1117799",
"url": "https://bugzilla.suse.com/1117799"
},
{
"category": "self",
"summary": "SUSE Bug 1117801",
"url": "https://bugzilla.suse.com/1117801"
},
{
"category": "self",
"summary": "SUSE Bug 1117802",
"url": "https://bugzilla.suse.com/1117802"
},
{
"category": "self",
"summary": "SUSE Bug 1117803",
"url": "https://bugzilla.suse.com/1117803"
},
{
"category": "self",
"summary": "SUSE Bug 1117804",
"url": "https://bugzilla.suse.com/1117804"
},
{
"category": "self",
"summary": "SUSE Bug 1117805",
"url": "https://bugzilla.suse.com/1117805"
},
{
"category": "self",
"summary": "SUSE Bug 1117806",
"url": "https://bugzilla.suse.com/1117806"
},
{
"category": "self",
"summary": "SUSE Bug 1117807",
"url": "https://bugzilla.suse.com/1117807"
},
{
"category": "self",
"summary": "SUSE Bug 1117808",
"url": "https://bugzilla.suse.com/1117808"
},
{
"category": "self",
"summary": "SUSE Bug 1117815",
"url": "https://bugzilla.suse.com/1117815"
},
{
"category": "self",
"summary": "SUSE Bug 1117816",
"url": "https://bugzilla.suse.com/1117816"
},
{
"category": "self",
"summary": "SUSE Bug 1117817",
"url": "https://bugzilla.suse.com/1117817"
},
{
"category": "self",
"summary": "SUSE Bug 1117818",
"url": "https://bugzilla.suse.com/1117818"
},
{
"category": "self",
"summary": "SUSE Bug 1117819",
"url": "https://bugzilla.suse.com/1117819"
},
{
"category": "self",
"summary": "SUSE Bug 1117820",
"url": "https://bugzilla.suse.com/1117820"
},
{
"category": "self",
"summary": "SUSE Bug 1117821",
"url": "https://bugzilla.suse.com/1117821"
},
{
"category": "self",
"summary": "SUSE Bug 1117822",
"url": "https://bugzilla.suse.com/1117822"
},
{
"category": "self",
"summary": "SUSE Bug 1117953",
"url": "https://bugzilla.suse.com/1117953"
},
{
"category": "self",
"summary": "SUSE Bug 1118102",
"url": "https://bugzilla.suse.com/1118102"
},
{
"category": "self",
"summary": "SUSE Bug 1118136",
"url": "https://bugzilla.suse.com/1118136"
},
{
"category": "self",
"summary": "SUSE Bug 1118137",
"url": "https://bugzilla.suse.com/1118137"
},
{
"category": "self",
"summary": "SUSE Bug 1118138",
"url": "https://bugzilla.suse.com/1118138"
},
{
"category": "self",
"summary": "SUSE Bug 1118140",
"url": "https://bugzilla.suse.com/1118140"
},
{
"category": "self",
"summary": "SUSE Bug 1118152",
"url": "https://bugzilla.suse.com/1118152"
},
{
"category": "self",
"summary": "SUSE Bug 1118215",
"url": "https://bugzilla.suse.com/1118215"
},
{
"category": "self",
"summary": "SUSE Bug 1118316",
"url": "https://bugzilla.suse.com/1118316"
},
{
"category": "self",
"summary": "SUSE Bug 1118319",
"url": "https://bugzilla.suse.com/1118319"
},
{
"category": "self",
"summary": "SUSE Bug 1118320",
"url": "https://bugzilla.suse.com/1118320"
},
{
"category": "self",
"summary": "SUSE Bug 1118428",
"url": "https://bugzilla.suse.com/1118428"
},
{
"category": "self",
"summary": "SUSE Bug 1118484",
"url": "https://bugzilla.suse.com/1118484"
},
{
"category": "self",
"summary": "SUSE Bug 1118505",
"url": "https://bugzilla.suse.com/1118505"
},
{
"category": "self",
"summary": "SUSE Bug 1118752",
"url": "https://bugzilla.suse.com/1118752"
},
{
"category": "self",
"summary": "SUSE Bug 1118760",
"url": "https://bugzilla.suse.com/1118760"
},
{
"category": "self",
"summary": "SUSE Bug 1118761",
"url": "https://bugzilla.suse.com/1118761"
},
{
"category": "self",
"summary": "SUSE Bug 1118762",
"url": "https://bugzilla.suse.com/1118762"
},
{
"category": "self",
"summary": "SUSE Bug 1118766",
"url": "https://bugzilla.suse.com/1118766"
},
{
"category": "self",
"summary": "SUSE Bug 1118767",
"url": "https://bugzilla.suse.com/1118767"
},
{
"category": "self",
"summary": "SUSE Bug 1118768",
"url": "https://bugzilla.suse.com/1118768"
},
{
"category": "self",
"summary": "SUSE Bug 1118769",
"url": "https://bugzilla.suse.com/1118769"
},
{
"category": "self",
"summary": "SUSE Bug 1118771",
"url": "https://bugzilla.suse.com/1118771"
},
{
"category": "self",
"summary": "SUSE Bug 1118772",
"url": "https://bugzilla.suse.com/1118772"
},
{
"category": "self",
"summary": "SUSE Bug 1118773",
"url": "https://bugzilla.suse.com/1118773"
},
{
"category": "self",
"summary": "SUSE Bug 1118774",
"url": "https://bugzilla.suse.com/1118774"
},
{
"category": "self",
"summary": "SUSE Bug 1118775",
"url": "https://bugzilla.suse.com/1118775"
},
{
"category": "self",
"summary": "SUSE Bug 1118798",
"url": "https://bugzilla.suse.com/1118798"
},
{
"category": "self",
"summary": "SUSE Bug 1118809",
"url": "https://bugzilla.suse.com/1118809"
},
{
"category": "self",
"summary": "SUSE Bug 1118962",
"url": "https://bugzilla.suse.com/1118962"
},
{
"category": "self",
"summary": "SUSE Bug 1119017",
"url": "https://bugzilla.suse.com/1119017"
},
{
"category": "self",
"summary": "SUSE Bug 1119086",
"url": "https://bugzilla.suse.com/1119086"
},
{
"category": "self",
"summary": "SUSE Bug 1119212",
"url": "https://bugzilla.suse.com/1119212"
},
{
"category": "self",
"summary": "SUSE Bug 1119322",
"url": "https://bugzilla.suse.com/1119322"
},
{
"category": "self",
"summary": "SUSE Bug 1119410",
"url": "https://bugzilla.suse.com/1119410"
},
{
"category": "self",
"summary": "SUSE Bug 1119714",
"url": "https://bugzilla.suse.com/1119714"
},
{
"category": "self",
"summary": "SUSE Bug 1119749",
"url": "https://bugzilla.suse.com/1119749"
},
{
"category": "self",
"summary": "SUSE Bug 1119804",
"url": "https://bugzilla.suse.com/1119804"
},
{
"category": "self",
"summary": "SUSE Bug 1119946",
"url": "https://bugzilla.suse.com/1119946"
},
{
"category": "self",
"summary": "SUSE Bug 1119947",
"url": "https://bugzilla.suse.com/1119947"
},
{
"category": "self",
"summary": "SUSE Bug 1119962",
"url": "https://bugzilla.suse.com/1119962"
},
{
"category": "self",
"summary": "SUSE Bug 1119968",
"url": "https://bugzilla.suse.com/1119968"
},
{
"category": "self",
"summary": "SUSE Bug 1119974",
"url": "https://bugzilla.suse.com/1119974"
},
{
"category": "self",
"summary": "SUSE Bug 1120036",
"url": "https://bugzilla.suse.com/1120036"
},
{
"category": "self",
"summary": "SUSE Bug 1120053",
"url": "https://bugzilla.suse.com/1120053"
},
{
"category": "self",
"summary": "SUSE Bug 1120054",
"url": "https://bugzilla.suse.com/1120054"
},
{
"category": "self",
"summary": "SUSE Bug 1120055",
"url": "https://bugzilla.suse.com/1120055"
},
{
"category": "self",
"summary": "SUSE Bug 1120058",
"url": "https://bugzilla.suse.com/1120058"
},
{
"category": "self",
"summary": "SUSE Bug 1120088",
"url": "https://bugzilla.suse.com/1120088"
},
{
"category": "self",
"summary": "SUSE Bug 1120092",
"url": "https://bugzilla.suse.com/1120092"
},
{
"category": "self",
"summary": "SUSE Bug 1120094",
"url": "https://bugzilla.suse.com/1120094"
},
{
"category": "self",
"summary": "SUSE Bug 1120096",
"url": "https://bugzilla.suse.com/1120096"
},
{
"category": "self",
"summary": "SUSE Bug 1120097",
"url": "https://bugzilla.suse.com/1120097"
},
{
"category": "self",
"summary": "SUSE Bug 1120173",
"url": "https://bugzilla.suse.com/1120173"
},
{
"category": "self",
"summary": "SUSE Bug 1120214",
"url": "https://bugzilla.suse.com/1120214"
},
{
"category": "self",
"summary": "SUSE Bug 1120223",
"url": "https://bugzilla.suse.com/1120223"
},
{
"category": "self",
"summary": "SUSE Bug 1120228",
"url": "https://bugzilla.suse.com/1120228"
},
{
"category": "self",
"summary": "SUSE Bug 1120230",
"url": "https://bugzilla.suse.com/1120230"
},
{
"category": "self",
"summary": "SUSE Bug 1120232",
"url": "https://bugzilla.suse.com/1120232"
},
{
"category": "self",
"summary": "SUSE Bug 1120234",
"url": "https://bugzilla.suse.com/1120234"
},
{
"category": "self",
"summary": "SUSE Bug 1120235",
"url": "https://bugzilla.suse.com/1120235"
},
{
"category": "self",
"summary": "SUSE Bug 1120238",
"url": "https://bugzilla.suse.com/1120238"
},
{
"category": "self",
"summary": "SUSE Bug 1120594",
"url": "https://bugzilla.suse.com/1120594"
},
{
"category": "self",
"summary": "SUSE Bug 1120598",
"url": "https://bugzilla.suse.com/1120598"
},
{
"category": "self",
"summary": "SUSE Bug 1120600",
"url": "https://bugzilla.suse.com/1120600"
},
{
"category": "self",
"summary": "SUSE Bug 1120601",
"url": "https://bugzilla.suse.com/1120601"
},
{
"category": "self",
"summary": "SUSE Bug 1120602",
"url": "https://bugzilla.suse.com/1120602"
},
{
"category": "self",
"summary": "SUSE Bug 1120603",
"url": "https://bugzilla.suse.com/1120603"
},
{
"category": "self",
"summary": "SUSE Bug 1120604",
"url": "https://bugzilla.suse.com/1120604"
},
{
"category": "self",
"summary": "SUSE Bug 1120606",
"url": "https://bugzilla.suse.com/1120606"
},
{
"category": "self",
"summary": "SUSE Bug 1120612",
"url": "https://bugzilla.suse.com/1120612"
},
{
"category": "self",
"summary": "SUSE Bug 1120613",
"url": "https://bugzilla.suse.com/1120613"
},
{
"category": "self",
"summary": "SUSE Bug 1120614",
"url": "https://bugzilla.suse.com/1120614"
},
{
"category": "self",
"summary": "SUSE Bug 1120615",
"url": "https://bugzilla.suse.com/1120615"
},
{
"category": "self",
"summary": "SUSE Bug 1120616",
"url": "https://bugzilla.suse.com/1120616"
},
{
"category": "self",
"summary": "SUSE Bug 1120617",
"url": "https://bugzilla.suse.com/1120617"
},
{
"category": "self",
"summary": "SUSE Bug 1120618",
"url": "https://bugzilla.suse.com/1120618"
},
{
"category": "self",
"summary": "SUSE Bug 1120620",
"url": "https://bugzilla.suse.com/1120620"
},
{
"category": "self",
"summary": "SUSE Bug 1120621",
"url": "https://bugzilla.suse.com/1120621"
},
{
"category": "self",
"summary": "SUSE Bug 1120632",
"url": "https://bugzilla.suse.com/1120632"
},
{
"category": "self",
"summary": "SUSE Bug 1120633",
"url": "https://bugzilla.suse.com/1120633"
},
{
"category": "self",
"summary": "SUSE Bug 1120743",
"url": "https://bugzilla.suse.com/1120743"
},
{
"category": "self",
"summary": "SUSE Bug 1120954",
"url": "https://bugzilla.suse.com/1120954"
},
{
"category": "self",
"summary": "SUSE Bug 1121017",
"url": "https://bugzilla.suse.com/1121017"
},
{
"category": "self",
"summary": "SUSE Bug 1121058",
"url": "https://bugzilla.suse.com/1121058"
},
{
"category": "self",
"summary": "SUSE Bug 1121263",
"url": "https://bugzilla.suse.com/1121263"
},
{
"category": "self",
"summary": "SUSE Bug 1121273",
"url": "https://bugzilla.suse.com/1121273"
},
{
"category": "self",
"summary": "SUSE Bug 1121477",
"url": "https://bugzilla.suse.com/1121477"
},
{
"category": "self",
"summary": "SUSE Bug 1121483",
"url": "https://bugzilla.suse.com/1121483"
},
{
"category": "self",
"summary": "SUSE Bug 1121599",
"url": "https://bugzilla.suse.com/1121599"
},
{
"category": "self",
"summary": "SUSE Bug 1121621",
"url": "https://bugzilla.suse.com/1121621"
},
{
"category": "self",
"summary": "SUSE Bug 1121714",
"url": "https://bugzilla.suse.com/1121714"
},
{
"category": "self",
"summary": "SUSE Bug 1121715",
"url": "https://bugzilla.suse.com/1121715"
},
{
"category": "self",
"summary": "SUSE Bug 1121973",
"url": "https://bugzilla.suse.com/1121973"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12232 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14625 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16862 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16884 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18281 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18281/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19824 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19854 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19985 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20169 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-9568 page",
"url": "https://www.suse.com/security/cve/CVE-2018-9568/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2019-01-23T16:58:46Z",
"generator": {
"date": "2019-01-23T16:58:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0150-1",
"initial_release_date": "2019-01-23T16:58:46Z",
"revision_history": [
{
"date": "2019-01-23T16:58:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-azure-4.12.14-5.19.1.noarch",
"product": {
"name": "kernel-devel-azure-4.12.14-5.19.1.noarch",
"product_id": "kernel-devel-azure-4.12.14-5.19.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-azure-4.12.14-5.19.1.noarch",
"product": {
"name": "kernel-source-azure-4.12.14-5.19.1.noarch",
"product_id": "kernel-source-azure-4.12.14-5.19.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-azure-4.12.14-5.19.1.x86_64",
"product": {
"name": "cluster-md-kmp-azure-4.12.14-5.19.1.x86_64",
"product_id": "cluster-md-kmp-azure-4.12.14-5.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-azure-4.12.14-5.19.1.x86_64",
"product": {
"name": "dlm-kmp-azure-4.12.14-5.19.1.x86_64",
"product_id": "dlm-kmp-azure-4.12.14-5.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-azure-4.12.14-5.19.1.x86_64",
"product": {
"name": "gfs2-kmp-azure-4.12.14-5.19.1.x86_64",
"product_id": "gfs2-kmp-azure-4.12.14-5.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-4.12.14-5.19.1.x86_64",
"product": {
"name": "kernel-azure-4.12.14-5.19.1.x86_64",
"product_id": "kernel-azure-4.12.14-5.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-base-4.12.14-5.19.1.x86_64",
"product": {
"name": "kernel-azure-base-4.12.14-5.19.1.x86_64",
"product_id": "kernel-azure-base-4.12.14-5.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-devel-4.12.14-5.19.1.x86_64",
"product": {
"name": "kernel-azure-devel-4.12.14-5.19.1.x86_64",
"product_id": "kernel-azure-devel-4.12.14-5.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-extra-4.12.14-5.19.1.x86_64",
"product": {
"name": "kernel-azure-extra-4.12.14-5.19.1.x86_64",
"product_id": "kernel-azure-extra-4.12.14-5.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-azure-livepatch-4.12.14-5.19.1.x86_64",
"product": {
"name": "kernel-azure-livepatch-4.12.14-5.19.1.x86_64",
"product_id": "kernel-azure-livepatch-4.12.14-5.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-azure-4.12.14-5.19.1.x86_64",
"product": {
"name": "kernel-syms-azure-4.12.14-5.19.1.x86_64",
"product_id": "kernel-syms-azure-4.12.14-5.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-azure-4.12.14-5.19.1.x86_64",
"product": {
"name": "kselftests-kmp-azure-4.12.14-5.19.1.x86_64",
"product_id": "kselftests-kmp-azure-4.12.14-5.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-azure-4.12.14-5.19.1.x86_64",
"product": {
"name": "ocfs2-kmp-azure-4.12.14-5.19.1.x86_64",
"product_id": "ocfs2-kmp-azure-4.12.14-5.19.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-azure-4.12.14-5.19.1.x86_64",
"product": {
"name": "reiserfs-kmp-azure-4.12.14-5.19.1.x86_64",
"product_id": "reiserfs-kmp-azure-4.12.14-5.19.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 15",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 15",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-4.12.14-5.19.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64"
},
"product_reference": "kernel-azure-4.12.14-5.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-base-4.12.14-5.19.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64"
},
"product_reference": "kernel-azure-base-4.12.14-5.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-azure-devel-4.12.14-5.19.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64"
},
"product_reference": "kernel-azure-devel-4.12.14-5.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-azure-4.12.14-5.19.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch"
},
"product_reference": "kernel-devel-azure-4.12.14-5.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-azure-4.12.14-5.19.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 15",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch"
},
"product_reference": "kernel-source-azure-4.12.14-5.19.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-azure-4.12.14-5.19.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 15",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
},
"product_reference": "kernel-syms-azure-4.12.14-5.19.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12232"
}
],
"notes": [
{
"category": "general",
"text": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12232",
"url": "https://www.suse.com/security/cve/CVE-2018-12232"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1097593 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "external",
"summary": "SUSE Bug 1125907 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1125907"
},
{
"category": "external",
"summary": "SUSE Bug 1127757 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1127757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "important"
}
],
"title": "CVE-2018-12232"
},
{
"cve": "CVE-2018-14625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14625"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14625",
"url": "https://www.suse.com/security/cve/CVE-2018-14625"
},
{
"category": "external",
"summary": "SUSE Bug 1106615 for CVE-2018-14625",
"url": "https://bugzilla.suse.com/1106615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-14625"
},
{
"cve": "CVE-2018-16862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16862"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16862",
"url": "https://www.suse.com/security/cve/CVE-2018-16862"
},
{
"category": "external",
"summary": "SUSE Bug 1117186 for CVE-2018-16862",
"url": "https://bugzilla.suse.com/1117186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-16862"
},
{
"cve": "CVE-2018-16884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16884"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16884",
"url": "https://www.suse.com/security/cve/CVE-2018-16884"
},
{
"category": "external",
"summary": "SUSE Bug 1119946 for CVE-2018-16884",
"url": "https://bugzilla.suse.com/1119946"
},
{
"category": "external",
"summary": "SUSE Bug 1119947 for CVE-2018-16884",
"url": "https://bugzilla.suse.com/1119947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "important"
}
],
"title": "CVE-2018-16884"
},
{
"cve": "CVE-2018-18281",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18281"
}
],
"notes": [
{
"category": "general",
"text": "Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18281",
"url": "https://www.suse.com/security/cve/CVE-2018-18281"
},
{
"category": "external",
"summary": "SUSE Bug 1113769 for CVE-2018-18281",
"url": "https://bugzilla.suse.com/1113769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-18281"
},
{
"cve": "CVE-2018-18397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18397"
}
],
"notes": [
{
"category": "general",
"text": "The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18397",
"url": "https://www.suse.com/security/cve/CVE-2018-18397"
},
{
"category": "external",
"summary": "SUSE Bug 1117656 for CVE-2018-18397",
"url": "https://bugzilla.suse.com/1117656"
},
{
"category": "external",
"summary": "SUSE Bug 1171522 for CVE-2018-18397",
"url": "https://bugzilla.suse.com/1171522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-18397"
},
{
"cve": "CVE-2018-19407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19407"
}
],
"notes": [
{
"category": "general",
"text": "The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19407",
"url": "https://www.suse.com/security/cve/CVE-2018-19407"
},
{
"category": "external",
"summary": "SUSE Bug 1116841 for CVE-2018-19407",
"url": "https://bugzilla.suse.com/1116841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-19407"
},
{
"cve": "CVE-2018-19824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19824",
"url": "https://www.suse.com/security/cve/CVE-2018-19824"
},
{
"category": "external",
"summary": "SUSE Bug 1118152 for CVE-2018-19824",
"url": "https://bugzilla.suse.com/1118152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-19824"
},
{
"cve": "CVE-2018-19854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19854"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19854",
"url": "https://www.suse.com/security/cve/CVE-2018-19854"
},
{
"category": "external",
"summary": "SUSE Bug 1118428 for CVE-2018-19854",
"url": "https://bugzilla.suse.com/1118428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "low"
}
],
"title": "CVE-2018-19854"
},
{
"cve": "CVE-2018-19985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19985"
}
],
"notes": [
{
"category": "general",
"text": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19985",
"url": "https://www.suse.com/security/cve/CVE-2018-19985"
},
{
"category": "external",
"summary": "SUSE Bug 1120743 for CVE-2018-19985",
"url": "https://bugzilla.suse.com/1120743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "low"
}
],
"title": "CVE-2018-19985"
},
{
"cve": "CVE-2018-20169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20169"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20169",
"url": "https://www.suse.com/security/cve/CVE-2018-20169"
},
{
"category": "external",
"summary": "SUSE Bug 1119714 for CVE-2018-20169",
"url": "https://bugzilla.suse.com/1119714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-20169"
},
{
"cve": "CVE-2018-9568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-9568"
}
],
"notes": [
{
"category": "general",
"text": "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-9568",
"url": "https://www.suse.com/security/cve/CVE-2018-9568"
},
{
"category": "external",
"summary": "SUSE Bug 1118319 for CVE-2018-9568",
"url": "https://bugzilla.suse.com/1118319"
},
{
"category": "external",
"summary": "SUSE Bug 1118320 for CVE-2018-9568",
"url": "https://bugzilla.suse.com/1118320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-base-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-azure-devel-4.12.14-5.19.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-devel-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-source-azure-4.12.14-5.19.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 15:kernel-syms-azure-4.12.14-5.19.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-01-23T16:58:46Z",
"details": "moderate"
}
],
"title": "CVE-2018-9568"
}
]
}
suse-su-2019:0740-1
Vulnerability from csaf_suse
Published
2019-03-26 13:34
Modified
2019-03-26 13:34
Summary
Security update for the Linux Kernel (Live Patch 1 for SLE 15)
Notes
Title of the patch
Security update for the Linux Kernel (Live Patch 1 for SLE 15)
Description of the patch
This update for the Linux Kernel 4.12.14-25_3 fixes several issues.
The following security issues were fixed:
- CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378).
- CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284).
- CVE-2018-12232: In net/socket.c there was a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bsc#1127757).
- CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734).
- CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729).
Patchnames
SUSE-2019-740,SUSE-SLE-Module-Live-Patching-15-2019-740,SUSE-SLE-Module-Live-Patching-15-2019-746
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 1 for SLE 15)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.12.14-25_3 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2019-9213: Expand_downwards in mm/mmap.c lacked a check for the mmap minimum address, which made it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task (bsc#1128378).\n- CVE-2019-8912: af_alg_release() in crypto/af_alg.c neglected to set a NULL value for a certain structure member, which could have led to a use-after-free in sockfs_setattr (bsc#1126284).\n- CVE-2018-12232: In net/socket.c there was a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash (bsc#1127757).\n- CVE-2019-7221: Fixed a user-after-free vulnerability in the KVM hypervisor related to the emulation of a preemption timer, allowing an guest user/process to crash the host kernel. (bsc#1124734).\n- CVE-2019-6974: kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandled reference counting because of a race condition, leading to a use-after-free (bsc#1124729).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-740,SUSE-SLE-Module-Live-Patching-15-2019-740,SUSE-SLE-Module-Live-Patching-15-2019-746",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0740-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0740-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190740-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0740-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-March/005235.html"
},
{
"category": "self",
"summary": "SUSE Bug 1124729",
"url": "https://bugzilla.suse.com/1124729"
},
{
"category": "self",
"summary": "SUSE Bug 1124734",
"url": "https://bugzilla.suse.com/1124734"
},
{
"category": "self",
"summary": "SUSE Bug 1126284",
"url": "https://bugzilla.suse.com/1126284"
},
{
"category": "self",
"summary": "SUSE Bug 1127757",
"url": "https://bugzilla.suse.com/1127757"
},
{
"category": "self",
"summary": "SUSE Bug 1128378",
"url": "https://bugzilla.suse.com/1128378"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12232 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6974 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7221 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8912 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9213 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9213/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 1 for SLE 15)",
"tracking": {
"current_release_date": "2019-03-26T13:34:42Z",
"generator": {
"date": "2019-03-26T13:34:42Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0740-1",
"initial_release_date": "2019-03-26T13:34:42Z",
"revision_history": [
{
"date": "2019-03-26T13:34:42Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"product": {
"name": "kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"product_id": "kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"product": {
"name": "kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"product_id": "kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"product": {
"name": "kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"product_id": "kernel-livepatch-4_12_14-23-default-9-25.2.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64",
"product": {
"name": "kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64",
"product_id": "kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-23-default-9-25.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-23-default-9-25.2.x86_64 as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12232"
}
],
"notes": [
{
"category": "general",
"text": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12232",
"url": "https://www.suse.com/security/cve/CVE-2018-12232"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1097593 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "external",
"summary": "SUSE Bug 1125907 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1125907"
},
{
"category": "external",
"summary": "SUSE Bug 1127757 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1127757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-26T13:34:42Z",
"details": "important"
}
],
"title": "CVE-2018-12232"
},
{
"cve": "CVE-2019-6974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6974",
"url": "https://www.suse.com/security/cve/CVE-2019-6974"
},
{
"category": "external",
"summary": "SUSE Bug 1124728 for CVE-2019-6974",
"url": "https://bugzilla.suse.com/1124728"
},
{
"category": "external",
"summary": "SUSE Bug 1124729 for CVE-2019-6974",
"url": "https://bugzilla.suse.com/1124729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-26T13:34:42Z",
"details": "moderate"
}
],
"title": "CVE-2019-6974"
},
{
"cve": "CVE-2019-7221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7221"
}
],
"notes": [
{
"category": "general",
"text": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7221",
"url": "https://www.suse.com/security/cve/CVE-2019-7221"
},
{
"category": "external",
"summary": "SUSE Bug 1124732 for CVE-2019-7221",
"url": "https://bugzilla.suse.com/1124732"
},
{
"category": "external",
"summary": "SUSE Bug 1124734 for CVE-2019-7221",
"url": "https://bugzilla.suse.com/1124734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-26T13:34:42Z",
"details": "moderate"
}
],
"title": "CVE-2019-7221"
},
{
"cve": "CVE-2019-8912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8912",
"url": "https://www.suse.com/security/cve/CVE-2019-8912"
},
{
"category": "external",
"summary": "SUSE Bug 1125907 for CVE-2019-8912",
"url": "https://bugzilla.suse.com/1125907"
},
{
"category": "external",
"summary": "SUSE Bug 1126284 for CVE-2019-8912",
"url": "https://bugzilla.suse.com/1126284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-26T13:34:42Z",
"details": "moderate"
}
],
"title": "CVE-2019-8912"
},
{
"cve": "CVE-2019-9213",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9213"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 4.20.14, expand_downwards in mm/mmap.c lacks a check for the mmap minimum address, which makes it easier for attackers to exploit kernel NULL pointer dereferences on non-SMAP platforms. This is related to a capability check for the wrong task.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9213",
"url": "https://www.suse.com/security/cve/CVE-2019-9213"
},
{
"category": "external",
"summary": "SUSE Bug 1128166 for CVE-2019-9213",
"url": "https://bugzilla.suse.com/1128166"
},
{
"category": "external",
"summary": "SUSE Bug 1128378 for CVE-2019-9213",
"url": "https://bugzilla.suse.com/1128378"
},
{
"category": "external",
"summary": "SUSE Bug 1129016 for CVE-2019-9213",
"url": "https://bugzilla.suse.com/1129016"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-23-default-9-25.2.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_3-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-26T13:34:42Z",
"details": "moderate"
}
],
"title": "CVE-2019-9213"
}
]
}
suse-su-2019:0224-1
Vulnerability from csaf_suse
Published
2019-02-01 18:55
Modified
2019-02-01 18:55
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.
This update brings following features:
- Support for Enhanced-IBRS on new Intel CPUs (fate#326564)
The following security bugs were fixed:
- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).
- CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).
- CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).
- CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).
- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).
- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).
- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).
- CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).
- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).
- CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).
- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).
- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).
The following non-security bugs were fixed:
- acpi/apei: Handle GSIV and GPIO notification types (bsc#1115567).
- acpica: Tables: Add WSMT support (bsc#1089350).
- acpi/cpcc: Check for valid PCC subspace only if PCC is used (bsc#1117115).
- acpi/cpcc: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).
- acpi/iort: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).
- acpi/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).
- acpi/nfit: Fix ARS overflow continuation (bsc#1116895).
- acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).
- acpi/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279).
- acpi/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).
- acpi/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).
- act_ife: fix a potential use-after-free (networking-stable-18_09_11).
- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).
- alsa: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).
- alsa: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).
- alsa: control: Fix race between adding and removing a user element (bsc#1051510).
- alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510).
- alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- alsa: fireface: fix for state to fetch PCM frames (bsc#1051510).
- alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510).
- alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510).
- alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).
- alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510).
- alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510).
- alsa: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).
- alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510).
- alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).
- alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510).
- alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510).
- alsa: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).
- alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).
- alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510).
- alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510).
- alsa: hda: fix unused variable warning (bsc#1051510).
- alsa: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).
- alsa: hda/realtek - Add GPIO data update helper (bsc#1051510).
- alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).
- alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).
- alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).
- alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).
- alsa: hda/realtek - Allow skipping spec->init_amp detection (bsc#1051510).
- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).
- alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).
- alsa: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).
- alsa: hda/realtek - Fix HP Headset Mic can't record (bsc#1051510).
- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).
- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).
- alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).
- alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).
- alsa: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).
- alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510).
- alsa: hda/realtek - Manage GPIO bits commonly (bsc#1051510).
- alsa: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).
- alsa: hda/realtek - Support ALC300 (bsc#1051510).
- alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).
- alsa: hda/tegra: clear pending irq handlers (bsc#1051510).
- alsa: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).
- alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).
- alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510).
- alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).
- alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).
- alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).
- alsa: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).
- alsa: trident: Suppress gcc string warning (bsc#1051510).
- alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).
- alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).
- alsa: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).
- alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).
- alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).
- alsa: usb-audio: update quirk for B&W PX to remove microphone (bsc#1051510).
- alsa: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).
- alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).
- amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).
- apparmor: do not try to replace stale label in ptrace access check (git-fixes).
- apparmor: do not try to replace stale label in ptraceme check (git-fixes).
- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).
- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).
- arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613).
- arm64: cpu_errata: include required headers (bsc#1120615).
- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).
- arm64: Enabled ENA (Amazon network driver) for arm64.
- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).
- arm64: kvm: Move CPU ID reg trap setup off the world switch path (bsc#1110998).
- arm64: kvm: Sanitize PSTATE.M when being set from userspace (bsc#1110998).
- arm64: kvm: Tighten guest core register access from userspace (bsc#1110998).
- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).
- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).
- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).
- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).
- arm64/numa: Unify common error path in numa_init() (bsc#1120621).
- arm64: remove no-op -p linker flag (bsc#1120616).
- arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).
- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).
- ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)
- ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).
- ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510).
- ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510).
- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).
- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).
- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).
- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).
- ASoC: rsnd: fixup clock start checker (bsc#1051510).
- ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).
- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).
- ata: Fix racy link clearance (bsc#1107866).
- ataflop: fix error handling during setup (bsc#1051510).
- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).
- ath10k: schedule hardware restart if WMI command times out (bsc#1051510).
- ath6kl: Only use match sets when firmware supports it (bsc#1051510).
- autofs: fix autofs_sbi() does not check super block type (git-fixes).
- autofs: fix slab out of bounds read in getname_kernel() (git-fixes).
- autofs: mount point create should honour passed in mode (git-fixes).
- b43: Fix error in cordic routine (bsc#1051510).
- badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes).
- batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).
- batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).
- bcache: fix miss key refill->end in writeback (Git-fixes).
- bcache: trace missed reading by cache_missed (Git-fixes).
- bitops: protect variables in bit_clear_unless() macro (bsc#1051510).
- bitops: protect variables in set_mask_bits() macro (bsc#1051510).
- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).
- block: allow max_discard_segments to be stacked (Git-fixes).
- block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes).
- block: copy ioprio in __bio_clone_fast() (bsc#1082653).
- block: really disable runtime-pm for blk-mq (Git-fixes).
- block: reset bi_iter.bi_done after splitting bio (Git-fixes).
- block: respect virtual boundary mask in bvecs (bsc#1113412).
- block/swim: Fix array bounds check (Git-fixes).
- bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).
- bluetooth: SMP: fix crash in unpairing (bsc#1051510).
- bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ).
- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).
- bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).
- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).
- bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).
- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).
- bonding: avoid possible dead-lock (networking-stable-18_10_16).
- bonding: fix length of actor system (networking-stable-18_11_02).
- bonding: fix warning message (networking-stable-18_10_16).
- bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).
- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).
- bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).
- bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).
- bpf: use per htab salt for bucket hash (git-fixes).
- bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).
- brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).
- brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).
- brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).
- bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).
- btrfs: Always try all copies when reading extent buffers (git-fixes).
- btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).
- btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).
- btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).
- btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469).
- btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).
- btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667).
- btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).
- btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).
- btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).
- btrfs: fix cur_offset in the error case for nocow (bsc#1118140).
- btrfs: fix data corruption due to cloning of eof block (bsc#1116878).
- btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).
- btrfs: fix deadlock when writing out free space caches (bsc#1116700).
- btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).
- btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).
- btrfs: fix error handling in btrfs_truncate() (bsc#1111469).
- btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).
- btrfs: fix fsync of files with multiple hard links in new directories (1120173).
- btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).
- btrfs: Fix memory barriers usage with device stats counters (git-fixes).
- btrfs: fix null pointer dereference on compressed write path error (bsc#1116698).
- btrfs: fix use-after-free during inode eviction (bsc#1116701).
- btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469).
- btrfs: fix use-after-free when dumping free space (bsc#1116862).
- btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).
- btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).
- btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).
- btrfs: get rid of unused orphan infrastructure (bsc#1111469).
- btrfs: make sure we create all new block groups (bsc#1116699).
- btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).
- btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).
- btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).
- btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).
- btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).
- btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).
- btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).
- btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).
- btrfs: stop creating orphan items for truncate (bsc#1111469).
- btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).
- btrfs: update stale comments referencing vmtruncate() (bsc#1111469).
- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).
- can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).
- can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).
- can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).
- can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).
- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).
- can: hi311x: Use level-triggered interrupt (bsc#1051510).
- can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).
- can: rcar_can: Fix erroneous registration (bsc#1051510).
- can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).
- cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).
- cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).
- cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510).
- ceph: do not update importing cap's mseq when handing cap export (bsc#1121273).
- ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).
- ceph: quota: fix null pointer dereference in quota check (bsc#1114839).
- cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).
- cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).
- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).
- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).
- clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).
- clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).
- clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).
- clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).
- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).
- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).
- clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).
- clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).
- clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).
- clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).
- clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).
- config: arm64: enable erratum 1024718
- configfs: replace strncpy with memcpy (bsc#1051510).
- cpufeature: avoid warning when compiling with clang (Git-fixes).
- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).
- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).
- cpupower: remove stringop-truncation waring (git-fixes).
- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).
- crypto: caam - fix implicit casts in endianness helpers (bsc#1051510).
- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().
- crypto: ccp - Add GET_ID SEV command ().
- crypto: ccp - Add psp enabled message when initialization succeeds ().
- crypto: ccp - Add support for new CCP/PSP device ID ().
- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().
- crypto: ccp - Fix static checker warning ().
- crypto: ccp - Remove unused #defines ().
- crypto: ccp - Support register differences between PSP devices ().
- crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510).
- crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).
- crypto: tcrypt - fix ghash-generic speed test (bsc#1051510).
- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).
- dax: Check page->mapping isn't NULL (bsc#1120054).
- dax: Do not access a freed inode (bsc#1120055).
- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).
- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).
- disable stringop truncation warnings for now (git-fixes).
- dm: allocate struct mapped_device with kvzalloc (Git-fixes).
- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).
- dm cache: fix resize crash if user does not reload cache table (Git-fixes).
- dm cache metadata: ignore hints array being too small during resize (Git-fixes).
- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).
- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).
- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).
- dm crypt: do not decrease device limits (Git-fixes).
- dm: fix report zone remapping to account for partition offset (Git-fixes).
- dm integrity: change 'suspending' variable from bool to int (Git-fixes).
- dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes).
- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).
- dm linear: fix linear_end_io conditional definition (Git-fixes).
- dm thin: handle running out of data space vs concurrent discard (Git-fixes).
- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).
- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).
- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).
- dm writecache: report start_sector in status line (Git-fixes).
- dm zoned: fix metadata block ref counting (Git-fixes).
- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).
- doc/README.SUSE: correct GIT url No more gitorious, github we use.
- Documentation/l1tf: Fix small spelling typo (bsc#1051510).
- Documentation/l1tf: Fix typos (bsc#1051510).
- Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).
- do d_instantiate/unlock_new_inode combinations safely (git-fixes).
- driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).
- drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).
- drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749).
- drivers/tty: add missing of_node_put() (bsc#1051510).
- drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).
- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)
- drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722)
- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)
- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)
- drm/ast: change resolution may cause screen blurred (boo#1112963).
- drm/ast: fixed cursor may disappear sometimes (bsc#1051510).
- drm/ast: Fix incorrect free on ioregs (bsc#1051510).
- drm/ast: Remove existing framebuffers before loading driver (boo#1112963)
- drm/dp_mst: Check if primary mstb is null (bsc#1051510).
- drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).
- drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)
- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)
- drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)
- drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722)
- drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722)
- drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722)
- drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).
- drm/i915: Do not unset intel_connector->mst_port (bsc#1051510).
- drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel's native mode (bsc#1051510).
- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)
- drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).
- drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).
- drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722)
- drm/i915/glk: Remove 99% limitation (bsc#1051510).
- drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).
- drm/i915: Large page offsets for pread/pwrite (bsc#1051510).
- drm/i915: Mark pin flags as u64 (bsc#1051510).
- drm/i915: Restore vblank interrupts earlier (bsc#1051510).
- drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).
- drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).
- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)
- drm/mediatek: fix OF sibling-node lookup (bsc#1106110)
- drm/meson: add support for 1080p25 mode (bsc#1051510).
- drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).
- drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).
- drm/msm: fix OF child-node lookup (bsc#1106110)
- drm/nouveau: Check backlight IDs are >= 0, not > 0 (bsc#1051510).
- drm/nouveau: Do not disable polling in fallback mode (bsc#1103356).
- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)
- drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).
- drm: rcar-du: Fix external clock error checks (bsc#1113722)
- drm: rcar-du: Fix vblank initialization (bsc#1113722)
- drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).
- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)
- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)
- drm/sti: do not remove the drm_bridge that was never added (bsc#1100132)
- drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722)
- drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)
- drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722)
- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).
- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).
- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).
- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).
- dt-bindings: iio: update STM32 timers clock names (git-fixes).
- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).
- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).
- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).
- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).
- dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes).
- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).
- EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279).
- EDAC: Raise the maximum number of memory controllers (bsc#1113780).
- EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).
- EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279).
- efi: Move some sysfs files to be read-only by root (bsc#1051510).
- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).
- exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773).
- ext2: fix potential use after free (bsc#1118775).
- ext4: add missing brelse() add_new_gdb_meta_bg()'s error path (bsc#1117795).
- ext4: add missing brelse() in set_flexbg_block_bitmap()'s error path (bsc#1117794).
- ext4: add missing brelse() update_backups()'s error path (bsc#1117796).
- ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).
- ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).
- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).
- ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).
- ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).
- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).
- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).
- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).
- ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).
- ext4: fix possible leak of sbi->s_group_desc_leak in error path (bsc#1117803).
- ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).
- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).
- ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).
- ext4: fix use-after-free race in ext4_remount()'s error path (bsc#1117791).
- ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).
- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).
- ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).
- ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).
- extable: Consolidate *kernel_text_address() functions (bsc#1120092).
- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).
- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)
- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)
- fbdev: fix broken menu dependencies (bsc#1113722)
- firmware: add firmware_request_nowarn() - load firmware without warnings ().
- firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).
- firmware: dcdbas: include linux/io.h (bsc#1089350).
- Fix the breakage of KMP build on x86_64 (bsc#1121017).
- Fix tracing sample code warning (git-fixes).
- floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).
- flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).
- fscache: fix race between enablement and dropping of object (bsc#1107385).
- fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes).
- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).
- fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes).
- fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes).
- fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).
- fs: Do not leak MNT_INTERNAL away from internal mounts (git-fixes).
- fs: fix lost error code in dio_complete (bsc#1118762).
- fs: Make extension of struct super_block transparent (bsc#1117822).
- fsnotify: Fix busy inodes during unmount (bsc#1117822).
- fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).
- fs/xfs: Use %pS printk format for direct addresses (git-fixes).
- ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172).
- ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).
- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).
- ftrace: Remove incorrect setting of glob search field (bsc#1117184).
- fuse: fix blocked_waitq wakeup (git-fixes).
- fuse: fix leaked notify reply (git-fixes).
- fuse: fix possibly missed wake-up after abort (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).
- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).
- fuse: set FR_SENT while locked (git-fixes).
- gcc-plugins: Add include required by GCC release 8 (git-fixes).
- gcc-plugins: Use dynamic initializers (git-fixes).
- genirq: Fix race on spurious interrupt detection (bsc#1051510).
- getname_kernel() needs to make sure that ->name != ->iname in long case (git-fixes).
- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).
- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).
- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).
- gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768).
- gfs2: Put bitmap buffers in put_super (bsc#1118772).
- git_sort.py: Remove non-existent remote tj/libata
- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).
- gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).
- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).
- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).
- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).
- grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).
- gso_segment: Reset skb->mac_len after modifying network header (networking-stable-18_09_24).
- hid: Add quirk for Primax PIXART OEM mice (bsc#1119410).
- hid: hiddev: fix potential Spectre v1 (bsc#1051510).
- hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).
- hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).
- hid: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).
- hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).
- hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510).
- hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).
- hwmon: (ina2xx) Fix current value calculation (bsc#1051510).
- hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).
- hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).
- hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).
- hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).
- hwmon: (raspberrypi) Fix initial notify (bsc#1051510).
- hwmon: (w83795) temp4_type has writable permission (bsc#1051510).
- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- hwrng: core - document the quality field (bsc#1051510).
- i2c: axxia: properly handle master timeout (bsc#1051510).
- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).
- IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).
- ibmvnic: Convert reset work item mutex to spin lock ().
- ibmvnic: fix accelerated VLAN handling ().
- ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).
- ibmvnic: Fix non-atomic memory allocation in IRQ context ().
- ibmvnic: remove ndo_poll_controller ().
- ibmvnic: Update driver queues after change in ring size support ().
- IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387).
- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).
- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).
- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).
- iio: ad5064: Fix regulator handling (bsc#1051510).
- iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510).
- iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510).
- iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510).
- iio:st_magn: Fix enable device after trigger (bsc#1051510).
- ima: fix showing large 'violations' or 'runtime_measurements_count' (bsc#1051510).
- include/linux/pfn_t.h: force '~' to be parsed as an unary operator (bsc#1051510).
- Include modules.fips in kernel-binary as well as kernel-binary-base ().
- inet: make sure to grab rcu_read_lock before using ireq->ireq_opt (networking-stable-18_10_16).
- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).
- Input: add official Raspberry Pi's touchscreen driver ().
- Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).
- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).
- Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).
- Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).
- Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).
- Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).
- Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).
- Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).
- Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).
- Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).
- Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).
- Input: xpad - add PDP device id 0x02a4 (bsc#1051510).
- Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).
- Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).
- Input: xpad - fix some coding style issues (bsc#1051510).
- Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).
- integrity/security: fix digsig.c build error with header file (bsc#1051510).
- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).
- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).
- iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).
- iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).
- iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).
- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).
- iommu/vt-d: Use memunmap to free memremap (bsc#1106105).
- ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).
- ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).
- ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).
- ipmi: Fix timer race with module unload (bsc#1051510).
- ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).
- ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).
- ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu (networking-stable-18_11_21).
- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).
- ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21).
- ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).
- ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).
- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).
- ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).
- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).
- iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).
- iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).
- iwlwifi: fix LED command capability bit (bsc#1119086).
- iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).
- iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).
- iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).
- iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).
- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).
- iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).
- iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).
- iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).
- iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).
- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).
- iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).
- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).
- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).
- jump_label: Split out code under the hotplug lock (bsc#1106913).
- kabi: hide new member in struct iommu_table from genksyms (bsc#1061840).
- kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- kabi: mask raw in struct bpf_reg_state (bsc#1083647).
- kabi: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840).
- kabi: powerpc: Revert npu callback signature change (bsc#1055120).
- kabi protect hnae_ae_ops (bsc#1104353).
- kabi/severities: ignore __xive_vm_h_* KVM internal symbols.
- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).
- kbuild: fix # escaping in .cmd files for future Make (git-fixes).
- kbuild: fix kernel/bounds.c 'W=1' warning (bsc#1051510).
- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).
- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).
- kbuild: move '_all' target out of $(KBUILD_SRC) conditional (bsc#1114279).
- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).
- kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).
- kbuild: verify that $DEPMOD is installed (git-fixes).
- kdb: use memmove instead of overlapping memcpy (bsc#1120954).
- kernfs: Replace strncpy with memcpy (bsc#1120053).
- kernfs: update comment about kernfs_path() return value (bsc#1051510).
- keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes).
- kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).
- kobject: Replace strncpy with memcpy (git-fixes).
- kprobes: Make list and blacklist root user read only (git-fixes).
- kvm: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).
- kvm: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).
- kvm: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).
- kvm: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu->arch.gpr[] into it (bsc#1061840).
- kvm: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840).
- kvm: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).
- kvm: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840).
- kvm: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).
- kvm: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).
- kvm: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840).
- kvm: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840).
- kvm: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).
- kvm: PPC: Book3S HV: Add 'online' register to ONE_REG interface (bsc#1061840).
- kvm: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840).
- kvm: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840).
- kvm: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840).
- kvm: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).
- kvm: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840).
- kvm: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840).
- kvm: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840).
- kvm: PPC: Book3S HV: Do not use existing 'prodded' flag for XIVE escalations (bsc#1061840).
- kvm: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).
- kvm: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840).
- kvm: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840).
- kvm: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840).
- kvm: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).
- kvm: PPC: Book3S HV: Fix constant size warning (bsc#1061840).
- kvm: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).
- kvm: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840).
- kvm: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840).
- kvm: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840).
- kvm: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).
- kvm: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840).
- kvm: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840).
- kvm: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840).
- kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840).
- kvm: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840).
- kvm: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840).
- kvm: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840).
- kvm: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).
- kvm: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).
- kvm: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).
- kvm: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840).
- kvm: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).
- kvm: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840).
- kvm: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840).
- kvm: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840).
- kvm: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840).
- kvm: PPC: Book3S HV: Read kvm->arch.emul_smt_mode under kvm->lock (bsc#1061840).
- kvm: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840).
- kvm: PPC: Book3S HV: Remove useless statement (bsc#1061840).
- kvm: PPC: Book3S HV: Remove vcpu->arch.dec usage (bsc#1061840).
- kvm: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840).
- kvm: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840).
- kvm: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840).
- kvm: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840).
- kvm: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840).
- kvm: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840).
- kvm: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840).
- kvm: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).
- kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).
- kvm: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840).
- kvm: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).
- kvm: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840).
- kvm: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).
- kvm: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840).
- kvm: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).
- kvm: s390: vsie: copy wrapping keys to right place (git-fixes).
- kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279).
- kvm: VMX: re-add ple_gap module parameter (bsc#1106240).
- kvm: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).
- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).
- libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).
- libceph: fall back to sendmsg for slab pages (bsc#1118316).
- libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).
- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).
- libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972).
- libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).
- libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972).
- libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972).
- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).
- libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).
- lib/raid6: Fix arm64 test build (bsc#1051510).
- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).
- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).
- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).
- livepatch: create and include UAPI headers ().
- llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).
- lockd: fix 'list_add double add' caused by legacy signal interface (git-fixes).
- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).
- locking/static_keys: Improve uninitialized key warning (bsc#1106913).
- mac80211: Always report TX status (bsc#1051510).
- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).
- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).
- mac80211: fix TX status reporting for ieee80211s (bsc#1051510).
- mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).
- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).
- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).
- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).
- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).
- mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).
- mach64: fix display corruption on big endian machines (bsc#1113722)
- mach64: fix image corruption due to reading accelerator registers (bsc#1113722)
- mailbox: PCC: handle parse error (bsc#1051510).
- make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes).
- Mark HI and TASKLET softirq synchronous (git-fixes).
- md: allow metadata updates while suspending an array - fix (git-fixes).
- MD: fix invalid stored role for a disk - try2 (git-fixes).
- md: fix NULL dereference of mddev->pers in remove_and_add_spares() (git-fixes).
- md: fix raid10 hang issue caused by barrier (git-fixes).
- md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes).
- md/raid1: add error handling of read error from FailFast device (git-fixes).
- md/raid5-cache: disable reshape completely (git-fixes).
- md/raid5: fix data corruption of replacements after originals dropped (git-fixes).
- media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510).
- media: dvb: fix compat ioctl translation (bsc#1051510).
- media: em28xx: fix input name for Terratec AV 350 (bsc#1051510).
- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).
- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).
- media: em28xx: use a default format if TRY_FMT fails (bsc#1051510).
- media: omap3isp: Unregister media device as first (bsc#1051510).
- media: pci: cx23885: handle adding to list failure (bsc#1051510).
- media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510).
- media: tvp5150: fix switch exit in set control handler (bsc#1051510).
- media: tvp5150: fix width alignment during set_selection() (bsc#1051510).
- media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510).
- media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510).
- media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510).
- memory_hotplug: cond_resched in __remove_pages (bnc#1114178).
- mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510).
- mfd: menelaus: Fix possible race condition and leak (bsc#1051510).
- mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).
- mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).
- mmc: bcm2835: reset host on timeout (bsc#1051510).
- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).
- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).
- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).
- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).
- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).
- mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).
- mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).
- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).
- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).
- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).
- mm: do not miss the last page because of round-off error (bnc#1118798).
- mm: do not warn about large allocations for slab (git fixes (slab)).
- mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).
- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).
- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).
- mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).
- mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).
- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).
- mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).
- mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).
- mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).
- mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).
- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).
- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).
- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).
- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).
- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).
- mm: only report isolation failures when offlining memory (generic hotplug debugability).
- mm: print more information about mapping in __dump_page (generic hotplug debugability).
- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).
- mm: rework memcg kernel stack accounting (bnc#1113677).
- mm: sections are not offlined during memory hotremove (bnc#1119968).
- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).
- mm/vmstat.c: fix NUMA statistics updates (git fixes).
- modpost: ignore livepatch unresolved relocations ().
- mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).
- mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).
- mount: Retest MNT_LOCKED in do_umount (bsc#1117818).
- Move dell_rbu fix to sorted section (bsc#1087978).
- mtd: cfi: convert inline functions to macros (git-fixes).
- mtd: Fix comparison in map_word_andequal() (git-fixes).
- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).
- nbd: do not allow invalid blocksize settings (Git-fixes).
- neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).
- net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).
- net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).
- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).
- net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).
- net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).
- net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).
- net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).
- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).
- net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).
- net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).
- net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).
- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).
- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).
- net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).
- net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).
- net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).
- net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).
- net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).
- net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).
- net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).
- net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).
- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).
- net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).
- net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).
- net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).
- net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).
- net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).
- net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).
- net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).
- net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).
- net: ena: minor performance improvement (bsc#1111696 bsc#1117561).
- net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).
- net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).
- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).
- net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).
- net: ena: use CSUM_CHECKED device indication to report skb's checksum status (bsc#1111696 bsc#1117561).
- net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).
- net-gro: reset skb->pkt_type in napi_reuse_skb() (networking-stable-18_11_21).
- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).
- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).
- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).
- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).
- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).
- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).
- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).
- net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353).
- net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353).
- net: hns3: Check hdev state when getting link status (bsc#1104353).
- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).
- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).
- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).
- net: hns3: Fix ets validate issue (bsc#1104353).
- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).
- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).
- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).
- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).
- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).
- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).
- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).
- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).
- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).
- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).
- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).
- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).
- net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).
- net: hp100: fix always-true check for link up state (networking-stable-18_09_24).
- net: ibm: fix return type of ndo_start_xmit function ().
- net/ibmnvic: Fix deadlock problem in reset ().
- net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).
- net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).
- net: ipv4: do not let PMTU updates increase route MTU (git-fixes).
- net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).
- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).
- netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).
- net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).
- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).
- net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).
- net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).
- net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).
- net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).
- net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).
- net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).
- net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).
- net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).
- net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).
- net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).
- net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).
- net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).
- net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).
- net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).
- net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).
- net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).
- net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).
- net: sched: Fix for duplicate class dump (networking-stable-18_11_02).
- net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).
- net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).
- net: smsc95xx: Fix MTU range (networking-stable-18_11_21).
- net: socket: fix a missing-check bug (networking-stable-18_11_02).
- net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).
- net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).
- net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).
- net: systemport: Protect stop from timeout (networking-stable-18_11_21).
- net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).
- net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).
- net: usb: r8152: constify usb_device_id (bsc#1119749).
- net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749).
- nfc: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510).
- nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).
- nfs: Avoid RCU usage in tracepoints (git-fixes).
- nfs: commit direct writes even if they fail partially (git-fixes).
- nfsd4: permit layoutget of executable-only files (git-fixes).
- nfsd: check for use of the closed special stateid (git-fixes).
- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x>0) (git-fixes).
- nfsd: deal with revoked delegations appropriately (git-fixes).
- nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).
- nfsd: Fix another OPEN stateid race (git-fixes).
- nfsd: fix corrupted reply to badly ordered compound (git-fixes).
- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).
- nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).
- nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).
- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).
- nfs: Ensure we commit after writeback is complete (bsc#1111809).
- nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes).
- nfs: Fix a typo in nfs_rename() (git-fixes).
- nfs: Fix typo in nomigration mount option (git-fixes).
- nfs: Fix unstable write completion (git-fixes).
- nfsv4.0 fix client reference leak in callback (git-fixes).
- nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).
- nfsv4.1 fix infinite loop on I/O (git-fixes).
- nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).
- nfsv4.1: Fix up replays of interrupted requests (git-fixes).
- nfsv4: Fix a typo in nfs41_sequence_process (git-fixes).
- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).
- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).
- nospec: Allow index argument to have const-qualified type (git-fixes)
- nospec: Include <asm/barrier.h> dependency (bsc#1114279).
- nospec: Kill array_index_nospec_mask_check() (git-fixes).
- nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972).
- nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972).
- nvme-fc: resolve io failures during connect (bsc#1116803).
- nvme: Free ctrl device name on init failure ().
- nvme-multipath: zero out ANA log buffer (bsc#1105168).
- nvme: validate controller state before rescheduling keep alive (bsc#1103257).
- objtool: Detect RIP-relative switch table references (bsc#1058115).
- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).
- objtool: Fix another switch table detection issue (bsc#1058115).
- objtool: Fix double-free in .cold detection error path (bsc#1058115).
- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).
- objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115).
- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).
- objtool: Support GCC 8's cold subfunctions (bsc#1058115).
- objtool: Support GCC 8 switch tables (bsc#1058115).
- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).
- ocfs2: fix locking for res->tracking and dlm->tracking_list (bsc#1117816).
- ocfs2: fix ocfs2 read block panic (bsc#1117815).
- ocfs2: free up write context when direct IO failed (bsc#1117821).
- ocfs2: subsystem.su_mutex is required while accessing the item->ci_parent (bsc#1117808).
- of: add helper to lookup compatible child node (bsc#1106110)
- openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).
- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).
- pci: Add ACS quirk for Ampere root ports (bsc#1120058).
- pci: Add ACS quirk for APM X-Gene devices (bsc#1120058).
- pci: Add Device IDs for Intel GPU 'spurious interrupt' quirk (bsc#1051510).
- pci/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).
- pci/ASPM: Fix link_state teardown on device removal (bsc#1051510).
- pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).
- pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).
- pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).
- pci: dwc: remove duplicate fix (bsc#1115269)
- pci: Export pcie_has_flr() (bsc#1120058).
- pci: hv: Use effective affinity mask (bsc#1109772).
- pci: imx6: Fix link training status detection in link up check (bsc#1109806).
- pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).
- pci: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).
- pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).
- pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).
- pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).
- pci/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).
- pci: vmd: Assign vector zero to all bridges (bsc#1109806).
- pci: vmd: Detach resources after stopping root bus (bsc#1109806).
- pci: vmd: White list for fast interrupt handlers (bsc#1109806).
- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).
- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279).
- perf: fix invalid bit in diagnostic entry (git-fixes).
- perf tools: Fix tracing_path_mount proper path (git-fixes).
- pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).
- pinctrl: meson: fix pinconf bias disable (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).
- pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).
- pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).
- pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).
- pipe: match pipe_max_size data type with procfs (git-fixes).
- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).
- platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).
- platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).
- pnfs: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).
- pnfs: Do not release the sequence slot until we've processed layoutget on open (git-fixes).
- pnfs: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).
- powerpc/64s: consolidate MCE counter increment (bsc#1094244).
- powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).
- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).
- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).
- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).
- powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).
- powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).
- powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).
- powerpc/mm: Fix typo in comments (bsc#1065729).
- powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800).
- powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).
- powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).
- powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120).
- powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).
- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).
- powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).
- powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).
- powerpc/powernv: Fix concurrency issue with npu->mmio_atsd_usage (bsc#1055120).
- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).
- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).
- powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840).
- powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840).
- powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840).
- powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840).
- powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).
- powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).
- powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).
- powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).
- powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).
- powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).
- powerpc/powernv: Rework TCE level allocation (bsc#1061840).
- powerpc/pseries: Fix DTL buffer registration (bsc#1065729).
- powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).
- powerpc/pseries: Fix 'OF: ERROR: Bad of_node_put() on /cpus' during DLPAR (bsc#1113295).
- powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).
- powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295).
- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).
- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).
- powerpc/xive: Move definition of ESB bits (bsc#1061840).
- powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).
- power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).
- power: supply: olpc_battery: correct the temperature units (bsc#1051510).
- pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).
- printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).
- provide linux/set_memory.h (bsc#1113295).
- ptp: fix Spectre v1 vulnerability (bsc#1051510).
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).
- pwm: lpss: Release runtime-pm reference from the driver's remove callback (bsc#1051510).
- pxa168fb: prepare the clock (bsc#1051510).
- qed: Add driver support for 20G link speed (bsc#1110558).
- qed: Add support for virtual link (bsc#1111795).
- qede: Add driver support for 20G link speed (bsc#1110558).
- qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).
- qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).
- r8152: add byte_enable for ocp_read_word function (bsc#1119749).
- r8152: add Linksys USB3GIGV1 id (bsc#1119749).
- r8152: add r8153_phy_status function (bsc#1119749).
- r8152: adjust lpm settings for RTL8153 (bsc#1119749).
- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).
- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).
- r8152: adjust U2P3 for RTL8153 (bsc#1119749).
- r8152: avoid rx queue more than 1000 packets (bsc#1119749).
- r8152: check if disabling ALDPS is finished (bsc#1119749).
- r8152: correct the definition (bsc#1119749).
- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).
- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).
- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).
- r8152: move calling delay_autosuspend function (bsc#1119749).
- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).
- r8152: move the initialization to reset_resume function (bsc#1119749).
- r8152: move the setting of rx aggregation (bsc#1119749).
- r8152: replace napi_complete with napi_complete_done (bsc#1119749).
- r8152: set rx mode early when linking on (bsc#1119749).
- r8152: split rtl8152_resume function (bsc#1119749).
- r8152: support new chip 8050 (bsc#1119749).
- r8152: support RTL8153B (bsc#1119749).
- r8169: fix NAPI handling under high load (networking-stable-18_11_02).
- race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).
- raid10 BUG_ON in raise_barrier when force is true and conf->barrier is 0 (git-fixes).
- random: rate limit unseeded randomness warnings (git-fixes).
- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).
- rcu: Allow for page faults in NMI handlers (bsc#1120092).
- rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).
- rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).
- rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).
- rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).
- rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).
- rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387).
- rds: fix two RCU related problems (networking-stable-18_09_18).
- remoteproc: qcom: Fix potential device node leaks (bsc#1051510).
- reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).
- reset: imx7: Fix always writing bits as 0 (bsc#1051510).
- reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes).
- resource: Include resource end in walk_*() interfaces (bsc#1114279).
- Revert 'blacklist.conf: blacklist inapplicable commits' This reverts commit 88bd1b2b53990d5518b819968445522fb1392bee. We only build with VIRT_CPU_ACCOUNTING_NATIVE on s390
- Revert 'ceph: fix dentry leak in splice_dentry()' (bsc#1114839).
- Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510).
- Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105).
- Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510).
- Revert 'powerpc/64: Fix checksum folding in csum_add()' (bsc#1065729).
- Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322).
- Revert 'usb: dwc3: gadget: skip Set/Clear Halt when invalid' (bsc#1051510).
- Revert wlcore patch to follow stable tree develpment
- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).
- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).
- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).
- rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes).
- rtc: hctosys: Add missing range error reporting (bsc#1051510).
- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).
- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).
- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).
- rtl8xxxu: Fix missing break in switch (bsc#1051510).
- rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).
- rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).
- rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).
- s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).
- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).
- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).
- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).
- s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).
- s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).
- s390/mm: correct allocate_pgste proc_handler callback (git-fixes).
- s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).
- s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).
- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).
- s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).
- s390/qeth: handle failure on workqueue creation (git-fixes).
- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).
- s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).
- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).
- s390: revert ELF_ET_DYN_BASE base changes (git-fixes).
- s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).
- s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).
- s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).
- s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).
- sbitmap: fix race in wait batch accounting (Git-fixes).
- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).
- sched/smt: Expose sched_smt_present static key (bsc#1106913).
- sched/smt: Make sched_smt_present track topology (bsc#1106913).
- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).
- scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).
- scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).
- scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).
- scsi: lpfc: add Trunking support (bsc#1114015).
- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).
- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).
- scsi: lpfc: Correct errors accessing fw log (bsc#1114015).
- scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).
- scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).
- scsi: lpfc: Correct LCB RJT handling (bsc#1114015).
- scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).
- scsi: lpfc: Correct race with abort on completion path (bsc#1114015).
- scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).
- scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).
- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).
- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).
- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).
- scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).
- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).
- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).
- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).
- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).
- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).
- scsi: lpfc: Fix errors in log messages (bsc#1114015).
- scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).
- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).
- scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).
- scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).
- scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).
- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).
- scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).
- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).
- scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).
- scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).
- scsi: lpfc: reduce locking when updating statistics (bsc#1114015).
- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).
- scsi: lpfc: Remove set but not used variable 'sgl_size' (bsc#1114015).
- scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).
- scsi: lpfc: rport port swap discovery issue (bsc#1118215).
- scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).
- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).
- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).
- scsi: qlogicpti: Fix an error handling path in 'qpti_sbus_probe()' (bsc#1114581).
- scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).
- scsi: sg: fix minor memory leak in error path (bsc#1114584).
- scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578).
- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).
- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).
- scsi: target: Fix fortify_panic kernel exception (bsc#1114576).
- scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).
- scsi: target: tcmu: add read length support (bsc#1097755).
- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).
- sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).
- sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).
- sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).
- sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).
- sctp: not increase stream's incnt before sending addstrm_in request (networking-stable-18_11_21).
- sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16).
- serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510).
- shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).
- shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).
- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).
- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).
- skip LAYOUTRETURN if layout is invalid (git-fixes).
- soc: bcm2835: sync firmware properties with downstream ()
- soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).
- soc/tegra: pmc: Fix child-node lookup (bsc#1051510).
- soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).
- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).
- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).
- spi: bcm2835: Fix race on DMA termination (bsc#1051510).
- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).
- spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510).
- spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510).
- spi: sh-msiof: fix deferred probing (bsc#1051510).
- splice: do not read more than available pipe space (bsc#1119212).
- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).
- staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510).
- staging:iio:ad7606: fix voltage scales (bsc#1051510).
- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).
- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).
- staging: rtl8723bs: Fix the return value in case of error in 'rtw_wx_read32()' (bsc#1051510).
- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).
- staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).
- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).
- sunrpc: Allow connect to return EHOSTUNREACH (git-fixes).
- sunrpc: Do not use stack buffer with scatterlist (git-fixes).
- sunrpc: Fix rpc_task_begin trace point (git-fixes).
- sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).
- supported.conf: add raspberrypi-ts driver
- supported.conf: whitelist bluefield eMMC driver
- target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).
- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).
- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).
- tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).
- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).
- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).
- test_firmware: fix error return getting clobbered (bsc#1051510).
- test_hexdump: use memcpy instead of strncpy (bsc#1051510).
- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).
- thermal: bcm2835: enable hwmon explicitly (bsc#1108468).
- thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).
- thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).
- tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).
- tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).
- tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).
- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).
- tools build: fix # escaping in .cmd files for future Make (git-fixes).
- tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes).
- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).
- tools/lib/lockdep: Rename 'trywlock' into 'trywrlock' (bsc#1121973).
- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).
- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).
- tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).
- tpm: add retry logic (bsc#1082555).
- tpm: consolidate the TPM startup code (bsc#1082555).
- tpm: do not suspend/resume if power stays on (bsc#1082555).
- tpm: fix intermittent failure with self tests (bsc#1082555).
- tpm: fix response size validation in tpm_get_random() (bsc#1082555).
- tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).
- tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).
- tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).
- tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).
- tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).
- tpm: Restore functionality to xen vtpm driver (bsc#1082555).
- tpm: self test failure should not cause suspend to fail (bsc#1082555).
- tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).
- tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).
- tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).
- tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).
- tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).
- tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).
- tracing/blktrace: Fix to allow setting same value (Git-fixes).
- tracing: Erase irqsoff trace with empty write (bsc#1117189).
- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).
- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).
- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).
- tracing: Fix double free of event_trigger_data (bsc#1120234).
- tracing: Fix missing return symbol in function_graph output (bsc#1120232).
- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).
- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).
- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).
- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).
- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).
- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).
- tty: check name length in tty_find_polling_driver() (bsc#1051510).
- tty: Do not block on IO when ldisc change is pending (bnc#1105428).
- tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).
- tty: Do not return -EAGAIN in blocking read (bsc#1116040).
- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).
- tty: fix data race between tty_init_dev and flush of buf (bnc#1105428).
- tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428).
- tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428).
- tty/ldsem: Convert to regular lockdep annotations (bnc#1105428).
- tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428).
- tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428).
- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).
- tty: Simplify tty->count math in tty_reopen() (bnc#1105428).
- tty: wipe buffer (bsc#1051510).
- tty: wipe buffer if not echoing data (bsc#1051510).
- tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).
- tuntap: fix multiqueue rx (networking-stable-18_11_21).
- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).
- ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype.
- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).
- udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).
- udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).
- udp6: fix encap return code for resubmitting (git-fixes).
- uio: ensure class is registered before devices (bsc#1051510).
- uio: Fix an Oops on load (bsc#1051510).
- uio: make symbol 'uio_class_registered' static (bsc#1051510).
- unifdef: use memcpy instead of strncpy (bsc#1051510).
- usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510).
- usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).
- usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510).
- usb: core: Fix hub port connection events lost (bsc#1051510).
- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).
- usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).
- usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).
- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).
- usb: dwc3: core: Clean up ULPI device (bsc#1051510).
- usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).
- usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).
- usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510).
- usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510).
- usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).
- usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).
- usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).
- usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).
- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).
- usbip: tools: fix atoi() on non-null terminated string (bsc#1051510).
- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).
- usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).
- usb: misc: appledisplay: add 20' Apple Cinema Display (bsc#1051510).
- usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).
- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).
- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).
- usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).
- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).
- usb: omap_udc: use devm_request_irq() (bsc#1051510).
- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).
- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).
- usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).
- usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510).
- usb: serial: option: add Fibocom NL668 series (bsc#1051510).
- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).
- usb: serial: option: add HP lt4132 (bsc#1051510).
- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).
- usb: serial: option: add Telit LN940 series (bsc#1051510).
- usb: serial: option: add two-endpoints device-id flag (bsc#1051510).
- usb: serial: option: drop redundant interface-class test (bsc#1051510).
- usb: serial: option: improve Quectel EP06 detection (bsc#1051510).
- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).
- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).
- usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).
- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).
- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).
- userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).
- userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809).
- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).
- vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).
- vfs: close race between getcwd() and d_move() (git-fixes).
- vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes).
- vhost: Fix Spectre V1 vulnerability (bsc#1051510).
- vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).
- virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).
- VMCI: Resource wildcard match fixed (bsc#1051510).
- w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).
- watchdog/core: Add missing prototypes for weak functions (git-fixes).
- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).
- wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510).
- Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040).
- x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR's choice (bnc#1112878).
- x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913).
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).
- x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).
- x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).
- x86/decoder: Fix and update the opcodes map (bsc#1058115).
- x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).
- x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).
- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).
- x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).
- x86/l1tf: Show actual SMT state (bsc#1106913).
- x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).
- x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).
- x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).
- x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279).
- x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).
- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).
- x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).
- x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).
- x86/PCI: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058).
- x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058).
- x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).
- x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).
- x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058).
- x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).
- x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).
- x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).
- x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).
- x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058).
- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).
- x86/pti: Document fix wrong index (git-fixes).
- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).
- x86/retpoline: Remove minimal retpoline support (bsc#1106913).
- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).
- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).
- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).
- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).
- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).
- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).
- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).
- x86/speculation: Mark string arrays const correctly (bsc#1106913).
- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).
- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).
- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).
- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).
- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).
- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).
- x86/speculation: Provide IBPB always command line options (bsc#1106913).
- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).
- x86/speculation: Rename SSBD update functions (bsc#1106913).
- x86/speculation: Reorder the spec_v2 code (bsc#1106913).
- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).
- x86/speculation: Rework SMT state change (bsc#1106913).
- x86/speculation: Split out TIF update (bsc#1106913).
- x86/speculation: Support Enhanced IBRS on future CPUs ().
- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).
- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).
- x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).
- xen/balloon: Support xend-based toolstack (bnc#1065600).
- xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).
- xen: fix race in xen_qlock_wait() (bnc#1107256).
- xen: fix xen_qlock_wait() (bnc#1107256).
- xen: make xen_qlock_wait() nestable (bnc#1107256).
- xen/netfront: do not bug in case of too many frags (bnc#1104824).
- xen/netfront: tolerate frags with no data (bnc#1119804).
- xen/pvh: do not try to unplug emulated devices (bnc#1065600).
- xen/pvh: increase early stack size (bnc#1065600).
- xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).
- xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).
- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).
- xfs: Fix error code in 'xfs_ioc_getbmap()' (git-fixes).
- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).
- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).
- xfs: Properly detect when DAX won't be used on any device (bsc#1115976).
- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).
- xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).
- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).
- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).
- xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).
- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).
- xprtrdma: Do not defer fencing an async RPC's chunks (git-fixes).
Patchnames
SUSE-2019-224,SUSE-SLE-Module-Basesystem-15-2019-224,SUSE-SLE-Module-Development-Tools-15-2019-224,SUSE-SLE-Module-Development-Tools-OBS-15-2019-224,SUSE-SLE-Module-Legacy-15-2019-224,SUSE-SLE-Module-Live-Patching-15-2019-224,SUSE-SLE-Product-HA-15-2019-224,SUSE-SLE-Product-WE-15-2019-224
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes.\n\nThis update brings following features:\n\n- Support for Enhanced-IBRS on new Intel CPUs (fate#326564)\n\nThe following security bugs were fixed:\n\n- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n- CVE-2018-12232: In net/socket.c there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash (bnc#1097593).\n- CVE-2018-14625: A flaw was found where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).\n- CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n- CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).\n- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n- CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).\n- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n- CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).\n- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bnc#1120743).\n- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n\nThe following non-security bugs were fixed:\n\n- acpi/apei: Handle GSIV and GPIO notification types (bsc#1115567).\n- acpica: Tables: Add WSMT support (bsc#1089350).\n- acpi/cpcc: Check for valid PCC subspace only if PCC is used (bsc#1117115).\n- acpi/cpcc: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).\n- acpi/iort: Fix iort_get_platform_device_domain() uninitialized pointer value (bsc#1051510).\n- acpi/LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).\n- acpi/nfit: Fix ARS overflow continuation (bsc#1116895).\n- acpi/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).\n- acpi/nfit, x86/mce: Validate a MCE\u0027s address before using it (bsc#1114279).\n- acpi/platform: Add SMB0001 HID to forbidden_id_list (bsc#1051510).\n- acpi/watchdog: Prefer iTCO_wdt always when WDAT table uses RTC SRAM (bsc#1051510).\n- act_ife: fix a potential use-after-free (networking-stable-18_09_11).\n- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).\n- alsa: ac97: Fix incorrect bit shift at AC97-SPSA control write (bsc#1051510).\n- alsa: ca0106: Disable IZD on SB0570 DAC to fix audio pops (bsc#1051510).\n- alsa: control: Fix race between adding and removing a user element (bsc#1051510).\n- alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510).\n- alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n- alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n- alsa: fireface: fix for state to fetch PCM frames (bsc#1051510).\n- alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510).\n- alsa: firewire-lib: fix wrong assignment for \u0027out_packet_without_header\u0027 tracepoint (bsc#1051510).\n- alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).\n- alsa: firewire-lib: use the same print format for \u0027without_header\u0027 tracepoints (bsc#1051510).\n- alsa: hda: Add 2 more models to the power_save blacklist (bsc#1051510).\n- alsa: hda: Add ASRock N68C-S UCC the power_save blacklist (bsc#1051510).\n- alsa: hda - Add mic quirk for the Lenovo G50-30 (17aa:3905) (bsc#1051510).\n- alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).\n- alsa: hda - Add quirk for ASUS G751 laptop (bsc#1051510).\n- alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510).\n- alsa: hda/ca0132 - Call pci_iounmap() instead of iounmap() (bsc#1051510).\n- alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).\n- alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510).\n- alsa: hda - Fix headphone pin config for ASUS G751 (bsc#1051510).\n- alsa: hda: fix unused variable warning (bsc#1051510).\n- alsa: hda/realtek - Add auto-mute quirk for HP Spectre x360 laptop (bsc#1051510).\n- alsa: hda/realtek - Add GPIO data update helper (bsc#1051510).\n- alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).\n- alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).\n- alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).\n- alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).\n- alsa: hda/realtek - Allow skipping spec-\u003einit_amp detection (bsc#1051510).\n- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).\n- alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).\n- alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).\n- alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).\n- alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).\n- alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).\n- alsa: hda/realtek - fix headset mic detection for MSI MS-B171 (bsc#1051510).\n- alsa: hda/realtek - Fix HP Headset Mic can\u0027t record (bsc#1051510).\n- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).\n- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).\n- alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).\n- alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).\n- alsa: hda/realtek - fix the pop noise on headphone for lenovo laptops (bsc#1051510).\n- alsa: hda/realtek - Fix the problem of the front MIC on the Lenovo M715 (bsc#1051510).\n- alsa: hda/realtek - Manage GPIO bits commonly (bsc#1051510).\n- alsa: hda/realtek - Simplify Dell XPS13 GPIO handling (bsc#1051510).\n- alsa: hda/realtek - Support ALC300 (bsc#1051510).\n- alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).\n- alsa: hda/tegra: clear pending irq handlers (bsc#1051510).\n- alsa: oss: Use kvzalloc() for local buffer allocations (bsc#1051510).\n- alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).\n- alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510).\n- alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).\n- alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).\n- alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).\n- alsa: sparc: Fix invalid snd_free_pages() at error path (bsc#1051510).\n- alsa: trident: Suppress gcc string warning (bsc#1051510).\n- alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).\n- alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).\n- alsa: usb-audio: Add vendor and product name for Dell WD19 Dock (bsc#1051510).\n- alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).\n- alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).\n- alsa: usb-audio: update quirk for B\u0026W PX to remove microphone (bsc#1051510).\n- alsa: wss: Fix invalid snd_free_pages() at error path (bsc#1051510).\n- alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).\n- amd/iommu: Fix Guest Virtual APIC Log Tail Address Register (bsc#1106105).\n- apparmor: do not try to replace stale label in ptrace access check (git-fixes).\n- apparmor: do not try to replace stale label in ptraceme check (git-fixes).\n- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).\n- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).\n- arm64: atomics: Remove \u0027\u0026\u0027 from \u0027+\u0026\u0027 asm constraint in lse atomics (bsc#1120613).\n- arm64: cpu_errata: include required headers (bsc#1120615).\n- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).\n- arm64: Enabled ENA (Amazon network driver) for arm64.\n- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).\n- arm64: kvm: Move CPU ID reg trap setup off the world switch path (bsc#1110998).\n- arm64: kvm: Sanitize PSTATE.M when being set from userspace (bsc#1110998).\n- arm64: kvm: Tighten guest core register access from userspace (bsc#1110998).\n- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).\n- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).\n- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).\n- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).\n- arm64/numa: Unify common error path in numa_init() (bsc#1120621).\n- arm64: remove no-op -p linker flag (bsc#1120616).\n- arm: dts: at91: add new compatibility string for macb on sama5d3 (bsc#1051510).\n- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).\n- ASoC: dwc: Added a quirk DW_I2S_QUIRK_16BIT_IDX_OVERRIDE to dwc (bsc#1085535)\n- ASoC: Intel: cht_bsw_max98090: add support for Baytrail (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add quirk for boards using pmc_plt_clk_0 (bsc#1051510).\n- ASoC: Intel: mrfld: fix uninitialized variable access (bsc#1051510).\n- ASoC: intel: skylake: Add missing break in skl_tplg_get_token() (bsc#1051510).\n- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).\n- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).\n- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).\n- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).\n- ASoC: rsnd: fixup clock start checker (bsc#1051510).\n- ASoC: sun8i-codec: fix crash on module removal (bsc#1051510).\n- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).\n- ata: Fix racy link clearance (bsc#1107866).\n- ataflop: fix error handling during setup (bsc#1051510).\n- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).\n- ath10k: schedule hardware restart if WMI command times out (bsc#1051510).\n- ath6kl: Only use match sets when firmware supports it (bsc#1051510).\n- autofs: fix autofs_sbi() does not check super block type (git-fixes).\n- autofs: fix slab out of bounds read in getname_kernel() (git-fixes).\n- autofs: mount point create should honour passed in mode (git-fixes).\n- b43: Fix error in cordic routine (bsc#1051510).\n- badblocks: fix wrong return value in badblocks_set if badblocks are disabled (git-fixes).\n- batman-adv: Expand merged fragment buffer for full packet (bsc#1051510).\n- batman-adv: Use explicit tvlv padding for ELP packets (bsc#1051510).\n- bcache: fix miss key refill-\u003eend in writeback (Git-fixes).\n- bcache: trace missed reading by cache_missed (Git-fixes).\n- bitops: protect variables in bit_clear_unless() macro (bsc#1051510).\n- bitops: protect variables in set_mask_bits() macro (bsc#1051510).\n- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).\n- block: allow max_discard_segments to be stacked (Git-fixes).\n- block: blk_init_allocated_queue() set q-\u003efq as NULL in the fail case (Git-fixes).\n- block: copy ioprio in __bio_clone_fast() (bsc#1082653).\n- block: really disable runtime-pm for blk-mq (Git-fixes).\n- block: reset bi_iter.bi_done after splitting bio (Git-fixes).\n- block: respect virtual boundary mask in bvecs (bsc#1113412).\n- block/swim: Fix array bounds check (Git-fixes).\n- bluetooth: btbcm: Add entry for BCM4335C0 UART bluetooth (bsc#1051510).\n- bluetooth: SMP: fix crash in unpairing (bsc#1051510).\n- bnxt_en: do not try to offload VLAN \u0027modify\u0027 action (bsc#1050242 ).\n- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).\n- bnxt_en: Fix TX timeout during netpoll (networking-stable-18_10_16).\n- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).\n- bnxt_en: free hwrm resources, if driver probe fails (networking-stable-18_10_16).\n- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).\n- bonding: avoid possible dead-lock (networking-stable-18_10_16).\n- bonding: fix length of actor system (networking-stable-18_11_02).\n- bonding: fix warning message (networking-stable-18_10_16).\n- bonding: pass link-local packets to bonding master also (networking-stable-18_10_16).\n- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).\n- bpf: fix partial copy of map_ptr when dst is scalar (bsc#1083647).\n- bpf, net: add skb_mac_header_len helper (networking-stable-18_09_24).\n- bpf: use per htab salt for bucket hash (git-fixes).\n- bpf: wait for running BPF programs when updating map-in-map (bsc#1083647).\n- brcmfmac: fix for proper support of 160MHz bandwidth (bsc#1051510).\n- brcmfmac: fix reporting support for 160 MHz channels (bsc#1051510).\n- brcmutil: really fix decoding channel info for 160 MHz bandwidth (bsc#1051510).\n- bridge: do not add port to router list when receives query with source 0.0.0.0 (networking-stable-18_11_02).\n- btrfs: Always try all copies when reading extent buffers (git-fixes).\n- btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).\n- btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).\n- btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).\n- btrfs: do not check inode\u0027s runtime flags under root-\u003eorphan_lock (bsc#1111469).\n- btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).\n- btrfs: Enhance btrfs_trim_fs function to handle error better (Dependency for bsc#1113667).\n- btrfs: Ensure btrfs_trim_fs can trim the whole filesystem (bsc#1113667).\n- btrfs: fix assertion failure during fsync in no-holes mode (bsc#1118136).\n- btrfs: fix assertion on fsync of regular file when using no-holes feature (bsc#1118137).\n- btrfs: fix cur_offset in the error case for nocow (bsc#1118140).\n- btrfs: fix data corruption due to cloning of eof block (bsc#1116878).\n- btrfs: fix deadlock on tree root leaf when finding free extent (bsc#1116876).\n- btrfs: fix deadlock when writing out free space caches (bsc#1116700).\n- btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).\n- btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).\n- btrfs: fix error handling in btrfs_truncate() (bsc#1111469).\n- btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).\n- btrfs: fix fsync of files with multiple hard links in new directories (1120173).\n- btrfs: fix infinite loop on inode eviction after deduplication of eof block (bsc#1116877).\n- btrfs: Fix memory barriers usage with device stats counters (git-fixes).\n- btrfs: fix null pointer dereference on compressed write path error (bsc#1116698).\n- btrfs: fix use-after-free during inode eviction (bsc#1116701).\n- btrfs: fix use-after-free on root-\u003eorphan_block_rsv (bsc#1111469).\n- btrfs: fix use-after-free when dumping free space (bsc#1116862).\n- btrfs: fix warning when replaying log after fsync of a tmpfile (bsc#1116692).\n- btrfs: fix wrong dentries after fsync of file that got its parent replaced (bsc#1116693).\n- btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).\n- btrfs: get rid of unused orphan infrastructure (bsc#1111469).\n- btrfs: make sure we create all new block groups (bsc#1116699).\n- btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).\n- btrfs: protect space cache inode alloc with GFP_NOFS (bsc#1116863).\n- btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).\n- btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).\n- btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).\n- btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).\n- btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).\n- btrfs: send, fix infinite loop due to directory rename dependencies (bsc#1118138).\n- btrfs: stop creating orphan items for truncate (bsc#1111469).\n- btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).\n- btrfs: update stale comments referencing vmtruncate() (bsc#1111469).\n- cachefiles: fix the race between cachefiles_bury_object() and rmdir(2) (bsc#1051510).\n- can: dev: __can_get_echo_skb(): Do not crash the kernel if can_priv::echo_skb is accessed out of bounds (bsc#1051510).\n- can: dev: can_get_echo_skb(): factor out non sending code to __can_get_echo_skb() (bsc#1051510).\n- can: dev: __can_get_echo_skb(): print error message, if trying to echo non existing skb (bsc#1051510).\n- can: dev: __can_get_echo_skb(): replace struct can_frame by canfd_frame to access frame length (bsc#1051510).\n- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).\n- can: hi311x: Use level-triggered interrupt (bsc#1051510).\n- can: raw: check for CAN FD capable netdev in raw_sendmsg() (bsc#1051510).\n- can: rcar_can: Fix erroneous registration (bsc#1051510).\n- can: rx-offload: introduce can_rx_offload_get_echo_skb() and can_rx_offload_queue_sorted() functions (bsc#1051510).\n- cdc-acm: correct counting of UART states in serial state notification (bsc#1051510).\n- cdc-acm: do not reset notification buffer index upon urb unlinking (bsc#1051510).\n- cdrom: do not attempt to fiddle with cdo-\u003ecapability (bsc#1051510).\n- ceph: do not update importing cap\u0027s mseq when handing cap export (bsc#1121273).\n- ceph: fix dentry leak in ceph_readdir_prepopulate (bsc#1114839).\n- ceph: quota: fix null pointer dereference in quota check (bsc#1114839).\n- cfg80211: Address some corner cases in scan result channel updating (bsc#1051510).\n- cfg80211: fix use-after-free in reg_process_hint() (bsc#1051510).\n- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).\n- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).\n- clk: at91: Fix division by zero in PLL recalc_rate() (bsc#1051510).\n- clk: fixed-factor: fix of_node_get-put imbalance (bsc#1051510).\n- clk: fixed-rate: fix of_node_get-put imbalance (bsc#1051510).\n- clk: mmp2: fix the clock id for sdh2_clk and sdh3_clk (bsc#1051510).\n- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).\n- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).\n- clk: rockchip: Fix static checker warning in rockchip_ddrclk_get_parent call (bsc#1051510).\n- clk: s2mps11: Add used attribute to s2mps11_dt_match (bsc#1051510).\n- clk: s2mps11: Fix matching when built as module and DT node contains compatible (bsc#1051510).\n- clk: samsung: exynos5420: Enable PERIS clocks for suspend (bsc#1051510).\n- clockevents/drivers/i8253: Add support for PIT shutdown quirk (bsc#1051510).\n- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).\n- config: arm64: enable erratum 1024718\n- configfs: replace strncpy with memcpy (bsc#1051510).\n- cpufeature: avoid warning when compiling with clang (Git-fixes).\n- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).\n- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).\n- cpupower: remove stringop-truncation waring (git-fixes).\n- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).\n- crypto: caam - fix implicit casts in endianness helpers (bsc#1051510).\n- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().\n- crypto: ccp - Add GET_ID SEV command ().\n- crypto: ccp - Add psp enabled message when initialization succeeds ().\n- crypto: ccp - Add support for new CCP/PSP device ID ().\n- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().\n- crypto: ccp - Fix static checker warning ().\n- crypto: ccp - Remove unused #defines ().\n- crypto: ccp - Support register differences between PSP devices ().\n- crypto: lrw - Fix out-of bounds access on counter overflow (bsc#1051510).\n- crypto: simd - correctly take reqsize of wrapped skcipher into account (bsc#1051510).\n- crypto: tcrypt - fix ghash-generic speed test (bsc#1051510).\n- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).\n- dax: Check page-\u003emapping isn\u0027t NULL (bsc#1120054).\n- dax: Do not access a freed inode (bsc#1120055).\n- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).\n- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).\n- disable stringop truncation warnings for now (git-fixes).\n- dm: allocate struct mapped_device with kvzalloc (Git-fixes).\n- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).\n- dm cache: fix resize crash if user does not reload cache table (Git-fixes).\n- dm cache metadata: ignore hints array being too small during resize (Git-fixes).\n- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).\n- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).\n- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).\n- dm crypt: do not decrease device limits (Git-fixes).\n- dm: fix report zone remapping to account for partition offset (Git-fixes).\n- dm integrity: change \u0027suspending\u0027 variable from bool to int (Git-fixes).\n- dm ioctl: harden copy_params()\u0027s copy_from_user() from malicious users (Git-fixes).\n- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).\n- dm linear: fix linear_end_io conditional definition (Git-fixes).\n- dm thin: handle running out of data space vs concurrent discard (Git-fixes).\n- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).\n- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).\n- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).\n- dm writecache: report start_sector in status line (Git-fixes).\n- dm zoned: fix metadata block ref counting (Git-fixes).\n- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).\n- doc/README.SUSE: correct GIT url No more gitorious, github we use.\n- Documentation/l1tf: Fix small spelling typo (bsc#1051510).\n- Documentation/l1tf: Fix typos (bsc#1051510).\n- Documentation/l1tf: Remove Yonah processors from not vulnerable list (bsc#1051510).\n- do d_instantiate/unlock_new_inode combinations safely (git-fixes).\n- driver/dma/ioat: Call del_timer_sync() without holding prep_lock (bsc#1051510).\n- drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).\n- drivers/net/usb/r8152: remove the unneeded variable \u0027ret\u0027 in rtl8152_system_suspend (bsc#1119749).\n- drivers/tty: add missing of_node_put() (bsc#1051510).\n- drm/amdgpu: add missing CHIP_HAINAN in amdgpu_ucode_get_load_type (bsc#1051510).\n- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)\n- drm/amdgpu/powerplay: fix missing break in switch statements (bsc#1113722)\n- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)\n- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)\n- drm/ast: change resolution may cause screen blurred (boo#1112963).\n- drm/ast: fixed cursor may disappear sometimes (bsc#1051510).\n- drm/ast: Fix incorrect free on ioregs (bsc#1051510).\n- drm/ast: Remove existing framebuffers before loading driver (boo#1112963)\n- drm/dp_mst: Check if primary mstb is null (bsc#1051510).\n- drm/dp_mst: Skip validating ports during destruction, just ref (bsc#1051510).\n- drm/edid: Add 6 bpc quirk for BOE panel (bsc#1051510).\n- drm/edid: Add 6 bpc quirk for BOE panel in HP Pavilion 15-n233sl (bsc#1113722)\n- drm/fb-helper: Ignore the value of fb_var_screeninfo.pixclock (bsc#1113722)\n- drm: fb-helper: Reject all pixel format changing requests (bsc#1113722)\n- drm/hisilicon: hibmc: Do not carry error code in HiBMC framebuffer (bsc#1113722)\n- drm/hisilicon: hibmc: Do not overwrite fb helper surface depth (bsc#1113722)\n- drm/i915/audio: Hook up component bindings even if displays are (bsc#1113722)\n- drm/i915: Do not oops during modeset shutdown after lpe audio deinit (bsc#1051510).\n- drm/i915: Do not unset intel_connector-\u003emst_port (bsc#1051510).\n- drm/i915/dp: Link train Fallback on eDP only if fallback link BW can fit panel\u0027s native mode (bsc#1051510).\n- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)\n- drm/i915/execlists: Force write serialisation into context image vs execution (bsc#1051510).\n- drm/i915: Fix ilk+ watermarks when disabling pipes (bsc#1051510).\n- drm/i915/gen9+: Fix initial readout for Y tiled framebuffers (bsc#1113722)\n- drm/i915/glk: Remove 99% limitation (bsc#1051510).\n- drm/i915/hdmi: Add HDMI 2.0 audio clock recovery N values (bsc#1051510).\n- drm/i915: Large page offsets for pread/pwrite (bsc#1051510).\n- drm/i915: Mark pin flags as u64 (bsc#1051510).\n- drm/i915: Restore vblank interrupts earlier (bsc#1051510).\n- drm/i915: Skip vcpi allocation for MSTB ports that are gone (bsc#1051510).\n- drm/i915: Write GPU relocs harder with gen3 (bsc#1051510).\n- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)\n- drm/mediatek: fix OF sibling-node lookup (bsc#1106110)\n- drm/meson: add support for 1080p25 mode (bsc#1051510).\n- drm/meson: Enable fast_io in meson_dw_hdmi_regmap_config (bsc#1051510).\n- drm/meson: Fix OOB memory accesses in meson_viu_set_osd_lut() (bsc#1051510).\n- drm/msm: fix OF child-node lookup (bsc#1106110)\n- drm/nouveau: Check backlight IDs are \u003e= 0, not \u003e 0 (bsc#1051510).\n- drm/nouveau: Do not disable polling in fallback mode (bsc#1103356).\n- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)\n- drm/omap: fix memory barrier bug in DMM driver (bsc#1051510).\n- drm: rcar-du: Fix external clock error checks (bsc#1113722)\n- drm: rcar-du: Fix vblank initialization (bsc#1113722)\n- drm/rockchip: Allow driver to be shutdown on reboot/kexec (bsc#1051510).\n- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)\n- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)\n- drm/sti: do not remove the drm_bridge that was never added (bsc#1100132)\n- drm/vc4: Set -\u003eis_yuv to false when num_planes == 1 (bsc#1113722)\n- drm/vc4: -\u003ex_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)\n- drm/virtio: fix bounds check in virtio_gpu_cmd_get_capset() (bsc#1113722)\n- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).\n- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).\n- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).\n- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).\n- dt-bindings: iio: update STM32 timers clock names (git-fixes).\n- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).\n- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).\n- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).\n- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).\n- dt-bindings: pwm: renesas: tpu: Fix \u0027compatible\u0027 prop description (git-fixes).\n- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).\n- EDAC, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279).\n- EDAC: Raise the maximum number of memory controllers (bsc#1113780).\n- EDAC, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).\n- EDAC, thunderx: Fix memory leak in thunderx_l2c_threaded_isr() (bsc#1114279).\n- efi: Move some sysfs files to be read-only by root (bsc#1051510).\n- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).\n- exportfs: fix \u0027passing zero to ERR_PTR()\u0027 warning (bsc#1118773).\n- ext2: fix potential use after free (bsc#1118775).\n- ext4: add missing brelse() add_new_gdb_meta_bg()\u0027s error path (bsc#1117795).\n- ext4: add missing brelse() in set_flexbg_block_bitmap()\u0027s error path (bsc#1117794).\n- ext4: add missing brelse() update_backups()\u0027s error path (bsc#1117796).\n- ext4: avoid buffer leak in ext4_orphan_add() after prior errors (bsc#1117802).\n- ext4: avoid buffer leak on shutdown in ext4_mark_iloc_dirty() (bsc#1117801).\n- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).\n- ext4: avoid potential extra brelse in setup_new_flex_group_blocks() (bsc#1117792).\n- ext4: fix buffer leak in __ext4_read_dirblock() on error path (bsc#1117807).\n- ext4: fix buffer leak in ext4_xattr_move_to_block() on error path (bsc#1117806).\n- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).\n- ext4: fix missing cleanup if ext4_alloc_flex_bg_array() fails while resizing (bsc#1117798).\n- ext4: fix possible inode leak in the retry loop of ext4_resize_fs() (bsc#1117799).\n- ext4: fix possible leak of sbi-\u003es_group_desc_leak in error path (bsc#1117803).\n- ext4: fix possible leak of s_journal_flag_rwsem in error path (bsc#1117804).\n- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).\n- ext4: fix setattr project check in fssetxattr ioctl (bsc#1117789).\n- ext4: fix use-after-free race in ext4_remount()\u0027s error path (bsc#1117791).\n- ext4: initialize retries variable in ext4_da_write_inline_data_begin() (bsc#1117788).\n- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).\n- ext4: propagate error from dquot_initialize() in EXT4_IOC_FSSETXATTR (bsc#1117790).\n- ext4: release bs.bh before re-using in ext4_xattr_block_find() (bsc#1117805).\n- extable: Consolidate *kernel_text_address() functions (bsc#1120092).\n- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).\n- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)\n- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)\n- fbdev: fix broken menu dependencies (bsc#1113722)\n- firmware: add firmware_request_nowarn() - load firmware without warnings ().\n- firmware: dcdbas: Add support for WSMT ACPI table (bsc#1089350 ).\n- firmware: dcdbas: include linux/io.h (bsc#1089350).\n- Fix the breakage of KMP build on x86_64 (bsc#1121017).\n- Fix tracing sample code warning (git-fixes).\n- floppy: fix race condition in __floppy_read_block_0() (bsc#1051510).\n- flow_dissector: do not dissect l4 ports for fragments (networking-stable-18_11_21).\n- fscache: fix race between enablement and dropping of object (bsc#1107385).\n- fscache: Fix race in fscache_op_complete() due to split atomic_sub \u0026 read (Git-fixes).\n- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).\n- fs: dcache: Avoid livelock between d_alloc_parallel and __d_add (git-fixes).\n- fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (git-fixes).\n- fs: dcache: Use READ_ONCE when accessing i_dir_seq (git-fixes).\n- fs: Do not leak MNT_INTERNAL away from internal mounts (git-fixes).\n- fs: fix lost error code in dio_complete (bsc#1118762).\n- fs: Make extension of struct super_block transparent (bsc#1117822).\n- fsnotify: Fix busy inodes during unmount (bsc#1117822).\n- fsnotify: fix ignore mask logic in fsnotify() (bsc#1115074).\n- fs/xfs: Use %pS printk format for direct addresses (git-fixes).\n- ftrace: Fix debug preempt config name in stack_tracer_{en,dis}able (bsc#1117172).\n- ftrace: Fix kmemleak in unregister_ftrace_graph (bsc#1117181).\n- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled (bsc#1117174).\n- ftrace: Remove incorrect setting of glob search field (bsc#1117184).\n- fuse: fix blocked_waitq wakeup (git-fixes).\n- fuse: fix leaked notify reply (git-fixes).\n- fuse: fix possibly missed wake-up after abort (git-fixes).\n- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).\n- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).\n- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).\n- fuse: set FR_SENT while locked (git-fixes).\n- gcc-plugins: Add include required by GCC release 8 (git-fixes).\n- gcc-plugins: Use dynamic initializers (git-fixes).\n- genirq: Fix race on spurious interrupt detection (bsc#1051510).\n- getname_kernel() needs to make sure that -\u003ename != -\u003einame in long case (git-fixes).\n- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).\n- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).\n- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).\n- gfs2_meta: -\u003emount() can get NULL dev_name (bsc#1118768).\n- gfs2: Put bitmap buffers in put_super (bsc#1118772).\n- git_sort.py: Remove non-existent remote tj/libata\n- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).\n- gpio: do not free unallocated ida on gpiochip_add_data_with_key() error path (bsc#1051510).\n- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).\n- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).\n- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).\n- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).\n- grace: replace BUG_ON by WARN_ONCE in exit_net hook (git-fixes).\n- gso_segment: Reset skb-\u003emac_len after modifying network header (networking-stable-18_09_24).\n- hid: Add quirk for Primax PIXART OEM mice (bsc#1119410).\n- hid: hiddev: fix potential Spectre v1 (bsc#1051510).\n- hid: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).\n- hid: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).\n- hid: uhid: forbid UHID_CREATE under KERNEL_DS or elevated privileges (bsc#1051510).\n- hv_netvsc: ignore devices that are not PCI (networking-stable-18_09_11).\n- hwmon: (core) Fix double-free in __hwmon_device_register() (bsc#1051510).\n- hwmon: (ibmpowernv) Remove bogus __init annotations (bsc#1051510).\n- hwmon: (ina2xx) Fix current value calculation (bsc#1051510).\n- hwmon (ina2xx) Fix NULL id pointer in probe() (bsc#1051510).\n- hwmon: (nct6775) Fix potential Spectre v1 (bsc#1051510).\n- hwmon: (pmbus) Fix page count auto-detection (bsc#1051510).\n- hwmon: (pwm-fan) Set fan speed to 0 on suspend (bsc#1051510).\n- hwmon: (raspberrypi) Fix initial notify (bsc#1051510).\n- hwmon: (w83795) temp4_type has writable permission (bsc#1051510).\n- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n- hwrng: core - document the quality field (bsc#1051510).\n- i2c: axxia: properly handle master timeout (bsc#1051510).\n- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).\n- IB/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).\n- ibmvnic: Convert reset work item mutex to spin lock ().\n- ibmvnic: fix accelerated VLAN handling ().\n- ibmvnic: fix index in release_rx_pools (bsc#1115440, bsc#1115433).\n- ibmvnic: Fix non-atomic memory allocation in IRQ context ().\n- ibmvnic: remove ndo_poll_controller ().\n- ibmvnic: Update driver queues after change in ring size support ().\n- IB/rxe: support for 802.1q VLAN on the listener (bsc#1082387).\n- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).\n- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).\n- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n- iio: accel: adxl345: convert address field usage in iio_chan_spec (bsc#1051510).\n- iio: ad5064: Fix regulator handling (bsc#1051510).\n- iio: adc: at91: fix acking DRDY irq on simple conversions (bsc#1051510).\n- iio: adc: at91: fix wrong channel number in triggered buffer mode (bsc#1051510).\n- iio: adc: imx25-gcq: Fix leak of device_node in mx25_gcq_setup_cfgs() (bsc#1051510).\n- iio:st_magn: Fix enable device after trigger (bsc#1051510).\n- ima: fix showing large \u0027violations\u0027 or \u0027runtime_measurements_count\u0027 (bsc#1051510).\n- include/linux/pfn_t.h: force \u0027~\u0027 to be parsed as an unary operator (bsc#1051510).\n- Include modules.fips in kernel-binary as well as kernel-binary-base ().\n- inet: make sure to grab rcu_read_lock before using ireq-\u003eireq_opt (networking-stable-18_10_16).\n- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).\n- Input: add official Raspberry Pi\u0027s touchscreen driver ().\n- Input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).\n- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).\n- Input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15IGM (bsc#1051510).\n- Input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).\n- Input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).\n- Input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).\n- Input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).\n- Input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).\n- Input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).\n- Input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).\n- Input: synaptics - avoid using uninitialized variable when probing (bsc#1051510).\n- Input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).\n- Input: xpad - add PDP device id 0x02a4 (bsc#1051510).\n- Input: xpad - add support for Xbox1 PDP Camo series gamepad (bsc#1051510).\n- Input: xpad - avoid using __set_bit() for capabilities (bsc#1051510).\n- Input: xpad - fix some coding style issues (bsc#1051510).\n- Input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).\n- integrity/security: fix digsig.c build error with header file (bsc#1051510).\n- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).\n- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).\n- iommu/arm-smmu: Ensure that page-table updates are visible before TLBI (bsc#1106237).\n- iommu/ipmmu-vmsa: Fix crash on early domain free (bsc#1106105).\n- iommu/vt-d: Fix NULL pointer dereference in prq_event_thread() (bsc#1106105).\n- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).\n- iommu/vt-d: Use memunmap to free memremap (bsc#1106105).\n- ip6_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n- ip6_tunnel: Fix encapsulation layout (networking-stable-18_11_02).\n- ip6_vti: fix a null pointer deference when destroy vti6 tunnel (networking-stable-18_09_11).\n- ipmi: Fix timer race with module unload (bsc#1051510).\n- ip_tunnel: be careful when accessing the inner header (networking-stable-18_10_16).\n- ip_tunnel: do not force DF when MTU is locked (networking-stable-18_11_21).\n- ipv4: lock mtu in fnhe when received PMTU \u003c net.ipv4.route.min_pmtu (networking-stable-18_11_21).\n- ipv4: tcp: send zero IPID for RST and ACK sent in SYN-RECV and TIME-WAIT state (networking-stable-18_09_11).\n- ipv6: Fix PMTU updates for UDP/raw sockets in presence of VRF (networking-stable-18_11_21).\n- ipv6: fix possible use-after-free in ip6_xmit() (networking-stable-18_09_24).\n- ipv6: mcast: fix a use-after-free in inet6_mc_check (networking-stable-18_11_02).\n- ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called (networking-stable-18_11_02).\n- ipv6: take rcu lock in rawv6_send_hdrinc() (networking-stable-18_10_16).\n- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).\n- iwlwifi: dbg: allow wrt collection before ALIVE (bsc#1051510).\n- iwlwifi: do not WARN on trying to dump dead firmware (bsc#1051510).\n- iwlwifi: fix LED command capability bit (bsc#1119086).\n- iwlwifi: fix non_shared_ant for 22000 devices (bsc#1119086).\n- iwlwifi: fix wrong WGDS_WIFI_DATA_SIZE (bsc#1119086).\n- iwlwifi: mvm: check for short GI only for OFDM (bsc#1051510).\n- iwlwifi: mvm: check return value of rs_rate_from_ucode_rate() (bsc#1051510).\n- iwlwifi: mvm: do not send GEO_TX_POWER_LIMIT to old firmwares (bsc#1119086).\n- iwlwifi: mvm: do not use SAR Geo if basic SAR is not used (bsc#1051510).\n- iwlwifi: mvm: fix BAR seq ctrl reporting (bsc#1051510).\n- iwlwifi: mvm: fix regulatory domain update when the firmware starts (bsc#1051510).\n- iwlwifi: mvm: support sta_statistics() even on older firmware (bsc#1051510).\n- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).\n- iwlwifi: pcie: avoid empty free RB queue (bsc#1051510).\n- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).\n- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).\n- jump_label: Split out code under the hotplug lock (bsc#1106913).\n- kabi: hide new member in struct iommu_table from genksyms (bsc#1061840).\n- kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n- kabi: mask raw in struct bpf_reg_state (bsc#1083647).\n- kabi: powerpc: export __find_linux_pte as __find_linux_pte_or_hugepte (bsc#1061840).\n- kabi: powerpc: Revert npu callback signature change (bsc#1055120).\n- kabi protect hnae_ae_ops (bsc#1104353).\n- kabi/severities: ignore __xive_vm_h_* KVM internal symbols.\n- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).\n- kbuild: fix # escaping in .cmd files for future Make (git-fixes).\n- kbuild: fix kernel/bounds.c \u0027W=1\u0027 warning (bsc#1051510).\n- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).\n- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).\n- kbuild: move \u0027_all\u0027 target out of $(KBUILD_SRC) conditional (bsc#1114279).\n- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).\n- kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).\n- kbuild: verify that $DEPMOD is installed (git-fixes).\n- kdb: use memmove instead of overlapping memcpy (bsc#1120954).\n- kernfs: Replace strncpy with memcpy (bsc#1120053).\n- kernfs: update comment about kernfs_path() return value (bsc#1051510).\n- keys: Fix the use of the C++ keyword \u0027private\u0027 in uapi/linux/keyctl.h (Git-fixes).\n- kgdboc: Passing ekgdboc to command line causes panic (bsc#1051510).\n- kobject: Replace strncpy with memcpy (git-fixes).\n- kprobes: Make list and blacklist root user read only (git-fixes).\n- kvm: arm/arm64: Introduce vcpu_el1_is_32bit (bsc#1110998).\n- kvm: nVMX: Always reflect #NM VM-exits to L1 (bsc#1106240).\n- kvm: nVMX: move check_vmentry_postreqs() call to nested_vmx_enter_non_root_mode() (bsc#1106240).\n- kvm: PPC: Add pt_regs into kvm_vcpu_arch and move vcpu-\u003earch.gpr[] into it (bsc#1061840).\n- kvm: PPC: Avoid marking DMA-mapped pages dirty in real mode (bsc#1061840).\n- kvm: PPC: Book3S: Add MMIO emulation for VMX instructions (bsc#1061840).\n- kvm: PPC: Book3S: Allow backing bigger guest IOMMU pages with smaller physical pages (bsc#1061840).\n- kvm: PPC: Book3S: Check KVM_CREATE_SPAPR_TCE_64 parameters (bsc#1061840).\n- kvm: PPC: Book3S: Eliminate some unnecessary checks (bsc#1061840).\n- kvm: PPC: Book3S: Fix compile error that occurs with some gcc versions (bsc#1061840).\n- kvm: PPC: Book3S: Fix matching of hardware and emulated TCE tables (bsc#1061840).\n- kvm: PPC: Book3S HV: Add of_node_put() in success path (bsc#1061840).\n- kvm: PPC: Book3S HV: Add \u0027online\u0027 register to ONE_REG interface (bsc#1061840).\n- kvm: PPC: Book3S HV: Allow creating max number of VCPUs on POWER9 (bsc#1061840).\n- kvm: PPC: Book3S HV: Allow HPT and radix on the same core for POWER9 v2.2 (bsc#1061840).\n- kvm: PPC: Book3S HV: Avoid crash from THP collapse during radix page fault (bsc#1061840).\n- kvm: PPC: Book3S HV: Avoid shifts by negative amounts (bsc#1061840).\n- kvm: PPC: Book3S HV: Check DR not IR to chose real vs virt mode MMIOs (bsc#1061840).\n- kvm: PPC: Book3S HV: Do not truncate HPTE index in xlate function (bsc#1061840).\n- kvm: PPC: Book3S HV: Do not use compound_order to determine host mapping size (bsc#1061840).\n- kvm: PPC: Book3S HV: Do not use existing \u0027prodded\u0027 flag for XIVE escalations (bsc#1061840).\n- kvm: PPC: Book 3S HV: Do ptesync in radix guest exit path (bsc#1061840).\n- kvm: PPC: Book3S HV: Do SLB load/unload with guest LPCR value loaded (bsc#1061840).\n- kvm: PPC: Book3S HV: Enable migration of decrementer register (bsc#1061840).\n- kvm: PPC: Book3S HV: Factor fake-suspend handling out of kvmppc_save/restore_tm (bsc#1061840).\n- kvm: PPC: Book3S HV: Fix conditions for starting vcpu (bsc#1061840).\n- kvm: PPC: Book3S HV: Fix constant size warning (bsc#1061840).\n- kvm: PPC: Book3S HV: Fix duplication of host SLB entries (bsc#1061840).\n- kvm: PPC: Book3S HV: Fix guest r11 corruption with POWER9 TM workarounds (bsc#1061840).\n- kvm: PPC: Book3S HV: Fix handling of large pages in radix page fault handler (bsc#1061840).\n- kvm: PPC: Book3S HV: Fix handling of secondary HPTEG in HPT resizing code (bsc#1061840).\n- kvm: PPC: Book3S HV: Fix inaccurate comment (bsc#1061840).\n- kvm: PPC: Book3S HV: Fix kvmppc_bad_host_intr for real mode interrupts (bsc#1061840).\n- kvm: PPC: Book3S HV: Fix trap number return from __kvmppc_vcore_entry (bsc#1061840).\n- kvm: PPC: Book3S HV: Fix typo in kvmppc_hv_get_dirty_log_radix() (bsc#1061840).\n- kvm: PPC: Book3S HV: Fix VRMA initialization with 2MB or 1GB memory backing (bsc#1061840).\n- kvm: PPC: Book3S HV: Handle 1GB pages in radix page fault handler (bsc#1061840).\n- kvm: PPC: Book3S HV: Improve handling of debug-trigger HMIs on POWER9 (bsc#1061840).\n- kvm: PPC: Book3S HV: Keep XIVE escalation interrupt masked unless ceded (bsc#1061840).\n- kvm: PPC: Book3S HV: Lockless tlbie for HPT hcalls (bsc#1061840).\n- kvm: PPC: Book3S HV: Make HPT resizing work on POWER9 (bsc#1061840).\n- kvm: PPC: Book3S HV: Make radix clear pte when unmapping (bsc#1061840).\n- kvm: PPC: Book3S HV: Make radix use correct tlbie sequence in kvmppc_radix_tlbie_page (bsc#1061840).\n- kvm: PPC: Book3S HV: Make xive_pushed a byte, not a word (bsc#1061840).\n- kvm: PPC: Book3S HV: Pack VCORE IDs to access full VCPU ID space (bsc#1061840).\n- kvm: PPC: Book3S HV: radix: Do not clear partition PTE when RC or write bits do not match (bsc#1061840).\n- kvm: PPC: Book3S HV: Radix page fault handler optimizations (bsc#1061840).\n- kvm: PPC: Book3S HV: radix: Refine IO region partition scope attributes (bsc#1061840).\n- kvm: PPC: Book3S HV: Read kvm-\u003earch.emul_smt_mode under kvm-\u003elock (bsc#1061840).\n- kvm: PPC: Book3S HV: Recursively unmap all page table entries when unmapping (bsc#1061840).\n- kvm: PPC: Book3S HV: Remove useless statement (bsc#1061840).\n- kvm: PPC: Book3S HV: Remove vcpu-\u003earch.dec usage (bsc#1061840).\n- kvm: PPC: Book3S HV: Send kvmppc_bad_interrupt NMIs to Linux handlers (bsc#1061840).\n- kvm: PPC: Book3S HV: Set RWMR on POWER8 so PURR/SPURR count correctly (bsc#1061840).\n- kvm: PPC: Book3S HV: Snapshot timebase offset on guest entry (bsc#1061840).\n- kvm: PPC: Book3S HV: Streamline setting of reference and change bits (bsc#1061840).\n- kvm: PPC: Book3S HV: Use a helper to unmap ptes in the radix fault path (bsc#1061840).\n- kvm: PPC: Book3S HV: Use __gfn_to_pfn_memslot() in page fault handler (bsc#1061840).\n- kvm: PPC: Book3S HV: XIVE: Resend re-routed interrupts on CPU priority change (bsc#1061840).\n- kvm: PPC: Book3S PR: Add guest MSR parameter for kvmppc_save_tm()/kvmppc_restore_tm() (bsc#1061840).\n- kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).\n- kvm: PPC: Book3S PR: Move kvmppc_save_tm/kvmppc_restore_tm to separate file (bsc#1061840).\n- kvm: PPC: Book3S: Use correct page shift in H_STUFF_TCE (bsc#1061840).\n- kvm: PPC: Fix a mmio_host_swabbed uninitialized usage issue (bsc#1061840).\n- kvm: PPC: Make iommu_table::it_userspace big endian (bsc#1061840).\n- kvm: PPC: Move nip/ctr/lr/xer registers to pt_regs in kvm_vcpu_arch (bsc#1061840).\n- kvm: PPC: Use seq_puts() in kvmppc_exit_timing_show() (bsc#1061840).\n- kvm: s390: vsie: copy wrapping keys to right place (git-fixes).\n- kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279).\n- kvm: VMX: re-add ple_gap module parameter (bsc#1106240).\n- kvm: x86: Fix kernel info-leak in KVM_HC_CLOCK_PAIRING hypercall (bsc#1106240).\n- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).\n- libceph: bump CEPH_MSG_MAX_DATA_LEN (bsc#1114839).\n- libceph: fall back to sendmsg for slab pages (bsc#1118316).\n- libertas: do not set URB_ZERO_PACKET on IN USB transfer (bsc#1051510).\n- libertas_tf: prevent underflow in process_cmdrequest() (bsc#1119086).\n- libnvdimm, dimm: Maximize label transfer size (bsc#1111921, bsc#1113408, bsc#1113972).\n- libnvdimm: Hold reference on parent while scheduling async init (bsc#1116891).\n- libnvdimm, label: change nvdimm_num_label_slots per UEFI 2.7 (bsc#1111921, bsc#1113408, bsc#1113972).\n- libnvdimm, label: Fix sparse warning (bsc#1111921, bsc#1113408, bsc#1113972).\n- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).\n- libnvdimm, region: Fail badblocks listing for inactive regions (bsc#1116899).\n- lib/raid6: Fix arm64 test build (bsc#1051510).\n- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).\n- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).\n- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).\n- livepatch: create and include UAPI headers ().\n- llc: set SOCK_RCU_FREE in llc_sap_add_socket() (networking-stable-18_11_02).\n- lockd: fix \u0027list_add double add\u0027 caused by legacy signal interface (git-fixes).\n- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).\n- locking/static_keys: Improve uninitialized key warning (bsc#1106913).\n- mac80211: Always report TX status (bsc#1051510).\n- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).\n- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).\n- mac80211: fix TX status reporting for ieee80211s (bsc#1051510).\n- mac80211_hwsim: do not omit multicast announce of first added radio (bsc#1051510).\n- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).\n- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).\n- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).\n- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).\n- mac80211: TDLS: fix skb queue/priority assignment (bsc#1051510).\n- mach64: fix display corruption on big endian machines (bsc#1113722)\n- mach64: fix image corruption due to reading accelerator registers (bsc#1113722)\n- mailbox: PCC: handle parse error (bsc#1051510).\n- make sure that __dentry_kill() always invalidates d_seq, unhashed or not (git-fixes).\n- Mark HI and TASKLET softirq synchronous (git-fixes).\n- md: allow metadata updates while suspending an array - fix (git-fixes).\n- MD: fix invalid stored role for a disk - try2 (git-fixes).\n- md: fix NULL dereference of mddev-\u003epers in remove_and_add_spares() (git-fixes).\n- md: fix raid10 hang issue caused by barrier (git-fixes).\n- md/raid10: fix that replacement cannot complete recovery after reassemble (git-fixes).\n- md/raid1: add error handling of read error from FailFast device (git-fixes).\n- md/raid5-cache: disable reshape completely (git-fixes).\n- md/raid5: fix data corruption of replacements after originals dropped (git-fixes).\n- media: cx231xx: fix potential sign-extension overflow on large shift (bsc#1051510).\n- media: dvb: fix compat ioctl translation (bsc#1051510).\n- media: em28xx: fix input name for Terratec AV 350 (bsc#1051510).\n- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).\n- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).\n- media: em28xx: use a default format if TRY_FMT fails (bsc#1051510).\n- media: omap3isp: Unregister media device as first (bsc#1051510).\n- media: pci: cx23885: handle adding to list failure (bsc#1051510).\n- media: tvp5150: avoid going past array on v4l2_querymenu() (bsc#1051510).\n- media: tvp5150: fix switch exit in set control handler (bsc#1051510).\n- media: tvp5150: fix width alignment during set_selection() (bsc#1051510).\n- media: uvcvideo: Fix uvc_alloc_entity() allocation alignment (bsc#1051510).\n- media: v4l2-tpg: fix kernel oops when enabling HFLIP and OSD (bsc#1051510).\n- media: vsp1: Fix YCbCr planar formats pitch calculation (bsc#1051510).\n- memory_hotplug: cond_resched in __remove_pages (bnc#1114178).\n- mfd: arizona: Correct calling of runtime_put_sync (bsc#1051510).\n- mfd: menelaus: Fix possible race condition and leak (bsc#1051510).\n- mfd: omap-usb-host: Fix dts probe of children (bsc#1051510).\n- mlxsw: spectrum: Fix IP2ME CPU policer configuration (networking-stable-18_11_21).\n- mmc: bcm2835: reset host on timeout (bsc#1051510).\n- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).\n- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).\n- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).\n- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).\n- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).\n- mmc: dw_mmc-rockchip: correct property names in debug (bsc#1051510).\n- mmc: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).\n- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).\n- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).\n- mmc: sdhci-pci-o2micro: Add quirk for O2 Micro dev 0x8620 rev 0x01 (bsc#1051510).\n- mm: do not miss the last page because of round-off error (bnc#1118798).\n- mm: do not warn about large allocations for slab (git fixes (slab)).\n- mm: handle no memcg case in memcg_kmem_charge() properly (bnc#1113677).\n- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).\n- mm/huge_memory: fix lockdep complaint on 32-bit i_size_read() (VM Functionality, bsc#1121599).\n- mm/huge_memory: rename freeze_page() to unmap_page() (VM Functionality, bsc#1121599).\n- mm/huge_memory: splitting set mapping+index before unfreeze (VM Functionality, bsc#1121599).\n- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).\n- mm/khugepaged: collapse_shmem() do not crash on Compound (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() remember to clear holes (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() stop if punched or truncated (VM Functionality, bsc#1121599).\n- mm/khugepaged: collapse_shmem() without freezing new_page (VM Functionality, bsc#1121599).\n- mm/khugepaged: fix crashes due to misaccounted holes (VM Functionality, bsc#1121599).\n- mm/khugepaged: minor reorderings in collapse_shmem() (VM Functionality, bsc#1121599).\n- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).\n- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).\n- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).\n- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).\n- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).\n- mm: only report isolation failures when offlining memory (generic hotplug debugability).\n- mm: print more information about mapping in __dump_page (generic hotplug debugability).\n- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).\n- mm: rework memcg kernel stack accounting (bnc#1113677).\n- mm: sections are not offlined during memory hotremove (bnc#1119968).\n- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).\n- mm/vmstat.c: fix NUMA statistics updates (git fixes).\n- modpost: ignore livepatch unresolved relocations ().\n- mount: Do not allow copying MNT_UNBINDABLE|MNT_LOCKED mounts (bsc#1117819).\n- mount: Prevent MNT_DETACH from disconnecting locked mounts (bsc#1117820).\n- mount: Retest MNT_LOCKED in do_umount (bsc#1117818).\n- Move dell_rbu fix to sorted section (bsc#1087978).\n- mtd: cfi: convert inline functions to macros (git-fixes).\n- mtd: Fix comparison in map_word_andequal() (git-fixes).\n- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).\n- nbd: do not allow invalid blocksize settings (Git-fixes).\n- neighbour: confirm neigh entries when ARP packet is received (networking-stable-18_09_24).\n- net/af_iucv: drop inbound packets with invalid flags (bnc#1113501, LTC#172679).\n- net/af_iucv: fix skb handling on HiperTransport xmit error (bnc#1113501, LTC#172679).\n- net/appletalk: fix minor pointer leak to userspace in SIOCFINDIPDDPRT (networking-stable-18_09_24).\n- net: aquantia: memory corruption on jumbo frames (networking-stable-18_10_16).\n- net: bcmgenet: Poll internal PHY for GENETv5 (networking-stable-18_11_02).\n- net: bcmgenet: protect stop from timeout (networking-stable-18_11_21).\n- net: bcmgenet: use MAC link status for fixed phy (networking-stable-18_09_11).\n- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).\n- net: bridge: remove ipv6 zero address check in mcast queries (git-fixes).\n- net: dsa: bcm_sf2: Call setup during switch resume (networking-stable-18_10_16).\n- net: dsa: bcm_sf2: Fix unbind ordering (networking-stable-18_10_16).\n- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).\n- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).\n- net: ena: add functions for handling Low Latency Queues in ena_com (bsc#1111696 bsc#1117561).\n- net: ena: add functions for handling Low Latency Queues in ena_netdev (bsc#1111696 bsc#1117561).\n- net: ena: change rx copybreak default to reduce kernel memory pressure (bsc#1111696 bsc#1117561).\n- net: ena: complete host info to match latest ENA spec (bsc#1111696 bsc#1117561).\n- net: ena: enable Low Latency Queues (bsc#1111696 bsc#1117561).\n- net: ena: explicit casting and initialization, and clearer error handling (bsc#1111696 bsc#1117561).\n- net: ena: fix auto casting to boolean (bsc#1111696 bsc#1117561).\n- net: ena: fix compilation error in xtensa architecture (bsc#1111696 bsc#1117561).\n- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).\n- net: ena: fix crash during failed resume from hibernation (bsc#1111696 bsc#1117561).\n- net: ena: fix indentations in ena_defs for better readability (bsc#1111696 bsc#1117561).\n- net: ena: Fix Kconfig dependency on X86 (bsc#1111696 bsc#1117561).\n- net: ena: fix NULL dereference due to untimely napi initialization (bsc#1111696 bsc#1117561).\n- net: ena: fix rare bug when failed restart/resume is followed by driver removal (bsc#1111696 bsc#1117561).\n- net: ena: fix warning in rmmod caused by double iounmap (bsc#1111696 bsc#1117561).\n- net: ena: introduce Low Latency Queues data structures according to ENA spec (bsc#1111696 bsc#1117561).\n- net: ena: limit refill Rx threshold to 256 to avoid latency issues (bsc#1111696 bsc#1117561).\n- net: ena: minor performance improvement (bsc#1111696 bsc#1117561).\n- net: ena: remove ndo_poll_controller (bsc#1111696 bsc#1117561).\n- net: ena: remove redundant parameter in ena_com_admin_init() (bsc#1111696 bsc#1117561).\n- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).\n- net: ena: update driver version to 2.0.1 (bsc#1111696 bsc#1117561).\n- net: ena: use CSUM_CHECKED device indication to report skb\u0027s checksum status (bsc#1111696 bsc#1117561).\n- net: fec: do not dump RX FIFO register when not available (networking-stable-18_11_02).\n- net-gro: reset skb-\u003epkt_type in napi_reuse_skb() (networking-stable-18_11_21).\n- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).\n- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).\n- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).\n- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).\n- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).\n- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).\n- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).\n- net: hns3: bugfix for rtnl_lock\u0027s range in the hclgevf_reset() (bsc#1104353).\n- net: hns3: bugfix for the initialization of command queue\u0027s spin lock (bsc#1104353).\n- net: hns3: Check hdev state when getting link status (bsc#1104353).\n- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).\n- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).\n- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).\n- net: hns3: Fix ets validate issue (bsc#1104353).\n- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).\n- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).\n- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).\n- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).\n- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).\n- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).\n- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).\n- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).\n- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).\n- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).\n- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).\n- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).\n- net: hns: fix for unmapping problem when SMMU is on (networking-stable-18_10_16).\n- net: hp100: fix always-true check for link up state (networking-stable-18_09_24).\n- net: ibm: fix return type of ndo_start_xmit function ().\n- net/ibmnvic: Fix deadlock problem in reset ().\n- net/ibmvnic: Fix RTNL deadlock during device reset (bnc#1115431).\n- net: ipmr: fix unresolved entry dumps (networking-stable-18_11_02).\n- net: ipv4: do not let PMTU updates increase route MTU (git-fixes).\n- net/ipv6: Display all addresses in output of /proc/net/if_inet6 (networking-stable-18_10_16).\n- net/ipv6: Fix index counter for unicast addresses in in6_dump_addrs (networking-stable-18_11_02).\n- netlabel: check for IPV4MASK in addrinfo_get (networking-stable-18_10_16).\n- net: macb: do not disable MDIO bus at open/close time (networking-stable-18_09_11).\n- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).\n- net/mlx5: Check for error in mlx5_attach_interface (networking-stable-18_09_18).\n- net/mlx5e: Fix selftest for small MTUs (networking-stable-18_11_21).\n- net/mlx5e: Set vlan masks for all offloaded TC rules (networking-stable-18_10_16).\n- net/mlx5: E-Switch, Fix memory leak when creating switchdev mode FDB tables (networking-stable-18_09_18).\n- net/mlx5: E-Switch, Fix out of bound access when setting vport rate (networking-stable-18_10_16).\n- net/mlx5: Fix debugfs cleanup in the device init/remove flow (networking-stable-18_09_18).\n- net/mlx5: Fix use-after-free in self-healing flow (networking-stable-18_09_18).\n- net/mlx5: Take only bit 24-26 of wqe.pftype_wq for page fault type (networking-stable-18_11_02).\n- net: mvpp2: Extract the correct ethtype from the skb for tx csum offload (networking-stable-18_10_16).\n- net: mvpp2: fix a txq_done race condition (networking-stable-18_10_16).\n- net/packet: fix packet drop as of virtio gso (networking-stable-18_10_16).\n- net: phy: mdio-gpio: Fix working over slow can_sleep GPIOs (networking-stable-18_11_21).\n- net: qca_spi: Fix race condition in spi transfers (networking-stable-18_09_18).\n- net: qmi_wwan: add Wistron Neweb D19Q1 (bsc#1051510).\n- net: sched: action_ife: take reference to meta module (networking-stable-18_09_11).\n- net/sched: act_pedit: fix dump of extended layered op (networking-stable-18_09_11).\n- net/sched: act_sample: fix NULL dereference in the data path (networking-stable-18_09_24).\n- net: sched: Fix for duplicate class dump (networking-stable-18_11_02).\n- net: sched: Fix memory exposure from short TCA_U32_SEL (networking-stable-18_09_11).\n- net: sched: gred: pass the right attribute to gred_change_table_def() (networking-stable-18_11_02).\n- net: smsc95xx: Fix MTU range (networking-stable-18_11_21).\n- net: socket: fix a missing-check bug (networking-stable-18_11_02).\n- net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules (networking-stable-18_11_02).\n- net: stmmac: Fixup the tail addr setting in xmit path (networking-stable-18_10_16).\n- net: systemport: Fix wake-up interrupt race during resume (networking-stable-18_10_16).\n- net: systemport: Protect stop from timeout (networking-stable-18_11_21).\n- net: udp: fix handling of CHECKSUM_COMPLETE packets (networking-stable-18_11_02).\n- net/usb: cancel pending work when unbinding smsc75xx (networking-stable-18_10_16).\n- net: usb: r8152: constify usb_device_id (bsc#1119749).\n- net: usb: r8152: use irqsave() in USB\u0027s complete callback (bsc#1119749).\n- nfc: nfcmrvl_uart: fix OF child-node lookup (bsc#1051510).\n- nfp: wait for posted reconfigs when disabling the device (networking-stable-18_09_11).\n- nfs: Avoid RCU usage in tracepoints (git-fixes).\n- nfs: commit direct writes even if they fail partially (git-fixes).\n- nfsd4: permit layoutget of executable-only files (git-fixes).\n- nfsd: check for use of the closed special stateid (git-fixes).\n- nfsd: CLOSE SHOULD return the invalid special stateid for NFSv4.x (x\u003e0) (git-fixes).\n- nfsd: deal with revoked delegations appropriately (git-fixes).\n- nfsd: Ensure we check stateid validity in the seqid operation checks (git-fixes).\n- nfsd: Fix another OPEN stateid race (git-fixes).\n- nfsd: fix corrupted reply to badly ordered compound (git-fixes).\n- nfsd: fix potential use-after-free in nfsd4_decode_getdeviceinfo (git-fixes).\n- nfsd: Fix stateid races between OPEN and CLOSE (git-fixes).\n- nfs: do not wait on commit in nfs_commit_inode() if there were no commit requests (git-fixes).\n- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (git-fixes).\n- nfs: Ensure we commit after writeback is complete (bsc#1111809).\n- nfs: Fix an incorrect type in struct nfs_direct_req (git-fixes).\n- nfs: Fix a typo in nfs_rename() (git-fixes).\n- nfs: Fix typo in nomigration mount option (git-fixes).\n- nfs: Fix unstable write completion (git-fixes).\n- nfsv4.0 fix client reference leak in callback (git-fixes).\n- nfsv4.1: Fix a potential layoutget/layoutrecall deadlock (git-fixes).\n- nfsv4.1 fix infinite loop on I/O (git-fixes).\n- nfsv4.1: Fix the client behaviour on NFS4ERR_SEQ_FALSE_RETRY (git-fixes).\n- nfsv4.1: Fix up replays of interrupted requests (git-fixes).\n- nfsv4: Fix a typo in nfs41_sequence_process (git-fixes).\n- nl80211: Fix possible Spectre-v1 for CQM RSSI thresholds (bsc#1051510).\n- nl80211: Fix possible Spectre-v1 for NL80211_TXRATE_HT (bsc#1051510).\n- nospec: Allow index argument to have const-qualified type (git-fixes)\n- nospec: Include \u003casm/barrier.h\u003e dependency (bsc#1114279).\n- nospec: Kill array_index_nospec_mask_check() (git-fixes).\n- nvdimm: Clarify comment in sizeof_namespace_index (bsc#1111921, bsc#1113408, bsc#1113972).\n- nvdimm: Remove empty if statement (bsc#1111921, bsc#1113408, bsc#1113972).\n- nvdimm: Sanity check labeloff (bsc#1111921, bsc#1113408, bsc#1113972).\n- nvdimm: Split label init out from the logic for getting config data (bsc#1111921, bsc#1113408, bsc#1113972).\n- nvdimm: Use namespace index data to reduce number of label reads needed (bsc#1111921, bsc#1113408, bsc#1113972).\n- nvme-fc: resolve io failures during connect (bsc#1116803).\n- nvme: Free ctrl device name on init failure ().\n- nvme-multipath: zero out ANA log buffer (bsc#1105168).\n- nvme: validate controller state before rescheduling keep alive (bsc#1103257).\n- objtool: Detect RIP-relative switch table references (bsc#1058115).\n- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).\n- objtool: Fix another switch table detection issue (bsc#1058115).\n- objtool: Fix double-free in .cold detection error path (bsc#1058115).\n- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).\n- objtool: Fix \u0027noreturn\u0027 detection for recursive sibling calls (bsc#1058115).\n- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).\n- objtool: Support GCC 8\u0027s cold subfunctions (bsc#1058115).\n- objtool: Support GCC 8 switch tables (bsc#1058115).\n- ocfs2: fix a misuse a of brelse after failing ocfs2_check_dir_entry (bsc#1117817).\n- ocfs2: fix locking for res-\u003etracking and dlm-\u003etracking_list (bsc#1117816).\n- ocfs2: fix ocfs2 read block panic (bsc#1117815).\n- ocfs2: free up write context when direct IO failed (bsc#1117821).\n- ocfs2: subsystem.su_mutex is required while accessing the item-\u003eci_parent (bsc#1117808).\n- of: add helper to lookup compatible child node (bsc#1106110)\n- openvswitch: Fix push/pop ethernet validation (networking-stable-18_11_02).\n- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).\n- pci: Add ACS quirk for Ampere root ports (bsc#1120058).\n- pci: Add ACS quirk for APM X-Gene devices (bsc#1120058).\n- pci: Add Device IDs for Intel GPU \u0027spurious interrupt\u0027 quirk (bsc#1051510).\n- pci/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).\n- pci/ASPM: Fix link_state teardown on device removal (bsc#1051510).\n- pci: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).\n- pci: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).\n- pci: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).\n- pci: dwc: remove duplicate fix (bsc#1115269)\n- pci: Export pcie_has_flr() (bsc#1120058).\n- pci: hv: Use effective affinity mask (bsc#1109772).\n- pci: imx6: Fix link training status detection in link up check (bsc#1109806).\n- pci: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).\n- pci: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).\n- pci: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).\n- pci: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).\n- pci: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).\n- pci/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).\n- pci: vmd: Assign vector zero to all bridges (bsc#1109806).\n- pci: vmd: Detach resources after stopping root bus (bsc#1109806).\n- pci: vmd: White list for fast interrupt handlers (bsc#1109806).\n- pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).\n- percpu: make this_cpu_generic_read() atomic w.r.t. interrupts (bsc#1114279).\n- perf: fix invalid bit in diagnostic entry (git-fixes).\n- perf tools: Fix tracing_path_mount proper path (git-fixes).\n- pinctrl: at91-pio4: fix has_config check in atmel_pctl_dt_subnode_to_map() (bsc#1051510).\n- pinctrl: meson: fix pinconf bias disable (bsc#1051510).\n- pinctrl: qcom: spmi-mpp: Fix drive strength setting (bsc#1051510).\n- pinctrl: qcom: spmi-mpp: Fix err handling of pmic_mpp_set_mux (bsc#1051510).\n- pinctrl: spmi-mpp: Fix pmic_mpp_config_get() to be compliant (bsc#1051510).\n- pinctrl: ssbi-gpio: Fix pm8xxx_pin_config_get() to be compliant (bsc#1051510).\n- pipe: match pipe_max_size data type with procfs (git-fixes).\n- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).\n- platform/x86: acerhdf: Add BIOS entry for Gateway LT31 v1.3307 (bsc#1051510).\n- platform/x86: intel_telemetry: report debugfs failure (bsc#1051510).\n- pnfs: Always free the session slot on error in nfs4_layoutget_handle_exception (git-fixes).\n- pnfs: Do not release the sequence slot until we\u0027ve processed layoutget on open (git-fixes).\n- pnfs: Prevent the layout header refcount going to zero in pnfs_roc() (git-fixes).\n- powerpc/64s: consolidate MCE counter increment (bsc#1094244).\n- powerpc/64s/hash: Do not use PPC_INVALIDATE_ERAT on CPUs before POWER9 (bsc#1065729).\n- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).\n- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).\n- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).\n- powerpc/boot: Fix opal console in boot wrapper (bsc#1065729).\n- powerpc/kvm/booke: Fix altivec related build break (bsc#1061840).\n- powerpc/kvm: Switch kvm pmd allocator to custom allocator (bsc#1061840).\n- powerpc/mm: Fix typo in comments (bsc#1065729).\n- powerpc/mm/hugetlb: initialize the pagetable cache correctly for hugetlb (bsc#1091800).\n- powerpc/mm/keys: Move pte bits to correct headers (bsc#1078248).\n- powerpc/mm: Rename find_linux_pte_or_hugepte() (bsc#1061840).\n- powerpc/npu-dma.c: Fix crash after __mmu_notifier_register failure (bsc#1055120).\n- powerpc/perf: Update raw-event code encoding comment for power8 (bsc#1065729).\n- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).\n- powerpc/powernv: Add indirect levels to it_userspace (bsc#1061840).\n- powerpc/powernv: Do not select the cpufreq governors (bsc#1065729).\n- powerpc/powernv: Fix concurrency issue with npu-\u003emmio_atsd_usage (bsc#1055120).\n- powerpc/powernv: Fix opal_event_shutdown() called with interrupts disabled (bsc#1065729).\n- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).\n- powerpc/powernv/ioda: Allocate indirect TCE levels on demand (bsc#1061840).\n- powerpc/powernv/ioda: Finish removing explicit max window size check (bsc#1061840).\n- powerpc/powernv/ioda: Remove explicit max window size check (bsc#1061840).\n- powerpc/powernv: Move TCE manupulation code to its own file (bsc#1061840).\n- powerpc/powernv/npu: Add lock to prevent race in concurrent context init/destroy (bsc#1055120).\n- powerpc/powernv/npu: Do not explicitly flush nmmu tlb (bsc#1055120).\n- powerpc/powernv/npu: Fix deadlock in mmio_invalidate() (bsc#1055120).\n- powerpc/powernv/npu: Prevent overwriting of pnv_npu2_init_contex() callback parameters (bsc#1055120).\n- powerpc/powernv/npu: Use flush_all_mm() instead of flush_tlb_mm() (bsc#1055120).\n- powerpc/powernv/pci: Work around races in PCI bridge enabling (bsc#1055120).\n- powerpc/powernv: Rework TCE level allocation (bsc#1061840).\n- powerpc/pseries: Fix DTL buffer registration (bsc#1065729).\n- powerpc/pseries: Fix how we iterate over the DTL entries (bsc#1065729).\n- powerpc/pseries: Fix \u0027OF: ERROR: Bad of_node_put() on /cpus\u0027 during DLPAR (bsc#1113295).\n- powerpc/pseries/mobility: Extend start/stop topology update scope (bsc#1116950, bsc#1115709).\n- powerpc: pseries: remove dlpar_attach_node dependency on full path (bsc#1113295).\n- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).\n- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).\n- powerpc/xive: Move definition of ESB bits (bsc#1061840).\n- powerpc/xmon: Add ISA v3.0 SPRs to SPR dump (bsc#1061840).\n- power: supply: max8998-charger: Fix platform data retrieval (bsc#1051510).\n- power: supply: olpc_battery: correct the temperature units (bsc#1051510).\n- pppoe: fix reception of frames with no mac header (networking-stable-18_09_24).\n- printk: Fix panic caused by passing log_buf_len to command line (bsc#1117168).\n- provide linux/set_memory.h (bsc#1113295).\n- ptp: fix Spectre v1 vulnerability (bsc#1051510).\n- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).\n- pwm: lpss: Release runtime-pm reference from the driver\u0027s remove callback (bsc#1051510).\n- pxa168fb: prepare the clock (bsc#1051510).\n- qed: Add driver support for 20G link speed (bsc#1110558).\n- qed: Add support for virtual link (bsc#1111795).\n- qede: Add driver support for 20G link speed (bsc#1110558).\n- qmi_wwan: apply SET_DTR quirk to the SIMCOM shared device ID (bsc#1051510).\n- qmi_wwan: Support dynamic config on Quectel EP06 (bsc#1051510).\n- r8152: add byte_enable for ocp_read_word function (bsc#1119749).\n- r8152: add Linksys USB3GIGV1 id (bsc#1119749).\n- r8152: add r8153_phy_status function (bsc#1119749).\n- r8152: adjust lpm settings for RTL8153 (bsc#1119749).\n- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).\n- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).\n- r8152: adjust U2P3 for RTL8153 (bsc#1119749).\n- r8152: avoid rx queue more than 1000 packets (bsc#1119749).\n- r8152: check if disabling ALDPS is finished (bsc#1119749).\n- r8152: correct the definition (bsc#1119749).\n- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).\n- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).\n- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).\n- r8152: move calling delay_autosuspend function (bsc#1119749).\n- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).\n- r8152: move the initialization to reset_resume function (bsc#1119749).\n- r8152: move the setting of rx aggregation (bsc#1119749).\n- r8152: replace napi_complete with napi_complete_done (bsc#1119749).\n- r8152: set rx mode early when linking on (bsc#1119749).\n- r8152: split rtl8152_resume function (bsc#1119749).\n- r8152: support new chip 8050 (bsc#1119749).\n- r8152: support RTL8153B (bsc#1119749).\n- r8169: fix NAPI handling under high load (networking-stable-18_11_02).\n- race of lockd inetaddr notifiers vs nlmsvc_rqst change (git-fixes).\n- raid10 BUG_ON in raise_barrier when force is true and conf-\u003ebarrier is 0 (git-fixes).\n- random: rate limit unseeded randomness warnings (git-fixes).\n- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).\n- rcu: Allow for page faults in NMI handlers (bsc#1120092).\n- rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).\n- rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).\n- rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).\n- rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).\n- rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).\n- rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387).\n- rds: fix two RCU related problems (networking-stable-18_09_18).\n- remoteproc: qcom: Fix potential device node leaks (bsc#1051510).\n- reset: hisilicon: fix potential NULL pointer dereference (bsc#1051510).\n- reset: imx7: Fix always writing bits as 0 (bsc#1051510).\n- reset: remove remaining WARN_ON() in \u003clinux/reset.h\u003e (Git-fixes).\n- resource: Include resource end in walk_*() interfaces (bsc#1114279).\n- Revert \u0027blacklist.conf: blacklist inapplicable commits\u0027 This reverts commit 88bd1b2b53990d5518b819968445522fb1392bee. We only build with VIRT_CPU_ACCOUNTING_NATIVE on s390\n- Revert \u0027ceph: fix dentry leak in splice_dentry()\u0027 (bsc#1114839).\n- Revert commit ef9209b642f \u0027staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c\u0027 (bsc#1051510).\n- Revert \u0027iommu/io-pgtable-arm: Check for v7s-incapable systems\u0027 (bsc#1106105).\n- Revert \u0027PCI/ASPM: Do not initialize link state when aspm_disabled is set\u0027 (bsc#1051510).\n- Revert \u0027powerpc/64: Fix checksum folding in csum_add()\u0027 (bsc#1065729).\n- Revert \u0027scsi: lpfc: ls_rjt erroneus FLOGIs\u0027 (bsc#1119322).\n- Revert \u0027usb: dwc3: gadget: skip Set/Clear Halt when invalid\u0027 (bsc#1051510).\n- Revert wlcore patch to follow stable tree develpment\n- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).\n- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).\n- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).\n- rpmsg: Correct support for MODULE_DEVICE_TABLE() (git-fixes).\n- rtc: hctosys: Add missing range error reporting (bsc#1051510).\n- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).\n- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).\n- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).\n- rtl8xxxu: Fix missing break in switch (bsc#1051510).\n- rtnetlink: Disallow FDB configuration for non-Ethernet device (networking-stable-18_11_02).\n- rtnetlink: fix rtnl_fdb_dump() for ndmsg header (networking-stable-18_10_16).\n- rtnl: limit IFLA_NUM_TX_QUEUES and IFLA_NUM_RX_QUEUES to 4096 (networking-stable-18_10_16).\n- s390/cpum_sf: Add data entry sizes to sampling trailer entry (git-fixes).\n- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).\n- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).\n- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).\n- s390/kvm: fix deadlock when killed by oom (bnc#1113501, LTC#172235).\n- s390/mm: Check for valid vma before zapping in gmap_discard (git-fixes).\n- s390/mm: correct allocate_pgste proc_handler callback (git-fixes).\n- s390: qeth_core_mpc: Use ARRAY_SIZE instead of reimplementing its function (bnc#1113501, LTC#172682).\n- s390/qeth: fix HiperSockets sniffer (bnc#1113501, LTC#172953).\n- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).\n- s390: qeth: Fix potential array overrun in cmd/rc lookup (bnc#1113501, LTC#172682).\n- s390/qeth: handle failure on workqueue creation (git-fixes).\n- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).\n- s390/qeth: report 25Gbit link speed (bnc#1113501, LTC#172959).\n- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).\n- s390: revert ELF_ET_DYN_BASE base changes (git-fixes).\n- s390/sclp_tty: enable line mode tty even if there is an ascii console (git-fixes).\n- s390/sthyi: add cache to store hypervisor info (LTC#160415, bsc#1068273).\n- s390/sthyi: add s390_sthyi system call (LTC#160415, bsc#1068273).\n- s390/sthyi: reorganize sthyi implementation (LTC#160415, bsc#1068273).\n- sbitmap: fix race in wait batch accounting (Git-fixes).\n- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).\n- sched/smt: Expose sched_smt_present static key (bsc#1106913).\n- sched/smt: Make sched_smt_present track topology (bsc#1106913).\n- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).\n- scsi: core: Avoid that SCSI device removal through sysfs triggers a deadlock (bsc#1114578).\n- scsi: libsas: remove irq save in sas_ata_qc_issue() (bsc#1114580).\n- scsi: lpfc: add support to retrieve firmware logs (bsc#1114015).\n- scsi: lpfc: add Trunking support (bsc#1114015).\n- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).\n- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).\n- scsi: lpfc: Correct errors accessing fw log (bsc#1114015).\n- scsi: lpfc: Correct invalid EQ doorbell write on if_type=6 (bsc#1114015).\n- scsi: lpfc: Correct irq handling via locks when taking adapter offline (bsc#1114015).\n- scsi: lpfc: Correct LCB RJT handling (bsc#1114015).\n- scsi: lpfc: Correct loss of fc4 type on remote port address change (bsc#1114015).\n- scsi: lpfc: Correct race with abort on completion path (bsc#1114015).\n- scsi: lpfc: Correct soft lockup when running mds diagnostics (bsc#1114015).\n- scsi: lpfc: Correct speeds on SFP swap (bsc#1114015).\n- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).\n- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).\n- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).\n- scsi: lpfc: fcoe: Fix link down issue after 1000+ link bounces (bsc#1114015).\n- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).\n- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).\n- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).\n- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).\n- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).\n- scsi: lpfc: Fix errors in log messages (bsc#1114015).\n- scsi: lpfc: Fix GFT_ID and PRLI logic for RSCN (bsc#1114015).\n- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).\n- scsi: lpfc: Fix LOGO/PLOGI handling when triggerd by ABTS Timeout event (bsc#1114015).\n- scsi: lpfc: Fix lpfc_sli4_read_config return value check (bsc#1114015).\n- scsi: lpfc: Fix odd recovery in duplicate FLOGIs in point-to-point (bsc#1114015).\n- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).\n- scsi: lpfc: Implement GID_PT on Nameserver query to support faster failover (bsc#1114015).\n- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).\n- scsi: lpfc: Raise nvme defaults to support a larger io and more connectivity (bsc#1114015).\n- scsi: lpfc: raise sg count for nvme to use available sg resources (bsc#1114015).\n- scsi: lpfc: reduce locking when updating statistics (bsc#1114015).\n- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).\n- scsi: lpfc: Remove set but not used variable \u0027sgl_size\u0027 (bsc#1114015).\n- scsi: lpfc: Reset link or adapter instead of doing infinite nameserver PLOGI retry (bsc#1114015).\n- scsi: lpfc: rport port swap discovery issue (bsc#1118215).\n- scsi: lpfc: Synchronize access to remoteport via rport (bsc#1114015).\n- scsi: lpfc: update driver version to 12.0.0.7 (bsc#1114015).\n- scsi: lpfc: update driver version to 12.0.0.8 (bsc#1114015).\n- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).\n- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).\n- scsi: qlogicpti: Fix an error handling path in \u0027qpti_sbus_probe()\u0027 (bsc#1114581).\n- scsi: scsi_transport_srp: Fix shost to rport translation (bsc#1114582).\n- scsi: sg: fix minor memory leak in error path (bsc#1114584).\n- scsi: sysfs: Introduce sysfs_{un,}break_active_protection() (bsc#1114578).\n- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).\n- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).\n- scsi: target: Fix fortify_panic kernel exception (bsc#1114576).\n- scsi: target/tcm_loop: Avoid that static checkers warn about dead code (bsc#1114577).\n- scsi: target: tcmu: add read length support (bsc#1097755).\n- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).\n- sctp: fix race on sctp_id2asoc (networking-stable-18_11_02).\n- sctp: fix strchange_flags name for Stream Change Event (networking-stable-18_11_21).\n- sctp: hold transport before accessing its asoc in sctp_transport_get_next (networking-stable-18_09_11).\n- sctp: not allow to set asoc prsctp_enable by sockopt (networking-stable-18_11_21).\n- sctp: not increase stream\u0027s incnt before sending addstrm_in request (networking-stable-18_11_21).\n- sctp: update dst pmtu with the correct daddr (networking-stable-18_10_16).\n- serial: 8250: Fix clearing FIFOs in RS485 mode again (bsc#1051510).\n- shmem: introduce shmem_inode_acct_block (VM Functionality, bsc#1121599).\n- shmem: shmem_charge: verify max_block is not exceeded before inode update (VM Functionality, bsc#1121599).\n- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).\n- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).\n- skip LAYOUTRETURN if layout is invalid (git-fixes).\n- soc: bcm2835: sync firmware properties with downstream ()\n- soc: fsl: qbman: qman: avoid allocating from non existing gen_pool (bsc#1051510).\n- soc/tegra: pmc: Fix child-node lookup (bsc#1051510).\n- soc: ti: QMSS: Fix usage of irq_set_affinity_hint (bsc#1051510).\n- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).\n- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).\n- spi: bcm2835: Fix race on DMA termination (bsc#1051510).\n- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).\n- spi/bcm63xx-hsspi: keep pll clk enabled (bsc#1051510).\n- spi: bcm-qspi: switch back to reading flash using smaller chunks (bsc#1051510).\n- spi: sh-msiof: fix deferred probing (bsc#1051510).\n- splice: do not read more than available pipe space (bsc#1119212).\n- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).\n- staging: comedi: ni_mio_common: protect register write overflow (bsc#1051510).\n- staging:iio:ad7606: fix voltage scales (bsc#1051510).\n- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).\n- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).\n- staging: rtl8723bs: Fix the return value in case of error in \u0027rtw_wx_read32()\u0027 (bsc#1051510).\n- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).\n- staging: vchiq_arm: fix compat VCHIQ_IOC_AWAIT_COMPLETION (bsc#1051510).\n- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).\n- sunrpc: Allow connect to return EHOSTUNREACH (git-fixes).\n- sunrpc: Do not use stack buffer with scatterlist (git-fixes).\n- sunrpc: Fix rpc_task_begin trace point (git-fixes).\n- sunrpc: Fix tracepoint storage issues with svc_recv and svc_rqst_status (git-fixes).\n- supported.conf: add raspberrypi-ts driver\n- supported.conf: whitelist bluefield eMMC driver\n- target: fix buffer offset in core_scsi3_pri_read_full_status (bsc1117349).\n- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).\n- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).\n- tcp: do not restart timewait timer on rst reception (networking-stable-18_09_11).\n- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).\n- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).\n- test_firmware: fix error return getting clobbered (bsc#1051510).\n- test_hexdump: use memcpy instead of strncpy (bsc#1051510).\n- tg3: Add PHY reset for 5717/5719/5720 in change ring and flow control paths (networking-stable-18_11_21).\n- thermal: bcm2835: enable hwmon explicitly (bsc#1108468).\n- thermal: da9062/61: Prevent hardware access during system suspend (bsc#1051510).\n- thermal: rcar_thermal: Prevent hardware access during system suspend (bsc#1051510).\n- tipc: do not assume linear buffer when reading ancillary data (networking-stable-18_11_21).\n- tipc: fix a missing rhashtable_walk_exit() (networking-stable-18_09_11).\n- tipc: fix flow control accounting for implicit connect (networking-stable-18_10_16).\n- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).\n- tools build: fix # escaping in .cmd files for future Make (git-fixes).\n- tools: hv: fcopy: set \u0027error\u0027 in case an unknown operation was requested (git-fixes).\n- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).\n- tools/lib/lockdep: Rename \u0027trywlock\u0027 into \u0027trywrlock\u0027 (bsc#1121973).\n- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).\n- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).\n- tpm2-cmd: allow more attempts for selftest execution (bsc#1082555).\n- tpm: add retry logic (bsc#1082555).\n- tpm: consolidate the TPM startup code (bsc#1082555).\n- tpm: do not suspend/resume if power stays on (bsc#1082555).\n- tpm: fix intermittent failure with self tests (bsc#1082555).\n- tpm: fix response size validation in tpm_get_random() (bsc#1082555).\n- tpm: move endianness conversion of ordinals to tpm_input_header (bsc#1082555).\n- tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to tpm_input_header (bsc#1082555).\n- tpm: move the delay_msec increment after sleep in tpm_transmit() (bsc#1082555).\n- tpm: React correctly to RC_TESTING from TPM 2.0 self tests (bsc#1082555).\n- tpm: replace msleep() with usleep_range() in TPM 1.2/2.0 generic drivers (bsc#1082555).\n- tpm: Restore functionality to xen vtpm driver (bsc#1082555).\n- tpm: self test failure should not cause suspend to fail (bsc#1082555).\n- tpm: tpm-interface: fix tpm_transmit/_cmd kdoc (bsc#1082555).\n- tpm: Trigger only missing TPM 2.0 self tests (bsc#1082555).\n- tpm: Use dynamic delay to wait for TPM 2.0 self test result (bsc#1082555).\n- tpm: use tpm2_pcr_read() in tpm2_do_selftest() (bsc#1082555).\n- tpm: use tpm_buf functions in tpm2_pcr_read() (bsc#1082555).\n- tracing: Apply trace_clock changes to instance max buffer (bsc#1117188).\n- tracing/blktrace: Fix to allow setting same value (Git-fixes).\n- tracing: Erase irqsoff trace with empty write (bsc#1117189).\n- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).\n- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).\n- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).\n- tracing: Fix double free of event_trigger_data (bsc#1120234).\n- tracing: Fix missing return symbol in function_graph output (bsc#1120232).\n- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).\n- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).\n- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).\n- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).\n- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).\n- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).\n- tty: check name length in tty_find_polling_driver() (bsc#1051510).\n- tty: Do not block on IO when ldisc change is pending (bnc#1105428).\n- tty: Do not hold ldisc lock in tty_reopen() if ldisc present (bsc#1051510).\n- tty: Do not return -EAGAIN in blocking read (bsc#1116040).\n- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).\n- tty: fix data race between tty_init_dev and flush of buf (bnc#1105428).\n- tty: Hold tty_ldisc_lock() during tty_reopen() (bnc#1105428).\n- tty/ldsem: Add lockdep asserts for ldisc_sem (bnc#1105428).\n- tty/ldsem: Convert to regular lockdep annotations (bnc#1105428).\n- tty/ldsem: Decrement wait_readers on timeouted down_read() (bnc#1105428).\n- tty/ldsem: Wake up readers after timed out down_write() (bnc#1105428).\n- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).\n- tty: Simplify tty-\u003ecount math in tty_reopen() (bnc#1105428).\n- tty: wipe buffer (bsc#1051510).\n- tty: wipe buffer if not echoing data (bsc#1051510).\n- tun: Consistently configure generic netdev params via rtnetlink (bsc#1051510).\n- tuntap: fix multiqueue rx (networking-stable-18_11_21).\n- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).\n- ubifs-Handle-re-linking-of-inodes-correctly-while-re.patch: Fixup compilation failure due to different ubifs_assert() prototype.\n- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).\n- udp4: fix IP_CMSG_CHECKSUM for connected sockets (networking-stable-18_09_24).\n- udp6: add missing checks on edumux packet processing (networking-stable-18_09_24).\n- udp6: fix encap return code for resubmitting (git-fixes).\n- uio: ensure class is registered before devices (bsc#1051510).\n- uio: Fix an Oops on load (bsc#1051510).\n- uio: make symbol \u0027uio_class_registered\u0027 static (bsc#1051510).\n- unifdef: use memcpy instead of strncpy (bsc#1051510).\n- usb: appledisplay: Add 27\u0027 Apple Cinema Display (bsc#1051510).\n- usb: cdc-acm: add entry for Hiro (Conexant) modem (bsc#1051510).\n- usb: chipidea: Prevent unbalanced IRQ disable (bsc#1051510).\n- usb: core: Fix hub port connection events lost (bsc#1051510).\n- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).\n- usb: dwc2: host: do not delay retries for CONTROL IN transfers (bsc#1114385).\n- usb: dwc2: host: Do not retry NAKed transactions right away (bsc#1114385).\n- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).\n- usb: dwc3: core: Clean up ULPI device (bsc#1051510).\n- usb: dwc3: gadget: fix ISOC TRB type on unaligned transfers (bsc#1051510).\n- usb: dwc3: gadget: Properly check last unaligned/zero chain TRB (bsc#1051510).\n- usb: gadget: fsl_udc_core: check allocation return value and cleanup on failure (bsc#1051510).\n- usb: gadget: fsl_udc_core: fixup struct_udc_setup documentation (bsc#1051510).\n- usb: gadget: storage: Fix Spectre v1 vulnerability (bsc#1051510).\n- usb: gadget: udc: atmel: handle at91sam9rl PMC (bsc#1051510).\n- usb: gadget: u_ether: fix unsafe list iteration (bsc#1051510).\n- usb: host: ohci-at91: fix request of irq for optional gpio (bsc#1051510).\n- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).\n- usbip: tools: fix atoi() on non-null terminated string (bsc#1051510).\n- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).\n- usbip:vudc: BUG kmalloc-2048 (Not tainted): Poison overwritten (bsc#1051510).\n- usb: misc: appledisplay: add 20\u0027 Apple Cinema Display (bsc#1051510).\n- usbnet: smsc95xx: disable carrier check while suspending (bsc#1051510).\n- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).\n- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).\n- usb: omap_udc: fix rejection of out transfers when DMA is used (bsc#1051510).\n- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).\n- usb: omap_udc: use devm_request_irq() (bsc#1051510).\n- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).\n- usb: quirks: Add delay-init quirk for Corsair K70 LUX RGB (bsc#1051510).\n- usb: quirks: Add no-lpm quirk for Raydium touchscreens (bsc#1051510).\n- usb: serial: cypress_m8: fix interrupt-out transfer length (bsc#1051510).\n- usb: serial: option: add Fibocom NL668 series (bsc#1051510).\n- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).\n- usb: serial: option: add HP lt4132 (bsc#1051510).\n- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).\n- usb: serial: option: add Telit LN940 series (bsc#1051510).\n- usb: serial: option: add two-endpoints device-id flag (bsc#1051510).\n- usb: serial: option: drop redundant interface-class test (bsc#1051510).\n- usb: serial: option: improve Quectel EP06 detection (bsc#1051510).\n- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).\n- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).\n- usb: xhci: fix timeout for transition from RExit to U0 (bsc#1051510).\n- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).\n- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).\n- userfaultfd: clear the vma-\u003evm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).\n- userfaultfd: remove uffd flags from vma-\u003evm_flags if UFFD_EVENT_FORK fails (bsc#1118809).\n- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).\n- vfs: Avoid softlockups in drop_pagecache_sb() (bsc#1118505).\n- vfs: close race between getcwd() and d_move() (git-fixes).\n- vfs: fix freeze protection in mnt_want_write_file() for overlayfs (git-fixes).\n- vhost: Fix Spectre V1 vulnerability (bsc#1051510).\n- vhost/scsi: truncate T10 PI iov_iter to prot_bytes (bsc#1051510).\n- virtio_net: avoid using netif_tx_disable() for serializing tx routine (networking-stable-18_11_02).\n- VMCI: Resource wildcard match fixed (bsc#1051510).\n- w1: omap-hdq: fix missing bus unregister at removal (bsc#1051510).\n- watchdog/core: Add missing prototypes for weak functions (git-fixes).\n- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).\n- wlcore: Fix the return value in case of error in \u0027wlcore_vendor_cmd_smart_config_start()\u0027 (bsc#1051510).\n- Workaround for mysterious NVMe breakage with i915 CFL (bsc#1111040).\n- x86/boot/KASLR: Work around firmware bugs by excluding EFI_BOOT_SERVICES_* and EFI_LOADER_* from KASLR\u0027s choice (bnc#1112878).\n- x86/bugs: Add AMD\u0027s SPEC_CTRL MSR usage (bsc#1106913).\n- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).\n- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).\n- x86/corruption-check: Fix panic in memory_corruption_check() when boot option without value is provided (bsc#1110006).\n- x86/cpu/vmware: Do not trace vmware_sched_clock() (bsc#1114279).\n- x86/decoder: Fix and update the opcodes map (bsc#1058115).\n- x86, hibernate: Fix nosave_regions setup for hibernation (bsc#1110006).\n- x86/irq: implement irq_data_get_effective_affinity_mask() for v4.12 (bsc#1109772).\n- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).\n- x86/kexec: Correct KEXEC_BACKUP_SRC_END off-by-one error (bsc#1114279).\n- x86/l1tf: Show actual SMT state (bsc#1106913).\n- x86/ldt: Remove unused variable in map_ldt_struct() (bsc#1114279).\n- x86/ldt: Split out sanity check in map_ldt_struct() (bsc#1114279).\n- x86/ldt: Unmap PTEs for the slot before freeing LDT pages (bsc#1114279).\n- x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279).\n- x86/MCE: Make correctable error detection look at the Deferred bit (bsc#1114279).\n- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).\n- x86/mm/pat: Disable preemption around __flush_tlb_all() (bsc#1114279).\n- x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).\n- x86/PCI: Add \u0027pci=big_root_window\u0027 option for AMD 64-bit windows (bsc#1120058).\n- x86/PCI: Apply VMD\u0027s AERSID fixup generically (bsc#1120058).\n- x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).\n- x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).\n- x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058).\n- x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).\n- x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).\n- x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).\n- x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).\n- x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058).\n- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).\n- x86/pti: Document fix wrong index (git-fixes).\n- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).\n- x86/retpoline: Remove minimal retpoline support (bsc#1106913).\n- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).\n- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).\n- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).\n- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).\n- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).\n- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).\n- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).\n- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).\n- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).\n- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).\n- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).\n- x86/speculation: Mark string arrays const correctly (bsc#1106913).\n- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).\n- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).\n- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).\n- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).\n- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).\n- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).\n- x86/speculation: Provide IBPB always command line options (bsc#1106913).\n- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).\n- x86/speculation: Rename SSBD update functions (bsc#1106913).\n- x86/speculation: Reorder the spec_v2 code (bsc#1106913).\n- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).\n- x86/speculation: Rework SMT state change (bsc#1106913).\n- x86/speculation: Split out TIF update (bsc#1106913).\n- x86/speculation: Support Enhanced IBRS on future CPUs ().\n- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).\n- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).\n- x86/xen: Fix boot loader version reported for PVH guests (bnc#1065600).\n- xen/balloon: Support xend-based toolstack (bnc#1065600).\n- xen/blkfront: avoid NULL blkfront_info dereference on device removal (bsc#1111062).\n- xen: fix race in xen_qlock_wait() (bnc#1107256).\n- xen: fix xen_qlock_wait() (bnc#1107256).\n- xen: make xen_qlock_wait() nestable (bnc#1107256).\n- xen/netfront: do not bug in case of too many frags (bnc#1104824).\n- xen/netfront: tolerate frags with no data (bnc#1119804).\n- xen/pvh: do not try to unplug emulated devices (bnc#1065600).\n- xen/pvh: increase early stack size (bnc#1065600).\n- xen-swiotlb: use actually allocated size on check physical continuous (bnc#1065600).\n- xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).\n- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).\n- xfs: Fix error code in \u0027xfs_ioc_getbmap()\u0027 (git-fixes).\n- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).\n- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).\n- xfs: Properly detect when DAX won\u0027t be used on any device (bsc#1115976).\n- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).\n- xhci: Add check for invalid byte size error when UAS devices are connected (bsc#1051510).\n- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).\n- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).\n- xhci: Fix leaking USB3 shared_hcd at xhci removal (bsc#1051510).\n- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).\n- xprtrdma: Do not defer fencing an async RPC\u0027s chunks (git-fixes).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-224,SUSE-SLE-Module-Basesystem-15-2019-224,SUSE-SLE-Module-Development-Tools-15-2019-224,SUSE-SLE-Module-Development-Tools-OBS-15-2019-224,SUSE-SLE-Module-Legacy-15-2019-224,SUSE-SLE-Module-Live-Patching-15-2019-224,SUSE-SLE-Product-HA-15-2019-224,SUSE-SLE-Product-WE-15-2019-224",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0224-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0224-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190224-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0224-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005075.html"
},
{
"category": "self",
"summary": "SUSE Bug 1024718",
"url": "https://bugzilla.suse.com/1024718"
},
{
"category": "self",
"summary": "SUSE Bug 1046299",
"url": "https://bugzilla.suse.com/1046299"
},
{
"category": "self",
"summary": "SUSE Bug 1050242",
"url": "https://bugzilla.suse.com/1050242"
},
{
"category": "self",
"summary": "SUSE Bug 1050244",
"url": "https://bugzilla.suse.com/1050244"
},
{
"category": "self",
"summary": "SUSE Bug 1051510",
"url": "https://bugzilla.suse.com/1051510"
},
{
"category": "self",
"summary": "SUSE Bug 1055120",
"url": "https://bugzilla.suse.com/1055120"
},
{
"category": "self",
"summary": "SUSE Bug 1055121",
"url": "https://bugzilla.suse.com/1055121"
},
{
"category": "self",
"summary": "SUSE Bug 1055186",
"url": "https://bugzilla.suse.com/1055186"
},
{
"category": "self",
"summary": "SUSE Bug 1058115",
"url": "https://bugzilla.suse.com/1058115"
},
{
"category": "self",
"summary": "SUSE Bug 1060463",
"url": "https://bugzilla.suse.com/1060463"
},
{
"category": "self",
"summary": "SUSE Bug 1061840",
"url": "https://bugzilla.suse.com/1061840"
},
{
"category": "self",
"summary": "SUSE Bug 1065600",
"url": "https://bugzilla.suse.com/1065600"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1068273",
"url": "https://bugzilla.suse.com/1068273"
},
{
"category": "self",
"summary": "SUSE Bug 1078248",
"url": "https://bugzilla.suse.com/1078248"
},
{
"category": "self",
"summary": "SUSE Bug 1079935",
"url": "https://bugzilla.suse.com/1079935"
},
{
"category": "self",
"summary": "SUSE Bug 1082387",
"url": "https://bugzilla.suse.com/1082387"
},
{
"category": "self",
"summary": "SUSE Bug 1082555",
"url": "https://bugzilla.suse.com/1082555"
},
{
"category": "self",
"summary": "SUSE Bug 1082653",
"url": "https://bugzilla.suse.com/1082653"
},
{
"category": "self",
"summary": "SUSE Bug 1083647",
"url": "https://bugzilla.suse.com/1083647"
},
{
"category": "self",
"summary": "SUSE Bug 1085535",
"url": "https://bugzilla.suse.com/1085535"
},
{
"category": "self",
"summary": "SUSE Bug 1086196",
"url": "https://bugzilla.suse.com/1086196"
},
{
"category": "self",
"summary": "SUSE Bug 1086282",
"url": "https://bugzilla.suse.com/1086282"
},
{
"category": "self",
"summary": "SUSE Bug 1086283",
"url": "https://bugzilla.suse.com/1086283"
},
{
"category": "self",
"summary": "SUSE Bug 1086423",
"url": "https://bugzilla.suse.com/1086423"
},
{
"category": "self",
"summary": "SUSE Bug 1087978",
"url": "https://bugzilla.suse.com/1087978"
},
{
"category": "self",
"summary": "SUSE Bug 1088386",
"url": "https://bugzilla.suse.com/1088386"
},
{
"category": "self",
"summary": "SUSE Bug 1089350",
"url": "https://bugzilla.suse.com/1089350"
},
{
"category": "self",
"summary": "SUSE Bug 1090888",
"url": "https://bugzilla.suse.com/1090888"
},
{
"category": "self",
"summary": "SUSE Bug 1091405",
"url": "https://bugzilla.suse.com/1091405"
},
{
"category": "self",
"summary": "SUSE Bug 1091800",
"url": "https://bugzilla.suse.com/1091800"
},
{
"category": "self",
"summary": "SUSE Bug 1094244",
"url": "https://bugzilla.suse.com/1094244"
},
{
"category": "self",
"summary": "SUSE Bug 1097593",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "self",
"summary": "SUSE Bug 1097755",
"url": "https://bugzilla.suse.com/1097755"
},
{
"category": "self",
"summary": "SUSE Bug 1100132",
"url": "https://bugzilla.suse.com/1100132"
},
{
"category": "self",
"summary": "SUSE Bug 1102875",
"url": "https://bugzilla.suse.com/1102875"
},
{
"category": "self",
"summary": "SUSE Bug 1102877",
"url": "https://bugzilla.suse.com/1102877"
},
{
"category": "self",
"summary": "SUSE Bug 1102879",
"url": "https://bugzilla.suse.com/1102879"
},
{
"category": "self",
"summary": "SUSE Bug 1102882",
"url": "https://bugzilla.suse.com/1102882"
},
{
"category": "self",
"summary": "SUSE Bug 1102896",
"url": "https://bugzilla.suse.com/1102896"
},
{
"category": "self",
"summary": "SUSE Bug 1103257",
"url": "https://bugzilla.suse.com/1103257"
},
{
"category": "self",
"summary": "SUSE Bug 1103356",
"url": "https://bugzilla.suse.com/1103356"
},
{
"category": "self",
"summary": "SUSE Bug 1103925",
"url": "https://bugzilla.suse.com/1103925"
},
{
"category": "self",
"summary": "SUSE Bug 1104124",
"url": "https://bugzilla.suse.com/1104124"
},
{
"category": "self",
"summary": "SUSE Bug 1104353",
"url": "https://bugzilla.suse.com/1104353"
},
{
"category": "self",
"summary": "SUSE Bug 1104427",
"url": "https://bugzilla.suse.com/1104427"
},
{
"category": "self",
"summary": "SUSE Bug 1104824",
"url": "https://bugzilla.suse.com/1104824"
},
{
"category": "self",
"summary": "SUSE Bug 1104967",
"url": "https://bugzilla.suse.com/1104967"
},
{
"category": "self",
"summary": "SUSE Bug 1105168",
"url": "https://bugzilla.suse.com/1105168"
},
{
"category": "self",
"summary": "SUSE Bug 1105428",
"url": "https://bugzilla.suse.com/1105428"
},
{
"category": "self",
"summary": "SUSE Bug 1106105",
"url": "https://bugzilla.suse.com/1106105"
},
{
"category": "self",
"summary": "SUSE Bug 1106110",
"url": "https://bugzilla.suse.com/1106110"
},
{
"category": "self",
"summary": "SUSE Bug 1106237",
"url": "https://bugzilla.suse.com/1106237"
},
{
"category": "self",
"summary": "SUSE Bug 1106240",
"url": "https://bugzilla.suse.com/1106240"
},
{
"category": "self",
"summary": "SUSE Bug 1106615",
"url": "https://bugzilla.suse.com/1106615"
},
{
"category": "self",
"summary": "SUSE Bug 1106913",
"url": "https://bugzilla.suse.com/1106913"
},
{
"category": "self",
"summary": "SUSE Bug 1107256",
"url": "https://bugzilla.suse.com/1107256"
},
{
"category": "self",
"summary": "SUSE Bug 1107385",
"url": "https://bugzilla.suse.com/1107385"
},
{
"category": "self",
"summary": "SUSE Bug 1107866",
"url": "https://bugzilla.suse.com/1107866"
},
{
"category": "self",
"summary": "SUSE Bug 1108270",
"url": "https://bugzilla.suse.com/1108270"
},
{
"category": "self",
"summary": "SUSE Bug 1108468",
"url": "https://bugzilla.suse.com/1108468"
},
{
"category": "self",
"summary": "SUSE Bug 1109272",
"url": "https://bugzilla.suse.com/1109272"
},
{
"category": "self",
"summary": "SUSE Bug 1109772",
"url": "https://bugzilla.suse.com/1109772"
},
{
"category": "self",
"summary": "SUSE Bug 1109806",
"url": "https://bugzilla.suse.com/1109806"
},
{
"category": "self",
"summary": "SUSE Bug 1110006",
"url": "https://bugzilla.suse.com/1110006"
},
{
"category": "self",
"summary": "SUSE Bug 1110558",
"url": "https://bugzilla.suse.com/1110558"
},
{
"category": "self",
"summary": "SUSE Bug 1110998",
"url": "https://bugzilla.suse.com/1110998"
},
{
"category": "self",
"summary": "SUSE Bug 1111040",
"url": "https://bugzilla.suse.com/1111040"
},
{
"category": "self",
"summary": "SUSE Bug 1111062",
"url": "https://bugzilla.suse.com/1111062"
},
{
"category": "self",
"summary": "SUSE Bug 1111174",
"url": "https://bugzilla.suse.com/1111174"
},
{
"category": "self",
"summary": "SUSE Bug 1111183",
"url": "https://bugzilla.suse.com/1111183"
},
{
"category": "self",
"summary": "SUSE Bug 1111188",
"url": "https://bugzilla.suse.com/1111188"
},
{
"category": "self",
"summary": "SUSE Bug 1111469",
"url": "https://bugzilla.suse.com/1111469"
},
{
"category": "self",
"summary": "SUSE Bug 1111696",
"url": "https://bugzilla.suse.com/1111696"
},
{
"category": "self",
"summary": "SUSE Bug 1111795",
"url": "https://bugzilla.suse.com/1111795"
},
{
"category": "self",
"summary": "SUSE Bug 1111809",
"url": "https://bugzilla.suse.com/1111809"
},
{
"category": "self",
"summary": "SUSE Bug 1111921",
"url": "https://bugzilla.suse.com/1111921"
},
{
"category": "self",
"summary": "SUSE Bug 1112878",
"url": "https://bugzilla.suse.com/1112878"
},
{
"category": "self",
"summary": "SUSE Bug 1112963",
"url": "https://bugzilla.suse.com/1112963"
},
{
"category": "self",
"summary": "SUSE Bug 1113295",
"url": "https://bugzilla.suse.com/1113295"
},
{
"category": "self",
"summary": "SUSE Bug 1113408",
"url": "https://bugzilla.suse.com/1113408"
},
{
"category": "self",
"summary": "SUSE Bug 1113412",
"url": "https://bugzilla.suse.com/1113412"
},
{
"category": "self",
"summary": "SUSE Bug 1113501",
"url": "https://bugzilla.suse.com/1113501"
},
{
"category": "self",
"summary": "SUSE Bug 1113667",
"url": "https://bugzilla.suse.com/1113667"
},
{
"category": "self",
"summary": "SUSE Bug 1113677",
"url": "https://bugzilla.suse.com/1113677"
},
{
"category": "self",
"summary": "SUSE Bug 1113722",
"url": "https://bugzilla.suse.com/1113722"
},
{
"category": "self",
"summary": "SUSE Bug 1113751",
"url": "https://bugzilla.suse.com/1113751"
},
{
"category": "self",
"summary": "SUSE Bug 1113769",
"url": "https://bugzilla.suse.com/1113769"
},
{
"category": "self",
"summary": "SUSE Bug 1113780",
"url": "https://bugzilla.suse.com/1113780"
},
{
"category": "self",
"summary": "SUSE Bug 1113972",
"url": "https://bugzilla.suse.com/1113972"
},
{
"category": "self",
"summary": "SUSE Bug 1114015",
"url": "https://bugzilla.suse.com/1114015"
},
{
"category": "self",
"summary": "SUSE Bug 1114178",
"url": "https://bugzilla.suse.com/1114178"
},
{
"category": "self",
"summary": "SUSE Bug 1114279",
"url": "https://bugzilla.suse.com/1114279"
},
{
"category": "self",
"summary": "SUSE Bug 1114385",
"url": "https://bugzilla.suse.com/1114385"
},
{
"category": "self",
"summary": "SUSE Bug 1114576",
"url": "https://bugzilla.suse.com/1114576"
},
{
"category": "self",
"summary": "SUSE Bug 1114577",
"url": "https://bugzilla.suse.com/1114577"
},
{
"category": "self",
"summary": "SUSE Bug 1114578",
"url": "https://bugzilla.suse.com/1114578"
},
{
"category": "self",
"summary": "SUSE Bug 1114579",
"url": "https://bugzilla.suse.com/1114579"
},
{
"category": "self",
"summary": "SUSE Bug 1114580",
"url": "https://bugzilla.suse.com/1114580"
},
{
"category": "self",
"summary": "SUSE Bug 1114581",
"url": "https://bugzilla.suse.com/1114581"
},
{
"category": "self",
"summary": "SUSE Bug 1114582",
"url": "https://bugzilla.suse.com/1114582"
},
{
"category": "self",
"summary": "SUSE Bug 1114583",
"url": "https://bugzilla.suse.com/1114583"
},
{
"category": "self",
"summary": "SUSE Bug 1114584",
"url": "https://bugzilla.suse.com/1114584"
},
{
"category": "self",
"summary": "SUSE Bug 1114585",
"url": "https://bugzilla.suse.com/1114585"
},
{
"category": "self",
"summary": "SUSE Bug 1114839",
"url": "https://bugzilla.suse.com/1114839"
},
{
"category": "self",
"summary": "SUSE Bug 1114871",
"url": "https://bugzilla.suse.com/1114871"
},
{
"category": "self",
"summary": "SUSE Bug 1115074",
"url": "https://bugzilla.suse.com/1115074"
},
{
"category": "self",
"summary": "SUSE Bug 1115269",
"url": "https://bugzilla.suse.com/1115269"
},
{
"category": "self",
"summary": "SUSE Bug 1115431",
"url": "https://bugzilla.suse.com/1115431"
},
{
"category": "self",
"summary": "SUSE Bug 1115433",
"url": "https://bugzilla.suse.com/1115433"
},
{
"category": "self",
"summary": "SUSE Bug 1115440",
"url": "https://bugzilla.suse.com/1115440"
},
{
"category": "self",
"summary": "SUSE Bug 1115567",
"url": "https://bugzilla.suse.com/1115567"
},
{
"category": "self",
"summary": "SUSE Bug 1115709",
"url": "https://bugzilla.suse.com/1115709"
},
{
"category": "self",
"summary": "SUSE Bug 1115976",
"url": "https://bugzilla.suse.com/1115976"
},
{
"category": "self",
"summary": "SUSE Bug 1116040",
"url": "https://bugzilla.suse.com/1116040"
},
{
"category": "self",
"summary": "SUSE Bug 1116183",
"url": "https://bugzilla.suse.com/1116183"
},
{
"category": "self",
"summary": "SUSE Bug 1116336",
"url": "https://bugzilla.suse.com/1116336"
},
{
"category": "self",
"summary": "SUSE Bug 1116692",
"url": "https://bugzilla.suse.com/1116692"
},
{
"category": "self",
"summary": "SUSE Bug 1116693",
"url": "https://bugzilla.suse.com/1116693"
},
{
"category": "self",
"summary": "SUSE Bug 1116698",
"url": "https://bugzilla.suse.com/1116698"
},
{
"category": "self",
"summary": "SUSE Bug 1116699",
"url": "https://bugzilla.suse.com/1116699"
},
{
"category": "self",
"summary": "SUSE Bug 1116700",
"url": "https://bugzilla.suse.com/1116700"
},
{
"category": "self",
"summary": "SUSE Bug 1116701",
"url": "https://bugzilla.suse.com/1116701"
},
{
"category": "self",
"summary": "SUSE Bug 1116803",
"url": "https://bugzilla.suse.com/1116803"
},
{
"category": "self",
"summary": "SUSE Bug 1116841",
"url": "https://bugzilla.suse.com/1116841"
},
{
"category": "self",
"summary": "SUSE Bug 1116862",
"url": "https://bugzilla.suse.com/1116862"
},
{
"category": "self",
"summary": "SUSE Bug 1116863",
"url": "https://bugzilla.suse.com/1116863"
},
{
"category": "self",
"summary": "SUSE Bug 1116876",
"url": "https://bugzilla.suse.com/1116876"
},
{
"category": "self",
"summary": "SUSE Bug 1116877",
"url": "https://bugzilla.suse.com/1116877"
},
{
"category": "self",
"summary": "SUSE Bug 1116878",
"url": "https://bugzilla.suse.com/1116878"
},
{
"category": "self",
"summary": "SUSE Bug 1116891",
"url": "https://bugzilla.suse.com/1116891"
},
{
"category": "self",
"summary": "SUSE Bug 1116895",
"url": "https://bugzilla.suse.com/1116895"
},
{
"category": "self",
"summary": "SUSE Bug 1116899",
"url": "https://bugzilla.suse.com/1116899"
},
{
"category": "self",
"summary": "SUSE Bug 1116950",
"url": "https://bugzilla.suse.com/1116950"
},
{
"category": "self",
"summary": "SUSE Bug 1117115",
"url": "https://bugzilla.suse.com/1117115"
},
{
"category": "self",
"summary": "SUSE Bug 1117162",
"url": "https://bugzilla.suse.com/1117162"
},
{
"category": "self",
"summary": "SUSE Bug 1117165",
"url": "https://bugzilla.suse.com/1117165"
},
{
"category": "self",
"summary": "SUSE Bug 1117168",
"url": "https://bugzilla.suse.com/1117168"
},
{
"category": "self",
"summary": "SUSE Bug 1117172",
"url": "https://bugzilla.suse.com/1117172"
},
{
"category": "self",
"summary": "SUSE Bug 1117174",
"url": "https://bugzilla.suse.com/1117174"
},
{
"category": "self",
"summary": "SUSE Bug 1117181",
"url": "https://bugzilla.suse.com/1117181"
},
{
"category": "self",
"summary": "SUSE Bug 1117184",
"url": "https://bugzilla.suse.com/1117184"
},
{
"category": "self",
"summary": "SUSE Bug 1117186",
"url": "https://bugzilla.suse.com/1117186"
},
{
"category": "self",
"summary": "SUSE Bug 1117188",
"url": "https://bugzilla.suse.com/1117188"
},
{
"category": "self",
"summary": "SUSE Bug 1117189",
"url": "https://bugzilla.suse.com/1117189"
},
{
"category": "self",
"summary": "SUSE Bug 1117349",
"url": "https://bugzilla.suse.com/1117349"
},
{
"category": "self",
"summary": "SUSE Bug 1117561",
"url": "https://bugzilla.suse.com/1117561"
},
{
"category": "self",
"summary": "SUSE Bug 1117656",
"url": "https://bugzilla.suse.com/1117656"
},
{
"category": "self",
"summary": "SUSE Bug 1117788",
"url": "https://bugzilla.suse.com/1117788"
},
{
"category": "self",
"summary": "SUSE Bug 1117789",
"url": "https://bugzilla.suse.com/1117789"
},
{
"category": "self",
"summary": "SUSE Bug 1117790",
"url": "https://bugzilla.suse.com/1117790"
},
{
"category": "self",
"summary": "SUSE Bug 1117791",
"url": "https://bugzilla.suse.com/1117791"
},
{
"category": "self",
"summary": "SUSE Bug 1117792",
"url": "https://bugzilla.suse.com/1117792"
},
{
"category": "self",
"summary": "SUSE Bug 1117794",
"url": "https://bugzilla.suse.com/1117794"
},
{
"category": "self",
"summary": "SUSE Bug 1117795",
"url": "https://bugzilla.suse.com/1117795"
},
{
"category": "self",
"summary": "SUSE Bug 1117796",
"url": "https://bugzilla.suse.com/1117796"
},
{
"category": "self",
"summary": "SUSE Bug 1117798",
"url": "https://bugzilla.suse.com/1117798"
},
{
"category": "self",
"summary": "SUSE Bug 1117799",
"url": "https://bugzilla.suse.com/1117799"
},
{
"category": "self",
"summary": "SUSE Bug 1117801",
"url": "https://bugzilla.suse.com/1117801"
},
{
"category": "self",
"summary": "SUSE Bug 1117802",
"url": "https://bugzilla.suse.com/1117802"
},
{
"category": "self",
"summary": "SUSE Bug 1117803",
"url": "https://bugzilla.suse.com/1117803"
},
{
"category": "self",
"summary": "SUSE Bug 1117804",
"url": "https://bugzilla.suse.com/1117804"
},
{
"category": "self",
"summary": "SUSE Bug 1117805",
"url": "https://bugzilla.suse.com/1117805"
},
{
"category": "self",
"summary": "SUSE Bug 1117806",
"url": "https://bugzilla.suse.com/1117806"
},
{
"category": "self",
"summary": "SUSE Bug 1117807",
"url": "https://bugzilla.suse.com/1117807"
},
{
"category": "self",
"summary": "SUSE Bug 1117808",
"url": "https://bugzilla.suse.com/1117808"
},
{
"category": "self",
"summary": "SUSE Bug 1117815",
"url": "https://bugzilla.suse.com/1117815"
},
{
"category": "self",
"summary": "SUSE Bug 1117816",
"url": "https://bugzilla.suse.com/1117816"
},
{
"category": "self",
"summary": "SUSE Bug 1117817",
"url": "https://bugzilla.suse.com/1117817"
},
{
"category": "self",
"summary": "SUSE Bug 1117818",
"url": "https://bugzilla.suse.com/1117818"
},
{
"category": "self",
"summary": "SUSE Bug 1117819",
"url": "https://bugzilla.suse.com/1117819"
},
{
"category": "self",
"summary": "SUSE Bug 1117820",
"url": "https://bugzilla.suse.com/1117820"
},
{
"category": "self",
"summary": "SUSE Bug 1117821",
"url": "https://bugzilla.suse.com/1117821"
},
{
"category": "self",
"summary": "SUSE Bug 1117822",
"url": "https://bugzilla.suse.com/1117822"
},
{
"category": "self",
"summary": "SUSE Bug 1117953",
"url": "https://bugzilla.suse.com/1117953"
},
{
"category": "self",
"summary": "SUSE Bug 1118102",
"url": "https://bugzilla.suse.com/1118102"
},
{
"category": "self",
"summary": "SUSE Bug 1118136",
"url": "https://bugzilla.suse.com/1118136"
},
{
"category": "self",
"summary": "SUSE Bug 1118137",
"url": "https://bugzilla.suse.com/1118137"
},
{
"category": "self",
"summary": "SUSE Bug 1118138",
"url": "https://bugzilla.suse.com/1118138"
},
{
"category": "self",
"summary": "SUSE Bug 1118140",
"url": "https://bugzilla.suse.com/1118140"
},
{
"category": "self",
"summary": "SUSE Bug 1118152",
"url": "https://bugzilla.suse.com/1118152"
},
{
"category": "self",
"summary": "SUSE Bug 1118215",
"url": "https://bugzilla.suse.com/1118215"
},
{
"category": "self",
"summary": "SUSE Bug 1118316",
"url": "https://bugzilla.suse.com/1118316"
},
{
"category": "self",
"summary": "SUSE Bug 1118319",
"url": "https://bugzilla.suse.com/1118319"
},
{
"category": "self",
"summary": "SUSE Bug 1118428",
"url": "https://bugzilla.suse.com/1118428"
},
{
"category": "self",
"summary": "SUSE Bug 1118484",
"url": "https://bugzilla.suse.com/1118484"
},
{
"category": "self",
"summary": "SUSE Bug 1118505",
"url": "https://bugzilla.suse.com/1118505"
},
{
"category": "self",
"summary": "SUSE Bug 1118752",
"url": "https://bugzilla.suse.com/1118752"
},
{
"category": "self",
"summary": "SUSE Bug 1118760",
"url": "https://bugzilla.suse.com/1118760"
},
{
"category": "self",
"summary": "SUSE Bug 1118761",
"url": "https://bugzilla.suse.com/1118761"
},
{
"category": "self",
"summary": "SUSE Bug 1118762",
"url": "https://bugzilla.suse.com/1118762"
},
{
"category": "self",
"summary": "SUSE Bug 1118766",
"url": "https://bugzilla.suse.com/1118766"
},
{
"category": "self",
"summary": "SUSE Bug 1118767",
"url": "https://bugzilla.suse.com/1118767"
},
{
"category": "self",
"summary": "SUSE Bug 1118768",
"url": "https://bugzilla.suse.com/1118768"
},
{
"category": "self",
"summary": "SUSE Bug 1118769",
"url": "https://bugzilla.suse.com/1118769"
},
{
"category": "self",
"summary": "SUSE Bug 1118771",
"url": "https://bugzilla.suse.com/1118771"
},
{
"category": "self",
"summary": "SUSE Bug 1118772",
"url": "https://bugzilla.suse.com/1118772"
},
{
"category": "self",
"summary": "SUSE Bug 1118773",
"url": "https://bugzilla.suse.com/1118773"
},
{
"category": "self",
"summary": "SUSE Bug 1118774",
"url": "https://bugzilla.suse.com/1118774"
},
{
"category": "self",
"summary": "SUSE Bug 1118775",
"url": "https://bugzilla.suse.com/1118775"
},
{
"category": "self",
"summary": "SUSE Bug 1118798",
"url": "https://bugzilla.suse.com/1118798"
},
{
"category": "self",
"summary": "SUSE Bug 1118809",
"url": "https://bugzilla.suse.com/1118809"
},
{
"category": "self",
"summary": "SUSE Bug 1118962",
"url": "https://bugzilla.suse.com/1118962"
},
{
"category": "self",
"summary": "SUSE Bug 1119017",
"url": "https://bugzilla.suse.com/1119017"
},
{
"category": "self",
"summary": "SUSE Bug 1119086",
"url": "https://bugzilla.suse.com/1119086"
},
{
"category": "self",
"summary": "SUSE Bug 1119212",
"url": "https://bugzilla.suse.com/1119212"
},
{
"category": "self",
"summary": "SUSE Bug 1119322",
"url": "https://bugzilla.suse.com/1119322"
},
{
"category": "self",
"summary": "SUSE Bug 1119410",
"url": "https://bugzilla.suse.com/1119410"
},
{
"category": "self",
"summary": "SUSE Bug 1119714",
"url": "https://bugzilla.suse.com/1119714"
},
{
"category": "self",
"summary": "SUSE Bug 1119749",
"url": "https://bugzilla.suse.com/1119749"
},
{
"category": "self",
"summary": "SUSE Bug 1119804",
"url": "https://bugzilla.suse.com/1119804"
},
{
"category": "self",
"summary": "SUSE Bug 1119946",
"url": "https://bugzilla.suse.com/1119946"
},
{
"category": "self",
"summary": "SUSE Bug 1119962",
"url": "https://bugzilla.suse.com/1119962"
},
{
"category": "self",
"summary": "SUSE Bug 1119968",
"url": "https://bugzilla.suse.com/1119968"
},
{
"category": "self",
"summary": "SUSE Bug 1120036",
"url": "https://bugzilla.suse.com/1120036"
},
{
"category": "self",
"summary": "SUSE Bug 1120046",
"url": "https://bugzilla.suse.com/1120046"
},
{
"category": "self",
"summary": "SUSE Bug 1120053",
"url": "https://bugzilla.suse.com/1120053"
},
{
"category": "self",
"summary": "SUSE Bug 1120054",
"url": "https://bugzilla.suse.com/1120054"
},
{
"category": "self",
"summary": "SUSE Bug 1120055",
"url": "https://bugzilla.suse.com/1120055"
},
{
"category": "self",
"summary": "SUSE Bug 1120058",
"url": "https://bugzilla.suse.com/1120058"
},
{
"category": "self",
"summary": "SUSE Bug 1120088",
"url": "https://bugzilla.suse.com/1120088"
},
{
"category": "self",
"summary": "SUSE Bug 1120092",
"url": "https://bugzilla.suse.com/1120092"
},
{
"category": "self",
"summary": "SUSE Bug 1120094",
"url": "https://bugzilla.suse.com/1120094"
},
{
"category": "self",
"summary": "SUSE Bug 1120096",
"url": "https://bugzilla.suse.com/1120096"
},
{
"category": "self",
"summary": "SUSE Bug 1120097",
"url": "https://bugzilla.suse.com/1120097"
},
{
"category": "self",
"summary": "SUSE Bug 1120173",
"url": "https://bugzilla.suse.com/1120173"
},
{
"category": "self",
"summary": "SUSE Bug 1120214",
"url": "https://bugzilla.suse.com/1120214"
},
{
"category": "self",
"summary": "SUSE Bug 1120223",
"url": "https://bugzilla.suse.com/1120223"
},
{
"category": "self",
"summary": "SUSE Bug 1120228",
"url": "https://bugzilla.suse.com/1120228"
},
{
"category": "self",
"summary": "SUSE Bug 1120230",
"url": "https://bugzilla.suse.com/1120230"
},
{
"category": "self",
"summary": "SUSE Bug 1120232",
"url": "https://bugzilla.suse.com/1120232"
},
{
"category": "self",
"summary": "SUSE Bug 1120234",
"url": "https://bugzilla.suse.com/1120234"
},
{
"category": "self",
"summary": "SUSE Bug 1120235",
"url": "https://bugzilla.suse.com/1120235"
},
{
"category": "self",
"summary": "SUSE Bug 1120238",
"url": "https://bugzilla.suse.com/1120238"
},
{
"category": "self",
"summary": "SUSE Bug 1120594",
"url": "https://bugzilla.suse.com/1120594"
},
{
"category": "self",
"summary": "SUSE Bug 1120598",
"url": "https://bugzilla.suse.com/1120598"
},
{
"category": "self",
"summary": "SUSE Bug 1120600",
"url": "https://bugzilla.suse.com/1120600"
},
{
"category": "self",
"summary": "SUSE Bug 1120601",
"url": "https://bugzilla.suse.com/1120601"
},
{
"category": "self",
"summary": "SUSE Bug 1120602",
"url": "https://bugzilla.suse.com/1120602"
},
{
"category": "self",
"summary": "SUSE Bug 1120603",
"url": "https://bugzilla.suse.com/1120603"
},
{
"category": "self",
"summary": "SUSE Bug 1120604",
"url": "https://bugzilla.suse.com/1120604"
},
{
"category": "self",
"summary": "SUSE Bug 1120606",
"url": "https://bugzilla.suse.com/1120606"
},
{
"category": "self",
"summary": "SUSE Bug 1120612",
"url": "https://bugzilla.suse.com/1120612"
},
{
"category": "self",
"summary": "SUSE Bug 1120613",
"url": "https://bugzilla.suse.com/1120613"
},
{
"category": "self",
"summary": "SUSE Bug 1120614",
"url": "https://bugzilla.suse.com/1120614"
},
{
"category": "self",
"summary": "SUSE Bug 1120615",
"url": "https://bugzilla.suse.com/1120615"
},
{
"category": "self",
"summary": "SUSE Bug 1120616",
"url": "https://bugzilla.suse.com/1120616"
},
{
"category": "self",
"summary": "SUSE Bug 1120617",
"url": "https://bugzilla.suse.com/1120617"
},
{
"category": "self",
"summary": "SUSE Bug 1120618",
"url": "https://bugzilla.suse.com/1120618"
},
{
"category": "self",
"summary": "SUSE Bug 1120620",
"url": "https://bugzilla.suse.com/1120620"
},
{
"category": "self",
"summary": "SUSE Bug 1120621",
"url": "https://bugzilla.suse.com/1120621"
},
{
"category": "self",
"summary": "SUSE Bug 1120632",
"url": "https://bugzilla.suse.com/1120632"
},
{
"category": "self",
"summary": "SUSE Bug 1120633",
"url": "https://bugzilla.suse.com/1120633"
},
{
"category": "self",
"summary": "SUSE Bug 1120743",
"url": "https://bugzilla.suse.com/1120743"
},
{
"category": "self",
"summary": "SUSE Bug 1120954",
"url": "https://bugzilla.suse.com/1120954"
},
{
"category": "self",
"summary": "SUSE Bug 1121017",
"url": "https://bugzilla.suse.com/1121017"
},
{
"category": "self",
"summary": "SUSE Bug 1121058",
"url": "https://bugzilla.suse.com/1121058"
},
{
"category": "self",
"summary": "SUSE Bug 1121263",
"url": "https://bugzilla.suse.com/1121263"
},
{
"category": "self",
"summary": "SUSE Bug 1121273",
"url": "https://bugzilla.suse.com/1121273"
},
{
"category": "self",
"summary": "SUSE Bug 1121477",
"url": "https://bugzilla.suse.com/1121477"
},
{
"category": "self",
"summary": "SUSE Bug 1121483",
"url": "https://bugzilla.suse.com/1121483"
},
{
"category": "self",
"summary": "SUSE Bug 1121599",
"url": "https://bugzilla.suse.com/1121599"
},
{
"category": "self",
"summary": "SUSE Bug 1121621",
"url": "https://bugzilla.suse.com/1121621"
},
{
"category": "self",
"summary": "SUSE Bug 1121714",
"url": "https://bugzilla.suse.com/1121714"
},
{
"category": "self",
"summary": "SUSE Bug 1121715",
"url": "https://bugzilla.suse.com/1121715"
},
{
"category": "self",
"summary": "SUSE Bug 1121973",
"url": "https://bugzilla.suse.com/1121973"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12232 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14625 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16862 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16884 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18281 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18281/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18710 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19824 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19854 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19985 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20169 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-9568 page",
"url": "https://www.suse.com/security/cve/CVE-2018-9568/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2019-02-01T18:55:03Z",
"generator": {
"date": "2019-02-01T18:55:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0224-1",
"initial_release_date": "2019-02-01T18:55:03Z",
"revision_history": [
{
"date": "2019-02-01T18:55:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"product": {
"name": "cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"product_id": "cluster-md-kmp-default-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-25.28.1.aarch64",
"product": {
"name": "dlm-kmp-default-4.12.14-25.28.1.aarch64",
"product_id": "dlm-kmp-default-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-al-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-al-4.12.14-25.28.1.aarch64",
"product_id": "dtb-al-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-allwinner-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-allwinner-4.12.14-25.28.1.aarch64",
"product_id": "dtb-allwinner-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-altera-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-altera-4.12.14-25.28.1.aarch64",
"product_id": "dtb-altera-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amd-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-amd-4.12.14-25.28.1.aarch64",
"product_id": "dtb-amd-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-amlogic-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-amlogic-4.12.14-25.28.1.aarch64",
"product_id": "dtb-amlogic-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-apm-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-apm-4.12.14-25.28.1.aarch64",
"product_id": "dtb-apm-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-arm-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-arm-4.12.14-25.28.1.aarch64",
"product_id": "dtb-arm-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-broadcom-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-broadcom-4.12.14-25.28.1.aarch64",
"product_id": "dtb-broadcom-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-cavium-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-cavium-4.12.14-25.28.1.aarch64",
"product_id": "dtb-cavium-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-exynos-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-exynos-4.12.14-25.28.1.aarch64",
"product_id": "dtb-exynos-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-freescale-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-freescale-4.12.14-25.28.1.aarch64",
"product_id": "dtb-freescale-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-hisilicon-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-hisilicon-4.12.14-25.28.1.aarch64",
"product_id": "dtb-hisilicon-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-lg-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-lg-4.12.14-25.28.1.aarch64",
"product_id": "dtb-lg-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-marvell-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-marvell-4.12.14-25.28.1.aarch64",
"product_id": "dtb-marvell-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-mediatek-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-mediatek-4.12.14-25.28.1.aarch64",
"product_id": "dtb-mediatek-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-nvidia-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-nvidia-4.12.14-25.28.1.aarch64",
"product_id": "dtb-nvidia-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-qcom-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-qcom-4.12.14-25.28.1.aarch64",
"product_id": "dtb-qcom-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-renesas-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-renesas-4.12.14-25.28.1.aarch64",
"product_id": "dtb-renesas-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-rockchip-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-rockchip-4.12.14-25.28.1.aarch64",
"product_id": "dtb-rockchip-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-socionext-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-socionext-4.12.14-25.28.1.aarch64",
"product_id": "dtb-socionext-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-sprd-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-sprd-4.12.14-25.28.1.aarch64",
"product_id": "dtb-sprd-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-xilinx-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-xilinx-4.12.14-25.28.1.aarch64",
"product_id": "dtb-xilinx-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "dtb-zte-4.12.14-25.28.1.aarch64",
"product": {
"name": "dtb-zte-4.12.14-25.28.1.aarch64",
"product_id": "dtb-zte-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"product": {
"name": "gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"product_id": "gfs2-kmp-default-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-25.28.1.aarch64",
"product": {
"name": "kernel-default-4.12.14-25.28.1.aarch64",
"product_id": "kernel-default-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-25.28.1.aarch64",
"product": {
"name": "kernel-default-base-4.12.14-25.28.1.aarch64",
"product_id": "kernel-default-base-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-25.28.1.aarch64",
"product": {
"name": "kernel-default-devel-4.12.14-25.28.1.aarch64",
"product_id": "kernel-default-devel-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-25.28.1.aarch64",
"product": {
"name": "kernel-default-extra-4.12.14-25.28.1.aarch64",
"product_id": "kernel-default-extra-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-4.12.14-25.28.1.aarch64",
"product": {
"name": "kernel-default-livepatch-4.12.14-25.28.1.aarch64",
"product_id": "kernel-default-livepatch-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-25.28.1.aarch64",
"product": {
"name": "kernel-obs-build-4.12.14-25.28.1.aarch64",
"product_id": "kernel-obs-build-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-25.28.1.aarch64",
"product": {
"name": "kernel-obs-qa-4.12.14-25.28.1.aarch64",
"product_id": "kernel-obs-qa-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-25.28.1.aarch64",
"product": {
"name": "kernel-syms-4.12.14-25.28.1.aarch64",
"product_id": "kernel-syms-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-25.28.1.aarch64",
"product": {
"name": "kernel-vanilla-4.12.14-25.28.1.aarch64",
"product_id": "kernel-vanilla-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"product": {
"name": "kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"product_id": "kernel-vanilla-base-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-25.28.1.aarch64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-25.28.1.aarch64",
"product_id": "kernel-vanilla-devel-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-25.28.1.aarch64",
"product": {
"name": "kselftests-kmp-default-4.12.14-25.28.1.aarch64",
"product_id": "kselftests-kmp-default-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"product": {
"name": "ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"product_id": "ocfs2-kmp-default-4.12.14-25.28.1.aarch64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"product": {
"name": "reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"product_id": "reiserfs-kmp-default-4.12.14-25.28.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-4.12.14-25.28.1.noarch",
"product": {
"name": "kernel-devel-4.12.14-25.28.1.noarch",
"product_id": "kernel-devel-4.12.14-25.28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-4.12.14-25.28.1.noarch",
"product": {
"name": "kernel-docs-4.12.14-25.28.1.noarch",
"product_id": "kernel-docs-4.12.14-25.28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-4.12.14-25.28.1.noarch",
"product": {
"name": "kernel-docs-html-4.12.14-25.28.1.noarch",
"product_id": "kernel-docs-html-4.12.14-25.28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-4.12.14-25.28.1.noarch",
"product": {
"name": "kernel-macros-4.12.14-25.28.1.noarch",
"product_id": "kernel-macros-4.12.14-25.28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-4.12.14-25.28.1.noarch",
"product": {
"name": "kernel-source-4.12.14-25.28.1.noarch",
"product_id": "kernel-source-4.12.14-25.28.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-4.12.14-25.28.1.noarch",
"product": {
"name": "kernel-source-vanilla-4.12.14-25.28.1.noarch",
"product_id": "kernel-source-vanilla-4.12.14-25.28.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-debug-4.12.14-25.28.1.ppc64le",
"product": {
"name": "cluster-md-kmp-debug-4.12.14-25.28.1.ppc64le",
"product_id": "cluster-md-kmp-debug-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"product": {
"name": "cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"product_id": "cluster-md-kmp-default-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-debug-4.12.14-25.28.1.ppc64le",
"product": {
"name": "dlm-kmp-debug-4.12.14-25.28.1.ppc64le",
"product_id": "dlm-kmp-debug-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"product": {
"name": "dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"product_id": "dlm-kmp-default-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-debug-4.12.14-25.28.1.ppc64le",
"product": {
"name": "gfs2-kmp-debug-4.12.14-25.28.1.ppc64le",
"product_id": "gfs2-kmp-debug-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"product": {
"name": "gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"product_id": "gfs2-kmp-default-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-debug-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-debug-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-debug-base-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-debug-base-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-debug-devel-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-debug-devel-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-extra-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-debug-extra-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-debug-extra-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-debug-livepatch-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-debug-livepatch-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-debug-livepatch-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-default-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-default-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-default-base-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-default-base-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-default-devel-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-default-devel-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-default-extra-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-default-extra-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-default-livepatch-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"product": {
"name": "kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"product_id": "kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-obs-build-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-obs-build-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-obs-qa-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-obs-qa-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-syms-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-syms-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-vanilla-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-vanilla-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-vanilla-base-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kernel-vanilla-devel-4.12.14-25.28.1.ppc64le",
"product_id": "kernel-vanilla-devel-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-debug-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kselftests-kmp-debug-4.12.14-25.28.1.ppc64le",
"product_id": "kselftests-kmp-debug-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-25.28.1.ppc64le",
"product": {
"name": "kselftests-kmp-default-4.12.14-25.28.1.ppc64le",
"product_id": "kselftests-kmp-default-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-debug-4.12.14-25.28.1.ppc64le",
"product": {
"name": "ocfs2-kmp-debug-4.12.14-25.28.1.ppc64le",
"product_id": "ocfs2-kmp-debug-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"product": {
"name": "ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"product_id": "ocfs2-kmp-default-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-debug-4.12.14-25.28.1.ppc64le",
"product": {
"name": "reiserfs-kmp-debug-4.12.14-25.28.1.ppc64le",
"product_id": "reiserfs-kmp-debug-4.12.14-25.28.1.ppc64le"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"product": {
"name": "reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"product_id": "reiserfs-kmp-default-4.12.14-25.28.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"product": {
"name": "cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"product_id": "cluster-md-kmp-default-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-25.28.1.s390x",
"product": {
"name": "dlm-kmp-default-4.12.14-25.28.1.s390x",
"product_id": "dlm-kmp-default-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-25.28.1.s390x",
"product": {
"name": "gfs2-kmp-default-4.12.14-25.28.1.s390x",
"product_id": "gfs2-kmp-default-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-default-4.12.14-25.28.1.s390x",
"product_id": "kernel-default-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-default-base-4.12.14-25.28.1.s390x",
"product_id": "kernel-default-base-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-default-devel-4.12.14-25.28.1.s390x",
"product_id": "kernel-default-devel-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-default-extra-4.12.14-25.28.1.s390x",
"product_id": "kernel-default-extra-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-default-livepatch-4.12.14-25.28.1.s390x",
"product_id": "kernel-default-livepatch-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-man-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-default-man-4.12.14-25.28.1.s390x",
"product_id": "kernel-default-man-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-obs-build-4.12.14-25.28.1.s390x",
"product_id": "kernel-obs-build-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-obs-qa-4.12.14-25.28.1.s390x",
"product_id": "kernel-obs-qa-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-syms-4.12.14-25.28.1.s390x",
"product_id": "kernel-syms-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-vanilla-4.12.14-25.28.1.s390x",
"product_id": "kernel-vanilla-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-vanilla-base-4.12.14-25.28.1.s390x",
"product_id": "kernel-vanilla-base-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-vanilla-devel-4.12.14-25.28.1.s390x",
"product_id": "kernel-vanilla-devel-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-zfcpdump-4.12.14-25.28.1.s390x",
"product_id": "kernel-zfcpdump-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-zfcpdump-man-4.12.14-25.28.1.s390x",
"product": {
"name": "kernel-zfcpdump-man-4.12.14-25.28.1.s390x",
"product_id": "kernel-zfcpdump-man-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-25.28.1.s390x",
"product": {
"name": "kselftests-kmp-default-4.12.14-25.28.1.s390x",
"product_id": "kselftests-kmp-default-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"product": {
"name": "ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"product_id": "ocfs2-kmp-default-4.12.14-25.28.1.s390x"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"product": {
"name": "reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"product_id": "reiserfs-kmp-default-4.12.14-25.28.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-debug-4.12.14-25.28.1.x86_64",
"product": {
"name": "cluster-md-kmp-debug-4.12.14-25.28.1.x86_64",
"product_id": "cluster-md-kmp-debug-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"product": {
"name": "cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"product_id": "cluster-md-kmp-default-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-debug-4.12.14-25.28.1.x86_64",
"product": {
"name": "dlm-kmp-debug-4.12.14-25.28.1.x86_64",
"product_id": "dlm-kmp-debug-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-default-4.12.14-25.28.1.x86_64",
"product": {
"name": "dlm-kmp-default-4.12.14-25.28.1.x86_64",
"product_id": "dlm-kmp-default-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-debug-4.12.14-25.28.1.x86_64",
"product": {
"name": "gfs2-kmp-debug-4.12.14-25.28.1.x86_64",
"product_id": "gfs2-kmp-debug-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"product": {
"name": "gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"product_id": "gfs2-kmp-default-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-debug-4.12.14-25.28.1.x86_64",
"product_id": "kernel-debug-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-debug-base-4.12.14-25.28.1.x86_64",
"product_id": "kernel-debug-base-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-debug-devel-4.12.14-25.28.1.x86_64",
"product_id": "kernel-debug-devel-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-extra-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-debug-extra-4.12.14-25.28.1.x86_64",
"product_id": "kernel-debug-extra-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-livepatch-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-debug-livepatch-4.12.14-25.28.1.x86_64",
"product_id": "kernel-debug-livepatch-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-default-4.12.14-25.28.1.x86_64",
"product_id": "kernel-default-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-default-base-4.12.14-25.28.1.x86_64",
"product_id": "kernel-default-base-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-default-devel-4.12.14-25.28.1.x86_64",
"product_id": "kernel-default-devel-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-extra-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-default-extra-4.12.14-25.28.1.x86_64",
"product_id": "kernel-default-extra-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"product_id": "kernel-default-livepatch-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-kvmsmall-4.12.14-25.28.1.x86_64",
"product_id": "kernel-kvmsmall-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-base-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-kvmsmall-base-4.12.14-25.28.1.x86_64",
"product_id": "kernel-kvmsmall-base-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-4.12.14-25.28.1.x86_64",
"product_id": "kernel-kvmsmall-devel-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"product": {
"name": "kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"product_id": "kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-obs-build-4.12.14-25.28.1.x86_64",
"product_id": "kernel-obs-build-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-obs-qa-4.12.14-25.28.1.x86_64",
"product_id": "kernel-obs-qa-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-syms-4.12.14-25.28.1.x86_64",
"product_id": "kernel-syms-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-vanilla-4.12.14-25.28.1.x86_64",
"product_id": "kernel-vanilla-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"product_id": "kernel-vanilla-base-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-25.28.1.x86_64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-25.28.1.x86_64",
"product_id": "kernel-vanilla-devel-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-debug-4.12.14-25.28.1.x86_64",
"product": {
"name": "kselftests-kmp-debug-4.12.14-25.28.1.x86_64",
"product_id": "kselftests-kmp-debug-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-default-4.12.14-25.28.1.x86_64",
"product": {
"name": "kselftests-kmp-default-4.12.14-25.28.1.x86_64",
"product_id": "kselftests-kmp-default-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-debug-4.12.14-25.28.1.x86_64",
"product": {
"name": "ocfs2-kmp-debug-4.12.14-25.28.1.x86_64",
"product_id": "ocfs2-kmp-debug-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"product": {
"name": "ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"product_id": "ocfs2-kmp-default-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-debug-4.12.14-25.28.1.x86_64",
"product": {
"name": "reiserfs-kmp-debug-4.12.14-25.28.1.x86_64",
"product_id": "reiserfs-kmp-debug-4.12.14-25.28.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"product": {
"name": "reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"product_id": "reiserfs-kmp-default-4.12.14-25.28.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Development Tools 15",
"product": {
"name": "SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-development-tools:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Legacy 15",
"product": {
"name": "SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-legacy:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 15",
"product": {
"name": "SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-live-patching:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Availability Extension 15",
"product": {
"name": "SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-ha:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Workstation Extension 15",
"product": {
"name": "SUSE Linux Enterprise Workstation Extension 15",
"product_id": "SUSE Linux Enterprise Workstation Extension 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-we:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-25.28.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64"
},
"product_reference": "kernel-default-4.12.14-25.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le"
},
"product_reference": "kernel-default-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x"
},
"product_reference": "kernel-default-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64"
},
"product_reference": "kernel-default-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-25.28.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64"
},
"product_reference": "kernel-default-base-4.12.14-25.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le"
},
"product_reference": "kernel-default-base-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x"
},
"product_reference": "kernel-default-base-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-25.28.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64"
},
"product_reference": "kernel-default-devel-4.12.14-25.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le"
},
"product_reference": "kernel-default-devel-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x"
},
"product_reference": "kernel-default-devel-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-man-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x"
},
"product_reference": "kernel-default-man-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-25.28.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-25.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-25.28.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-25.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-zfcpdump-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x"
},
"product_reference": "kernel-zfcpdump-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-4.12.14-25.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch"
},
"product_reference": "kernel-docs-4.12.14-25.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-25.28.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64"
},
"product_reference": "kernel-obs-build-4.12.14-25.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le"
},
"product_reference": "kernel-obs-build-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x"
},
"product_reference": "kernel-obs-build-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64"
},
"product_reference": "kernel-obs-build-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-25.28.1.noarch as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch"
},
"product_reference": "kernel-source-4.12.14-25.28.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-25.28.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64"
},
"product_reference": "kernel-syms-4.12.14-25.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le"
},
"product_reference": "kernel-syms-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x"
},
"product_reference": "kernel-syms-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-base-4.12.14-25.28.1.aarch64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64"
},
"product_reference": "kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-base-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le"
},
"product_reference": "kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-base-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x"
},
"product_reference": "kernel-vanilla-base-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-base-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise Module for Development Tools 15",
"product_id": "SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64"
},
"product_reference": "kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Development Tools 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-4.12.14-25.28.1.aarch64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64"
},
"product_reference": "reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le"
},
"product_reference": "reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x"
},
"product_reference": "reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "reiserfs-kmp-default-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise Module for Legacy 15",
"product_id": "SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64"
},
"product_reference": "reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Legacy 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le"
},
"product_reference": "kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-livepatch-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64"
},
"product_reference": "kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le"
},
"product_reference": "kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15",
"product_id": "SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64"
},
"product_reference": "kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-25.28.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le"
},
"product_reference": "cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x"
},
"product_reference": "cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-default-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64"
},
"product_reference": "cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-25.28.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64"
},
"product_reference": "dlm-kmp-default-4.12.14-25.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le"
},
"product_reference": "dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x"
},
"product_reference": "dlm-kmp-default-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-default-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64"
},
"product_reference": "dlm-kmp-default-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-25.28.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64"
},
"product_reference": "gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le"
},
"product_reference": "gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x"
},
"product_reference": "gfs2-kmp-default-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-default-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64"
},
"product_reference": "gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-25.28.1.aarch64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-25.28.1.ppc64le as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le"
},
"product_reference": "ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-25.28.1.s390x as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x"
},
"product_reference": "ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-default-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise High Availability Extension 15",
"product_id": "SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64"
},
"product_reference": "ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Availability Extension 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-extra-4.12.14-25.28.1.x86_64 as component of SUSE Linux Enterprise Workstation Extension 15",
"product_id": "SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
},
"product_reference": "kernel-default-extra-4.12.14-25.28.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Workstation Extension 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12232"
}
],
"notes": [
{
"category": "general",
"text": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12232",
"url": "https://www.suse.com/security/cve/CVE-2018-12232"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1097593 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "external",
"summary": "SUSE Bug 1125907 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1125907"
},
{
"category": "external",
"summary": "SUSE Bug 1127757 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1127757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "important"
}
],
"title": "CVE-2018-12232"
},
{
"cve": "CVE-2018-14625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14625"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14625",
"url": "https://www.suse.com/security/cve/CVE-2018-14625"
},
{
"category": "external",
"summary": "SUSE Bug 1106615 for CVE-2018-14625",
"url": "https://bugzilla.suse.com/1106615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-14625"
},
{
"cve": "CVE-2018-16862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16862"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16862",
"url": "https://www.suse.com/security/cve/CVE-2018-16862"
},
{
"category": "external",
"summary": "SUSE Bug 1117186 for CVE-2018-16862",
"url": "https://bugzilla.suse.com/1117186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-16862"
},
{
"cve": "CVE-2018-16884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16884"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16884",
"url": "https://www.suse.com/security/cve/CVE-2018-16884"
},
{
"category": "external",
"summary": "SUSE Bug 1119946 for CVE-2018-16884",
"url": "https://bugzilla.suse.com/1119946"
},
{
"category": "external",
"summary": "SUSE Bug 1119947 for CVE-2018-16884",
"url": "https://bugzilla.suse.com/1119947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "important"
}
],
"title": "CVE-2018-16884"
},
{
"cve": "CVE-2018-18281",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18281"
}
],
"notes": [
{
"category": "general",
"text": "Since Linux kernel version 3.2, the mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removes entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry can remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. This is fixed in the following kernel versions: 4.9.135, 4.14.78, 4.18.16, 4.19.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18281",
"url": "https://www.suse.com/security/cve/CVE-2018-18281"
},
{
"category": "external",
"summary": "SUSE Bug 1113769 for CVE-2018-18281",
"url": "https://bugzilla.suse.com/1113769"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-18281"
},
{
"cve": "CVE-2018-18397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18397"
}
],
"notes": [
{
"category": "general",
"text": "The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18397",
"url": "https://www.suse.com/security/cve/CVE-2018-18397"
},
{
"category": "external",
"summary": "SUSE Bug 1117656 for CVE-2018-18397",
"url": "https://bugzilla.suse.com/1117656"
},
{
"category": "external",
"summary": "SUSE Bug 1171522 for CVE-2018-18397",
"url": "https://bugzilla.suse.com/1171522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-18397"
},
{
"cve": "CVE-2018-18710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18710",
"url": "https://www.suse.com/security/cve/CVE-2018-18710"
},
{
"category": "external",
"summary": "SUSE Bug 1113751 for CVE-2018-18710",
"url": "https://bugzilla.suse.com/1113751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-18710"
},
{
"cve": "CVE-2018-19407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19407"
}
],
"notes": [
{
"category": "general",
"text": "The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19407",
"url": "https://www.suse.com/security/cve/CVE-2018-19407"
},
{
"category": "external",
"summary": "SUSE Bug 1116841 for CVE-2018-19407",
"url": "https://bugzilla.suse.com/1116841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-19407"
},
{
"cve": "CVE-2018-19824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19824",
"url": "https://www.suse.com/security/cve/CVE-2018-19824"
},
{
"category": "external",
"summary": "SUSE Bug 1118152 for CVE-2018-19824",
"url": "https://bugzilla.suse.com/1118152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-19824"
},
{
"cve": "CVE-2018-19854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19854"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19854",
"url": "https://www.suse.com/security/cve/CVE-2018-19854"
},
{
"category": "external",
"summary": "SUSE Bug 1118428 for CVE-2018-19854",
"url": "https://bugzilla.suse.com/1118428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "low"
}
],
"title": "CVE-2018-19854"
},
{
"cve": "CVE-2018-19985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19985"
}
],
"notes": [
{
"category": "general",
"text": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19985",
"url": "https://www.suse.com/security/cve/CVE-2018-19985"
},
{
"category": "external",
"summary": "SUSE Bug 1120743 for CVE-2018-19985",
"url": "https://bugzilla.suse.com/1120743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "low"
}
],
"title": "CVE-2018-19985"
},
{
"cve": "CVE-2018-20169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20169"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20169",
"url": "https://www.suse.com/security/cve/CVE-2018-20169"
},
{
"category": "external",
"summary": "SUSE Bug 1119714 for CVE-2018-20169",
"url": "https://bugzilla.suse.com/1119714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-20169"
},
{
"cve": "CVE-2018-9568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-9568"
}
],
"notes": [
{
"category": "general",
"text": "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-9568",
"url": "https://www.suse.com/security/cve/CVE-2018-9568"
},
{
"category": "external",
"summary": "SUSE Bug 1118319 for CVE-2018-9568",
"url": "https://bugzilla.suse.com/1118319"
},
{
"category": "external",
"summary": "SUSE Bug 1118320 for CVE-2018-9568",
"url": "https://bugzilla.suse.com/1118320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:cluster-md-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:dlm-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:gfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise High Availability Extension 15:ocfs2-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-default-livepatch-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.ppc64le",
"SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_28-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-devel-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-default-man-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-devel-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-macros-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15:kernel-zfcpdump-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-docs-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-obs-build-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-source-4.12.14-25.28.1.noarch",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-syms-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Development Tools 15:kernel-vanilla-base-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.aarch64",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.ppc64le",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.s390x",
"SUSE Linux Enterprise Module for Legacy 15:reiserfs-kmp-default-4.12.14-25.28.1.x86_64",
"SUSE Linux Enterprise Workstation Extension 15:kernel-default-extra-4.12.14-25.28.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-01T18:55:03Z",
"details": "moderate"
}
],
"title": "CVE-2018-9568"
}
]
}
ghsa-wg55-v4qx-w8g3
Vulnerability from github
Published
2022-05-14 02:03
Modified
2022-05-14 02:03
Severity ?
VLAI Severity ?
Details
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.
{
"affected": [],
"aliases": [
"CVE-2018-12232"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-06-12T12:29:00Z",
"severity": "HIGH"
},
"details": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
"id": "GHSA-wg55-v4qx-w8g3",
"modified": "2022-05-14T02:03:05Z",
"published": "2022-05-14T02:03:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12232"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"type": "WEB",
"url": "https://lkml.org/lkml/2018/6/5/14"
},
{
"type": "WEB",
"url": "https://patchwork.ozlabs.org/patch/926519"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3752-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3752-2"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3752-3"
},
{
"type": "WEB",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104453"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
opensuse-su-2024:10728-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
kernel-devel-5.14.6-1.4 on GA media
Notes
Title of the patch
kernel-devel-5.14.6-1.4 on GA media
Description of the patch
These are all security issues fixed in the kernel-devel-5.14.6-1.4 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10728
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kernel-devel-5.14.6-1.4 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kernel-devel-5.14.6-1.4 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10728",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10728-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000251 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12153 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-13080 page",
"url": "https://www.suse.com/security/cve/CVE-2017-13080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14051 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15129 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15265 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16536 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16537 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16645 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16646 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16647 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16648 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16995 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16996 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17448 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17449 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17450 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17852 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17853 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17854 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17855 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17856 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17857 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17862 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5123 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5715 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5753 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5754 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7541 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7542 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7542/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8824 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8831 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000004 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10322 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10323 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1068 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1118 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12232 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12714 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13053 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18710 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19824 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5332 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5333 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5333/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8043 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8087 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8822 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10207 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11477 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11478 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11479 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14615 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14814 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14896 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15030 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15031 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15098 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15099 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15290 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15504 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15902 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16231 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16232 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16234 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17133 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17666 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18808 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18812 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18813 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19252 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19332 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19338 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3016 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3846 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3882 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3887 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6974 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7221 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7222 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8564 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8564/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8912 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9500 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10135 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10766 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10767 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10768 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10768/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12351 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12352 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14331 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14386 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24586 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24587 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24588 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25639 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25656 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26141 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-2732 page",
"url": "https://www.suse.com/security/cve/CVE-2020-2732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29660 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29661 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8648 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8694 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23133 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2021-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28971 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32606 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33909 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3483 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3489 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3490 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3491 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3653 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3656 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3744 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3753 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37576 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3759 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38166 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38166/"
}
],
"title": "kernel-devel-5.14.6-1.4 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10728-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-5.14.6-1.4.aarch64",
"product": {
"name": "kernel-devel-5.14.6-1.4.aarch64",
"product_id": "kernel-devel-5.14.6-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-macros-5.14.6-1.4.aarch64",
"product": {
"name": "kernel-macros-5.14.6-1.4.aarch64",
"product_id": "kernel-macros-5.14.6-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-5.14.6-1.4.aarch64",
"product": {
"name": "kernel-source-5.14.6-1.4.aarch64",
"product_id": "kernel-source-5.14.6-1.4.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-5.14.6-1.4.aarch64",
"product": {
"name": "kernel-source-vanilla-5.14.6-1.4.aarch64",
"product_id": "kernel-source-vanilla-5.14.6-1.4.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-5.14.6-1.4.ppc64le",
"product": {
"name": "kernel-devel-5.14.6-1.4.ppc64le",
"product_id": "kernel-devel-5.14.6-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-macros-5.14.6-1.4.ppc64le",
"product": {
"name": "kernel-macros-5.14.6-1.4.ppc64le",
"product_id": "kernel-macros-5.14.6-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-5.14.6-1.4.ppc64le",
"product": {
"name": "kernel-source-5.14.6-1.4.ppc64le",
"product_id": "kernel-source-5.14.6-1.4.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-5.14.6-1.4.ppc64le",
"product": {
"name": "kernel-source-vanilla-5.14.6-1.4.ppc64le",
"product_id": "kernel-source-vanilla-5.14.6-1.4.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-5.14.6-1.4.s390x",
"product": {
"name": "kernel-devel-5.14.6-1.4.s390x",
"product_id": "kernel-devel-5.14.6-1.4.s390x"
}
},
{
"category": "product_version",
"name": "kernel-macros-5.14.6-1.4.s390x",
"product": {
"name": "kernel-macros-5.14.6-1.4.s390x",
"product_id": "kernel-macros-5.14.6-1.4.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-5.14.6-1.4.s390x",
"product": {
"name": "kernel-source-5.14.6-1.4.s390x",
"product_id": "kernel-source-5.14.6-1.4.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-5.14.6-1.4.s390x",
"product": {
"name": "kernel-source-vanilla-5.14.6-1.4.s390x",
"product_id": "kernel-source-vanilla-5.14.6-1.4.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-5.14.6-1.4.x86_64",
"product": {
"name": "kernel-devel-5.14.6-1.4.x86_64",
"product_id": "kernel-devel-5.14.6-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-macros-5.14.6-1.4.x86_64",
"product": {
"name": "kernel-macros-5.14.6-1.4.x86_64",
"product_id": "kernel-macros-5.14.6-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-5.14.6-1.4.x86_64",
"product": {
"name": "kernel-source-5.14.6-1.4.x86_64",
"product_id": "kernel-source-5.14.6-1.4.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-5.14.6-1.4.x86_64",
"product": {
"name": "kernel-source-vanilla-5.14.6-1.4.x86_64",
"product_id": "kernel-source-vanilla-5.14.6-1.4.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-5.14.6-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64"
},
"product_reference": "kernel-devel-5.14.6-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-5.14.6-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le"
},
"product_reference": "kernel-devel-5.14.6-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-5.14.6-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x"
},
"product_reference": "kernel-devel-5.14.6-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-5.14.6-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64"
},
"product_reference": "kernel-devel-5.14.6-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-5.14.6-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64"
},
"product_reference": "kernel-macros-5.14.6-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-5.14.6-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le"
},
"product_reference": "kernel-macros-5.14.6-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-5.14.6-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x"
},
"product_reference": "kernel-macros-5.14.6-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-5.14.6-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64"
},
"product_reference": "kernel-macros-5.14.6-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-5.14.6-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64"
},
"product_reference": "kernel-source-5.14.6-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-5.14.6-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le"
},
"product_reference": "kernel-source-5.14.6-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-5.14.6-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x"
},
"product_reference": "kernel-source-5.14.6-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-5.14.6-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64"
},
"product_reference": "kernel-source-5.14.6-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-5.14.6-1.4.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64"
},
"product_reference": "kernel-source-vanilla-5.14.6-1.4.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-5.14.6-1.4.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le"
},
"product_reference": "kernel-source-vanilla-5.14.6-1.4.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-5.14.6-1.4.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x"
},
"product_reference": "kernel-source-vanilla-5.14.6-1.4.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-5.14.6-1.4.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
},
"product_reference": "kernel-source-vanilla-5.14.6-1.4.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-1000251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000251"
}
],
"notes": [
{
"category": "general",
"text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000251",
"url": "https://www.suse.com/security/cve/CVE-2017-1000251"
},
{
"category": "external",
"summary": "SUSE Bug 1057389 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1057389"
},
{
"category": "external",
"summary": "SUSE Bug 1057950 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1057950"
},
{
"category": "external",
"summary": "SUSE Bug 1070535 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1070535"
},
{
"category": "external",
"summary": "SUSE Bug 1072117 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1072117"
},
{
"category": "external",
"summary": "SUSE Bug 1072162 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1072162"
},
{
"category": "external",
"summary": "SUSE Bug 1120758 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1120758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-1000251"
},
{
"cve": "CVE-2017-12153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12153"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12153",
"url": "https://www.suse.com/security/cve/CVE-2017-12153"
},
{
"category": "external",
"summary": "SUSE Bug 1058410 for CVE-2017-12153",
"url": "https://bugzilla.suse.com/1058410"
},
{
"category": "external",
"summary": "SUSE Bug 1058624 for CVE-2017-12153",
"url": "https://bugzilla.suse.com/1058624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12153"
},
{
"cve": "CVE-2017-13080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-13080"
}
],
"notes": [
{
"category": "general",
"text": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-13080",
"url": "https://www.suse.com/security/cve/CVE-2017-13080"
},
{
"category": "external",
"summary": "SUSE Bug 1056061 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1056061"
},
{
"category": "external",
"summary": "SUSE Bug 1063479 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1063479"
},
{
"category": "external",
"summary": "SUSE Bug 1063667 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1063667"
},
{
"category": "external",
"summary": "SUSE Bug 1063671 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1063671"
},
{
"category": "external",
"summary": "SUSE Bug 1066295 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1066295"
},
{
"category": "external",
"summary": "SUSE Bug 1105108 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1105108"
},
{
"category": "external",
"summary": "SUSE Bug 1178872 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1178872"
},
{
"category": "external",
"summary": "SUSE Bug 1179588 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1179588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-13080"
},
{
"cve": "CVE-2017-14051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14051"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14051",
"url": "https://www.suse.com/security/cve/CVE-2017-14051"
},
{
"category": "external",
"summary": "SUSE Bug 1056588 for CVE-2017-14051",
"url": "https://bugzilla.suse.com/1056588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14051"
},
{
"cve": "CVE-2017-15129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15129"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15129",
"url": "https://www.suse.com/security/cve/CVE-2017-15129"
},
{
"category": "external",
"summary": "SUSE Bug 1074839 for CVE-2017-15129",
"url": "https://bugzilla.suse.com/1074839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-15129"
},
{
"cve": "CVE-2017-15265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15265"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15265",
"url": "https://www.suse.com/security/cve/CVE-2017-15265"
},
{
"category": "external",
"summary": "SUSE Bug 1062520 for CVE-2017-15265",
"url": "https://bugzilla.suse.com/1062520"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-15265",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-15265"
},
{
"cve": "CVE-2017-16536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16536"
}
],
"notes": [
{
"category": "general",
"text": "The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16536",
"url": "https://www.suse.com/security/cve/CVE-2017-16536"
},
{
"category": "external",
"summary": "SUSE Bug 1066606 for CVE-2017-16536",
"url": "https://bugzilla.suse.com/1066606"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16536",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16536",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16536"
},
{
"cve": "CVE-2017-16537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16537"
}
],
"notes": [
{
"category": "general",
"text": "The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16537",
"url": "https://www.suse.com/security/cve/CVE-2017-16537"
},
{
"category": "external",
"summary": "SUSE Bug 1066573 for CVE-2017-16537",
"url": "https://bugzilla.suse.com/1066573"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16537",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16537",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16537"
},
{
"cve": "CVE-2017-16645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16645"
}
],
"notes": [
{
"category": "general",
"text": "The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16645",
"url": "https://www.suse.com/security/cve/CVE-2017-16645"
},
{
"category": "external",
"summary": "SUSE Bug 1067132 for CVE-2017-16645",
"url": "https://bugzilla.suse.com/1067132"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16645",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16645",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16645"
},
{
"cve": "CVE-2017-16646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16646"
}
],
"notes": [
{
"category": "general",
"text": "drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16646",
"url": "https://www.suse.com/security/cve/CVE-2017-16646"
},
{
"category": "external",
"summary": "SUSE Bug 1067105 for CVE-2017-16646",
"url": "https://bugzilla.suse.com/1067105"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16646",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16646"
},
{
"cve": "CVE-2017-16647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16647"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16647",
"url": "https://www.suse.com/security/cve/CVE-2017-16647"
},
{
"category": "external",
"summary": "SUSE Bug 1067102 for CVE-2017-16647",
"url": "https://bugzilla.suse.com/1067102"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16647",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16647"
},
{
"cve": "CVE-2017-16648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16648"
}
],
"notes": [
{
"category": "general",
"text": "The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16648",
"url": "https://www.suse.com/security/cve/CVE-2017-16648"
},
{
"category": "external",
"summary": "SUSE Bug 1067087 for CVE-2017-16648",
"url": "https://bugzilla.suse.com/1067087"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16648",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16648",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16648"
},
{
"cve": "CVE-2017-16995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16995"
}
],
"notes": [
{
"category": "general",
"text": "The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16995",
"url": "https://www.suse.com/security/cve/CVE-2017-16995"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-16995",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16995"
},
{
"cve": "CVE-2017-16996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16996"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16996",
"url": "https://www.suse.com/security/cve/CVE-2017-16996"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-16996",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16996"
},
{
"cve": "CVE-2017-17448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17448"
}
],
"notes": [
{
"category": "general",
"text": "net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17448",
"url": "https://www.suse.com/security/cve/CVE-2017-17448"
},
{
"category": "external",
"summary": "SUSE Bug 1071693 for CVE-2017-17448",
"url": "https://bugzilla.suse.com/1071693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17448"
},
{
"cve": "CVE-2017-17449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17449"
}
],
"notes": [
{
"category": "general",
"text": "The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17449",
"url": "https://www.suse.com/security/cve/CVE-2017-17449"
},
{
"category": "external",
"summary": "SUSE Bug 1071694 for CVE-2017-17449",
"url": "https://bugzilla.suse.com/1071694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17449"
},
{
"cve": "CVE-2017-17450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17450"
}
],
"notes": [
{
"category": "general",
"text": "net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17450",
"url": "https://www.suse.com/security/cve/CVE-2017-17450"
},
{
"category": "external",
"summary": "SUSE Bug 1071695 for CVE-2017-17450",
"url": "https://bugzilla.suse.com/1071695"
},
{
"category": "external",
"summary": "SUSE Bug 1074033 for CVE-2017-17450",
"url": "https://bugzilla.suse.com/1074033"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-17450",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17450"
},
{
"cve": "CVE-2017-17852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17852"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17852",
"url": "https://www.suse.com/security/cve/CVE-2017-17852"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17852",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17852"
},
{
"cve": "CVE-2017-17853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17853"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17853",
"url": "https://www.suse.com/security/cve/CVE-2017-17853"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17853",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17853"
},
{
"cve": "CVE-2017-17854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17854"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17854",
"url": "https://www.suse.com/security/cve/CVE-2017-17854"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17854",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17854"
},
{
"cve": "CVE-2017-17855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17855"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17855",
"url": "https://www.suse.com/security/cve/CVE-2017-17855"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17855",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17855"
},
{
"cve": "CVE-2017-17856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17856"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17856",
"url": "https://www.suse.com/security/cve/CVE-2017-17856"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17856",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17856"
},
{
"cve": "CVE-2017-17857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17857"
}
],
"notes": [
{
"category": "general",
"text": "The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17857",
"url": "https://www.suse.com/security/cve/CVE-2017-17857"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17857",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17857"
},
{
"cve": "CVE-2017-17862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17862"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17862",
"url": "https://www.suse.com/security/cve/CVE-2017-17862"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17862",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17862"
},
{
"cve": "CVE-2017-5123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5123"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5123",
"url": "https://www.suse.com/security/cve/CVE-2017-5123"
},
{
"category": "external",
"summary": "SUSE Bug 1062473 for CVE-2017-5123",
"url": "https://bugzilla.suse.com/1062473"
},
{
"category": "external",
"summary": "SUSE Bug 1122971 for CVE-2017-5123",
"url": "https://bugzilla.suse.com/1122971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5123"
},
{
"cve": "CVE-2017-5715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5715"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5715",
"url": "https://www.suse.com/security/cve/CVE-2017-5715"
},
{
"category": "external",
"summary": "SUSE Bug 1068032 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "external",
"summary": "SUSE Bug 1074562 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074562"
},
{
"category": "external",
"summary": "SUSE Bug 1074578 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074578"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1074741 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074741"
},
{
"category": "external",
"summary": "SUSE Bug 1074919 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074919"
},
{
"category": "external",
"summary": "SUSE Bug 1075006 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075006"
},
{
"category": "external",
"summary": "SUSE Bug 1075007 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075007"
},
{
"category": "external",
"summary": "SUSE Bug 1075262 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075262"
},
{
"category": "external",
"summary": "SUSE Bug 1075419 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075419"
},
{
"category": "external",
"summary": "SUSE Bug 1076115 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076115"
},
{
"category": "external",
"summary": "SUSE Bug 1076372 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076372"
},
{
"category": "external",
"summary": "SUSE Bug 1076606 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076606"
},
{
"category": "external",
"summary": "SUSE Bug 1078353 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1078353"
},
{
"category": "external",
"summary": "SUSE Bug 1080039 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1080039"
},
{
"category": "external",
"summary": "SUSE Bug 1087887 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1087887"
},
{
"category": "external",
"summary": "SUSE Bug 1087939 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1087939"
},
{
"category": "external",
"summary": "SUSE Bug 1088147 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1088147"
},
{
"category": "external",
"summary": "SUSE Bug 1089055 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1089055"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1095735 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1095735"
},
{
"category": "external",
"summary": "SUSE Bug 1102517 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1102517"
},
{
"category": "external",
"summary": "SUSE Bug 1105108 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1105108"
},
{
"category": "external",
"summary": "SUSE Bug 1126516 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1126516"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201457 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1201457"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1203236 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1203236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5715"
},
{
"cve": "CVE-2017-5753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5753"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5753",
"url": "https://www.suse.com/security/cve/CVE-2017-5753"
},
{
"category": "external",
"summary": "SUSE Bug 1068032 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "external",
"summary": "SUSE Bug 1074562 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1074562"
},
{
"category": "external",
"summary": "SUSE Bug 1074578 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1074578"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1075006 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1075006"
},
{
"category": "external",
"summary": "SUSE Bug 1075419 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1075419"
},
{
"category": "external",
"summary": "SUSE Bug 1075748 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1075748"
},
{
"category": "external",
"summary": "SUSE Bug 1080039 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1080039"
},
{
"category": "external",
"summary": "SUSE Bug 1087084 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1087084"
},
{
"category": "external",
"summary": "SUSE Bug 1087939 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1087939"
},
{
"category": "external",
"summary": "SUSE Bug 1089055 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1089055"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1209547 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1209547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5753"
},
{
"cve": "CVE-2017-5754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5754"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5754",
"url": "https://www.suse.com/security/cve/CVE-2017-5754"
},
{
"category": "external",
"summary": "SUSE Bug 1068032 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "external",
"summary": "SUSE Bug 1074562 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1074562"
},
{
"category": "external",
"summary": "SUSE Bug 1074578 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1074578"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1075006 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1075006"
},
{
"category": "external",
"summary": "SUSE Bug 1075008 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1075008"
},
{
"category": "external",
"summary": "SUSE Bug 1087939 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1087939"
},
{
"category": "external",
"summary": "SUSE Bug 1089055 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1089055"
},
{
"category": "external",
"summary": "SUSE Bug 1115045 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1115045"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5754"
},
{
"cve": "CVE-2017-7541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7541"
}
],
"notes": [
{
"category": "general",
"text": "The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7541",
"url": "https://www.suse.com/security/cve/CVE-2017-7541"
},
{
"category": "external",
"summary": "SUSE Bug 1049645 for CVE-2017-7541",
"url": "https://bugzilla.suse.com/1049645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7541"
},
{
"cve": "CVE-2017-7542",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7542"
}
],
"notes": [
{
"category": "general",
"text": "The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7542",
"url": "https://www.suse.com/security/cve/CVE-2017-7542"
},
{
"category": "external",
"summary": "SUSE Bug 1049882 for CVE-2017-7542",
"url": "https://bugzilla.suse.com/1049882"
},
{
"category": "external",
"summary": "SUSE Bug 1061936 for CVE-2017-7542",
"url": "https://bugzilla.suse.com/1061936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7542"
},
{
"cve": "CVE-2017-8824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8824"
}
],
"notes": [
{
"category": "general",
"text": "The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8824",
"url": "https://www.suse.com/security/cve/CVE-2017-8824"
},
{
"category": "external",
"summary": "SUSE Bug 1070771 for CVE-2017-8824",
"url": "https://bugzilla.suse.com/1070771"
},
{
"category": "external",
"summary": "SUSE Bug 1076734 for CVE-2017-8824",
"url": "https://bugzilla.suse.com/1076734"
},
{
"category": "external",
"summary": "SUSE Bug 1092904 for CVE-2017-8824",
"url": "https://bugzilla.suse.com/1092904"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8824",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-8824"
},
{
"cve": "CVE-2017-8831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8831"
}
],
"notes": [
{
"category": "general",
"text": "The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a \"double fetch\" vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8831",
"url": "https://www.suse.com/security/cve/CVE-2017-8831"
},
{
"category": "external",
"summary": "SUSE Bug 1037994 for CVE-2017-8831",
"url": "https://bugzilla.suse.com/1037994"
},
{
"category": "external",
"summary": "SUSE Bug 1061936 for CVE-2017-8831",
"url": "https://bugzilla.suse.com/1061936"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-8831",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8831",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8831"
},
{
"cve": "CVE-2018-1000004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000004",
"url": "https://www.suse.com/security/cve/CVE-2018-1000004"
},
{
"category": "external",
"summary": "SUSE Bug 1076017 for CVE-2018-1000004",
"url": "https://bugzilla.suse.com/1076017"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-1000004",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000004"
},
{
"cve": "CVE-2018-10322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10322"
}
],
"notes": [
{
"category": "general",
"text": "The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10322",
"url": "https://www.suse.com/security/cve/CVE-2018-10322"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-10322",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1090749 for CVE-2018-10322",
"url": "https://bugzilla.suse.com/1090749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10322"
},
{
"cve": "CVE-2018-10323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10323"
}
],
"notes": [
{
"category": "general",
"text": "The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10323",
"url": "https://www.suse.com/security/cve/CVE-2018-10323"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-10323",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1090717 for CVE-2018-10323",
"url": "https://bugzilla.suse.com/1090717"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10323"
},
{
"cve": "CVE-2018-1068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1068"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux 4.x kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1068",
"url": "https://www.suse.com/security/cve/CVE-2018-1068"
},
{
"category": "external",
"summary": "SUSE Bug 1085107 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1085107"
},
{
"category": "external",
"summary": "SUSE Bug 1085114 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1085114"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1123903 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1123903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-1068"
},
{
"cve": "CVE-2018-1118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1118"
}
],
"notes": [
{
"category": "general",
"text": "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1118",
"url": "https://www.suse.com/security/cve/CVE-2018-1118"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1118",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092472 for CVE-2018-1118",
"url": "https://bugzilla.suse.com/1092472"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1118"
},
{
"cve": "CVE-2018-12232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12232"
}
],
"notes": [
{
"category": "general",
"text": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12232",
"url": "https://www.suse.com/security/cve/CVE-2018-12232"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1097593 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "external",
"summary": "SUSE Bug 1125907 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1125907"
},
{
"category": "external",
"summary": "SUSE Bug 1127757 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1127757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12232"
},
{
"cve": "CVE-2018-12714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12714"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12714",
"url": "https://www.suse.com/security/cve/CVE-2018-12714"
},
{
"category": "external",
"summary": "SUSE Bug 1098933 for CVE-2018-12714",
"url": "https://bugzilla.suse.com/1098933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12714"
},
{
"cve": "CVE-2018-13053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13053"
}
],
"notes": [
{
"category": "general",
"text": "The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13053",
"url": "https://www.suse.com/security/cve/CVE-2018-13053"
},
{
"category": "external",
"summary": "SUSE Bug 1099924 for CVE-2018-13053",
"url": "https://bugzilla.suse.com/1099924"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-13053",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-13053"
},
{
"cve": "CVE-2018-18710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18710",
"url": "https://www.suse.com/security/cve/CVE-2018-18710"
},
{
"category": "external",
"summary": "SUSE Bug 1113751 for CVE-2018-18710",
"url": "https://bugzilla.suse.com/1113751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-18710"
},
{
"cve": "CVE-2018-19824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19824",
"url": "https://www.suse.com/security/cve/CVE-2018-19824"
},
{
"category": "external",
"summary": "SUSE Bug 1118152 for CVE-2018-19824",
"url": "https://bugzilla.suse.com/1118152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-19824"
},
{
"cve": "CVE-2018-5332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5332",
"url": "https://www.suse.com/security/cve/CVE-2018-5332"
},
{
"category": "external",
"summary": "SUSE Bug 1075621 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1075621"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-5332"
},
{
"cve": "CVE-2018-5333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5333",
"url": "https://www.suse.com/security/cve/CVE-2018-5333"
},
{
"category": "external",
"summary": "SUSE Bug 1075617 for CVE-2018-5333",
"url": "https://bugzilla.suse.com/1075617"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-5333",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-5333"
},
{
"cve": "CVE-2018-8043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8043"
}
],
"notes": [
{
"category": "general",
"text": "The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8043",
"url": "https://www.suse.com/security/cve/CVE-2018-8043"
},
{
"category": "external",
"summary": "SUSE Bug 1084829 for CVE-2018-8043",
"url": "https://bugzilla.suse.com/1084829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-8043"
},
{
"cve": "CVE-2018-8087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8087"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8087",
"url": "https://www.suse.com/security/cve/CVE-2018-8087"
},
{
"category": "external",
"summary": "SUSE Bug 1085053 for CVE-2018-8087",
"url": "https://bugzilla.suse.com/1085053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-8087"
},
{
"cve": "CVE-2018-8822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8822"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8822",
"url": "https://www.suse.com/security/cve/CVE-2018-8822"
},
{
"category": "external",
"summary": "SUSE Bug 1086162 for CVE-2018-8822",
"url": "https://bugzilla.suse.com/1086162"
},
{
"category": "external",
"summary": "SUSE Bug 1090404 for CVE-2018-8822",
"url": "https://bugzilla.suse.com/1090404"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-8822",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-8822"
},
{
"cve": "CVE-2019-10207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10207"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10207",
"url": "https://www.suse.com/security/cve/CVE-2019-10207"
},
{
"category": "external",
"summary": "SUSE Bug 1123959 for CVE-2019-10207",
"url": "https://bugzilla.suse.com/1123959"
},
{
"category": "external",
"summary": "SUSE Bug 1142857 for CVE-2019-10207",
"url": "https://bugzilla.suse.com/1142857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-10207"
},
{
"cve": "CVE-2019-11477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11477"
}
],
"notes": [
{
"category": "general",
"text": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11477",
"url": "https://www.suse.com/security/cve/CVE-2019-11477"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11477",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1137586 for CVE-2019-11477",
"url": "https://bugzilla.suse.com/1137586"
},
{
"category": "external",
"summary": "SUSE Bug 1142129 for CVE-2019-11477",
"url": "https://bugzilla.suse.com/1142129"
},
{
"category": "external",
"summary": "SUSE Bug 1153242 for CVE-2019-11477",
"url": "https://bugzilla.suse.com/1153242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11477"
},
{
"cve": "CVE-2019-11478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11478"
}
],
"notes": [
{
"category": "general",
"text": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11478",
"url": "https://www.suse.com/security/cve/CVE-2019-11478"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11478",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1137586 for CVE-2019-11478",
"url": "https://bugzilla.suse.com/1137586"
},
{
"category": "external",
"summary": "SUSE Bug 1142129 for CVE-2019-11478",
"url": "https://bugzilla.suse.com/1142129"
},
{
"category": "external",
"summary": "SUSE Bug 1143542 for CVE-2019-11478",
"url": "https://bugzilla.suse.com/1143542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11478"
},
{
"cve": "CVE-2019-11479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11479"
}
],
"notes": [
{
"category": "general",
"text": "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11479",
"url": "https://www.suse.com/security/cve/CVE-2019-11479"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11479",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1137586 for CVE-2019-11479",
"url": "https://bugzilla.suse.com/1137586"
},
{
"category": "external",
"summary": "SUSE Bug 1142129 for CVE-2019-11479",
"url": "https://bugzilla.suse.com/1142129"
},
{
"category": "external",
"summary": "SUSE Bug 1143542 for CVE-2019-11479",
"url": "https://bugzilla.suse.com/1143542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11479"
},
{
"cve": "CVE-2019-14615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14615"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14615",
"url": "https://www.suse.com/security/cve/CVE-2019-14615"
},
{
"category": "external",
"summary": "SUSE Bug 1160195 for CVE-2019-14615",
"url": "https://bugzilla.suse.com/1160195"
},
{
"category": "external",
"summary": "SUSE Bug 1165881 for CVE-2019-14615",
"url": "https://bugzilla.suse.com/1165881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14615"
},
{
"cve": "CVE-2019-14814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14814"
}
],
"notes": [
{
"category": "general",
"text": "There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14814",
"url": "https://www.suse.com/security/cve/CVE-2019-14814"
},
{
"category": "external",
"summary": "SUSE Bug 1146512 for CVE-2019-14814",
"url": "https://bugzilla.suse.com/1146512"
},
{
"category": "external",
"summary": "SUSE Bug 1173664 for CVE-2019-14814",
"url": "https://bugzilla.suse.com/1173664"
},
{
"category": "external",
"summary": "SUSE Bug 1173665 for CVE-2019-14814",
"url": "https://bugzilla.suse.com/1173665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14814"
},
{
"cve": "CVE-2019-14896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14896"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14896",
"url": "https://www.suse.com/security/cve/CVE-2019-14896"
},
{
"category": "external",
"summary": "SUSE Bug 1157157 for CVE-2019-14896",
"url": "https://bugzilla.suse.com/1157157"
},
{
"category": "external",
"summary": "SUSE Bug 1160468 for CVE-2019-14896",
"url": "https://bugzilla.suse.com/1160468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14896"
},
{
"cve": "CVE-2019-15030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15030"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users\u0027 processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15030",
"url": "https://www.suse.com/security/cve/CVE-2019-15030"
},
{
"category": "external",
"summary": "SUSE Bug 1149713 for CVE-2019-15030",
"url": "https://bugzilla.suse.com/1149713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15030"
},
{
"cve": "CVE-2019-15031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users\u0027 processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15031",
"url": "https://www.suse.com/security/cve/CVE-2019-15031"
},
{
"category": "external",
"summary": "SUSE Bug 1149713 for CVE-2019-15031",
"url": "https://bugzilla.suse.com/1149713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15031"
},
{
"cve": "CVE-2019-15098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15098"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15098",
"url": "https://www.suse.com/security/cve/CVE-2019-15098"
},
{
"category": "external",
"summary": "SUSE Bug 1146378 for CVE-2019-15098",
"url": "https://bugzilla.suse.com/1146378"
},
{
"category": "external",
"summary": "SUSE Bug 1146543 for CVE-2019-15098",
"url": "https://bugzilla.suse.com/1146543"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15098"
},
{
"cve": "CVE-2019-15099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15099"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15099",
"url": "https://www.suse.com/security/cve/CVE-2019-15099"
},
{
"category": "external",
"summary": "SUSE Bug 1146368 for CVE-2019-15099",
"url": "https://bugzilla.suse.com/1146368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15099"
},
{
"cve": "CVE-2019-15290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15290"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15098. Reason: This candidate is a duplicate of CVE-2019-15098. Notes: All CVE users should reference CVE-2019-15098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15290",
"url": "https://www.suse.com/security/cve/CVE-2019-15290"
},
{
"category": "external",
"summary": "SUSE Bug 1146378 for CVE-2019-15290",
"url": "https://bugzilla.suse.com/1146378"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2019-15290",
"url": "https://bugzilla.suse.com/1146519"
},
{
"category": "external",
"summary": "SUSE Bug 1146543 for CVE-2019-15290",
"url": "https://bugzilla.suse.com/1146543"
},
{
"category": "external",
"summary": "SUSE Bug 1158381 for CVE-2019-15290",
"url": "https://bugzilla.suse.com/1158381"
},
{
"category": "external",
"summary": "SUSE Bug 1158834 for CVE-2019-15290",
"url": "https://bugzilla.suse.com/1158834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15290"
},
{
"cve": "CVE-2019-15504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15504"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15504",
"url": "https://www.suse.com/security/cve/CVE-2019-15504"
},
{
"category": "external",
"summary": "SUSE Bug 1147116 for CVE-2019-15504",
"url": "https://bugzilla.suse.com/1147116"
},
{
"category": "external",
"summary": "SUSE Bug 1185852 for CVE-2019-15504",
"url": "https://bugzilla.suse.com/1185852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-15504"
},
{
"cve": "CVE-2019-15902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15902"
}
],
"notes": [
{
"category": "general",
"text": "A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream \"x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()\" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15902",
"url": "https://www.suse.com/security/cve/CVE-2019-15902"
},
{
"category": "external",
"summary": "SUSE Bug 1149376 for CVE-2019-15902",
"url": "https://bugzilla.suse.com/1149376"
},
{
"category": "external",
"summary": "SUSE Bug 1155131 for CVE-2019-15902",
"url": "https://bugzilla.suse.com/1155131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15902"
},
{
"cve": "CVE-2019-16231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16231"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16231",
"url": "https://www.suse.com/security/cve/CVE-2019-16231"
},
{
"category": "external",
"summary": "SUSE Bug 1150466 for CVE-2019-16231",
"url": "https://bugzilla.suse.com/1150466"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16231"
},
{
"cve": "CVE-2019-16232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16232"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16232",
"url": "https://www.suse.com/security/cve/CVE-2019-16232"
},
{
"category": "external",
"summary": "SUSE Bug 1150465 for CVE-2019-16232",
"url": "https://bugzilla.suse.com/1150465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16232"
},
{
"cve": "CVE-2019-16234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16234"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16234",
"url": "https://www.suse.com/security/cve/CVE-2019-16234"
},
{
"category": "external",
"summary": "SUSE Bug 1150452 for CVE-2019-16234",
"url": "https://bugzilla.suse.com/1150452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-16234"
},
{
"cve": "CVE-2019-17133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17133"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17133",
"url": "https://www.suse.com/security/cve/CVE-2019-17133"
},
{
"category": "external",
"summary": "SUSE Bug 1153158 for CVE-2019-17133",
"url": "https://bugzilla.suse.com/1153158"
},
{
"category": "external",
"summary": "SUSE Bug 1153161 for CVE-2019-17133",
"url": "https://bugzilla.suse.com/1153161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17133"
},
{
"cve": "CVE-2019-17666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17666"
}
],
"notes": [
{
"category": "general",
"text": "rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17666",
"url": "https://www.suse.com/security/cve/CVE-2019-17666"
},
{
"category": "external",
"summary": "SUSE Bug 1154372 for CVE-2019-17666",
"url": "https://bugzilla.suse.com/1154372"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17666"
},
{
"cve": "CVE-2019-18808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18808"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18808",
"url": "https://www.suse.com/security/cve/CVE-2019-18808"
},
{
"category": "external",
"summary": "SUSE Bug 1156259 for CVE-2019-18808",
"url": "https://bugzilla.suse.com/1156259"
},
{
"category": "external",
"summary": "SUSE Bug 1189884 for CVE-2019-18808",
"url": "https://bugzilla.suse.com/1189884"
},
{
"category": "external",
"summary": "SUSE Bug 1190534 for CVE-2019-18808",
"url": "https://bugzilla.suse.com/1190534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-18808"
},
{
"cve": "CVE-2019-18812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18812"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18812",
"url": "https://www.suse.com/security/cve/CVE-2019-18812"
},
{
"category": "external",
"summary": "SUSE Bug 1156277 for CVE-2019-18812",
"url": "https://bugzilla.suse.com/1156277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-18812"
},
{
"cve": "CVE-2019-18813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18813"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18813",
"url": "https://www.suse.com/security/cve/CVE-2019-18813"
},
{
"category": "external",
"summary": "SUSE Bug 1156278 for CVE-2019-18813",
"url": "https://bugzilla.suse.com/1156278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-18813"
},
{
"cve": "CVE-2019-19252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19252"
}
],
"notes": [
{
"category": "general",
"text": "vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19252",
"url": "https://www.suse.com/security/cve/CVE-2019-19252"
},
{
"category": "external",
"summary": "SUSE Bug 1157813 for CVE-2019-19252",
"url": "https://bugzilla.suse.com/1157813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19252"
},
{
"cve": "CVE-2019-19332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19332"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel\u0027s KVM hypervisor handled the \u0027KVM_GET_EMULATED_CPUID\u0027 ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the \u0027/dev/kvm\u0027 device could use this flaw to crash the system, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19332",
"url": "https://www.suse.com/security/cve/CVE-2019-19332"
},
{
"category": "external",
"summary": "SUSE Bug 1158827 for CVE-2019-19332",
"url": "https://bugzilla.suse.com/1158827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19332"
},
{
"cve": "CVE-2019-19338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19338"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has \u0027TSX\u0027 enabled. Confidentiality of data is the highest threat associated with this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19338",
"url": "https://www.suse.com/security/cve/CVE-2019-19338"
},
{
"category": "external",
"summary": "SUSE Bug 1158954 for CVE-2019-19338",
"url": "https://bugzilla.suse.com/1158954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19338"
},
{
"cve": "CVE-2019-3016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3016"
}
],
"notes": [
{
"category": "general",
"text": "In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3016",
"url": "https://www.suse.com/security/cve/CVE-2019-3016"
},
{
"category": "external",
"summary": "SUSE Bug 1159281 for CVE-2019-3016",
"url": "https://bugzilla.suse.com/1159281"
},
{
"category": "external",
"summary": "SUSE Bug 1161154 for CVE-2019-3016",
"url": "https://bugzilla.suse.com/1161154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3016"
},
{
"cve": "CVE-2019-3846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3846"
}
],
"notes": [
{
"category": "general",
"text": "A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3846",
"url": "https://www.suse.com/security/cve/CVE-2019-3846"
},
{
"category": "external",
"summary": "SUSE Bug 1136424 for CVE-2019-3846",
"url": "https://bugzilla.suse.com/1136424"
},
{
"category": "external",
"summary": "SUSE Bug 1136446 for CVE-2019-3846",
"url": "https://bugzilla.suse.com/1136446"
},
{
"category": "external",
"summary": "SUSE Bug 1156330 for CVE-2019-3846",
"url": "https://bugzilla.suse.com/1156330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3846"
},
{
"cve": "CVE-2019-3882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3882"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s vfio interface implementation that permits violation of the user\u0027s locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3882",
"url": "https://www.suse.com/security/cve/CVE-2019-3882"
},
{
"category": "external",
"summary": "SUSE Bug 1131416 for CVE-2019-3882",
"url": "https://bugzilla.suse.com/1131416"
},
{
"category": "external",
"summary": "SUSE Bug 1131427 for CVE-2019-3882",
"url": "https://bugzilla.suse.com/1131427"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-3882",
"url": "https://bugzilla.suse.com/1133319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3882"
},
{
"cve": "CVE-2019-3887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3887"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0\u0027s APIC register values via L2 guest, when \u0027virtualize x2APIC mode\u0027 is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3887",
"url": "https://www.suse.com/security/cve/CVE-2019-3887"
},
{
"category": "external",
"summary": "SUSE Bug 1131800 for CVE-2019-3887",
"url": "https://bugzilla.suse.com/1131800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3887"
},
{
"cve": "CVE-2019-6974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6974",
"url": "https://www.suse.com/security/cve/CVE-2019-6974"
},
{
"category": "external",
"summary": "SUSE Bug 1124728 for CVE-2019-6974",
"url": "https://bugzilla.suse.com/1124728"
},
{
"category": "external",
"summary": "SUSE Bug 1124729 for CVE-2019-6974",
"url": "https://bugzilla.suse.com/1124729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-6974"
},
{
"cve": "CVE-2019-7221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7221"
}
],
"notes": [
{
"category": "general",
"text": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7221",
"url": "https://www.suse.com/security/cve/CVE-2019-7221"
},
{
"category": "external",
"summary": "SUSE Bug 1124732 for CVE-2019-7221",
"url": "https://bugzilla.suse.com/1124732"
},
{
"category": "external",
"summary": "SUSE Bug 1124734 for CVE-2019-7221",
"url": "https://bugzilla.suse.com/1124734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7221"
},
{
"cve": "CVE-2019-7222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7222"
}
],
"notes": [
{
"category": "general",
"text": "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7222",
"url": "https://www.suse.com/security/cve/CVE-2019-7222"
},
{
"category": "external",
"summary": "SUSE Bug 1124735 for CVE-2019-7222",
"url": "https://bugzilla.suse.com/1124735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-7222"
},
{
"cve": "CVE-2019-8564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8564"
}
],
"notes": [
{
"category": "general",
"text": "A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8564",
"url": "https://www.suse.com/security/cve/CVE-2019-8564"
},
{
"category": "external",
"summary": "SUSE Bug 1132673 for CVE-2019-8564",
"url": "https://bugzilla.suse.com/1132673"
},
{
"category": "external",
"summary": "SUSE Bug 1132828 for CVE-2019-8564",
"url": "https://bugzilla.suse.com/1132828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-8564"
},
{
"cve": "CVE-2019-8912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8912",
"url": "https://www.suse.com/security/cve/CVE-2019-8912"
},
{
"category": "external",
"summary": "SUSE Bug 1125907 for CVE-2019-8912",
"url": "https://bugzilla.suse.com/1125907"
},
{
"category": "external",
"summary": "SUSE Bug 1126284 for CVE-2019-8912",
"url": "https://bugzilla.suse.com/1126284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-8912"
},
{
"cve": "CVE-2019-9500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9500"
}
],
"notes": [
{
"category": "general",
"text": "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9500",
"url": "https://www.suse.com/security/cve/CVE-2019-9500"
},
{
"category": "external",
"summary": "SUSE Bug 1132681 for CVE-2019-9500",
"url": "https://bugzilla.suse.com/1132681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-9500"
},
{
"cve": "CVE-2020-10135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10135"
}
],
"notes": [
{
"category": "general",
"text": "Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10135",
"url": "https://www.suse.com/security/cve/CVE-2020-10135"
},
{
"category": "external",
"summary": "SUSE Bug 1171988 for CVE-2020-10135",
"url": "https://bugzilla.suse.com/1171988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10135"
},
{
"cve": "CVE-2020-10766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10766"
}
],
"notes": [
{
"category": "general",
"text": "A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10766",
"url": "https://www.suse.com/security/cve/CVE-2020-10766"
},
{
"category": "external",
"summary": "SUSE Bug 1159281 for CVE-2020-10766",
"url": "https://bugzilla.suse.com/1159281"
},
{
"category": "external",
"summary": "SUSE Bug 1172781 for CVE-2020-10766",
"url": "https://bugzilla.suse.com/1172781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10766"
},
{
"cve": "CVE-2020-10767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10767"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10767",
"url": "https://www.suse.com/security/cve/CVE-2020-10767"
},
{
"category": "external",
"summary": "SUSE Bug 1159281 for CVE-2020-10767",
"url": "https://bugzilla.suse.com/1159281"
},
{
"category": "external",
"summary": "SUSE Bug 1172782 for CVE-2020-10767",
"url": "https://bugzilla.suse.com/1172782"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10767"
},
{
"cve": "CVE-2020-10768",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10768"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being \u0027force disabled\u0027 when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10768",
"url": "https://www.suse.com/security/cve/CVE-2020-10768"
},
{
"category": "external",
"summary": "SUSE Bug 1159281 for CVE-2020-10768",
"url": "https://bugzilla.suse.com/1159281"
},
{
"category": "external",
"summary": "SUSE Bug 1172783 for CVE-2020-10768",
"url": "https://bugzilla.suse.com/1172783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10768"
},
{
"cve": "CVE-2020-12351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12351"
}
],
"notes": [
{
"category": "general",
"text": "Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12351",
"url": "https://www.suse.com/security/cve/CVE-2020-12351"
},
{
"category": "external",
"summary": "SUSE Bug 1177724 for CVE-2020-12351",
"url": "https://bugzilla.suse.com/1177724"
},
{
"category": "external",
"summary": "SUSE Bug 1177729 for CVE-2020-12351",
"url": "https://bugzilla.suse.com/1177729"
},
{
"category": "external",
"summary": "SUSE Bug 1178397 for CVE-2020-12351",
"url": "https://bugzilla.suse.com/1178397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12351"
},
{
"cve": "CVE-2020-12352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12352"
}
],
"notes": [
{
"category": "general",
"text": "Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12352",
"url": "https://www.suse.com/security/cve/CVE-2020-12352"
},
{
"category": "external",
"summary": "SUSE Bug 1177725 for CVE-2020-12352",
"url": "https://bugzilla.suse.com/1177725"
},
{
"category": "external",
"summary": "SUSE Bug 1178398 for CVE-2020-12352",
"url": "https://bugzilla.suse.com/1178398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-12352"
},
{
"cve": "CVE-2020-14331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14331"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14331",
"url": "https://www.suse.com/security/cve/CVE-2020-14331"
},
{
"category": "external",
"summary": "SUSE Bug 1174205 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174205"
},
{
"category": "external",
"summary": "SUSE Bug 1174247 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14331"
},
{
"cve": "CVE-2020-14386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14386"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14386",
"url": "https://www.suse.com/security/cve/CVE-2020-14386"
},
{
"category": "external",
"summary": "SUSE Bug 1176069 for CVE-2020-14386",
"url": "https://bugzilla.suse.com/1176069"
},
{
"category": "external",
"summary": "SUSE Bug 1176072 for CVE-2020-14386",
"url": "https://bugzilla.suse.com/1176072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14386"
},
{
"cve": "CVE-2020-24586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24586"
}
],
"notes": [
{
"category": "general",
"text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24586",
"url": "https://www.suse.com/security/cve/CVE-2020-24586"
},
{
"category": "external",
"summary": "SUSE Bug 1185859 for CVE-2020-24586",
"url": "https://bugzilla.suse.com/1185859"
},
{
"category": "external",
"summary": "SUSE Bug 1192868 for CVE-2020-24586",
"url": "https://bugzilla.suse.com/1192868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24586"
},
{
"cve": "CVE-2020-24587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24587"
}
],
"notes": [
{
"category": "general",
"text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24587",
"url": "https://www.suse.com/security/cve/CVE-2020-24587"
},
{
"category": "external",
"summary": "SUSE Bug 1185859 for CVE-2020-24587",
"url": "https://bugzilla.suse.com/1185859"
},
{
"category": "external",
"summary": "SUSE Bug 1185862 for CVE-2020-24587",
"url": "https://bugzilla.suse.com/1185862"
},
{
"category": "external",
"summary": "SUSE Bug 1192868 for CVE-2020-24587",
"url": "https://bugzilla.suse.com/1192868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24587"
},
{
"cve": "CVE-2020-24588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24588"
}
],
"notes": [
{
"category": "general",
"text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24588",
"url": "https://www.suse.com/security/cve/CVE-2020-24588"
},
{
"category": "external",
"summary": "SUSE Bug 1185861 for CVE-2020-24588",
"url": "https://bugzilla.suse.com/1185861"
},
{
"category": "external",
"summary": "SUSE Bug 1192868 for CVE-2020-24588",
"url": "https://bugzilla.suse.com/1192868"
},
{
"category": "external",
"summary": "SUSE Bug 1199701 for CVE-2020-24588",
"url": "https://bugzilla.suse.com/1199701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24588"
},
{
"cve": "CVE-2020-25639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25639"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the Linux kernel\u0027s GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25639",
"url": "https://www.suse.com/security/cve/CVE-2020-25639"
},
{
"category": "external",
"summary": "SUSE Bug 1176846 for CVE-2020-25639",
"url": "https://bugzilla.suse.com/1176846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-25639"
},
{
"cve": "CVE-2020-25656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25656"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25656",
"url": "https://www.suse.com/security/cve/CVE-2020-25656"
},
{
"category": "external",
"summary": "SUSE Bug 1177766 for CVE-2020-25656",
"url": "https://bugzilla.suse.com/1177766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-25656"
},
{
"cve": "CVE-2020-25668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25668"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25668",
"url": "https://www.suse.com/security/cve/CVE-2020-25668"
},
{
"category": "external",
"summary": "SUSE Bug 1178123 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1178123"
},
{
"category": "external",
"summary": "SUSE Bug 1178622 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1178622"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-25668"
},
{
"cve": "CVE-2020-26141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26141"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26141",
"url": "https://www.suse.com/security/cve/CVE-2020-26141"
},
{
"category": "external",
"summary": "SUSE Bug 1185987 for CVE-2020-26141",
"url": "https://bugzilla.suse.com/1185987"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-26141"
},
{
"cve": "CVE-2020-2732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-2732"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-2732",
"url": "https://www.suse.com/security/cve/CVE-2020-2732"
},
{
"category": "external",
"summary": "SUSE Bug 1163971 for CVE-2020-2732",
"url": "https://bugzilla.suse.com/1163971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-2732"
},
{
"cve": "CVE-2020-29660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29660"
}
],
"notes": [
{
"category": "general",
"text": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29660",
"url": "https://www.suse.com/security/cve/CVE-2020-29660"
},
{
"category": "external",
"summary": "SUSE Bug 1179745 for CVE-2020-29660",
"url": "https://bugzilla.suse.com/1179745"
},
{
"category": "external",
"summary": "SUSE Bug 1179877 for CVE-2020-29660",
"url": "https://bugzilla.suse.com/1179877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-29660"
},
{
"cve": "CVE-2020-29661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29661"
}
],
"notes": [
{
"category": "general",
"text": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29661",
"url": "https://www.suse.com/security/cve/CVE-2020-29661"
},
{
"category": "external",
"summary": "SUSE Bug 1179745 for CVE-2020-29661",
"url": "https://bugzilla.suse.com/1179745"
},
{
"category": "external",
"summary": "SUSE Bug 1179877 for CVE-2020-29661",
"url": "https://bugzilla.suse.com/1179877"
},
{
"category": "external",
"summary": "SUSE Bug 1214268 for CVE-2020-29661",
"url": "https://bugzilla.suse.com/1214268"
},
{
"category": "external",
"summary": "SUSE Bug 1218966 for CVE-2020-29661",
"url": "https://bugzilla.suse.com/1218966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-29661"
},
{
"cve": "CVE-2020-8648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8648"
}
],
"notes": [
{
"category": "general",
"text": "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8648",
"url": "https://www.suse.com/security/cve/CVE-2020-8648"
},
{
"category": "external",
"summary": "SUSE Bug 1162928 for CVE-2020-8648",
"url": "https://bugzilla.suse.com/1162928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8648"
},
{
"cve": "CVE-2020-8694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8694"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8694",
"url": "https://www.suse.com/security/cve/CVE-2020-8694"
},
{
"category": "external",
"summary": "SUSE Bug 1170415 for CVE-2020-8694",
"url": "https://bugzilla.suse.com/1170415"
},
{
"category": "external",
"summary": "SUSE Bug 1170446 for CVE-2020-8694",
"url": "https://bugzilla.suse.com/1170446"
},
{
"category": "external",
"summary": "SUSE Bug 1178591 for CVE-2020-8694",
"url": "https://bugzilla.suse.com/1178591"
},
{
"category": "external",
"summary": "SUSE Bug 1178700 for CVE-2020-8694",
"url": "https://bugzilla.suse.com/1178700"
},
{
"category": "external",
"summary": "SUSE Bug 1179661 for CVE-2020-8694",
"url": "https://bugzilla.suse.com/1179661"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8694"
},
{
"cve": "CVE-2021-23133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23133"
}
],
"notes": [
{
"category": "general",
"text": "A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)-\u003esctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23133",
"url": "https://www.suse.com/security/cve/CVE-2021-23133"
},
{
"category": "external",
"summary": "SUSE Bug 1184675 for CVE-2021-23133",
"url": "https://bugzilla.suse.com/1184675"
},
{
"category": "external",
"summary": "SUSE Bug 1185901 for CVE-2021-23133",
"url": "https://bugzilla.suse.com/1185901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23133"
},
{
"cve": "CVE-2021-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-26708"
}
],
"notes": [
{
"category": "general",
"text": "A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-26708",
"url": "https://www.suse.com/security/cve/CVE-2021-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1181806 for CVE-2021-26708",
"url": "https://bugzilla.suse.com/1181806"
},
{
"category": "external",
"summary": "SUSE Bug 1183298 for CVE-2021-26708",
"url": "https://bugzilla.suse.com/1183298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-26708"
},
{
"cve": "CVE-2021-28971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28971"
}
],
"notes": [
{
"category": "general",
"text": "In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28971",
"url": "https://www.suse.com/security/cve/CVE-2021-28971"
},
{
"category": "external",
"summary": "SUSE Bug 1184196 for CVE-2021-28971",
"url": "https://bugzilla.suse.com/1184196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-28971"
},
{
"cve": "CVE-2021-32606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32606",
"url": "https://www.suse.com/security/cve/CVE-2021-32606"
},
{
"category": "external",
"summary": "SUSE Bug 1185953 for CVE-2021-32606",
"url": "https://bugzilla.suse.com/1185953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-32606"
},
{
"cve": "CVE-2021-33909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33909"
}
],
"notes": [
{
"category": "general",
"text": "fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33909",
"url": "https://www.suse.com/security/cve/CVE-2021-33909"
},
{
"category": "external",
"summary": "SUSE Bug 1188062 for CVE-2021-33909",
"url": "https://bugzilla.suse.com/1188062"
},
{
"category": "external",
"summary": "SUSE Bug 1188063 for CVE-2021-33909",
"url": "https://bugzilla.suse.com/1188063"
},
{
"category": "external",
"summary": "SUSE Bug 1188257 for CVE-2021-33909",
"url": "https://bugzilla.suse.com/1188257"
},
{
"category": "external",
"summary": "SUSE Bug 1189302 for CVE-2021-33909",
"url": "https://bugzilla.suse.com/1189302"
},
{
"category": "external",
"summary": "SUSE Bug 1190859 for CVE-2021-33909",
"url": "https://bugzilla.suse.com/1190859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33909"
},
{
"cve": "CVE-2021-3483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3483"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3483",
"url": "https://www.suse.com/security/cve/CVE-2021-3483"
},
{
"category": "external",
"summary": "SUSE Bug 1184393 for CVE-2021-3483",
"url": "https://bugzilla.suse.com/1184393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3483"
},
{
"cve": "CVE-2021-3489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3489"
}
],
"notes": [
{
"category": "general",
"text": "The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (\"bpf, ringbuf: Deny reserve of buffers larger than ringbuf\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (\"bpf: Implement BPF ring buffer and verifier support for it\") (v5.8-rc1).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3489",
"url": "https://www.suse.com/security/cve/CVE-2021-3489"
},
{
"category": "external",
"summary": "SUSE Bug 1185640 for CVE-2021-3489",
"url": "https://bugzilla.suse.com/1185640"
},
{
"category": "external",
"summary": "SUSE Bug 1185856 for CVE-2021-3489",
"url": "https://bugzilla.suse.com/1185856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3489"
},
{
"cve": "CVE-2021-3490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3490"
}
],
"notes": [
{
"category": "general",
"text": "The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (\"bpf: Fix alu32 const subreg bound tracking on bitwise operations\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (\"bpf: Verifier, do explicit ALU32 bounds tracking\") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (\"bpf:Fix a verifier failure with xor\") ( 5.10-rc1).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3490",
"url": "https://www.suse.com/security/cve/CVE-2021-3490"
},
{
"category": "external",
"summary": "SUSE Bug 1185641 for CVE-2021-3490",
"url": "https://bugzilla.suse.com/1185641"
},
{
"category": "external",
"summary": "SUSE Bug 1185796 for CVE-2021-3490",
"url": "https://bugzilla.suse.com/1185796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3490"
},
{
"cve": "CVE-2021-3491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3491"
}
],
"notes": [
{
"category": "general",
"text": "The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/\u003cPID\u003e/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b (\"io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers\") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c (\"io_uring: add IORING_OP_PROVIDE_BUFFERS\") (v5.7-rc1).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3491",
"url": "https://www.suse.com/security/cve/CVE-2021-3491"
},
{
"category": "external",
"summary": "SUSE Bug 1185642 for CVE-2021-3491",
"url": "https://bugzilla.suse.com/1185642"
},
{
"category": "external",
"summary": "SUSE Bug 1187090 for CVE-2021-3491",
"url": "https://bugzilla.suse.com/1187090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3491"
},
{
"cve": "CVE-2021-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3640"
}
],
"notes": [
{
"category": "general",
"text": "A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3640",
"url": "https://www.suse.com/security/cve/CVE-2021-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1188172 for CVE-2021-3640",
"url": "https://bugzilla.suse.com/1188172"
},
{
"category": "external",
"summary": "SUSE Bug 1188613 for CVE-2021-3640",
"url": "https://bugzilla.suse.com/1188613"
},
{
"category": "external",
"summary": "SUSE Bug 1191530 for CVE-2021-3640",
"url": "https://bugzilla.suse.com/1191530"
},
{
"category": "external",
"summary": "SUSE Bug 1196810 for CVE-2021-3640",
"url": "https://bugzilla.suse.com/1196810"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-3640",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3640"
},
{
"cve": "CVE-2021-3653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3653"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3653",
"url": "https://www.suse.com/security/cve/CVE-2021-3653"
},
{
"category": "external",
"summary": "SUSE Bug 1189399 for CVE-2021-3653",
"url": "https://bugzilla.suse.com/1189399"
},
{
"category": "external",
"summary": "SUSE Bug 1189420 for CVE-2021-3653",
"url": "https://bugzilla.suse.com/1189420"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-3653",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3653"
},
{
"cve": "CVE-2021-3656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3656"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3656",
"url": "https://www.suse.com/security/cve/CVE-2021-3656"
},
{
"category": "external",
"summary": "SUSE Bug 1189400 for CVE-2021-3656",
"url": "https://bugzilla.suse.com/1189400"
},
{
"category": "external",
"summary": "SUSE Bug 1189418 for CVE-2021-3656",
"url": "https://bugzilla.suse.com/1189418"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3656"
},
{
"cve": "CVE-2021-3744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3744"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3744",
"url": "https://www.suse.com/security/cve/CVE-2021-3744"
},
{
"category": "external",
"summary": "SUSE Bug 1189884 for CVE-2021-3744",
"url": "https://bugzilla.suse.com/1189884"
},
{
"category": "external",
"summary": "SUSE Bug 1190534 for CVE-2021-3744",
"url": "https://bugzilla.suse.com/1190534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3744"
},
{
"cve": "CVE-2021-3753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3753"
}
],
"notes": [
{
"category": "general",
"text": "A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3753",
"url": "https://www.suse.com/security/cve/CVE-2021-3753"
},
{
"category": "external",
"summary": "SUSE Bug 1190025 for CVE-2021-3753",
"url": "https://bugzilla.suse.com/1190025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3753"
},
{
"cve": "CVE-2021-37576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37576"
}
],
"notes": [
{
"category": "general",
"text": "arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37576",
"url": "https://www.suse.com/security/cve/CVE-2021-37576"
},
{
"category": "external",
"summary": "SUSE Bug 1188838 for CVE-2021-37576",
"url": "https://bugzilla.suse.com/1188838"
},
{
"category": "external",
"summary": "SUSE Bug 1188842 for CVE-2021-37576",
"url": "https://bugzilla.suse.com/1188842"
},
{
"category": "external",
"summary": "SUSE Bug 1190276 for CVE-2021-37576",
"url": "https://bugzilla.suse.com/1190276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-37576"
},
{
"cve": "CVE-2021-3759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3759"
}
],
"notes": [
{
"category": "general",
"text": "A memory overflow vulnerability was found in the Linux kernel\u0027s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3759",
"url": "https://www.suse.com/security/cve/CVE-2021-3759"
},
{
"category": "external",
"summary": "SUSE Bug 1190115 for CVE-2021-3759",
"url": "https://bugzilla.suse.com/1190115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3759"
},
{
"cve": "CVE-2021-38166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38166"
}
],
"notes": [
{
"category": "general",
"text": "In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38166",
"url": "https://www.suse.com/security/cve/CVE-2021-38166"
},
{
"category": "external",
"summary": "SUSE Bug 1189233 for CVE-2021-38166",
"url": "https://bugzilla.suse.com/1189233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-devel-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-macros-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-5.14.6-1.4.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-5.14.6-1.4.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-38166"
}
]
}
opensuse-su-2024:13704-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
kernel-devel-longterm-6.6.17-1.1 on GA media
Notes
Title of the patch
kernel-devel-longterm-6.6.17-1.1 on GA media
Description of the patch
These are all security issues fixed in the kernel-devel-longterm-6.6.17-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-13704
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kernel-devel-longterm-6.6.17-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kernel-devel-longterm-6.6.17-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-13704",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_13704-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-3695 page",
"url": "https://www.suse.com/security/cve/CVE-2016-3695/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000251 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000251/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12153 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-13080 page",
"url": "https://www.suse.com/security/cve/CVE-2017-13080/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-14051 page",
"url": "https://www.suse.com/security/cve/CVE-2017-14051/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15129 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15129/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15265 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15265/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16536 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16536/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16537 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16537/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16645 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16646 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16647 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16647/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16648 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16995 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16996 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16996/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17448 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17449 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17449/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17450 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17450/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17852 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17853 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17853/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17854 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17855 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17855/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17856 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17856/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17857 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17862 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5123 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5123/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5715 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5753 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5754 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7541 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7541/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7542 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7542/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8824 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8831 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8831/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000004 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10322 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10322/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10323 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1068 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1118 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12232 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12714 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12714/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13053 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18710 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19824 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5332 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5333 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5333/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8043 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8043/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8087 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8087/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-8822 page",
"url": "https://www.suse.com/security/cve/CVE-2018-8822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-10207 page",
"url": "https://www.suse.com/security/cve/CVE-2019-10207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11477 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11477/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11478 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11478/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-11479 page",
"url": "https://www.suse.com/security/cve/CVE-2019-11479/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14615 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14814 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-14896 page",
"url": "https://www.suse.com/security/cve/CVE-2019-14896/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15030 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15030/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15031 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15031/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15098 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15098/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15099 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15290 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15290/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15504 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15504/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15902 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15902/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16231 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16232 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-16234 page",
"url": "https://www.suse.com/security/cve/CVE-2019-16234/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17133 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-17666 page",
"url": "https://www.suse.com/security/cve/CVE-2019-17666/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18808 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18808/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18812 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18812/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-18813 page",
"url": "https://www.suse.com/security/cve/CVE-2019-18813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19252 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19252/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19332 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-19338 page",
"url": "https://www.suse.com/security/cve/CVE-2019-19338/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3016 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3016/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3846 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3882 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3882/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3887 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-6974 page",
"url": "https://www.suse.com/security/cve/CVE-2019-6974/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7221 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-7222 page",
"url": "https://www.suse.com/security/cve/CVE-2019-7222/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8564 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8564/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-8912 page",
"url": "https://www.suse.com/security/cve/CVE-2019-8912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-9500 page",
"url": "https://www.suse.com/security/cve/CVE-2019-9500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10135 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10135/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10766 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10766/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10767 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10767/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-10768 page",
"url": "https://www.suse.com/security/cve/CVE-2020-10768/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12351 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-12352 page",
"url": "https://www.suse.com/security/cve/CVE-2020-12352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14331 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14331/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-14386 page",
"url": "https://www.suse.com/security/cve/CVE-2020-14386/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24586 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24587 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24587/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-24588 page",
"url": "https://www.suse.com/security/cve/CVE-2020-24588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25639 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25639/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25656 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25668 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25668/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-26141 page",
"url": "https://www.suse.com/security/cve/CVE-2020-26141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-2732 page",
"url": "https://www.suse.com/security/cve/CVE-2020-2732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29660 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29660/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-29661 page",
"url": "https://www.suse.com/security/cve/CVE-2020-29661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8648 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8648/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8694 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8694/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-23133 page",
"url": "https://www.suse.com/security/cve/CVE-2021-23133/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-26708 page",
"url": "https://www.suse.com/security/cve/CVE-2021-26708/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-28971 page",
"url": "https://www.suse.com/security/cve/CVE-2021-28971/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-32606 page",
"url": "https://www.suse.com/security/cve/CVE-2021-32606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-33909 page",
"url": "https://www.suse.com/security/cve/CVE-2021-33909/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3483 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3483/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3489 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3489/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3490 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3491 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3491/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3542 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3542/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3653 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3653/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3656 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3656/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3744 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3753 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-37576 page",
"url": "https://www.suse.com/security/cve/CVE-2021-37576/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3759 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-38166 page",
"url": "https://www.suse.com/security/cve/CVE-2021-38166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-43976 page",
"url": "https://www.suse.com/security/cve/CVE-2021-43976/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0185 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0185/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0330 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0330/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0847 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0847/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0886 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1462 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1462/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1516 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1516/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1679 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1679/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1729 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1852 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1852/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1966 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1966/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1972 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1972/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1973 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1973/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-22942 page",
"url": "https://www.suse.com/security/cve/CVE-2022-22942/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2308 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2308/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-24958 page",
"url": "https://www.suse.com/security/cve/CVE-2022-24958/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2588 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2588/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-2590 page",
"url": "https://www.suse.com/security/cve/CVE-2022-2590/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-26490 page",
"url": "https://www.suse.com/security/cve/CVE-2022-26490/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28388 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28388/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28389 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28389/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28390 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-28893 page",
"url": "https://www.suse.com/security/cve/CVE-2022-28893/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29900 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29900/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29901 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-29968 page",
"url": "https://www.suse.com/security/cve/CVE-2022-29968/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3424 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3424/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-34918 page",
"url": "https://www.suse.com/security/cve/CVE-2022-34918/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3628 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3628/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3640 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3640/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40982 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-41218 page",
"url": "https://www.suse.com/security/cve/CVE-2022-41218/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-41674 page",
"url": "https://www.suse.com/security/cve/CVE-2022-41674/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42719 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42719/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42720 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42720/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42721 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42721/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-42722 page",
"url": "https://www.suse.com/security/cve/CVE-2022-42722/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-4379 page",
"url": "https://www.suse.com/security/cve/CVE-2022-4379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44032 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44032/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44033 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44033/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-44034 page",
"url": "https://www.suse.com/security/cve/CVE-2022-44034/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45884 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45885 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45885/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45886 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45886/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45887 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45887/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45888 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45888/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45919 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45919/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45934 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45934/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0045 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1076 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1078 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1078/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1192 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1380 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20569 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2124 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2124/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-31084 page",
"url": "https://www.suse.com/security/cve/CVE-2023-31084/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3141 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3141/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3269 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3269/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39192 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39192/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-39193 page",
"url": "https://www.suse.com/security/cve/CVE-2023-39193/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4128 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4134 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4134/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4194 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4194/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42753 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42754 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42756 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4623 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-46813 page",
"url": "https://www.suse.com/security/cve/CVE-2023-46813/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-4881 page",
"url": "https://www.suse.com/security/cve/CVE-2023-4881/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-5345 page",
"url": "https://www.suse.com/security/cve/CVE-2023-5345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6606 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-6610 page",
"url": "https://www.suse.com/security/cve/CVE-2023-6610/"
}
],
"title": "kernel-devel-longterm-6.6.17-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:13704-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-longterm-6.6.17-1.1.aarch64",
"product": {
"name": "kernel-devel-longterm-6.6.17-1.1.aarch64",
"product_id": "kernel-devel-longterm-6.6.17-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-longterm-6.6.17-1.1.aarch64",
"product": {
"name": "kernel-source-longterm-6.6.17-1.1.aarch64",
"product_id": "kernel-source-longterm-6.6.17-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-longterm-6.6.17-1.1.ppc64le",
"product": {
"name": "kernel-devel-longterm-6.6.17-1.1.ppc64le",
"product_id": "kernel-devel-longterm-6.6.17-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-longterm-6.6.17-1.1.ppc64le",
"product": {
"name": "kernel-source-longterm-6.6.17-1.1.ppc64le",
"product_id": "kernel-source-longterm-6.6.17-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-longterm-6.6.17-1.1.s390x",
"product": {
"name": "kernel-devel-longterm-6.6.17-1.1.s390x",
"product_id": "kernel-devel-longterm-6.6.17-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-longterm-6.6.17-1.1.s390x",
"product": {
"name": "kernel-source-longterm-6.6.17-1.1.s390x",
"product_id": "kernel-source-longterm-6.6.17-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-longterm-6.6.17-1.1.x86_64",
"product": {
"name": "kernel-devel-longterm-6.6.17-1.1.x86_64",
"product_id": "kernel-devel-longterm-6.6.17-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-longterm-6.6.17-1.1.x86_64",
"product": {
"name": "kernel-source-longterm-6.6.17-1.1.x86_64",
"product_id": "kernel-source-longterm-6.6.17-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-longterm-6.6.17-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64"
},
"product_reference": "kernel-devel-longterm-6.6.17-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-longterm-6.6.17-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le"
},
"product_reference": "kernel-devel-longterm-6.6.17-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-longterm-6.6.17-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x"
},
"product_reference": "kernel-devel-longterm-6.6.17-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-longterm-6.6.17-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64"
},
"product_reference": "kernel-devel-longterm-6.6.17-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-longterm-6.6.17-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64"
},
"product_reference": "kernel-source-longterm-6.6.17-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-longterm-6.6.17-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le"
},
"product_reference": "kernel-source-longterm-6.6.17-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-longterm-6.6.17-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x"
},
"product_reference": "kernel-source-longterm-6.6.17-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-longterm-6.6.17-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
},
"product_reference": "kernel-source-longterm-6.6.17-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-3695",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-3695"
}
],
"notes": [
{
"category": "general",
"text": "The einj_error_inject function in drivers/acpi/apei/einj.c in the Linux kernel allows local users to simulate hardware errors and consequently cause a denial of service by leveraging failure to disable APEI error injection through EINJ when securelevel is set.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-3695",
"url": "https://www.suse.com/security/cve/CVE-2016-3695"
},
{
"category": "external",
"summary": "SUSE Bug 1023051 for CVE-2016-3695",
"url": "https://bugzilla.suse.com/1023051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-3695"
},
{
"cve": "CVE-2017-1000251",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000251"
}
],
"notes": [
{
"category": "general",
"text": "The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000251",
"url": "https://www.suse.com/security/cve/CVE-2017-1000251"
},
{
"category": "external",
"summary": "SUSE Bug 1057389 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1057389"
},
{
"category": "external",
"summary": "SUSE Bug 1057950 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1057950"
},
{
"category": "external",
"summary": "SUSE Bug 1070535 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1070535"
},
{
"category": "external",
"summary": "SUSE Bug 1072117 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1072117"
},
{
"category": "external",
"summary": "SUSE Bug 1072162 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1072162"
},
{
"category": "external",
"summary": "SUSE Bug 1120758 for CVE-2017-1000251",
"url": "https://bugzilla.suse.com/1120758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-1000251"
},
{
"cve": "CVE-2017-12153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12153"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12153",
"url": "https://www.suse.com/security/cve/CVE-2017-12153"
},
{
"category": "external",
"summary": "SUSE Bug 1058410 for CVE-2017-12153",
"url": "https://bugzilla.suse.com/1058410"
},
{
"category": "external",
"summary": "SUSE Bug 1058624 for CVE-2017-12153",
"url": "https://bugzilla.suse.com/1058624"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-12153"
},
{
"cve": "CVE-2017-13080",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-13080"
}
],
"notes": [
{
"category": "general",
"text": "Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-13080",
"url": "https://www.suse.com/security/cve/CVE-2017-13080"
},
{
"category": "external",
"summary": "SUSE Bug 1056061 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1056061"
},
{
"category": "external",
"summary": "SUSE Bug 1063479 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1063479"
},
{
"category": "external",
"summary": "SUSE Bug 1063667 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1063667"
},
{
"category": "external",
"summary": "SUSE Bug 1063671 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1063671"
},
{
"category": "external",
"summary": "SUSE Bug 1066295 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1066295"
},
{
"category": "external",
"summary": "SUSE Bug 1105108 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1105108"
},
{
"category": "external",
"summary": "SUSE Bug 1178872 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1178872"
},
{
"category": "external",
"summary": "SUSE Bug 1179588 for CVE-2017-13080",
"url": "https://bugzilla.suse.com/1179588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-13080"
},
{
"cve": "CVE-2017-14051",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-14051"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-14051",
"url": "https://www.suse.com/security/cve/CVE-2017-14051"
},
{
"category": "external",
"summary": "SUSE Bug 1056588 for CVE-2017-14051",
"url": "https://bugzilla.suse.com/1056588"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-14051"
},
{
"cve": "CVE-2017-15129",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15129"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15129",
"url": "https://www.suse.com/security/cve/CVE-2017-15129"
},
{
"category": "external",
"summary": "SUSE Bug 1074839 for CVE-2017-15129",
"url": "https://bugzilla.suse.com/1074839"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-15129"
},
{
"cve": "CVE-2017-15265",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15265"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15265",
"url": "https://www.suse.com/security/cve/CVE-2017-15265"
},
{
"category": "external",
"summary": "SUSE Bug 1062520 for CVE-2017-15265",
"url": "https://bugzilla.suse.com/1062520"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-15265",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-15265"
},
{
"cve": "CVE-2017-16536",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16536"
}
],
"notes": [
{
"category": "general",
"text": "The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16536",
"url": "https://www.suse.com/security/cve/CVE-2017-16536"
},
{
"category": "external",
"summary": "SUSE Bug 1066606 for CVE-2017-16536",
"url": "https://bugzilla.suse.com/1066606"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16536",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16536",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16536"
},
{
"cve": "CVE-2017-16537",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16537"
}
],
"notes": [
{
"category": "general",
"text": "The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16537",
"url": "https://www.suse.com/security/cve/CVE-2017-16537"
},
{
"category": "external",
"summary": "SUSE Bug 1066573 for CVE-2017-16537",
"url": "https://bugzilla.suse.com/1066573"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16537",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16537",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16537"
},
{
"cve": "CVE-2017-16645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16645"
}
],
"notes": [
{
"category": "general",
"text": "The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16645",
"url": "https://www.suse.com/security/cve/CVE-2017-16645"
},
{
"category": "external",
"summary": "SUSE Bug 1067132 for CVE-2017-16645",
"url": "https://bugzilla.suse.com/1067132"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16645",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16645",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16645"
},
{
"cve": "CVE-2017-16646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16646"
}
],
"notes": [
{
"category": "general",
"text": "drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16646",
"url": "https://www.suse.com/security/cve/CVE-2017-16646"
},
{
"category": "external",
"summary": "SUSE Bug 1067105 for CVE-2017-16646",
"url": "https://bugzilla.suse.com/1067105"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16646",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16646"
},
{
"cve": "CVE-2017-16647",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16647"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16647",
"url": "https://www.suse.com/security/cve/CVE-2017-16647"
},
{
"category": "external",
"summary": "SUSE Bug 1067102 for CVE-2017-16647",
"url": "https://bugzilla.suse.com/1067102"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16647",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16647"
},
{
"cve": "CVE-2017-16648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16648"
}
],
"notes": [
{
"category": "general",
"text": "The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16648",
"url": "https://www.suse.com/security/cve/CVE-2017-16648"
},
{
"category": "external",
"summary": "SUSE Bug 1067087 for CVE-2017-16648",
"url": "https://bugzilla.suse.com/1067087"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16648",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16648",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16648"
},
{
"cve": "CVE-2017-16995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16995"
}
],
"notes": [
{
"category": "general",
"text": "The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel through 4.4 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect sign extension.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16995",
"url": "https://www.suse.com/security/cve/CVE-2017-16995"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-16995",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16995"
},
{
"cve": "CVE-2017-16996",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16996"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging register truncation mishandling.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16996",
"url": "https://www.suse.com/security/cve/CVE-2017-16996"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-16996",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-16996"
},
{
"cve": "CVE-2017-17448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17448"
}
],
"notes": [
{
"category": "general",
"text": "net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17448",
"url": "https://www.suse.com/security/cve/CVE-2017-17448"
},
{
"category": "external",
"summary": "SUSE Bug 1071693 for CVE-2017-17448",
"url": "https://bugzilla.suse.com/1071693"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17448"
},
{
"cve": "CVE-2017-17449",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17449"
}
],
"notes": [
{
"category": "general",
"text": "The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17449",
"url": "https://www.suse.com/security/cve/CVE-2017-17449"
},
{
"category": "external",
"summary": "SUSE Bug 1071694 for CVE-2017-17449",
"url": "https://bugzilla.suse.com/1071694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17449"
},
{
"cve": "CVE-2017-17450",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17450"
}
],
"notes": [
{
"category": "general",
"text": "net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17450",
"url": "https://www.suse.com/security/cve/CVE-2017-17450"
},
{
"category": "external",
"summary": "SUSE Bug 1071695 for CVE-2017-17450",
"url": "https://bugzilla.suse.com/1071695"
},
{
"category": "external",
"summary": "SUSE Bug 1074033 for CVE-2017-17450",
"url": "https://bugzilla.suse.com/1074033"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-17450",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17450"
},
{
"cve": "CVE-2017-17852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17852"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of 32-bit ALU ops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17852",
"url": "https://www.suse.com/security/cve/CVE-2017-17852"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17852",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17852"
},
{
"cve": "CVE-2017-17853",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17853"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging incorrect BPF_RSH signed bounds calculations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17853",
"url": "https://www.suse.com/security/cve/CVE-2017-17853"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17853",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17853"
},
{
"cve": "CVE-2017-17854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17854"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (integer overflow and memory corruption) or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17854",
"url": "https://www.suse.com/security/cve/CVE-2017-17854"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17854",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17854"
},
{
"cve": "CVE-2017-17855",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17855"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging improper use of pointers in place of scalars.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17855",
"url": "https://www.suse.com/security/cve/CVE-2017-17855"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17855",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17855"
},
{
"cve": "CVE-2017-17856",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17856"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging the lack of stack-pointer alignment enforcement.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17856",
"url": "https://www.suse.com/security/cve/CVE-2017-17856"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17856",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17856"
},
{
"cve": "CVE-2017-17857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17857"
}
],
"notes": [
{
"category": "general",
"text": "The check_stack_boundary function in kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact by leveraging mishandling of invalid variable stack read operations.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17857",
"url": "https://www.suse.com/security/cve/CVE-2017-17857"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17857",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17857"
},
{
"cve": "CVE-2017-17862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17862"
}
],
"notes": [
{
"category": "general",
"text": "kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17862",
"url": "https://www.suse.com/security/cve/CVE-2017-17862"
},
{
"category": "external",
"summary": "SUSE Bug 1073928 for CVE-2017-17862",
"url": "https://bugzilla.suse.com/1073928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-17862"
},
{
"cve": "CVE-2017-5123",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5123"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient data validation in waitid allowed an user to escape sandboxes on Linux.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5123",
"url": "https://www.suse.com/security/cve/CVE-2017-5123"
},
{
"category": "external",
"summary": "SUSE Bug 1062473 for CVE-2017-5123",
"url": "https://bugzilla.suse.com/1062473"
},
{
"category": "external",
"summary": "SUSE Bug 1122971 for CVE-2017-5123",
"url": "https://bugzilla.suse.com/1122971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5123"
},
{
"cve": "CVE-2017-5715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5715"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5715",
"url": "https://www.suse.com/security/cve/CVE-2017-5715"
},
{
"category": "external",
"summary": "SUSE Bug 1068032 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "external",
"summary": "SUSE Bug 1074562 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074562"
},
{
"category": "external",
"summary": "SUSE Bug 1074578 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074578"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1074741 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074741"
},
{
"category": "external",
"summary": "SUSE Bug 1074919 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074919"
},
{
"category": "external",
"summary": "SUSE Bug 1075006 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075006"
},
{
"category": "external",
"summary": "SUSE Bug 1075007 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075007"
},
{
"category": "external",
"summary": "SUSE Bug 1075262 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075262"
},
{
"category": "external",
"summary": "SUSE Bug 1075419 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075419"
},
{
"category": "external",
"summary": "SUSE Bug 1076115 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076115"
},
{
"category": "external",
"summary": "SUSE Bug 1076372 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076372"
},
{
"category": "external",
"summary": "SUSE Bug 1076606 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076606"
},
{
"category": "external",
"summary": "SUSE Bug 1078353 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1078353"
},
{
"category": "external",
"summary": "SUSE Bug 1080039 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1080039"
},
{
"category": "external",
"summary": "SUSE Bug 1087887 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1087887"
},
{
"category": "external",
"summary": "SUSE Bug 1087939 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1087939"
},
{
"category": "external",
"summary": "SUSE Bug 1088147 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1088147"
},
{
"category": "external",
"summary": "SUSE Bug 1089055 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1089055"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1095735 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1095735"
},
{
"category": "external",
"summary": "SUSE Bug 1102517 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1102517"
},
{
"category": "external",
"summary": "SUSE Bug 1105108 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1105108"
},
{
"category": "external",
"summary": "SUSE Bug 1126516 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1126516"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201457 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1201457"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1203236 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1203236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5715"
},
{
"cve": "CVE-2017-5753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5753"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5753",
"url": "https://www.suse.com/security/cve/CVE-2017-5753"
},
{
"category": "external",
"summary": "SUSE Bug 1068032 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "external",
"summary": "SUSE Bug 1074562 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1074562"
},
{
"category": "external",
"summary": "SUSE Bug 1074578 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1074578"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1075006 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1075006"
},
{
"category": "external",
"summary": "SUSE Bug 1075419 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1075419"
},
{
"category": "external",
"summary": "SUSE Bug 1075748 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1075748"
},
{
"category": "external",
"summary": "SUSE Bug 1080039 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1080039"
},
{
"category": "external",
"summary": "SUSE Bug 1087084 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1087084"
},
{
"category": "external",
"summary": "SUSE Bug 1087939 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1087939"
},
{
"category": "external",
"summary": "SUSE Bug 1089055 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1089055"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1209547 for CVE-2017-5753",
"url": "https://bugzilla.suse.com/1209547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-5753"
},
{
"cve": "CVE-2017-5754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5754"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5754",
"url": "https://www.suse.com/security/cve/CVE-2017-5754"
},
{
"category": "external",
"summary": "SUSE Bug 1068032 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "external",
"summary": "SUSE Bug 1074562 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1074562"
},
{
"category": "external",
"summary": "SUSE Bug 1074578 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1074578"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1075006 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1075006"
},
{
"category": "external",
"summary": "SUSE Bug 1075008 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1075008"
},
{
"category": "external",
"summary": "SUSE Bug 1087939 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1087939"
},
{
"category": "external",
"summary": "SUSE Bug 1089055 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1089055"
},
{
"category": "external",
"summary": "SUSE Bug 1115045 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1115045"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2017-5754",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-5754"
},
{
"cve": "CVE-2017-7541",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7541"
}
],
"notes": [
{
"category": "general",
"text": "The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7541",
"url": "https://www.suse.com/security/cve/CVE-2017-7541"
},
{
"category": "external",
"summary": "SUSE Bug 1049645 for CVE-2017-7541",
"url": "https://bugzilla.suse.com/1049645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7541"
},
{
"cve": "CVE-2017-7542",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7542"
}
],
"notes": [
{
"category": "general",
"text": "The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7542",
"url": "https://www.suse.com/security/cve/CVE-2017-7542"
},
{
"category": "external",
"summary": "SUSE Bug 1049882 for CVE-2017-7542",
"url": "https://bugzilla.suse.com/1049882"
},
{
"category": "external",
"summary": "SUSE Bug 1061936 for CVE-2017-7542",
"url": "https://bugzilla.suse.com/1061936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-7542"
},
{
"cve": "CVE-2017-8824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8824"
}
],
"notes": [
{
"category": "general",
"text": "The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8824",
"url": "https://www.suse.com/security/cve/CVE-2017-8824"
},
{
"category": "external",
"summary": "SUSE Bug 1070771 for CVE-2017-8824",
"url": "https://bugzilla.suse.com/1070771"
},
{
"category": "external",
"summary": "SUSE Bug 1076734 for CVE-2017-8824",
"url": "https://bugzilla.suse.com/1076734"
},
{
"category": "external",
"summary": "SUSE Bug 1092904 for CVE-2017-8824",
"url": "https://bugzilla.suse.com/1092904"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8824",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2017-8824"
},
{
"cve": "CVE-2017-8831",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8831"
}
],
"notes": [
{
"category": "general",
"text": "The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a \"double fetch\" vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8831",
"url": "https://www.suse.com/security/cve/CVE-2017-8831"
},
{
"category": "external",
"summary": "SUSE Bug 1037994 for CVE-2017-8831",
"url": "https://bugzilla.suse.com/1037994"
},
{
"category": "external",
"summary": "SUSE Bug 1061936 for CVE-2017-8831",
"url": "https://bugzilla.suse.com/1061936"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-8831",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8831",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8831"
},
{
"cve": "CVE-2018-1000004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000004",
"url": "https://www.suse.com/security/cve/CVE-2018-1000004"
},
{
"category": "external",
"summary": "SUSE Bug 1076017 for CVE-2018-1000004",
"url": "https://bugzilla.suse.com/1076017"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-1000004",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000004"
},
{
"cve": "CVE-2018-10322",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10322"
}
],
"notes": [
{
"category": "general",
"text": "The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10322",
"url": "https://www.suse.com/security/cve/CVE-2018-10322"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-10322",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1090749 for CVE-2018-10322",
"url": "https://bugzilla.suse.com/1090749"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10322"
},
{
"cve": "CVE-2018-10323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10323"
}
],
"notes": [
{
"category": "general",
"text": "The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10323",
"url": "https://www.suse.com/security/cve/CVE-2018-10323"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-10323",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1090717 for CVE-2018-10323",
"url": "https://bugzilla.suse.com/1090717"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-10323"
},
{
"cve": "CVE-2018-1068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1068"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux 4.x kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1068",
"url": "https://www.suse.com/security/cve/CVE-2018-1068"
},
{
"category": "external",
"summary": "SUSE Bug 1085107 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1085107"
},
{
"category": "external",
"summary": "SUSE Bug 1085114 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1085114"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1123903 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1123903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-1068"
},
{
"cve": "CVE-2018-1118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1118"
}
],
"notes": [
{
"category": "general",
"text": "Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1118",
"url": "https://www.suse.com/security/cve/CVE-2018-1118"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1118",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1092472 for CVE-2018-1118",
"url": "https://bugzilla.suse.com/1092472"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1118"
},
{
"cve": "CVE-2018-12232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12232"
}
],
"notes": [
{
"category": "general",
"text": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12232",
"url": "https://www.suse.com/security/cve/CVE-2018-12232"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1097593 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "external",
"summary": "SUSE Bug 1125907 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1125907"
},
{
"category": "external",
"summary": "SUSE Bug 1127757 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1127757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-12232"
},
{
"cve": "CVE-2018-12714",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12714"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 4.17.2. The filter parsing in kernel/trace/trace_events_filter.c could be called with no filter, which is an N=0 case when it expected at least one line to have been read, thus making the N-1 index invalid. This allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via crafted perf_event_open and mmap system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12714",
"url": "https://www.suse.com/security/cve/CVE-2018-12714"
},
{
"category": "external",
"summary": "SUSE Bug 1098933 for CVE-2018-12714",
"url": "https://bugzilla.suse.com/1098933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-12714"
},
{
"cve": "CVE-2018-13053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13053"
}
],
"notes": [
{
"category": "general",
"text": "The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13053",
"url": "https://www.suse.com/security/cve/CVE-2018-13053"
},
{
"category": "external",
"summary": "SUSE Bug 1099924 for CVE-2018-13053",
"url": "https://bugzilla.suse.com/1099924"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-13053",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-13053"
},
{
"cve": "CVE-2018-18710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18710"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 4.19. An information leak in cdrom_ioctl_select_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18710",
"url": "https://www.suse.com/security/cve/CVE-2018-18710"
},
{
"category": "external",
"summary": "SUSE Bug 1113751 for CVE-2018-18710",
"url": "https://bugzilla.suse.com/1113751"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-18710"
},
{
"cve": "CVE-2018-19824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19824",
"url": "https://www.suse.com/security/cve/CVE-2018-19824"
},
{
"category": "external",
"summary": "SUSE Bug 1118152 for CVE-2018-19824",
"url": "https://bugzilla.suse.com/1118152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-19824"
},
{
"cve": "CVE-2018-5332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5332",
"url": "https://www.suse.com/security/cve/CVE-2018-5332"
},
{
"category": "external",
"summary": "SUSE Bug 1075621 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1075621"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-5332"
},
{
"cve": "CVE-2018-5333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5333",
"url": "https://www.suse.com/security/cve/CVE-2018-5333"
},
{
"category": "external",
"summary": "SUSE Bug 1075617 for CVE-2018-5333",
"url": "https://bugzilla.suse.com/1075617"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-5333",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-5333"
},
{
"cve": "CVE-2018-8043",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8043"
}
],
"notes": [
{
"category": "general",
"text": "The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8 does not validate certain resource availability, which allows local users to cause a denial of service (NULL pointer dereference).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8043",
"url": "https://www.suse.com/security/cve/CVE-2018-8043"
},
{
"category": "external",
"summary": "SUSE Bug 1084829 for CVE-2018-8043",
"url": "https://bugzilla.suse.com/1084829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 0,
"baseSeverity": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-8043"
},
{
"cve": "CVE-2018-8087",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8087"
}
],
"notes": [
{
"category": "general",
"text": "Memory leak in the hwsim_new_radio_nl function in drivers/net/wireless/mac80211_hwsim.c in the Linux kernel through 4.15.9 allows local users to cause a denial of service (memory consumption) by triggering an out-of-array error case.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8087",
"url": "https://www.suse.com/security/cve/CVE-2018-8087"
},
{
"category": "external",
"summary": "SUSE Bug 1085053 for CVE-2018-8087",
"url": "https://bugzilla.suse.com/1085053"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-8087"
},
{
"cve": "CVE-2018-8822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-8822"
}
],
"notes": [
{
"category": "general",
"text": "Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through 4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or execute code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-8822",
"url": "https://www.suse.com/security/cve/CVE-2018-8822"
},
{
"category": "external",
"summary": "SUSE Bug 1086162 for CVE-2018-8822",
"url": "https://bugzilla.suse.com/1086162"
},
{
"category": "external",
"summary": "SUSE Bug 1090404 for CVE-2018-8822",
"url": "https://bugzilla.suse.com/1090404"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-8822",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-8822"
},
{
"cve": "CVE-2019-10207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-10207"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-10207",
"url": "https://www.suse.com/security/cve/CVE-2019-10207"
},
{
"category": "external",
"summary": "SUSE Bug 1123959 for CVE-2019-10207",
"url": "https://bugzilla.suse.com/1123959"
},
{
"category": "external",
"summary": "SUSE Bug 1142857 for CVE-2019-10207",
"url": "https://bugzilla.suse.com/1142857"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-10207"
},
{
"cve": "CVE-2019-11477",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11477"
}
],
"notes": [
{
"category": "general",
"text": "Jonathan Looney discovered that the TCP_SKB_CB(skb)-\u003etcp_gso_segs value was subject to an integer overflow in the Linux kernel when handling TCP Selective Acknowledgments (SACKs). A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit 3b4929f65b0d8249f19a50245cd88ed1a2f78cff.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11477",
"url": "https://www.suse.com/security/cve/CVE-2019-11477"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11477",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1137586 for CVE-2019-11477",
"url": "https://bugzilla.suse.com/1137586"
},
{
"category": "external",
"summary": "SUSE Bug 1142129 for CVE-2019-11477",
"url": "https://bugzilla.suse.com/1142129"
},
{
"category": "external",
"summary": "SUSE Bug 1153242 for CVE-2019-11477",
"url": "https://bugzilla.suse.com/1153242"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11477"
},
{
"cve": "CVE-2019-11478",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11478"
}
],
"notes": [
{
"category": "general",
"text": "Jonathan Looney discovered that the TCP retransmission queue implementation in tcp_fragment in the Linux kernel could be fragmented when handling certain TCP Selective Acknowledgment (SACK) sequences. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commit f070ef2ac66716357066b683fb0baf55f8191a2e.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11478",
"url": "https://www.suse.com/security/cve/CVE-2019-11478"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11478",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1137586 for CVE-2019-11478",
"url": "https://bugzilla.suse.com/1137586"
},
{
"category": "external",
"summary": "SUSE Bug 1142129 for CVE-2019-11478",
"url": "https://bugzilla.suse.com/1142129"
},
{
"category": "external",
"summary": "SUSE Bug 1143542 for CVE-2019-11478",
"url": "https://bugzilla.suse.com/1143542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11478"
},
{
"cve": "CVE-2019-11479",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-11479"
}
],
"notes": [
{
"category": "general",
"text": "Jonathan Looney discovered that the Linux kernel default MSS is hard-coded to 48 bytes. This allows a remote peer to fragment TCP resend queues significantly more than if a larger MSS were enforced. A remote attacker could use this to cause a denial of service. This has been fixed in stable kernel releases 4.4.182, 4.9.182, 4.14.127, 4.19.52, 5.1.11, and is fixed in commits 967c05aee439e6e5d7d805e195b3a20ef5c433d6 and 5f3e2bf008c2221478101ee72f5cb4654b9fc363.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-11479",
"url": "https://www.suse.com/security/cve/CVE-2019-11479"
},
{
"category": "external",
"summary": "SUSE Bug 1132686 for CVE-2019-11479",
"url": "https://bugzilla.suse.com/1132686"
},
{
"category": "external",
"summary": "SUSE Bug 1137586 for CVE-2019-11479",
"url": "https://bugzilla.suse.com/1137586"
},
{
"category": "external",
"summary": "SUSE Bug 1142129 for CVE-2019-11479",
"url": "https://bugzilla.suse.com/1142129"
},
{
"category": "external",
"summary": "SUSE Bug 1143542 for CVE-2019-11479",
"url": "https://bugzilla.suse.com/1143542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-11479"
},
{
"cve": "CVE-2019-14615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14615"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient control flow in certain data structures for some Intel(R) Processors with Intel(R) Processor Graphics may allow an unauthenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14615",
"url": "https://www.suse.com/security/cve/CVE-2019-14615"
},
{
"category": "external",
"summary": "SUSE Bug 1160195 for CVE-2019-14615",
"url": "https://bugzilla.suse.com/1160195"
},
{
"category": "external",
"summary": "SUSE Bug 1165881 for CVE-2019-14615",
"url": "https://bugzilla.suse.com/1165881"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14615"
},
{
"cve": "CVE-2019-14814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14814"
}
],
"notes": [
{
"category": "general",
"text": "There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14814",
"url": "https://www.suse.com/security/cve/CVE-2019-14814"
},
{
"category": "external",
"summary": "SUSE Bug 1146512 for CVE-2019-14814",
"url": "https://bugzilla.suse.com/1146512"
},
{
"category": "external",
"summary": "SUSE Bug 1173664 for CVE-2019-14814",
"url": "https://bugzilla.suse.com/1173664"
},
{
"category": "external",
"summary": "SUSE Bug 1173665 for CVE-2019-14814",
"url": "https://bugzilla.suse.com/1173665"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-14814"
},
{
"cve": "CVE-2019-14896",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-14896"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow vulnerability was found in the Linux kernel, version kernel-2.6.32, in Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-14896",
"url": "https://www.suse.com/security/cve/CVE-2019-14896"
},
{
"category": "external",
"summary": "SUSE Bug 1157157 for CVE-2019-14896",
"url": "https://bugzilla.suse.com/1157157"
},
{
"category": "external",
"summary": "SUSE Bug 1160468 for CVE-2019-14896",
"url": "https://bugzilla.suse.com/1160468"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-14896"
},
{
"cve": "CVE-2019-15030",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15030"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users\u0027 processes via a Facility Unavailable exception. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process because of a missing arch/powerpc/kernel/process.c check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15030",
"url": "https://www.suse.com/security/cve/CVE-2019-15030"
},
{
"category": "external",
"summary": "SUSE Bug 1149713 for CVE-2019-15030",
"url": "https://bugzilla.suse.com/1149713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15030"
},
{
"cve": "CVE-2019-15031",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15031"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 5.2.14 on the powerpc platform, a local user can read vector registers of other users\u0027 processes via an interrupt. To exploit the venerability, a local user starts a transaction (via the hardware transactional memory instruction tbegin) and then accesses vector registers. At some point, the vector registers will be corrupted with the values from a different local Linux process, because MSR_TM_ACTIVE is misused in arch/powerpc/kernel/process.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15031",
"url": "https://www.suse.com/security/cve/CVE-2019-15031"
},
{
"category": "external",
"summary": "SUSE Bug 1149713 for CVE-2019-15031",
"url": "https://bugzilla.suse.com/1149713"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15031"
},
{
"cve": "CVE-2019-15098",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15098"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/wireless/ath/ath6kl/usb.c in the Linux kernel through 5.2.9 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15098",
"url": "https://www.suse.com/security/cve/CVE-2019-15098"
},
{
"category": "external",
"summary": "SUSE Bug 1146378 for CVE-2019-15098",
"url": "https://bugzilla.suse.com/1146378"
},
{
"category": "external",
"summary": "SUSE Bug 1146543 for CVE-2019-15098",
"url": "https://bugzilla.suse.com/1146543"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15098"
},
{
"cve": "CVE-2019-15099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15099"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/wireless/ath/ath10k/usb.c in the Linux kernel through 5.2.8 has a NULL pointer dereference via an incomplete address in an endpoint descriptor.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15099",
"url": "https://www.suse.com/security/cve/CVE-2019-15099"
},
{
"category": "external",
"summary": "SUSE Bug 1146368 for CVE-2019-15099",
"url": "https://bugzilla.suse.com/1146368"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15099"
},
{
"cve": "CVE-2019-15290",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15290"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-15098. Reason: This candidate is a duplicate of CVE-2019-15098. Notes: All CVE users should reference CVE-2019-15098 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15290",
"url": "https://www.suse.com/security/cve/CVE-2019-15290"
},
{
"category": "external",
"summary": "SUSE Bug 1146378 for CVE-2019-15290",
"url": "https://bugzilla.suse.com/1146378"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2019-15290",
"url": "https://bugzilla.suse.com/1146519"
},
{
"category": "external",
"summary": "SUSE Bug 1146543 for CVE-2019-15290",
"url": "https://bugzilla.suse.com/1146543"
},
{
"category": "external",
"summary": "SUSE Bug 1158381 for CVE-2019-15290",
"url": "https://bugzilla.suse.com/1158381"
},
{
"category": "external",
"summary": "SUSE Bug 1158834 for CVE-2019-15290",
"url": "https://bugzilla.suse.com/1158834"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15290"
},
{
"cve": "CVE-2019-15504",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15504"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/wireless/rsi/rsi_91x_usb.c in the Linux kernel through 5.2.9 has a Double Free via crafted USB device traffic (which may be remote via usbip or usbredir).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15504",
"url": "https://www.suse.com/security/cve/CVE-2019-15504"
},
{
"category": "external",
"summary": "SUSE Bug 1147116 for CVE-2019-15504",
"url": "https://bugzilla.suse.com/1147116"
},
{
"category": "external",
"summary": "SUSE Bug 1185852 for CVE-2019-15504",
"url": "https://bugzilla.suse.com/1185852"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-15504"
},
{
"cve": "CVE-2019-15902",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15902"
}
],
"notes": [
{
"category": "general",
"text": "A backporting error was discovered in the Linux stable/longterm kernel 4.4.x through 4.4.190, 4.9.x through 4.9.190, 4.14.x through 4.14.141, 4.19.x through 4.19.69, and 5.2.x through 5.2.11. Misuse of the upstream \"x86/ptrace: Fix possible spectre-v1 in ptrace_get_debugreg()\" commit reintroduced the Spectre vulnerability that it aimed to eliminate. This occurred because the backport process depends on cherry picking specific commits, and because two (correctly ordered) code lines were swapped.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15902",
"url": "https://www.suse.com/security/cve/CVE-2019-15902"
},
{
"category": "external",
"summary": "SUSE Bug 1149376 for CVE-2019-15902",
"url": "https://bugzilla.suse.com/1149376"
},
{
"category": "external",
"summary": "SUSE Bug 1155131 for CVE-2019-15902",
"url": "https://bugzilla.suse.com/1155131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-15902"
},
{
"cve": "CVE-2019-16231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16231"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/fjes/fjes_main.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16231",
"url": "https://www.suse.com/security/cve/CVE-2019-16231"
},
{
"category": "external",
"summary": "SUSE Bug 1150466 for CVE-2019-16231",
"url": "https://bugzilla.suse.com/1150466"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16231"
},
{
"cve": "CVE-2019-16232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16232"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/wireless/marvell/libertas/if_sdio.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16232",
"url": "https://www.suse.com/security/cve/CVE-2019-16232"
},
{
"category": "external",
"summary": "SUSE Bug 1150465 for CVE-2019-16232",
"url": "https://bugzilla.suse.com/1150465"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-16232"
},
{
"cve": "CVE-2019-16234",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-16234"
}
],
"notes": [
{
"category": "general",
"text": "drivers/net/wireless/intel/iwlwifi/pcie/trans.c in the Linux kernel 5.2.14 does not check the alloc_workqueue return value, leading to a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-16234",
"url": "https://www.suse.com/security/cve/CVE-2019-16234"
},
{
"category": "external",
"summary": "SUSE Bug 1150452 for CVE-2019-16234",
"url": "https://bugzilla.suse.com/1150452"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-16234"
},
{
"cve": "CVE-2019-17133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17133"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 5.3.2, cfg80211_mgd_wext_giwessid in net/wireless/wext-sme.c does not reject a long SSID IE, leading to a Buffer Overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17133",
"url": "https://www.suse.com/security/cve/CVE-2019-17133"
},
{
"category": "external",
"summary": "SUSE Bug 1153158 for CVE-2019-17133",
"url": "https://bugzilla.suse.com/1153158"
},
{
"category": "external",
"summary": "SUSE Bug 1153161 for CVE-2019-17133",
"url": "https://bugzilla.suse.com/1153161"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17133"
},
{
"cve": "CVE-2019-17666",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-17666"
}
],
"notes": [
{
"category": "general",
"text": "rtl_p2p_noa_ie in drivers/net/wireless/realtek/rtlwifi/ps.c in the Linux kernel through 5.3.6 lacks a certain upper-bound check, leading to a buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-17666",
"url": "https://www.suse.com/security/cve/CVE-2019-17666"
},
{
"category": "external",
"summary": "SUSE Bug 1154372 for CVE-2019-17666",
"url": "https://bugzilla.suse.com/1154372"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-17666"
},
{
"cve": "CVE-2019-18808",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18808"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18808",
"url": "https://www.suse.com/security/cve/CVE-2019-18808"
},
{
"category": "external",
"summary": "SUSE Bug 1156259 for CVE-2019-18808",
"url": "https://bugzilla.suse.com/1156259"
},
{
"category": "external",
"summary": "SUSE Bug 1189884 for CVE-2019-18808",
"url": "https://bugzilla.suse.com/1189884"
},
{
"category": "external",
"summary": "SUSE Bug 1190534 for CVE-2019-18808",
"url": "https://bugzilla.suse.com/1190534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-18808"
},
{
"cve": "CVE-2019-18812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18812"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak in the sof_dfsentry_write() function in sound/soc/sof/debug.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-c0a333d842ef.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18812",
"url": "https://www.suse.com/security/cve/CVE-2019-18812"
},
{
"category": "external",
"summary": "SUSE Bug 1156277 for CVE-2019-18812",
"url": "https://bugzilla.suse.com/1156277"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-18812"
},
{
"cve": "CVE-2019-18813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-18813"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak in the dwc3_pci_probe() function in drivers/usb/dwc3/dwc3-pci.c in the Linux kernel through 5.3.9 allows attackers to cause a denial of service (memory consumption) by triggering platform_device_add_properties() failures, aka CID-9bbfceea12a8.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-18813",
"url": "https://www.suse.com/security/cve/CVE-2019-18813"
},
{
"category": "external",
"summary": "SUSE Bug 1156278 for CVE-2019-18813",
"url": "https://bugzilla.suse.com/1156278"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-18813"
},
{
"cve": "CVE-2019-19252",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19252"
}
],
"notes": [
{
"category": "general",
"text": "vcs_write in drivers/tty/vt/vc_screen.c in the Linux kernel through 5.3.13 does not prevent write access to vcsu devices, aka CID-0c9acb1af77a.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19252",
"url": "https://www.suse.com/security/cve/CVE-2019-19252"
},
{
"category": "external",
"summary": "SUSE Bug 1157813 for CVE-2019-19252",
"url": "https://bugzilla.suse.com/1157813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19252"
},
{
"cve": "CVE-2019-19332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19332"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory write issue was found in the Linux Kernel, version 3.13 through 5.4, in the way the Linux kernel\u0027s KVM hypervisor handled the \u0027KVM_GET_EMULATED_CPUID\u0027 ioctl(2) request to get CPUID features emulated by the KVM hypervisor. A user or process able to access the \u0027/dev/kvm\u0027 device could use this flaw to crash the system, resulting in a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19332",
"url": "https://www.suse.com/security/cve/CVE-2019-19332"
},
{
"category": "external",
"summary": "SUSE Bug 1158827 for CVE-2019-19332",
"url": "https://bugzilla.suse.com/1158827"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19332"
},
{
"cve": "CVE-2019-19338",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-19338"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. When a guest is running on a host CPU affected by the TAA flaw (TAA_NO=0), but is not affected by the MDS issue (MDS_NO=1), the guest was to clear the affected buffers by using a VERW instruction mechanism. But when the MDS_NO=1 bit was exported to the guests, the guests did not use the VERW mechanism to clear the affected buffers. This issue affects guests running on Cascade Lake CPUs and requires that host has \u0027TSX\u0027 enabled. Confidentiality of data is the highest threat associated with this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-19338",
"url": "https://www.suse.com/security/cve/CVE-2019-19338"
},
{
"category": "external",
"summary": "SUSE Bug 1158954 for CVE-2019-19338",
"url": "https://bugzilla.suse.com/1158954"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-19338"
},
{
"cve": "CVE-2019-3016",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3016"
}
],
"notes": [
{
"category": "general",
"text": "In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory locations from another process in the same guest. This problem is limit to the host running linux kernel 4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel CPUs cannot be ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3016",
"url": "https://www.suse.com/security/cve/CVE-2019-3016"
},
{
"category": "external",
"summary": "SUSE Bug 1159281 for CVE-2019-3016",
"url": "https://bugzilla.suse.com/1159281"
},
{
"category": "external",
"summary": "SUSE Bug 1161154 for CVE-2019-3016",
"url": "https://bugzilla.suse.com/1161154"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3016"
},
{
"cve": "CVE-2019-3846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3846"
}
],
"notes": [
{
"category": "general",
"text": "A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3846",
"url": "https://www.suse.com/security/cve/CVE-2019-3846"
},
{
"category": "external",
"summary": "SUSE Bug 1136424 for CVE-2019-3846",
"url": "https://bugzilla.suse.com/1136424"
},
{
"category": "external",
"summary": "SUSE Bug 1136446 for CVE-2019-3846",
"url": "https://bugzilla.suse.com/1136446"
},
{
"category": "external",
"summary": "SUSE Bug 1156330 for CVE-2019-3846",
"url": "https://bugzilla.suse.com/1156330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3846"
},
{
"cve": "CVE-2019-3882",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3882"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s vfio interface implementation that permits violation of the user\u0027s locked memory limit. If a device is bound to a vfio driver, such as vfio-pci, and the local attacker is administratively granted ownership of the device, it may cause a system memory exhaustion and thus a denial of service (DoS). Versions 3.10, 4.14 and 4.18 are vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3882",
"url": "https://www.suse.com/security/cve/CVE-2019-3882"
},
{
"category": "external",
"summary": "SUSE Bug 1131416 for CVE-2019-3882",
"url": "https://bugzilla.suse.com/1131416"
},
{
"category": "external",
"summary": "SUSE Bug 1131427 for CVE-2019-3882",
"url": "https://bugzilla.suse.com/1131427"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2019-3882",
"url": "https://bugzilla.suse.com/1133319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3882"
},
{
"cve": "CVE-2019-3887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3887"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way KVM hypervisor handled x2APIC Machine Specific Rregister (MSR) access with nested(=1) virtualization enabled. In that, L1 guest could access L0\u0027s APIC register values via L2 guest, when \u0027virtualize x2APIC mode\u0027 is enabled. A guest could use this flaw to potentially crash the host kernel resulting in DoS issue. Kernel versions from 4.16 and newer are vulnerable to this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3887",
"url": "https://www.suse.com/security/cve/CVE-2019-3887"
},
{
"category": "external",
"summary": "SUSE Bug 1131800 for CVE-2019-3887",
"url": "https://bugzilla.suse.com/1131800"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3887"
},
{
"cve": "CVE-2019-6974",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-6974"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 4.20.8, kvm_ioctl_create_device in virt/kvm/kvm_main.c mishandles reference counting because of a race condition, leading to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-6974",
"url": "https://www.suse.com/security/cve/CVE-2019-6974"
},
{
"category": "external",
"summary": "SUSE Bug 1124728 for CVE-2019-6974",
"url": "https://bugzilla.suse.com/1124728"
},
{
"category": "external",
"summary": "SUSE Bug 1124729 for CVE-2019-6974",
"url": "https://bugzilla.suse.com/1124729"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-6974"
},
{
"cve": "CVE-2019-7221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7221"
}
],
"notes": [
{
"category": "general",
"text": "The KVM implementation in the Linux kernel through 4.20.5 has a Use-after-Free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7221",
"url": "https://www.suse.com/security/cve/CVE-2019-7221"
},
{
"category": "external",
"summary": "SUSE Bug 1124732 for CVE-2019-7221",
"url": "https://bugzilla.suse.com/1124732"
},
{
"category": "external",
"summary": "SUSE Bug 1124734 for CVE-2019-7221",
"url": "https://bugzilla.suse.com/1124734"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-7221"
},
{
"cve": "CVE-2019-7222",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-7222"
}
],
"notes": [
{
"category": "general",
"text": "The KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-7222",
"url": "https://www.suse.com/security/cve/CVE-2019-7222"
},
{
"category": "external",
"summary": "SUSE Bug 1124735 for CVE-2019-7222",
"url": "https://bugzilla.suse.com/1124735"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.8,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2019-7222"
},
{
"cve": "CVE-2019-8564",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8564"
}
],
"notes": [
{
"category": "general",
"text": "A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position can modify driver state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8564",
"url": "https://www.suse.com/security/cve/CVE-2019-8564"
},
{
"category": "external",
"summary": "SUSE Bug 1132673 for CVE-2019-8564",
"url": "https://bugzilla.suse.com/1132673"
},
{
"category": "external",
"summary": "SUSE Bug 1132828 for CVE-2019-8564",
"url": "https://bugzilla.suse.com/1132828"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-8564"
},
{
"cve": "CVE-2019-8912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-8912"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-8912",
"url": "https://www.suse.com/security/cve/CVE-2019-8912"
},
{
"category": "external",
"summary": "SUSE Bug 1125907 for CVE-2019-8912",
"url": "https://bugzilla.suse.com/1125907"
},
{
"category": "external",
"summary": "SUSE Bug 1126284 for CVE-2019-8912",
"url": "https://bugzilla.suse.com/1126284"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-8912"
},
{
"cve": "CVE-2019-9500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-9500"
}
],
"notes": [
{
"category": "general",
"text": "The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-9500",
"url": "https://www.suse.com/security/cve/CVE-2019-9500"
},
{
"category": "external",
"summary": "SUSE Bug 1132681 for CVE-2019-9500",
"url": "https://bugzilla.suse.com/1132681"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-9500"
},
{
"cve": "CVE-2020-10135",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10135"
}
],
"notes": [
{
"category": "general",
"text": "Legacy pairing and secure-connections pairing authentication in Bluetooth BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10135",
"url": "https://www.suse.com/security/cve/CVE-2020-10135"
},
{
"category": "external",
"summary": "SUSE Bug 1171988 for CVE-2020-10135",
"url": "https://bugzilla.suse.com/1171988"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10135"
},
{
"cve": "CVE-2020-10766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10766"
}
],
"notes": [
{
"category": "general",
"text": "A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10766",
"url": "https://www.suse.com/security/cve/CVE-2020-10766"
},
{
"category": "external",
"summary": "SUSE Bug 1159281 for CVE-2020-10766",
"url": "https://bugzilla.suse.com/1159281"
},
{
"category": "external",
"summary": "SUSE Bug 1172781 for CVE-2020-10766",
"url": "https://bugzilla.suse.com/1172781"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10766"
},
{
"cve": "CVE-2020-10767",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10767"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10767",
"url": "https://www.suse.com/security/cve/CVE-2020-10767"
},
{
"category": "external",
"summary": "SUSE Bug 1159281 for CVE-2020-10767",
"url": "https://bugzilla.suse.com/1159281"
},
{
"category": "external",
"summary": "SUSE Bug 1172782 for CVE-2020-10767",
"url": "https://bugzilla.suse.com/1172782"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10767"
},
{
"cve": "CVE-2020-10768",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-10768"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being \u0027force disabled\u0027 when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-10768",
"url": "https://www.suse.com/security/cve/CVE-2020-10768"
},
{
"category": "external",
"summary": "SUSE Bug 1159281 for CVE-2020-10768",
"url": "https://bugzilla.suse.com/1159281"
},
{
"category": "external",
"summary": "SUSE Bug 1172783 for CVE-2020-10768",
"url": "https://bugzilla.suse.com/1172783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-10768"
},
{
"cve": "CVE-2020-12351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12351"
}
],
"notes": [
{
"category": "general",
"text": "Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12351",
"url": "https://www.suse.com/security/cve/CVE-2020-12351"
},
{
"category": "external",
"summary": "SUSE Bug 1177724 for CVE-2020-12351",
"url": "https://bugzilla.suse.com/1177724"
},
{
"category": "external",
"summary": "SUSE Bug 1177729 for CVE-2020-12351",
"url": "https://bugzilla.suse.com/1177729"
},
{
"category": "external",
"summary": "SUSE Bug 1178397 for CVE-2020-12351",
"url": "https://bugzilla.suse.com/1178397"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-12351"
},
{
"cve": "CVE-2020-12352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-12352"
}
],
"notes": [
{
"category": "general",
"text": "Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-12352",
"url": "https://www.suse.com/security/cve/CVE-2020-12352"
},
{
"category": "external",
"summary": "SUSE Bug 1177725 for CVE-2020-12352",
"url": "https://bugzilla.suse.com/1177725"
},
{
"category": "external",
"summary": "SUSE Bug 1178398 for CVE-2020-12352",
"url": "https://bugzilla.suse.com/1178398"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-12352"
},
{
"cve": "CVE-2020-14331",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14331"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14331",
"url": "https://www.suse.com/security/cve/CVE-2020-14331"
},
{
"category": "external",
"summary": "SUSE Bug 1174205 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174205"
},
{
"category": "external",
"summary": "SUSE Bug 1174247 for CVE-2020-14331",
"url": "https://bugzilla.suse.com/1174247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14331"
},
{
"cve": "CVE-2020-14386",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-14386"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-14386",
"url": "https://www.suse.com/security/cve/CVE-2020-14386"
},
{
"category": "external",
"summary": "SUSE Bug 1176069 for CVE-2020-14386",
"url": "https://bugzilla.suse.com/1176069"
},
{
"category": "external",
"summary": "SUSE Bug 1176072 for CVE-2020-14386",
"url": "https://bugzilla.suse.com/1176072"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-14386"
},
{
"cve": "CVE-2020-24586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24586"
}
],
"notes": [
{
"category": "general",
"text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24586",
"url": "https://www.suse.com/security/cve/CVE-2020-24586"
},
{
"category": "external",
"summary": "SUSE Bug 1185859 for CVE-2020-24586",
"url": "https://bugzilla.suse.com/1185859"
},
{
"category": "external",
"summary": "SUSE Bug 1192868 for CVE-2020-24586",
"url": "https://bugzilla.suse.com/1192868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24586"
},
{
"cve": "CVE-2020-24587",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24587"
}
],
"notes": [
{
"category": "general",
"text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24587",
"url": "https://www.suse.com/security/cve/CVE-2020-24587"
},
{
"category": "external",
"summary": "SUSE Bug 1185859 for CVE-2020-24587",
"url": "https://bugzilla.suse.com/1185859"
},
{
"category": "external",
"summary": "SUSE Bug 1185862 for CVE-2020-24587",
"url": "https://bugzilla.suse.com/1185862"
},
{
"category": "external",
"summary": "SUSE Bug 1192868 for CVE-2020-24587",
"url": "https://bugzilla.suse.com/1192868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24587"
},
{
"cve": "CVE-2020-24588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-24588"
}
],
"notes": [
{
"category": "general",
"text": "The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn\u0027t require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-24588",
"url": "https://www.suse.com/security/cve/CVE-2020-24588"
},
{
"category": "external",
"summary": "SUSE Bug 1185861 for CVE-2020-24588",
"url": "https://bugzilla.suse.com/1185861"
},
{
"category": "external",
"summary": "SUSE Bug 1192868 for CVE-2020-24588",
"url": "https://bugzilla.suse.com/1192868"
},
{
"category": "external",
"summary": "SUSE Bug 1199701 for CVE-2020-24588",
"url": "https://bugzilla.suse.com/1199701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-24588"
},
{
"cve": "CVE-2020-25639",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25639"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the Linux kernel\u0027s GPU Nouveau driver functionality in versions prior to 5.12-rc1 in the way the user calls ioctl DRM_IOCTL_NOUVEAU_CHANNEL_ALLOC. This flaw allows a local user to crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25639",
"url": "https://www.suse.com/security/cve/CVE-2020-25639"
},
{
"category": "external",
"summary": "SUSE Bug 1176846 for CVE-2020-25639",
"url": "https://bugzilla.suse.com/1176846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-25639"
},
{
"cve": "CVE-2020-25656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25656"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25656",
"url": "https://www.suse.com/security/cve/CVE-2020-25656"
},
{
"category": "external",
"summary": "SUSE Bug 1177766 for CVE-2020-25656",
"url": "https://bugzilla.suse.com/1177766"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-25656"
},
{
"cve": "CVE-2020-25668",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25668"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25668",
"url": "https://www.suse.com/security/cve/CVE-2020-25668"
},
{
"category": "external",
"summary": "SUSE Bug 1178123 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1178123"
},
{
"category": "external",
"summary": "SUSE Bug 1178622 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1178622"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2020-25668",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-25668"
},
{
"cve": "CVE-2020-26141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-26141"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt packets in WPA or WPA2 networks that support the TKIP data-confidentiality protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-26141",
"url": "https://www.suse.com/security/cve/CVE-2020-26141"
},
{
"category": "external",
"summary": "SUSE Bug 1185987 for CVE-2020-26141",
"url": "https://bugzilla.suse.com/1185987"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-26141"
},
{
"cve": "CVE-2020-2732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-2732"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled. Under some circumstances, an L2 guest may trick the L0 guest into accessing sensitive L1 resources that should be inaccessible to the L2 guest.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-2732",
"url": "https://www.suse.com/security/cve/CVE-2020-2732"
},
{
"category": "external",
"summary": "SUSE Bug 1163971 for CVE-2020-2732",
"url": "https://bugzilla.suse.com/1163971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-2732"
},
{
"cve": "CVE-2020-29660",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29660"
}
],
"notes": [
{
"category": "general",
"text": "A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29660",
"url": "https://www.suse.com/security/cve/CVE-2020-29660"
},
{
"category": "external",
"summary": "SUSE Bug 1179745 for CVE-2020-29660",
"url": "https://bugzilla.suse.com/1179745"
},
{
"category": "external",
"summary": "SUSE Bug 1179877 for CVE-2020-29660",
"url": "https://bugzilla.suse.com/1179877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-29660"
},
{
"cve": "CVE-2020-29661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-29661"
}
],
"notes": [
{
"category": "general",
"text": "A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-29661",
"url": "https://www.suse.com/security/cve/CVE-2020-29661"
},
{
"category": "external",
"summary": "SUSE Bug 1179745 for CVE-2020-29661",
"url": "https://bugzilla.suse.com/1179745"
},
{
"category": "external",
"summary": "SUSE Bug 1179877 for CVE-2020-29661",
"url": "https://bugzilla.suse.com/1179877"
},
{
"category": "external",
"summary": "SUSE Bug 1214268 for CVE-2020-29661",
"url": "https://bugzilla.suse.com/1214268"
},
{
"category": "external",
"summary": "SUSE Bug 1218966 for CVE-2020-29661",
"url": "https://bugzilla.suse.com/1218966"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2020-29661"
},
{
"cve": "CVE-2020-8648",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8648"
}
],
"notes": [
{
"category": "general",
"text": "There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_common function in drivers/tty/n_tty.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8648",
"url": "https://www.suse.com/security/cve/CVE-2020-8648"
},
{
"category": "external",
"summary": "SUSE Bug 1162928 for CVE-2020-8648",
"url": "https://bugzilla.suse.com/1162928"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8648"
},
{
"cve": "CVE-2020-8694",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8694"
}
],
"notes": [
{
"category": "general",
"text": "Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8694",
"url": "https://www.suse.com/security/cve/CVE-2020-8694"
},
{
"category": "external",
"summary": "SUSE Bug 1170415 for CVE-2020-8694",
"url": "https://bugzilla.suse.com/1170415"
},
{
"category": "external",
"summary": "SUSE Bug 1170446 for CVE-2020-8694",
"url": "https://bugzilla.suse.com/1170446"
},
{
"category": "external",
"summary": "SUSE Bug 1178591 for CVE-2020-8694",
"url": "https://bugzilla.suse.com/1178591"
},
{
"category": "external",
"summary": "SUSE Bug 1178700 for CVE-2020-8694",
"url": "https://bugzilla.suse.com/1178700"
},
{
"category": "external",
"summary": "SUSE Bug 1179661 for CVE-2020-8694",
"url": "https://bugzilla.suse.com/1179661"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8694"
},
{
"cve": "CVE-2021-23133",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-23133"
}
],
"notes": [
{
"category": "general",
"text": "A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)-\u003esctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-23133",
"url": "https://www.suse.com/security/cve/CVE-2021-23133"
},
{
"category": "external",
"summary": "SUSE Bug 1184675 for CVE-2021-23133",
"url": "https://bugzilla.suse.com/1184675"
},
{
"category": "external",
"summary": "SUSE Bug 1185901 for CVE-2021-23133",
"url": "https://bugzilla.suse.com/1185901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-23133"
},
{
"cve": "CVE-2021-26708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-26708"
}
],
"notes": [
{
"category": "general",
"text": "A local privilege escalation was discovered in the Linux kernel before 5.10.13. Multiple race conditions in the AF_VSOCK implementation are caused by wrong locking in net/vmw_vsock/af_vsock.c. The race conditions were implicitly introduced in the commits that added VSOCK multi-transport support.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-26708",
"url": "https://www.suse.com/security/cve/CVE-2021-26708"
},
{
"category": "external",
"summary": "SUSE Bug 1181806 for CVE-2021-26708",
"url": "https://bugzilla.suse.com/1181806"
},
{
"category": "external",
"summary": "SUSE Bug 1183298 for CVE-2021-26708",
"url": "https://bugzilla.suse.com/1183298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-26708"
},
{
"cve": "CVE-2021-28971",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-28971"
}
],
"notes": [
{
"category": "general",
"text": "In intel_pmu_drain_pebs_nhm in arch/x86/events/intel/ds.c in the Linux kernel through 5.11.8 on some Haswell CPUs, userspace applications (such as perf-fuzzer) can cause a system crash because the PEBS status in a PEBS record is mishandled, aka CID-d88d05a9e0b6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-28971",
"url": "https://www.suse.com/security/cve/CVE-2021-28971"
},
{
"category": "external",
"summary": "SUSE Bug 1184196 for CVE-2021-28971",
"url": "https://bugzilla.suse.com/1184196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-28971"
},
{
"cve": "CVE-2021-32606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-32606"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-32606",
"url": "https://www.suse.com/security/cve/CVE-2021-32606"
},
{
"category": "external",
"summary": "SUSE Bug 1185953 for CVE-2021-32606",
"url": "https://bugzilla.suse.com/1185953"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-32606"
},
{
"cve": "CVE-2021-33909",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-33909"
}
],
"notes": [
{
"category": "general",
"text": "fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an unprivileged user, aka CID-8cae8cd89f05.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-33909",
"url": "https://www.suse.com/security/cve/CVE-2021-33909"
},
{
"category": "external",
"summary": "SUSE Bug 1188062 for CVE-2021-33909",
"url": "https://bugzilla.suse.com/1188062"
},
{
"category": "external",
"summary": "SUSE Bug 1188063 for CVE-2021-33909",
"url": "https://bugzilla.suse.com/1188063"
},
{
"category": "external",
"summary": "SUSE Bug 1188257 for CVE-2021-33909",
"url": "https://bugzilla.suse.com/1188257"
},
{
"category": "external",
"summary": "SUSE Bug 1189302 for CVE-2021-33909",
"url": "https://bugzilla.suse.com/1189302"
},
{
"category": "external",
"summary": "SUSE Bug 1190859 for CVE-2021-33909",
"url": "https://bugzilla.suse.com/1190859"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-33909"
},
{
"cve": "CVE-2021-3483",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3483"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions before kernel 5.12-rc6 are affected",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3483",
"url": "https://www.suse.com/security/cve/CVE-2021-3483"
},
{
"category": "external",
"summary": "SUSE Bug 1184393 for CVE-2021-3483",
"url": "https://bugzilla.suse.com/1184393"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3483"
},
{
"cve": "CVE-2021-3489",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3489"
}
],
"notes": [
{
"category": "general",
"text": "The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee (\"bpf, ringbuf: Deny reserve of buffers larger than ringbuf\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 (\"bpf: Implement BPF ring buffer and verifier support for it\") (v5.8-rc1).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3489",
"url": "https://www.suse.com/security/cve/CVE-2021-3489"
},
{
"category": "external",
"summary": "SUSE Bug 1185640 for CVE-2021-3489",
"url": "https://bugzilla.suse.com/1185640"
},
{
"category": "external",
"summary": "SUSE Bug 1185856 for CVE-2021-3489",
"url": "https://bugzilla.suse.com/1185856"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3489"
},
{
"cve": "CVE-2021-3490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3490"
}
],
"notes": [
{
"category": "general",
"text": "The eBPF ALU32 bounds tracking for bitwise ops (AND, OR and XOR) in the Linux kernel did not properly update 32-bit bounds, which could be turned into out of bounds reads and writes in the Linux kernel and therefore, arbitrary code execution. This issue was fixed via commit 049c4e13714e (\"bpf: Fix alu32 const subreg bound tracking on bitwise operations\") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. The AND/OR issues were introduced by commit 3f50f132d840 (\"bpf: Verifier, do explicit ALU32 bounds tracking\") (5.7-rc1) and the XOR variant was introduced by 2921c90d4718 (\"bpf:Fix a verifier failure with xor\") ( 5.10-rc1).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3490",
"url": "https://www.suse.com/security/cve/CVE-2021-3490"
},
{
"category": "external",
"summary": "SUSE Bug 1185641 for CVE-2021-3490",
"url": "https://bugzilla.suse.com/1185641"
},
{
"category": "external",
"summary": "SUSE Bug 1185796 for CVE-2021-3490",
"url": "https://bugzilla.suse.com/1185796"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3490"
},
{
"cve": "CVE-2021-3491",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3491"
}
],
"notes": [
{
"category": "general",
"text": "The io_uring subsystem in the Linux kernel allowed the MAX_RW_COUNT limit to be bypassed in the PROVIDE_BUFFERS operation, which led to negative values being usedin mem_rw when reading /proc/\u003cPID\u003e/mem. This could be used to create a heap overflow leading to arbitrary code execution in the kernel. It was addressed via commit d1f82808877b (\"io_uring: truncate lengths larger than MAX_RW_COUNT on provide buffers\") (v5.13-rc1) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced in ddf0322db79c (\"io_uring: add IORING_OP_PROVIDE_BUFFERS\") (v5.7-rc1).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3491",
"url": "https://www.suse.com/security/cve/CVE-2021-3491"
},
{
"category": "external",
"summary": "SUSE Bug 1185642 for CVE-2021-3491",
"url": "https://bugzilla.suse.com/1185642"
},
{
"category": "external",
"summary": "SUSE Bug 1187090 for CVE-2021-3491",
"url": "https://bugzilla.suse.com/1187090"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3491"
},
{
"cve": "CVE-2021-3542",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3542"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-42739. Reason: This candidate is a reservation duplicate of CVE-2021-42739. Notes: All CVE users should reference CVE-2021-42739 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3542",
"url": "https://www.suse.com/security/cve/CVE-2021-3542"
},
{
"category": "external",
"summary": "SUSE Bug 1184673 for CVE-2021-3542",
"url": "https://bugzilla.suse.com/1184673"
},
{
"category": "external",
"summary": "SUSE Bug 1186063 for CVE-2021-3542",
"url": "https://bugzilla.suse.com/1186063"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3542"
},
{
"cve": "CVE-2021-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3640"
}
],
"notes": [
{
"category": "general",
"text": "A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3640",
"url": "https://www.suse.com/security/cve/CVE-2021-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1188172 for CVE-2021-3640",
"url": "https://bugzilla.suse.com/1188172"
},
{
"category": "external",
"summary": "SUSE Bug 1188613 for CVE-2021-3640",
"url": "https://bugzilla.suse.com/1188613"
},
{
"category": "external",
"summary": "SUSE Bug 1191530 for CVE-2021-3640",
"url": "https://bugzilla.suse.com/1191530"
},
{
"category": "external",
"summary": "SUSE Bug 1196810 for CVE-2021-3640",
"url": "https://bugzilla.suse.com/1196810"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-3640",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3640"
},
{
"cve": "CVE-2021-3653",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3653"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"int_ctl\" field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape. This flaw affects Linux kernel versions prior to 5.14-rc7.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3653",
"url": "https://www.suse.com/security/cve/CVE-2021-3653"
},
{
"category": "external",
"summary": "SUSE Bug 1189399 for CVE-2021-3653",
"url": "https://bugzilla.suse.com/1189399"
},
{
"category": "external",
"summary": "SUSE Bug 1189420 for CVE-2021-3653",
"url": "https://bugzilla.suse.com/1189420"
},
{
"category": "external",
"summary": "SUSE Bug 1196914 for CVE-2021-3653",
"url": "https://bugzilla.suse.com/1196914"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3653"
},
{
"cve": "CVE-2021-3656",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3656"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the KVM\u0027s AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the \"virt_ext\" field, this issue could allow a malicious L1 to disable both VMLOAD/VMSAVE intercepts and VLS (Virtual VMLOAD/VMSAVE) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data or potential guest-to-host escape.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3656",
"url": "https://www.suse.com/security/cve/CVE-2021-3656"
},
{
"category": "external",
"summary": "SUSE Bug 1189400 for CVE-2021-3656",
"url": "https://bugzilla.suse.com/1189400"
},
{
"category": "external",
"summary": "SUSE Bug 1189418 for CVE-2021-3656",
"url": "https://bugzilla.suse.com/1189418"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-3656"
},
{
"cve": "CVE-2021-3744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3744"
}
],
"notes": [
{
"category": "general",
"text": "A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c, which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3744",
"url": "https://www.suse.com/security/cve/CVE-2021-3744"
},
{
"category": "external",
"summary": "SUSE Bug 1189884 for CVE-2021-3744",
"url": "https://bugzilla.suse.com/1189884"
},
{
"category": "external",
"summary": "SUSE Bug 1190534 for CVE-2021-3744",
"url": "https://bugzilla.suse.com/1190534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3744"
},
{
"cve": "CVE-2021-3753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3753"
}
],
"notes": [
{
"category": "general",
"text": "A race problem was seen in the vt_k_ioctl in drivers/tty/vt/vt_ioctl.c in the Linux kernel, which may cause an out of bounds read in vt as the write access to vc_mode is not protected by lock-in vt_ioctl (KDSETMDE). The highest threat from this vulnerability is to data confidentiality.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3753",
"url": "https://www.suse.com/security/cve/CVE-2021-3753"
},
{
"category": "external",
"summary": "SUSE Bug 1190025 for CVE-2021-3753",
"url": "https://bugzilla.suse.com/1190025"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3753"
},
{
"cve": "CVE-2021-37576",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-37576"
}
],
"notes": [
{
"category": "general",
"text": "arch/powerpc/kvm/book3s_rtas.c in the Linux kernel through 5.13.5 on the powerpc platform allows KVM guest OS users to cause host OS memory corruption via rtas_args.nargs, aka CID-f62f3c20647e.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-37576",
"url": "https://www.suse.com/security/cve/CVE-2021-37576"
},
{
"category": "external",
"summary": "SUSE Bug 1188838 for CVE-2021-37576",
"url": "https://bugzilla.suse.com/1188838"
},
{
"category": "external",
"summary": "SUSE Bug 1188842 for CVE-2021-37576",
"url": "https://bugzilla.suse.com/1188842"
},
{
"category": "external",
"summary": "SUSE Bug 1190276 for CVE-2021-37576",
"url": "https://bugzilla.suse.com/1190276"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-37576"
},
{
"cve": "CVE-2021-3759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3759"
}
],
"notes": [
{
"category": "general",
"text": "A memory overflow vulnerability was found in the Linux kernel\u0027s ipc functionality of the memcg subsystem, in the way a user calls the semget function multiple times, creating semaphores. This flaw allows a local user to starve the resources, causing a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3759",
"url": "https://www.suse.com/security/cve/CVE-2021-3759"
},
{
"category": "external",
"summary": "SUSE Bug 1190115 for CVE-2021-3759",
"url": "https://bugzilla.suse.com/1190115"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-3759"
},
{
"cve": "CVE-2021-38166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-38166"
}
],
"notes": [
{
"category": "general",
"text": "In kernel/bpf/hashtab.c in the Linux kernel through 5.13.8, there is an integer overflow and out-of-bounds write when many elements are placed in a single bucket. NOTE: exploitation might be impractical without the CAP_SYS_ADMIN capability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-38166",
"url": "https://www.suse.com/security/cve/CVE-2021-38166"
},
{
"category": "external",
"summary": "SUSE Bug 1189233 for CVE-2021-38166",
"url": "https://bugzilla.suse.com/1189233"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-38166"
},
{
"cve": "CVE-2021-43976",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-43976"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 5.15.2, mwifiex_usb_recv in drivers/net/wireless/marvell/mwifiex/usb.c allows an attacker (who can connect a crafted USB device) to cause a denial of service (skb_over_panic).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-43976",
"url": "https://www.suse.com/security/cve/CVE-2021-43976"
},
{
"category": "external",
"summary": "SUSE Bug 1192847 for CVE-2021-43976",
"url": "https://bugzilla.suse.com/1192847"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-43976"
},
{
"cve": "CVE-2022-0185",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0185"
}
],
"notes": [
{
"category": "general",
"text": "A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length. An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that does not support the Filesystem Context API (and thus fallbacks to legacy handling) could use this flaw to escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0185",
"url": "https://www.suse.com/security/cve/CVE-2022-0185"
},
{
"category": "external",
"summary": "SUSE Bug 1194517 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194517"
},
{
"category": "external",
"summary": "SUSE Bug 1194737 for CVE-2022-0185",
"url": "https://bugzilla.suse.com/1194737"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-0185"
},
{
"cve": "CVE-2022-0330",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0330"
}
],
"notes": [
{
"category": "general",
"text": "A random memory access flaw was found in the Linux kernel\u0027s GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU. This flaw allows a local user to crash the system or escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0330",
"url": "https://www.suse.com/security/cve/CVE-2022-0330"
},
{
"category": "external",
"summary": "SUSE Bug 1194880 for CVE-2022-0330",
"url": "https://bugzilla.suse.com/1194880"
},
{
"category": "external",
"summary": "SUSE Bug 1195950 for CVE-2022-0330",
"url": "https://bugzilla.suse.com/1195950"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-0330"
},
{
"cve": "CVE-2022-0847",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0847"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the way the \"flags\" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0847",
"url": "https://www.suse.com/security/cve/CVE-2022-0847"
},
{
"category": "external",
"summary": "SUSE Bug 1196584 for CVE-2022-0847",
"url": "https://bugzilla.suse.com/1196584"
},
{
"category": "external",
"summary": "SUSE Bug 1196601 for CVE-2022-0847",
"url": "https://bugzilla.suse.com/1196601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-0847"
},
{
"cve": "CVE-2022-0886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0886"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-27666. Reason: This candidate is a reservation duplicate of CVE-2022-27666. Notes: All CVE users should reference CVE-2022-27666 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0886",
"url": "https://www.suse.com/security/cve/CVE-2022-0886"
},
{
"category": "external",
"summary": "SUSE Bug 1197131 for CVE-2022-0886",
"url": "https://bugzilla.suse.com/1197131"
},
{
"category": "external",
"summary": "SUSE Bug 1197133 for CVE-2022-0886",
"url": "https://bugzilla.suse.com/1197133"
},
{
"category": "external",
"summary": "SUSE Bug 1197462 for CVE-2022-0886",
"url": "https://bugzilla.suse.com/1197462"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-0886"
},
{
"cve": "CVE-2022-1462",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1462"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read flaw was found in the Linux kernel\u0027s TeleTYpe subsystem. The issue occurs in how a user triggers a race condition using ioctls TIOCSPTLCK and TIOCGPTPEER and TIOCSTI and TCXONC with leakage of memory in the flush_to_ldisc function. This flaw allows a local user to crash the system or read unauthorized random data from memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1462",
"url": "https://www.suse.com/security/cve/CVE-2022-1462"
},
{
"category": "external",
"summary": "SUSE Bug 1198829 for CVE-2022-1462",
"url": "https://bugzilla.suse.com/1198829"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1462"
},
{
"cve": "CVE-2022-1516",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1516"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the Linux kernel\u0027s X.25 set of standardized network protocols functionality in the way a user terminates their session using a simulated Ethernet card and continued usage of this connection. This flaw allows a local user to crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1516",
"url": "https://www.suse.com/security/cve/CVE-2022-1516"
},
{
"category": "external",
"summary": "SUSE Bug 1199012 for CVE-2022-1516",
"url": "https://bugzilla.suse.com/1199012"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1516"
},
{
"cve": "CVE-2022-1679",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1679"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the Linux kernel\u0027s Atheros wireless adapter driver in the way a user forces the ath9k_htc_wait_for_target function to fail with some input messages. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1679",
"url": "https://www.suse.com/security/cve/CVE-2022-1679"
},
{
"category": "external",
"summary": "SUSE Bug 1199487 for CVE-2022-1679",
"url": "https://bugzilla.suse.com/1199487"
},
{
"category": "external",
"summary": "SUSE Bug 1201080 for CVE-2022-1679",
"url": "https://bugzilla.suse.com/1201080"
},
{
"category": "external",
"summary": "SUSE Bug 1201832 for CVE-2022-1679",
"url": "https://bugzilla.suse.com/1201832"
},
{
"category": "external",
"summary": "SUSE Bug 1204132 for CVE-2022-1679",
"url": "https://bugzilla.suse.com/1204132"
},
{
"category": "external",
"summary": "SUSE Bug 1212316 for CVE-2022-1679",
"url": "https://bugzilla.suse.com/1212316"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-1679"
},
{
"cve": "CVE-2022-1729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1729"
}
],
"notes": [
{
"category": "general",
"text": "A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1729",
"url": "https://www.suse.com/security/cve/CVE-2022-1729"
},
{
"category": "external",
"summary": "SUSE Bug 1199507 for CVE-2022-1729",
"url": "https://bugzilla.suse.com/1199507"
},
{
"category": "external",
"summary": "SUSE Bug 1199697 for CVE-2022-1729",
"url": "https://bugzilla.suse.com/1199697"
},
{
"category": "external",
"summary": "SUSE Bug 1201832 for CVE-2022-1729",
"url": "https://bugzilla.suse.com/1201832"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-1729"
},
{
"cve": "CVE-2022-1852",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1852"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the Linux kernel\u0027s KVM module, which can lead to a denial of service in the x86_emulate_insn in arch/x86/kvm/emulate.c. This flaw occurs while executing an illegal instruction in guest in the Intel CPU.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1852",
"url": "https://www.suse.com/security/cve/CVE-2022-1852"
},
{
"category": "external",
"summary": "SUSE Bug 1199875 for CVE-2022-1852",
"url": "https://bugzilla.suse.com/1199875"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-1852"
},
{
"cve": "CVE-2022-1966",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1966"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-32250. Reason: This candidate is a duplicate of CVE-2022-32250. Notes: All CVE users should reference CVE-2022-32250 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1966",
"url": "https://www.suse.com/security/cve/CVE-2022-1966"
},
{
"category": "external",
"summary": "SUSE Bug 1200015 for CVE-2022-1966",
"url": "https://bugzilla.suse.com/1200015"
},
{
"category": "external",
"summary": "SUSE Bug 1200268 for CVE-2022-1966",
"url": "https://bugzilla.suse.com/1200268"
},
{
"category": "external",
"summary": "SUSE Bug 1200494 for CVE-2022-1966",
"url": "https://bugzilla.suse.com/1200494"
},
{
"category": "external",
"summary": "SUSE Bug 1200529 for CVE-2022-1966",
"url": "https://bugzilla.suse.com/1200529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-1966"
},
{
"cve": "CVE-2022-1972",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1972"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate is a reservation duplicate of CVE-2022-2078. Notes: All CVE users should reference CVE-2022-2078 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1972",
"url": "https://www.suse.com/security/cve/CVE-2022-1972"
},
{
"category": "external",
"summary": "SUSE Bug 1200019 for CVE-2022-1972",
"url": "https://bugzilla.suse.com/1200019"
},
{
"category": "external",
"summary": "SUSE Bug 1200266 for CVE-2022-1972",
"url": "https://bugzilla.suse.com/1200266"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-1972"
},
{
"cve": "CVE-2022-1973",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1973"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1973",
"url": "https://www.suse.com/security/cve/CVE-2022-1973"
},
{
"category": "external",
"summary": "SUSE Bug 1200023 for CVE-2022-1973",
"url": "https://bugzilla.suse.com/1200023"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-1973"
},
{
"cve": "CVE-2022-22942",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-22942"
}
],
"notes": [
{
"category": "general",
"text": "The vmwgfx driver contains a local privilege escalation vulnerability that allows unprivileged users to gain access to files opened by other processes on the system through a dangling \u0027file\u0027 pointer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-22942",
"url": "https://www.suse.com/security/cve/CVE-2022-22942"
},
{
"category": "external",
"summary": "SUSE Bug 1195065 for CVE-2022-22942",
"url": "https://bugzilla.suse.com/1195065"
},
{
"category": "external",
"summary": "SUSE Bug 1195951 for CVE-2022-22942",
"url": "https://bugzilla.suse.com/1195951"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-22942"
},
{
"cve": "CVE-2022-2308",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2308"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in vDPA with VDUSE backend. There are currently no checks in VDUSE kernel driver to ensure the size of the device config space is in line with the features advertised by the VDUSE userspace application. In case of a mismatch, Virtio drivers config read helpers do not initialize the memory indirectly passed to vduse_vdpa_get_config() returning uninitialized memory from the stack. This could cause undefined behavior or data leaks in Virtio drivers.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2308",
"url": "https://www.suse.com/security/cve/CVE-2022-2308"
},
{
"category": "external",
"summary": "SUSE Bug 1202573 for CVE-2022-2308",
"url": "https://bugzilla.suse.com/1202573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-2308"
},
{
"cve": "CVE-2022-24958",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-24958"
}
],
"notes": [
{
"category": "general",
"text": "drivers/usb/gadget/legacy/inode.c in the Linux kernel through 5.16.8 mishandles dev-\u003ebuf release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-24958",
"url": "https://www.suse.com/security/cve/CVE-2022-24958"
},
{
"category": "external",
"summary": "SUSE Bug 1195905 for CVE-2022-24958",
"url": "https://bugzilla.suse.com/1195905"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-24958"
},
{
"cve": "CVE-2022-2588",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2588"
}
],
"notes": [
{
"category": "general",
"text": "It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2588",
"url": "https://www.suse.com/security/cve/CVE-2022-2588"
},
{
"category": "external",
"summary": "SUSE Bug 1202096 for CVE-2022-2588",
"url": "https://bugzilla.suse.com/1202096"
},
{
"category": "external",
"summary": "SUSE Bug 1203613 for CVE-2022-2588",
"url": "https://bugzilla.suse.com/1203613"
},
{
"category": "external",
"summary": "SUSE Bug 1204183 for CVE-2022-2588",
"url": "https://bugzilla.suse.com/1204183"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-2588",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-2588"
},
{
"cve": "CVE-2022-2590",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-2590"
}
],
"notes": [
{
"category": "general",
"text": "A race condition was found in the way the Linux kernel\u0027s memory subsystem handled the copy-on-write (COW) breakage of private read-only shared memory mappings. This flaw allows an unprivileged, local user to gain write access to read-only memory mappings, increasing their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-2590",
"url": "https://www.suse.com/security/cve/CVE-2022-2590"
},
{
"category": "external",
"summary": "SUSE Bug 1202013 for CVE-2022-2590",
"url": "https://bugzilla.suse.com/1202013"
},
{
"category": "external",
"summary": "SUSE Bug 1202089 for CVE-2022-2590",
"url": "https://bugzilla.suse.com/1202089"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-2590"
},
{
"cve": "CVE-2022-26490",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-26490"
}
],
"notes": [
{
"category": "general",
"text": "st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-26490",
"url": "https://www.suse.com/security/cve/CVE-2022-26490"
},
{
"category": "external",
"summary": "SUSE Bug 1196830 for CVE-2022-26490",
"url": "https://bugzilla.suse.com/1196830"
},
{
"category": "external",
"summary": "SUSE Bug 1201656 for CVE-2022-26490",
"url": "https://bugzilla.suse.com/1201656"
},
{
"category": "external",
"summary": "SUSE Bug 1201969 for CVE-2022-26490",
"url": "https://bugzilla.suse.com/1201969"
},
{
"category": "external",
"summary": "SUSE Bug 1211495 for CVE-2022-26490",
"url": "https://bugzilla.suse.com/1211495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-26490"
},
{
"cve": "CVE-2022-28388",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28388"
}
],
"notes": [
{
"category": "general",
"text": "usb_8dev_start_xmit in drivers/net/can/usb/usb_8dev.c in the Linux kernel through 5.17.1 has a double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28388",
"url": "https://www.suse.com/security/cve/CVE-2022-28388"
},
{
"category": "external",
"summary": "SUSE Bug 1198032 for CVE-2022-28388",
"url": "https://bugzilla.suse.com/1198032"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-28388"
},
{
"cve": "CVE-2022-28389",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28389"
}
],
"notes": [
{
"category": "general",
"text": "mcba_usb_start_xmit in drivers/net/can/usb/mcba_usb.c in the Linux kernel through 5.17.1 has a double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28389",
"url": "https://www.suse.com/security/cve/CVE-2022-28389"
},
{
"category": "external",
"summary": "SUSE Bug 1198033 for CVE-2022-28389",
"url": "https://bugzilla.suse.com/1198033"
},
{
"category": "external",
"summary": "SUSE Bug 1201657 for CVE-2022-28389",
"url": "https://bugzilla.suse.com/1201657"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-28389"
},
{
"cve": "CVE-2022-28390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28390"
}
],
"notes": [
{
"category": "general",
"text": "ems_usb_start_xmit in drivers/net/can/usb/ems_usb.c in the Linux kernel through 5.17.1 has a double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28390",
"url": "https://www.suse.com/security/cve/CVE-2022-28390"
},
{
"category": "external",
"summary": "SUSE Bug 1198031 for CVE-2022-28390",
"url": "https://bugzilla.suse.com/1198031"
},
{
"category": "external",
"summary": "SUSE Bug 1201517 for CVE-2022-28390",
"url": "https://bugzilla.suse.com/1201517"
},
{
"category": "external",
"summary": "SUSE Bug 1207969 for CVE-2022-28390",
"url": "https://bugzilla.suse.com/1207969"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-28390"
},
{
"cve": "CVE-2022-28893",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-28893"
}
],
"notes": [
{
"category": "general",
"text": "The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-28893",
"url": "https://www.suse.com/security/cve/CVE-2022-28893"
},
{
"category": "external",
"summary": "SUSE Bug 1198330 for CVE-2022-28893",
"url": "https://bugzilla.suse.com/1198330"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-28893"
},
{
"cve": "CVE-2022-29900",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29900"
}
],
"notes": [
{
"category": "general",
"text": "Mis-trained branch predictions for return instructions may allow arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29900",
"url": "https://www.suse.com/security/cve/CVE-2022-29900"
},
{
"category": "external",
"summary": "SUSE Bug 1199657 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1199657"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1207894 for CVE-2022-29900",
"url": "https://bugzilla.suse.com/1207894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-29900"
},
{
"cve": "CVE-2022-29901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29901"
}
],
"notes": [
{
"category": "general",
"text": "Intel microprocessor generations 6 to 8 are affected by a new Spectre variant that is able to bypass their retpoline mitigation in the kernel to leak arbitrary data. An attacker with unprivileged user access can hijack return instructions to achieve arbitrary speculative code execution under certain microarchitecture-dependent conditions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29901",
"url": "https://www.suse.com/security/cve/CVE-2022-29901"
},
{
"category": "external",
"summary": "SUSE Bug 1199657 for CVE-2022-29901",
"url": "https://bugzilla.suse.com/1199657"
},
{
"category": "external",
"summary": "SUSE Bug 1201469 for CVE-2022-29901",
"url": "https://bugzilla.suse.com/1201469"
},
{
"category": "external",
"summary": "SUSE Bug 1207894 for CVE-2022-29901",
"url": "https://bugzilla.suse.com/1207894"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-29901"
},
{
"cve": "CVE-2022-29968",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-29968"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb-\u003eprivate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-29968",
"url": "https://www.suse.com/security/cve/CVE-2022-29968"
},
{
"category": "external",
"summary": "SUSE Bug 1199087 for CVE-2022-29968",
"url": "https://bugzilla.suse.com/1199087"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2022-29968"
},
{
"cve": "CVE-2022-3424",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3424"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in the Linux kernel\u0027s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3424",
"url": "https://www.suse.com/security/cve/CVE-2022-3424"
},
{
"category": "external",
"summary": "SUSE Bug 1204166 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1204166"
},
{
"category": "external",
"summary": "SUSE Bug 1204167 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1204167"
},
{
"category": "external",
"summary": "SUSE Bug 1208044 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1208044"
},
{
"category": "external",
"summary": "SUSE Bug 1212309 for CVE-2022-3424",
"url": "https://bugzilla.suse.com/1212309"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3424"
},
{
"cve": "CVE-2022-34918",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-34918"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 5.18.9. A type confusion bug in nft_set_elem_init (leading to a buffer overflow) could be used by a local attacker to escalate privileges, a different vulnerability than CVE-2022-32250. (The attacker can obtain root access, but must start with an unprivileged user namespace to obtain CAP_NET_ADMIN access.) This can be fixed in nft_setelem_parse_data in net/netfilter/nf_tables_api.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-34918",
"url": "https://www.suse.com/security/cve/CVE-2022-34918"
},
{
"category": "external",
"summary": "SUSE Bug 1201171 for CVE-2022-34918",
"url": "https://bugzilla.suse.com/1201171"
},
{
"category": "external",
"summary": "SUSE Bug 1201177 for CVE-2022-34918",
"url": "https://bugzilla.suse.com/1201177"
},
{
"category": "external",
"summary": "SUSE Bug 1201222 for CVE-2022-34918",
"url": "https://bugzilla.suse.com/1201222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-34918"
},
{
"cve": "CVE-2022-3628",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3628"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow flaw was found in the Linux kernel Broadcom Full MAC Wi-Fi driver. This issue occurs when a user connects to a malicious USB device. This can allow a local user to crash the system or escalate their privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3628",
"url": "https://www.suse.com/security/cve/CVE-2022-3628"
},
{
"category": "external",
"summary": "SUSE Bug 1204868 for CVE-2022-3628",
"url": "https://bugzilla.suse.com/1204868"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-3628"
},
{
"cve": "CVE-2022-3640",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3640"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability, which was classified as critical, was found in Linux Kernel. Affected is the function l2cap_conn_del of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211944.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3640",
"url": "https://www.suse.com/security/cve/CVE-2022-3640"
},
{
"category": "external",
"summary": "SUSE Bug 1204619 for CVE-2022-3640",
"url": "https://bugzilla.suse.com/1204619"
},
{
"category": "external",
"summary": "SUSE Bug 1204624 for CVE-2022-3640",
"url": "https://bugzilla.suse.com/1204624"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-3640",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-3640"
},
{
"cve": "CVE-2022-40982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40982"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40982",
"url": "https://www.suse.com/security/cve/CVE-2022-40982"
},
{
"category": "external",
"summary": "SUSE Bug 1206418 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1206418"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-40982"
},
{
"cve": "CVE-2022-41218",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-41218"
}
],
"notes": [
{
"category": "general",
"text": "In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-41218",
"url": "https://www.suse.com/security/cve/CVE-2022-41218"
},
{
"category": "external",
"summary": "SUSE Bug 1202960 for CVE-2022-41218",
"url": "https://bugzilla.suse.com/1202960"
},
{
"category": "external",
"summary": "SUSE Bug 1203606 for CVE-2022-41218",
"url": "https://bugzilla.suse.com/1203606"
},
{
"category": "external",
"summary": "SUSE Bug 1205313 for CVE-2022-41218",
"url": "https://bugzilla.suse.com/1205313"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-41218",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-41218"
},
{
"cve": "CVE-2022-41674",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-41674"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 5.19.16. Attackers able to inject WLAN frames could cause a buffer overflow in the ieee80211_bss_info_update function in net/mac80211/scan.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-41674",
"url": "https://www.suse.com/security/cve/CVE-2022-41674"
},
{
"category": "external",
"summary": "SUSE Bug 1203770 for CVE-2022-41674",
"url": "https://bugzilla.suse.com/1203770"
},
{
"category": "external",
"summary": "SUSE Bug 1203994 for CVE-2022-41674",
"url": "https://bugzilla.suse.com/1203994"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-41674",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-41674"
},
{
"cve": "CVE-2022-42719",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42719"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free in the mac80211 stack when parsing a multi-BSSID element in the Linux kernel 5.2 through 5.19.x before 5.19.16 could be used by attackers (able to inject WLAN frames) to crash the kernel and potentially execute code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42719",
"url": "https://www.suse.com/security/cve/CVE-2022-42719"
},
{
"category": "external",
"summary": "SUSE Bug 1204051 for CVE-2022-42719",
"url": "https://bugzilla.suse.com/1204051"
},
{
"category": "external",
"summary": "SUSE Bug 1204292 for CVE-2022-42719",
"url": "https://bugzilla.suse.com/1204292"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-42719",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-42719"
},
{
"cve": "CVE-2022-42720",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42720"
}
],
"notes": [
{
"category": "general",
"text": "Various refcounting bugs in the multi-BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to trigger use-after-free conditions to potentially execute code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42720",
"url": "https://www.suse.com/security/cve/CVE-2022-42720"
},
{
"category": "external",
"summary": "SUSE Bug 1204059 for CVE-2022-42720",
"url": "https://bugzilla.suse.com/1204059"
},
{
"category": "external",
"summary": "SUSE Bug 1204291 for CVE-2022-42720",
"url": "https://bugzilla.suse.com/1204291"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-42720",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-42720"
},
{
"cve": "CVE-2022-42721",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42721"
}
],
"notes": [
{
"category": "general",
"text": "A list management bug in BSS handling in the mac80211 stack in the Linux kernel 5.1 through 5.19.x before 5.19.16 could be used by local attackers (able to inject WLAN frames) to corrupt a linked list and, in turn, potentially execute code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42721",
"url": "https://www.suse.com/security/cve/CVE-2022-42721"
},
{
"category": "external",
"summary": "SUSE Bug 1204060 for CVE-2022-42721",
"url": "https://bugzilla.suse.com/1204060"
},
{
"category": "external",
"summary": "SUSE Bug 1204290 for CVE-2022-42721",
"url": "https://bugzilla.suse.com/1204290"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-42721",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-42721"
},
{
"cve": "CVE-2022-42722",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-42722"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 5.8 through 5.19.x before 5.19.16, local attackers able to inject WLAN frames into the mac80211 stack could cause a NULL pointer dereference denial-of-service attack against the beacon protection of P2P devices.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-42722",
"url": "https://www.suse.com/security/cve/CVE-2022-42722"
},
{
"category": "external",
"summary": "SUSE Bug 1204125 for CVE-2022-42722",
"url": "https://bugzilla.suse.com/1204125"
},
{
"category": "external",
"summary": "SUSE Bug 1204289 for CVE-2022-42722",
"url": "https://bugzilla.suse.com/1204289"
},
{
"category": "external",
"summary": "SUSE Bug 1209225 for CVE-2022-42722",
"url": "https://bugzilla.suse.com/1209225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-42722"
},
{
"cve": "CVE-2022-4379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-4379"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-4379",
"url": "https://www.suse.com/security/cve/CVE-2022-4379"
},
{
"category": "external",
"summary": "SUSE Bug 1206209 for CVE-2022-4379",
"url": "https://bugzilla.suse.com/1206209"
},
{
"category": "external",
"summary": "SUSE Bug 1206373 for CVE-2022-4379",
"url": "https://bugzilla.suse.com/1206373"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-4379"
},
{
"cve": "CVE-2022-44032",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44032"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4000_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cmm_open() and cm4000_detach().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44032",
"url": "https://www.suse.com/security/cve/CVE-2022-44032"
},
{
"category": "external",
"summary": "SUSE Bug 1204894 for CVE-2022-44032",
"url": "https://bugzilla.suse.com/1204894"
},
{
"category": "external",
"summary": "SUSE Bug 1212290 for CVE-2022-44032",
"url": "https://bugzilla.suse.com/1212290"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44032"
},
{
"cve": "CVE-2022-44033",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44033"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/cm4040_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between cm4040_open() and reader_detach().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44033",
"url": "https://www.suse.com/security/cve/CVE-2022-44033"
},
{
"category": "external",
"summary": "SUSE Bug 1204922 for CVE-2022-44033",
"url": "https://bugzilla.suse.com/1204922"
},
{
"category": "external",
"summary": "SUSE Bug 1212306 for CVE-2022-44033",
"url": "https://bugzilla.suse.com/1212306"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44033"
},
{
"cve": "CVE-2022-44034",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-44034"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.0.6. drivers/char/pcmcia/scr24x_cs.c has a race condition and resultant use-after-free if a physically proximate attacker removes a PCMCIA device while calling open(), aka a race condition between scr24x_open() and scr24x_remove().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-44034",
"url": "https://www.suse.com/security/cve/CVE-2022-44034"
},
{
"category": "external",
"summary": "SUSE Bug 1204901 for CVE-2022-44034",
"url": "https://bugzilla.suse.com/1204901"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-44034"
},
{
"cve": "CVE-2022-45884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45884"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45884",
"url": "https://www.suse.com/security/cve/CVE-2022-45884"
},
{
"category": "external",
"summary": "SUSE Bug 1205756 for CVE-2022-45884",
"url": "https://bugzilla.suse.com/1205756"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-45884"
},
{
"cve": "CVE-2022-45885",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45885"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45885",
"url": "https://www.suse.com/security/cve/CVE-2022-45885"
},
{
"category": "external",
"summary": "SUSE Bug 1205758 for CVE-2022-45885",
"url": "https://bugzilla.suse.com/1205758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-45885"
},
{
"cve": "CVE-2022-45886",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45886"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45886",
"url": "https://www.suse.com/security/cve/CVE-2022-45886"
},
{
"category": "external",
"summary": "SUSE Bug 1205760 for CVE-2022-45886",
"url": "https://bugzilla.suse.com/1205760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-45886"
},
{
"cve": "CVE-2022-45887",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45887"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45887",
"url": "https://www.suse.com/security/cve/CVE-2022-45887"
},
{
"category": "external",
"summary": "SUSE Bug 1205762 for CVE-2022-45887",
"url": "https://bugzilla.suse.com/1205762"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2022-45887",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-45887"
},
{
"cve": "CVE-2022-45888",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45888"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.0.9. drivers/char/xillybus/xillyusb.c has a race condition and use-after-free during physical removal of a USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45888",
"url": "https://www.suse.com/security/cve/CVE-2022-45888"
},
{
"category": "external",
"summary": "SUSE Bug 1205764 for CVE-2022-45888",
"url": "https://bugzilla.suse.com/1205764"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-45888"
},
{
"cve": "CVE-2022-45919",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45919"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45919",
"url": "https://www.suse.com/security/cve/CVE-2022-45919"
},
{
"category": "external",
"summary": "SUSE Bug 1205803 for CVE-2022-45919",
"url": "https://bugzilla.suse.com/1205803"
},
{
"category": "external",
"summary": "SUSE Bug 1208600 for CVE-2022-45919",
"url": "https://bugzilla.suse.com/1208600"
},
{
"category": "external",
"summary": "SUSE Bug 1208912 for CVE-2022-45919",
"url": "https://bugzilla.suse.com/1208912"
},
{
"category": "external",
"summary": "SUSE Bug 1214128 for CVE-2022-45919",
"url": "https://bugzilla.suse.com/1214128"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2022-45919",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2022-45919"
},
{
"cve": "CVE-2022-45934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45934"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45934",
"url": "https://www.suse.com/security/cve/CVE-2022-45934"
},
{
"category": "external",
"summary": "SUSE Bug 1205796 for CVE-2022-45934",
"url": "https://bugzilla.suse.com/1205796"
},
{
"category": "external",
"summary": "SUSE Bug 1212292 for CVE-2022-45934",
"url": "https://bugzilla.suse.com/1212292"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-45934"
},
{
"cve": "CVE-2023-0045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0045"
}
],
"notes": [
{
"category": "general",
"text": "The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0045",
"url": "https://www.suse.com/security/cve/CVE-2023-0045"
},
{
"category": "external",
"summary": "SUSE Bug 1207773 for CVE-2023-0045",
"url": "https://bugzilla.suse.com/1207773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-0045"
},
{
"cve": "CVE-2023-1076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1076"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1076",
"url": "https://www.suse.com/security/cve/CVE-2023-1076"
},
{
"category": "external",
"summary": "SUSE Bug 1208599 for CVE-2023-1076",
"url": "https://bugzilla.suse.com/1208599"
},
{
"category": "external",
"summary": "SUSE Bug 1214019 for CVE-2023-1076",
"url": "https://bugzilla.suse.com/1214019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-1076"
},
{
"cve": "CVE-2023-1078",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1078"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1078",
"url": "https://www.suse.com/security/cve/CVE-2023-1078"
},
{
"category": "external",
"summary": "SUSE Bug 1208601 for CVE-2023-1078",
"url": "https://bugzilla.suse.com/1208601"
},
{
"category": "external",
"summary": "SUSE Bug 1208603 for CVE-2023-1078",
"url": "https://bugzilla.suse.com/1208603"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-1078"
},
{
"cve": "CVE-2023-1192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1192"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access a free memory region, leading to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1192",
"url": "https://www.suse.com/security/cve/CVE-2023-1192"
},
{
"category": "external",
"summary": "SUSE Bug 1208995 for CVE-2023-1192",
"url": "https://bugzilla.suse.com/1208995"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-1192"
},
{
"cve": "CVE-2023-1380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1380"
}
],
"notes": [
{
"category": "general",
"text": "A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info-\u003ereq_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1380",
"url": "https://www.suse.com/security/cve/CVE-2023-1380"
},
{
"category": "external",
"summary": "SUSE Bug 1209287 for CVE-2023-1380",
"url": "https://bugzilla.suse.com/1209287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-1380"
},
{
"cve": "CVE-2023-20569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20569"
}
],
"notes": [
{
"category": "general",
"text": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20569",
"url": "https://www.suse.com/security/cve/CVE-2023-20569"
},
{
"category": "external",
"summary": "SUSE Bug 1213287 for CVE-2023-20569",
"url": "https://bugzilla.suse.com/1213287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-20569"
},
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
},
{
"cve": "CVE-2023-2124",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2124"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory access flaw was found in the Linux kernel\u0027s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2124",
"url": "https://www.suse.com/security/cve/CVE-2023-2124"
},
{
"category": "external",
"summary": "SUSE Bug 1210498 for CVE-2023-2124",
"url": "https://bugzilla.suse.com/1210498"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-2124"
},
{
"cve": "CVE-2023-31084",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-31084"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(\u0026fepriv-\u003esem) is called. However, wait_event_interruptible would put the process to sleep, and down(\u0026fepriv-\u003esem) may block the process.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-31084",
"url": "https://www.suse.com/security/cve/CVE-2023-31084"
},
{
"category": "external",
"summary": "SUSE Bug 1210783 for CVE-2023-31084",
"url": "https://bugzilla.suse.com/1210783"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-31084"
},
{
"cve": "CVE-2023-3141",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3141"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3141",
"url": "https://www.suse.com/security/cve/CVE-2023-3141"
},
{
"category": "external",
"summary": "SUSE Bug 1212129 for CVE-2023-3141",
"url": "https://bugzilla.suse.com/1212129"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3141",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-3141"
},
{
"cve": "CVE-2023-3269",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3269"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3269",
"url": "https://www.suse.com/security/cve/CVE-2023-3269"
},
{
"category": "external",
"summary": "SUSE Bug 1212395 for CVE-2023-3269",
"url": "https://bugzilla.suse.com/1212395"
},
{
"category": "external",
"summary": "SUSE Bug 1213760 for CVE-2023-3269",
"url": "https://bugzilla.suse.com/1213760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-3269"
},
{
"cve": "CVE-2023-39192",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39192"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39192",
"url": "https://www.suse.com/security/cve/CVE-2023-39192"
},
{
"category": "external",
"summary": "SUSE Bug 1215858 for CVE-2023-39192",
"url": "https://bugzilla.suse.com/1215858"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2023-39192",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-39192"
},
{
"cve": "CVE-2023-39193",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-39193"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-39193",
"url": "https://www.suse.com/security/cve/CVE-2023-39193"
},
{
"category": "external",
"summary": "SUSE Bug 1215860 for CVE-2023-39193",
"url": "https://bugzilla.suse.com/1215860"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2023-39193",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-39193"
},
{
"cve": "CVE-2023-4128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4128"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Reason: This record is a duplicate of CVE-2023-4206, CVE-2023-4207, CVE-2023-4208. Notes: All CVE users should reference CVE-2023-4206, CVE-2023-4207, CVE-2023-4208 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4128",
"url": "https://www.suse.com/security/cve/CVE-2023-4128"
},
{
"category": "external",
"summary": "SUSE Bug 1214149 for CVE-2023-4128",
"url": "https://bugzilla.suse.com/1214149"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4128"
},
{
"cve": "CVE-2023-4134",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4134"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4134",
"url": "https://www.suse.com/security/cve/CVE-2023-4134"
},
{
"category": "external",
"summary": "SUSE Bug 1213971 for CVE-2023-4134",
"url": "https://bugzilla.suse.com/1213971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-4134"
},
{
"cve": "CVE-2023-4194",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4194"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 (\"tun: tun_chr_open(): correctly initialize socket uid\"), - 66b2c338adce (\"tap: tap_open(): correctly initialize socket uid\"), pass \"inode-\u003ei_uid\" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4194",
"url": "https://www.suse.com/security/cve/CVE-2023-4194"
},
{
"category": "external",
"summary": "SUSE Bug 1214019 for CVE-2023-4194",
"url": "https://bugzilla.suse.com/1214019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-4194"
},
{
"cve": "CVE-2023-42753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42753"
}
],
"notes": [
{
"category": "general",
"text": "An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h-\u003enets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42753",
"url": "https://www.suse.com/security/cve/CVE-2023-42753"
},
{
"category": "external",
"summary": "SUSE Bug 1215150 for CVE-2023-42753",
"url": "https://bugzilla.suse.com/1215150"
},
{
"category": "external",
"summary": "SUSE Bug 1218613 for CVE-2023-42753",
"url": "https://bugzilla.suse.com/1218613"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-42753"
},
{
"cve": "CVE-2023-42754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42754"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42754",
"url": "https://www.suse.com/security/cve/CVE-2023-42754"
},
{
"category": "external",
"summary": "SUSE Bug 1215467 for CVE-2023-42754",
"url": "https://bugzilla.suse.com/1215467"
},
{
"category": "external",
"summary": "SUSE Bug 1222212 for CVE-2023-42754",
"url": "https://bugzilla.suse.com/1222212"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-42754"
},
{
"cve": "CVE-2023-42756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42756"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42756",
"url": "https://www.suse.com/security/cve/CVE-2023-42756"
},
{
"category": "external",
"summary": "SUSE Bug 1215767 for CVE-2023-42756",
"url": "https://bugzilla.suse.com/1215767"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-42756"
},
{
"cve": "CVE-2023-4623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4623"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: sch_hfsc (HFSC qdisc traffic control) component can be exploited to achieve local privilege escalation.\n\nIf a class with a link-sharing curve (i.e. with the HFSC_FSC flag set) has a parent without a link-sharing curve, then init_vf() will call vttree_insert() on the parent, but vttree_remove() will be skipped in update_vf(). This leaves a dangling pointer that can cause a use-after-free.\n\nWe recommend upgrading past commit b3d26c5702c7d6c45456326e56d2ccf3f103e60f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4623",
"url": "https://www.suse.com/security/cve/CVE-2023-4623"
},
{
"category": "external",
"summary": "SUSE Bug 1215115 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1215115"
},
{
"category": "external",
"summary": "SUSE Bug 1215440 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1215440"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1219698 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1219698"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-4623",
"url": "https://bugzilla.suse.com/1221598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-4623"
},
{
"cve": "CVE-2023-46813",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-46813"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 6.5.9, exploitable by local users with userspace access to MMIO registers. Incorrect access checking in the #VC handler and instruction emulation of the SEV-ES emulation of MMIO accesses could lead to arbitrary write access to kernel memory (and thus privilege escalation). This depends on a race condition through which userspace can replace an instruction before the #VC handler reads it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-46813",
"url": "https://www.suse.com/security/cve/CVE-2023-46813"
},
{
"category": "external",
"summary": "SUSE Bug 1212649 for CVE-2023-46813",
"url": "https://bugzilla.suse.com/1212649"
},
{
"category": "external",
"summary": "SUSE Bug 1216896 for CVE-2023-46813",
"url": "https://bugzilla.suse.com/1216896"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-46813"
},
{
"cve": "CVE-2023-4881",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-4881"
}
],
"notes": [
{
"category": "general",
"text": "CVE-2023-4881 was wrongly assigned to a bug that was deemed to be a non-security issue by the Linux kernel security team.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-4881",
"url": "https://www.suse.com/security/cve/CVE-2023-4881"
},
{
"category": "external",
"summary": "SUSE Bug 1215221 for CVE-2023-4881",
"url": "https://bugzilla.suse.com/1215221"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-4881"
},
{
"cve": "CVE-2023-5345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-5345"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s fs/smb/client component can be exploited to achieve local privilege escalation.\n\nIn case of an error in smb3_fs_context_parse_param, ctx-\u003epassword was freed but the field was not set to NULL which could lead to double free.\n\nWe recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-5345",
"url": "https://www.suse.com/security/cve/CVE-2023-5345"
},
{
"category": "external",
"summary": "SUSE Bug 1215899 for CVE-2023-5345",
"url": "https://bugzilla.suse.com/1215899"
},
{
"category": "external",
"summary": "SUSE Bug 1215971 for CVE-2023-5345",
"url": "https://bugzilla.suse.com/1215971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2023-5345"
},
{
"cve": "CVE-2023-6606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6606"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability was found in smbCalcSize in fs/smb/client/netmisc.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6606",
"url": "https://www.suse.com/security/cve/CVE-2023-6606"
},
{
"category": "external",
"summary": "SUSE Bug 1217947 for CVE-2023-6606",
"url": "https://bugzilla.suse.com/1217947"
},
{
"category": "external",
"summary": "SUSE Bug 1220015 for CVE-2023-6606",
"url": "https://bugzilla.suse.com/1220015"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-6606"
},
{
"cve": "CVE-2023-6610",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-6610"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds read vulnerability was found in smb2_dump_detail in fs/smb/client/smb2ops.c in the Linux Kernel. This issue could allow a local attacker to crash the system or leak internal kernel information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-6610",
"url": "https://www.suse.com/security/cve/CVE-2023-6610"
},
{
"category": "external",
"summary": "SUSE Bug 1217946 for CVE-2023-6610",
"url": "https://bugzilla.suse.com/1217946"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-longterm-6.6.17-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-longterm-6.6.17-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2023-6610"
}
]
}
opensuse-su-2019:0065-1
Vulnerability from csaf_opensuse
Published
2019-03-23 10:47
Modified
2019-03-23 10:47
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).
- CVE-2018-14625: An attacker might have bene able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).
- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bsc#1120743).
- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).
- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).
- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).
- CVE-2018-12232: In net/socket.c there was a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash (bnc#1097593).
- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).
- CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).
- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).
- CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).
The following non-security bugs were fixed:
- ACPI / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115).
- ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).
- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).
- alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510).
- alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).
- alsa: fireface: fix for state to fetch PCM frames (bsc#1051510).
- alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510).
- alsa: firewire-lib: fix wrong assignment for 'out_packet_without_header' tracepoint (bsc#1051510).
- alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).
- alsa: firewire-lib: use the same print format for 'without_header' tracepoints (bsc#1051510).
- alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).
- alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510).
- alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).
- alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510).
- alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).
- alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).
- alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).
- alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).
- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).
- alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).
- alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).
- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).
- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).
- alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).
- alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).
- alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).
- alsa: hda/tegra: clear pending irq handlers (bsc#1051510).
- alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).
- alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510).
- alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).
- alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).
- alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).
- alsa: trident: Suppress gcc string warning (bsc#1051510).
- alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).
- alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).
- alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).
- alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).
- alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).
- apparmor: do not try to replace stale label in ptrace access check (git-fixes).
- apparmor: do not try to replace stale label in ptraceme check (git-fixes).
- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).
- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).
- arm64: atomics: Remove '&' from '+&' asm constraint in lse atomics (bsc#1120613).
- arm64: cpu_errata: include required headers (bsc#1120615).
- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).
- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).
- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).
- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).
- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).
- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).
- arm64/numa: Unify common error path in numa_init() (bsc#1120621).
- arm64: remove no-op -p linker flag (bsc#1120616).
- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).
- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).
- ASoC: intel: mrfld: fix uninitialized variable access (bsc#1051510).
- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).
- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).
- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).
- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).
- ASoC: rsnd: fixup clock start checker (bsc#1051510).
- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).
- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).
- ath6kl: Only use match sets when firmware supports it (bsc#1051510).
- b43: Fix error in cordic routine (bsc#1051510).
- bcache: fix miss key refill->end in writeback (Git-fixes).
- bcache: trace missed reading by cache_missed (Git-fixes).
- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).
- block: allow max_discard_segments to be stacked (Git-fixes).
- block: blk_init_allocated_queue() set q->fq as NULL in the fail case (Git-fixes).
- block: really disable runtime-pm for blk-mq (Git-fixes).
- block: reset bi_iter.bi_done after splitting bio (Git-fixes).
- block/swim: Fix array bounds check (Git-fixes).
- bnxt_en: do not try to offload VLAN 'modify' action (bsc#1050242 ).
- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).
- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).
- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).
- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).
- bpf: use per htab salt for bucket hash (git-fixes).
- btrfs: Always try all copies when reading extent buffers (git-fixes).
- btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).
- btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).
- btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).
- btrfs: do not check inode's runtime flags under root->orphan_lock (bsc#1111469).
- btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).
- btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).
- btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).
- btrfs: fix error handling in btrfs_truncate() (bsc#1111469).
- btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).
- btrfs: fix fsync of files with multiple hard links in new directories (1120173).
- btrfs: Fix memory barriers usage with device stats counters (git-fixes).
- btrfs: fix use-after-free on root->orphan_block_rsv (bsc#1111469).
- btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).
- btrfs: get rid of unused orphan infrastructure (bsc#1111469).
- btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).
- btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).
- btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).
- btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).
- btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).
- btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).
- btrfs: stop creating orphan items for truncate (bsc#1111469).
- btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).
- btrfs: update stale comments referencing vmtruncate() (bsc#1111469).
- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).
- cdrom: do not attempt to fiddle with cdo->capability (bsc#1051510).
- ceph: do not update importing cap's mseq when handing cap export (bsc#1121273).
- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).
- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).
- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).
- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).
- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).
- config: arm64: enable erratum 1024718
- cpufeature: avoid warning when compiling with clang (Git-fixes).
- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).
- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).
- cpupower: remove stringop-truncation waring (git-fixes).
- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).
- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().
- crypto: ccp - Add GET_ID SEV command ().
- crypto: ccp - Add psp enabled message when initialization succeeds ().
- crypto: ccp - Add support for new CCP/PSP device ID ().
- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().
- crypto: ccp - Fix static checker warning ().
- crypto: ccp - Remove unused #defines ().
- crypto: ccp - Support register differences between PSP devices ().
- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).
- dax: Check page->mapping isn't NULL (bsc#1120054).
- dax: Do not access a freed inode (bsc#1120055).
- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).
- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).
- disable stringop truncation warnings for now (git-fixes).
- dm: allocate struct mapped_device with kvzalloc (Git-fixes).
- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).
- dm cache: fix resize crash if user does not reload cache table (Git-fixes).
- dm cache metadata: ignore hints array being too small during resize (Git-fixes).
- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).
- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).
- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).
- dm crypt: do not decrease device limits (Git-fixes).
- dm: fix report zone remapping to account for partition offset (Git-fixes).
- dm integrity: change 'suspending' variable from bool to int (Git-fixes).
- dm ioctl: harden copy_params()'s copy_from_user() from malicious users (Git-fixes).
- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).
- dm linear: fix linear_end_io conditional definition (Git-fixes).
- dm thin: handle running out of data space vs concurrent discard (Git-fixes).
- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).
- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).
- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).
- dm writecache: report start_sector in status line (Git-fixes).
- dm zoned: fix metadata block ref counting (Git-fixes).
- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).
- doc/README.SUSE: correct GIT url No more gitorious, github we use.
- drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).
- drivers/net/usb/r8152: remove the unneeded variable 'ret' in rtl8152_system_suspend (bsc#1119749).
- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)
- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)
- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)
- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)
- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)
- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)
- drm: rcar-du: Fix external clock error checks (bsc#1113722)
- drm: rcar-du: Fix vblank initialization (bsc#1113722)
- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)
- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)
- drm/vc4: Set ->is_yuv to false when num_planes == 1 (bsc#1113722)
- drm/vc4: ->x_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)
- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).
- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).
- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).
- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).
- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).
- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).
- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).
- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).
- dt-bindings: pwm: renesas: tpu: Fix 'compatible' prop description (git-fixes).
- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).
- edac, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279).
- edac, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).
- efi: Move some sysfs files to be read-only by root (bsc#1051510).
- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).
- exportfs: fix 'passing zero to ERR_PTR()' warning (bsc#1118773).
- ext2: fix potential use after free (bsc#1118775).
- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).
- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).
- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).
- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).
- extable: Consolidate *kernel_text_address() functions (bsc#1120092).
- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).
- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)
- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)
- firmware: add firmware_request_nowarn() - load firmware without warnings ().
- Fix the breakage of KMP build on x86_64 (bsc#1121017)
- fscache: Fix race in fscache_op_complete() due to split atomic_sub & read (Git-fixes).
- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).
- fs: fix lost error code in dio_complete (bsc#1118762).
- fs/xfs: Use %pS printk format for direct addresses (git-fixes).
- fuse: fix blocked_waitq wakeup (git-fixes).
- fuse: fix leaked notify reply (git-fixes).
- fuse: fix possibly missed wake-up after abort (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).
- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).
- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).
- fuse: set FR_SENT while locked (git-fixes).
- gcc-plugins: Add include required by GCC release 8 (git-fixes).
- gcc-plugins: Use dynamic initializers (git-fixes).
- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).
- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).
- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).
- gfs2_meta: ->mount() can get NULL dev_name (bsc#1118768).
- gfs2: Put bitmap buffers in put_super (bsc#1118772).
- git_sort.py: Remove non-existent remote tj/libata
- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).
- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).
- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).
- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).
- HID: Add quirk for Primax PIXART OEM mice (bsc#1119410).
- HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).
- HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).
- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- i2c: axxia: properly handle master timeout (bsc#1051510).
- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).
- ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).
- ibmvnic: Convert reset work item mutex to spin lock ().
- ibmvnic: Fix non-atomic memory allocation in IRQ context ().
- ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387).
- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).
- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).
- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).
- Include modules.fips in kernel-binary as well as kernel-binary-base ().
- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).
- input: add official Raspberry Pi's touchscreen driver ().
- input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).
- input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).
- input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).
- input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).
- input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).
- input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).
- input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).
- input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).
- input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).
- input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).
- input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).
- integrity/security: fix digsig.c build error with header file (bsc#1051510).
- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).
- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).
- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).
- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).
- iwlwifi: fix LED command capability bit (bsc#1119086).
- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).
- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).
- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).
- jump_label: Split out code under the hotplug lock (bsc#1106913).
- kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).
- kabi protect hnae_ae_ops (bsc#1104353).
- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).
- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).
- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).
- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).
- kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).
- kbuild: verify that $DEPMOD is installed (git-fixes).
- kernfs: Replace strncpy with memcpy (bsc#1120053).
- keys: Fix the use of the C++ keyword 'private' in uapi/linux/keyctl.h (Git-fixes).
- kobject: Replace strncpy with memcpy (git-fixes).
- kprobes: Make list and blacklist root user read only (git-fixes).
- kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).
- kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279).
- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).
- libceph: fall back to sendmsg for slab pages (bsc#1118316).
- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).
- lib/raid6: Fix arm64 test build (bsc#1051510).
- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).
- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).
- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).
- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).
- locking/static_keys: Improve uninitialized key warning (bsc#1106913).
- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).
- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).
- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).
- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).
- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).
- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).
- Mark HI and TASKLET softirq synchronous (git-fixes).
- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).
- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).
- media: omap3isp: Unregister media device as first (bsc#1051510).
- mmc: bcm2835: reset host on timeout (bsc#1051510).
- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).
- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).
- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).
- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).
- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).
- MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).
- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).
- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).
- mm: do not miss the last page because of round-off error (bnc#1118798).
- mm: do not warn about large allocations for slab (git fixes (slab)).
- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).
- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).
- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).
- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).
- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).
- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).
- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).
- mm: only report isolation failures when offlining memory (generic hotplug debugability).
- mm: print more information about mapping in __dump_page (generic hotplug debugability).
- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).
- mm: sections are not offlined during memory hotremove (bnc#1119968).
- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).
- mm/vmstat.c: fix NUMA statistics updates (git fixes).
- Move dell_rbu fix to sorted section (bsc#1087978).
- mtd: cfi: convert inline functions to macros (git-fixes).
- mtd: Fix comparison in map_word_andequal() (git-fixes).
- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).
- nbd: do not allow invalid blocksize settings (Git-fixes).
- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).
- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).
- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).
- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).
- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).
- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).
- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).
- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).
- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).
- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).
- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).
- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).
- net: hns3: bugfix for rtnl_lock's range in the hclgevf_reset() (bsc#1104353).
- net: hns3: bugfix for the initialization of command queue's spin lock (bsc#1104353).
- net: hns3: Check hdev state when getting link status (bsc#1104353).
- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).
- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).
- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).
- net: hns3: Fix ets validate issue (bsc#1104353).
- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).
- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).
- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).
- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).
- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).
- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).
- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).
- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).
- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).
- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).
- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).
- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).
- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).
- net: usb: r8152: constify usb_device_id (bsc#1119749).
- net: usb: r8152: use irqsave() in USB's complete callback (bsc#1119749).
- nospec: Allow index argument to have const-qualified type (git-fixes)
- nospec: Kill array_index_nospec_mask_check() (git-fixes).
- nvme-fc: resolve io failures during connect (bsc#1116803).
- nvme-multipath: zero out ANA log buffer (bsc#1105168).
- nvme: validate controller state before rescheduling keep alive (bsc#1103257).
- objtool: Detect RIP-relative switch table references (bsc#1058115).
- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).
- objtool: Fix another switch table detection issue (bsc#1058115).
- objtool: Fix double-free in .cold detection error path (bsc#1058115).
- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).
- objtool: Fix 'noreturn' detection for recursive sibling calls (bsc#1058115).
- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).
- objtool: Support GCC 8's cold subfunctions (bsc#1058115).
- objtool: Support GCC 8 switch tables (bsc#1058115).
- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).
- PCI: Add ACS quirk for Ampere root ports (bsc#1120058).
- PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058).
- PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).
- PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).
- PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).
- PCI: Export pcie_has_flr() (bsc#1120058).
- PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).
- PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).
- PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).
- PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).
- perf tools: Fix tracing_path_mount proper path (git-fixes).
- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).
- powerpc/64s: consolidate MCE counter increment (bsc#1094244).
- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).
- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).
- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).
- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).
- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).
- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).
- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).
- power: supply: olpc_battery: correct the temperature units (bsc#1051510).
- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).
- qed: Add driver support for 20G link speed (bsc#1110558).
- qed: Add support for virtual link (bsc#1111795).
- qede: Add driver support for 20G link speed (bsc#1110558).
- r8152: add byte_enable for ocp_read_word function (bsc#1119749).
- r8152: add Linksys USB3GIGV1 id (bsc#1119749).
- r8152: add r8153_phy_status function (bsc#1119749).
- r8152: adjust lpm settings for RTL8153 (bsc#1119749).
- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).
- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).
- r8152: adjust U2P3 for RTL8153 (bsc#1119749).
- r8152: avoid rx queue more than 1000 packets (bsc#1119749).
- r8152: check if disabling ALDPS is finished (bsc#1119749).
- r8152: correct the definition (bsc#1119749).
- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).
- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).
- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).
- r8152: move calling delay_autosuspend function (bsc#1119749).
- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).
- r8152: move the initialization to reset_resume function (bsc#1119749).
- r8152: move the setting of rx aggregation (bsc#1119749).
- r8152: replace napi_complete with napi_complete_done (bsc#1119749).
- r8152: set rx mode early when linking on (bsc#1119749).
- r8152: split rtl8152_resume function (bsc#1119749).
- r8152: support new chip 8050 (bsc#1119749).
- r8152: support RTL8153B (bsc#1119749).
- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).
- rcu: Allow for page faults in NMI handlers (bsc#1120092).
- rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).
- rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).
- rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).
- rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).
- rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).
- rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387).
- reset: remove remaining WARN_ON() in <linux/reset.h> (Git-fixes).
- Revert commit ef9209b642f 'staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c' (bsc#1051510).
- Revert 'iommu/io-pgtable-arm: Check for v7s-incapable systems' (bsc#1106105).
- Revert 'PCI/ASPM: Do not initialize link state when aspm_disabled is set' (bsc#1051510).
- Revert 'scsi: lpfc: ls_rjt erroneus FLOGIs' (bsc#1119322).
- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).
- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).
- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).
- rtc: hctosys: Add missing range error reporting (bsc#1051510).
- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).
- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).
- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).
- rtl8xxxu: Fix missing break in switch (bsc#1051510).
- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).
- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).
- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).
- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).
- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).
- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).
- sbitmap: fix race in wait batch accounting (Git-fixes).
- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).
- sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)).
- sched/smt: Expose sched_smt_present static key (bsc#1106913).
- sched/smt: Make sched_smt_present track topology (bsc#1106913).
- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).
- scripts/git-pre-commit: make executable.
- scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe.
- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).
- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).
- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).
- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).
- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).
- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).
- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).
- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).
- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).
- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).
- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).
- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).
- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).
- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).
- scsi: lpfc: rport port swap discovery issue (bsc#1118215).
- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).
- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).
- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).
- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).
- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).
- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).
- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).
- soc: bcm2835: sync firmware properties with downstream ()
- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).
- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).
- spi: bcm2835: Fix race on DMA termination (bsc#1051510).
- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).
- splice: do not read more than available pipe space (bsc#1119212).
- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).
- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).
- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).
- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).
- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).
- Stop building F2FS (boo#1109665) As per the information in the bugzilla issue f2fs is no longer supported on opensuse distributions.
- supported.conf: add raspberrypi-ts driver
- supported.conf: whitelist bluefield eMMC driver
- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).
- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).
- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).
- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).
- test_hexdump: use memcpy instead of strncpy (bsc#1051510).
- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).
- tools: hv: fcopy: set 'error' in case an unknown operation was requested (git-fixes).
- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).
- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).
- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).
- tracing/blktrace: Fix to allow setting same value (Git-fixes).
- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).
- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).
- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).
- tracing: Fix double free of event_trigger_data (bsc#1120234).
- tracing: Fix missing return symbol in function_graph output (bsc#1120232).
- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).
- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).
- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).
- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).
- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).
- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).
- tty: Do not return -EAGAIN in blocking read (bsc#1116040).
- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).
- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).
- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).
- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).
- unifdef: use memcpy instead of strncpy (bsc#1051510).
- usb: appledisplay: Add 27' Apple Cinema Display (bsc#1051510).
- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).
- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).
- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).
- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).
- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).
- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).
- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).
- usb: omap_udc: use devm_request_irq() (bsc#1051510).
- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).
- usb: serial: option: add Fibocom NL668 series (bsc#1051510).
- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).
- usb: serial: option: add HP lt4132 (bsc#1051510).
- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).
- usb: serial: option: add Telit LN940 series (bsc#1051510).
- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).
- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).
- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).
- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).
- userfaultfd: clear the vma->vm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).
- userfaultfd: remove uffd flags from vma->vm_flags if UFFD_EVENT_FORK fails (bsc#1118809).
- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).
- watchdog/core: Add missing prototypes for weak functions (git-fixes).
- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).
- wlcore: Fix the return value in case of error in 'wlcore_vendor_cmd_smart_config_start()' (bsc#1051510).
- x86/bugs: Add AMD's SPEC_CTRL MSR usage (bsc#1106913).
- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).
- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).
- x86/decoder: Fix and update the opcodes map (bsc#1058115).
- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).
- x86/l1tf: Show actual SMT state (bsc#1106913).
- x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279).
- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).
- x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).
- x86/PCI: Add 'pci=big_root_window' option for AMD 64-bit windows (bsc#1120058).
- x86/PCI: Apply VMD's AERSID fixup generically (bsc#1120058).
- x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).
- x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).
- x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058).
- x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).
- x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).
- x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).
- x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).
- x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058).
- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).
- x86/pti: Document fix wrong index (git-fixes).
- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).
- x86/retpoline: Remove minimal retpoline support (bsc#1106913).
- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).
- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).
- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).
- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).
- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).
- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).
- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).
- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).
- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).
- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).
- x86/speculation: Mark string arrays const correctly (bsc#1106913).
- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).
- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).
- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).
- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).
- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).
- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).
- x86/speculation: Provide IBPB always command line options (bsc#1106913).
- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).
- x86/speculation: Rename SSBD update functions (bsc#1106913).
- x86/speculation: Reorder the spec_v2 code (bsc#1106913).
- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).
- x86/speculation: Rework SMT state change (bsc#1106913).
- x86/speculation: Split out TIF update (bsc#1106913).
- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).
- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).
- xen/netfront: tolerate frags with no data (bnc#1119804).
- xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).
- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).
- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).
- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).
- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).
- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).
- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).
- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).
Patchnames
openSUSE-2019-65
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe openSUSE Leap 15.0 kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2018-19407: The vcpu_scan_ioapic function in arch/x86/kvm/x86.c allowed local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized (bnc#1116841).\n- CVE-2018-14625: An attacker might have bene able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients (bnc#1106615).\n- CVE-2018-19985: The function hso_probe read if_num from the USB device (as an u8) and used it without a length check to index an array, resulting in an OOB memory read in hso_probe or hso_get_config_data that could be used by local attackers (bsc#1120743).\n- CVE-2018-16884: NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out (bnc#1119946).\n- CVE-2018-20169: The USB subsystem mishandled size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c (bnc#1119714).\n- CVE-2018-18397: The userfaultfd implementation mishandled access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c (bnc#1117656).\n- CVE-2018-12232: In net/socket.c there was a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat did not increment the file descriptor reference count, which allowed close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash (bnc#1097593).\n- CVE-2018-9568: In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. (bnc#1118319).\n- CVE-2018-16862: A security flaw was found in the way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one (bnc#1117186).\n- CVE-2018-19854: An issue was discovered in the crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker did not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option) (bnc#1118428).\n- CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c (bnc#1118152).\n\nThe following non-security bugs were fixed:\n\n- ACPI / CPPC: Check for valid PCC subspace only if PCC is used (bsc#1117115).\n- ACPI / CPPC: Update all pr_(debug/err) messages to log the susbspace id (bsc#1117115).\n- aio: fix spectre gadget in lookup_ioctx (bsc#1120594).\n- alsa: cs46xx: Potential NULL dereference in probe (bsc#1051510).\n- alsa: emu10k1: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n- alsa: emux: Fix potential Spectre v1 vulnerabilities (bsc#1051510).\n- alsa: fireface: fix for state to fetch PCM frames (bsc#1051510).\n- alsa: fireface: fix reference to wrong register for clock configuration (bsc#1051510).\n- alsa: firewire-lib: fix wrong assignment for \u0027out_packet_without_header\u0027 tracepoint (bsc#1051510).\n- alsa: firewire-lib: fix wrong handling payload_length as payload_quadlet (bsc#1051510).\n- alsa: firewire-lib: use the same print format for \u0027without_header\u0027 tracepoints (bsc#1051510).\n- alsa: hda: add mute LED support for HP EliteBook 840 G4 (bsc#1051510).\n- alsa: hda: Add support for AMD Stoney Ridge (bsc#1051510).\n- alsa: hda/ca0132 - make pci_iounmap() call conditional (bsc#1051510).\n- alsa: hda: fix front speakers on Huawei MBXP (bsc#1051510).\n- alsa: hda/realtek - Add support for Acer Aspire C24-860 headset mic (bsc#1051510).\n- alsa: hda/realtek - Add unplug function into unplug state of Headset Mode for ALC225 (bsc#1051510).\n- alsa: hda/realtek: ALC286 mic and headset-mode fixups for Acer Aspire U27-880 (bsc#1051510).\n- alsa: hda/realtek: ALC294 mic and headset-mode fixups for ASUS X542UN (bsc#1051510).\n- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bsc#1051510).\n- alsa: hda/realtek: Enable audio jacks of ASUS UX391UA with ALC294 (bsc#1051510).\n- alsa: hda/realtek: Enable audio jacks of ASUS UX433FN/UX333FA with ALC294 (bsc#1051510).\n- alsa: hda/realtek: Enable audio jacks of ASUS UX533FD with ALC294 (bsc#1051510).\n- alsa: hda/realtek: Enable the headset mic auto detection for ASUS laptops (bsc#1051510).\n- alsa: hda/realtek - Fixed headphone issue for ALC700 (bsc#1051510).\n- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4660G (bsc#1051510).\n- alsa: hda/realtek: Fix mic issue on Acer AIO Veriton Z4860G/Z6860G (bsc#1051510).\n- alsa: hda/realtek - Fix speaker output regression on Thinkpad T570 (bsc#1051510).\n- alsa: hda/realtek - Fix the mute LED regresion on Lenovo X1 Carbon (bsc#1051510).\n- alsa: hda/realtek - Support Dell headset mode for New AIO platform (bsc#1051510).\n- alsa: hda/tegra: clear pending irq handlers (bsc#1051510).\n- alsa: pcm: Call snd_pcm_unlink() conditionally at closing (bsc#1051510).\n- alsa: pcm: Fix interval evaluation with openmin/max (bsc#1051510).\n- alsa: pcm: Fix potential Spectre v1 vulnerability (bsc#1051510).\n- alsa: pcm: Fix starvation on down_write_nonblock() (bsc#1051510).\n- alsa: rme9652: Fix potential Spectre v1 vulnerability (bsc#1051510).\n- alsa: trident: Suppress gcc string warning (bsc#1051510).\n- alsa: usb-audio: Add SMSL D1 to quirks for native DSD support (bsc#1051510).\n- alsa: usb-audio: Add support for Encore mDSD USB DAC (bsc#1051510).\n- alsa: usb-audio: Avoid access before bLength check in build_audio_procunit() (bsc#1051510).\n- alsa: usb-audio: Fix an out-of-bound read in create_composite_quirks (bsc#1051510).\n- alsa: x86: Fix runtime PM for hdmi-lpe-audio (bsc#1051510).\n- apparmor: do not try to replace stale label in ptrace access check (git-fixes).\n- apparmor: do not try to replace stale label in ptraceme check (git-fixes).\n- apparmor: Fix uninitialized value in aa_split_fqname (git-fixes).\n- arm64: Add work around for Arm Cortex-A55 Erratum 1024718 (bsc#1120612).\n- arm64: atomics: Remove \u0027\u0026\u0027 from \u0027+\u0026\u0027 asm constraint in lse atomics (bsc#1120613).\n- arm64: cpu_errata: include required headers (bsc#1120615).\n- arm64: dma-mapping: Fix FORCE_CONTIGUOUS buffer clearing (bsc#1120633).\n- arm64: Fix /proc/iomem for reserved but not memory regions (bsc#1120632).\n- arm64: lse: Add early clobbers to some input/output asm operands (bsc#1120614).\n- arm64: lse: remove -fcall-used-x0 flag (bsc#1120618).\n- arm64: mm: always enable CONFIG_HOLES_IN_ZONE (bsc#1120617).\n- arm64/numa: Report correct memblock range for the dummy node (bsc#1120620).\n- arm64/numa: Unify common error path in numa_init() (bsc#1120621).\n- arm64: remove no-op -p linker flag (bsc#1120616).\n- ASoC: dapm: Recalculate audio map forcely when card instantiated (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Clapper (bsc#1051510).\n- ASoC: intel: cht_bsw_max98090_ti: Add pmc_plt_clk_0 quirk for Chromebook Gnawty (bsc#1051510).\n- ASoC: intel: mrfld: fix uninitialized variable access (bsc#1051510).\n- ASoC: omap-abe-twl6040: Fix missing audio card caused by deferred probing (bsc#1051510).\n- ASoC: omap-dmic: Add pm_qos handling to avoid overruns with CPU_IDLE (bsc#1051510).\n- ASoC: omap-mcbsp: Fix latency value calculation for pm_qos (bsc#1051510).\n- ASoC: omap-mcpdm: Add pm_qos handling to avoid under/overruns with CPU_IDLE (bsc#1051510).\n- ASoC: rsnd: fixup clock start checker (bsc#1051510).\n- ASoC: wm_adsp: Fix dma-unsafe read of scratch registers (bsc#1051510).\n- ath10k: do not assume this is a PCI dev in generic code (bsc#1051510).\n- ath6kl: Only use match sets when firmware supports it (bsc#1051510).\n- b43: Fix error in cordic routine (bsc#1051510).\n- bcache: fix miss key refill-\u003eend in writeback (Git-fixes).\n- bcache: trace missed reading by cache_missed (Git-fixes).\n- blk-mq: remove synchronize_rcu() from blk_mq_del_queue_tag_set() (Git-fixes).\n- block: allow max_discard_segments to be stacked (Git-fixes).\n- block: blk_init_allocated_queue() set q-\u003efq as NULL in the fail case (Git-fixes).\n- block: really disable runtime-pm for blk-mq (Git-fixes).\n- block: reset bi_iter.bi_done after splitting bio (Git-fixes).\n- block/swim: Fix array bounds check (Git-fixes).\n- bnxt_en: do not try to offload VLAN \u0027modify\u0027 action (bsc#1050242 ).\n- bnxt_en: Fix enables field in HWRM_QUEUE_COS2BW_CFG request (bsc#1086282).\n- bnxt_en: Fix VNIC reservations on the PF (bsc#1086282 ).\n- bnxt_en: get the reduced max_irqs by the ones used by RDMA (bsc#1050242).\n- bpf: fix check of allowed specifiers in bpf_trace_printk (bsc#1083647).\n- bpf: use per htab salt for bucket hash (git-fixes).\n- btrfs: Always try all copies when reading extent buffers (git-fixes).\n- btrfs: delete dead code in btrfs_orphan_add() (bsc#1111469).\n- btrfs: delete dead code in btrfs_orphan_commit_root() (bsc#1111469).\n- btrfs: do not BUG_ON() in btrfs_truncate_inode_items() (bsc#1111469).\n- btrfs: do not check inode\u0027s runtime flags under root-\u003eorphan_lock (bsc#1111469).\n- btrfs: do not return ino to ino cache if inode item removal fails (bsc#1111469).\n- btrfs: fix ENOSPC caused by orphan items reservations (bsc#1111469).\n- btrfs: Fix error handling in btrfs_cleanup_ordered_extents (git-fixes).\n- btrfs: fix error handling in btrfs_truncate() (bsc#1111469).\n- btrfs: fix error handling in btrfs_truncate_inode_items() (bsc#1111469).\n- btrfs: fix fsync of files with multiple hard links in new directories (1120173).\n- btrfs: Fix memory barriers usage with device stats counters (git-fixes).\n- btrfs: fix use-after-free on root-\u003eorphan_block_rsv (bsc#1111469).\n- btrfs: get rid of BTRFS_INODE_HAS_ORPHAN_ITEM (bsc#1111469).\n- btrfs: get rid of unused orphan infrastructure (bsc#1111469).\n- btrfs: move btrfs_truncate_block out of trans handle (bsc#1111469).\n- btrfs: qgroup: Dirty all qgroups before rescan (bsc#1120036).\n- btrfs: refactor btrfs_evict_inode() reserve refill dance (bsc#1111469).\n- btrfs: renumber BTRFS_INODE_ runtime flags and switch to enums (bsc#1111469).\n- btrfs: reserve space for O_TMPFILE orphan item deletion (bsc#1111469).\n- btrfs: run delayed items before dropping the snapshot (bsc#1121263, bsc#1111188).\n- btrfs: stop creating orphan items for truncate (bsc#1111469).\n- btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875).\n- btrfs: update stale comments referencing vmtruncate() (bsc#1111469).\n- can: flexcan: flexcan_irq(): fix indention (bsc#1051510).\n- cdrom: do not attempt to fiddle with cdo-\u003ecapability (bsc#1051510).\n- ceph: do not update importing cap\u0027s mseq when handing cap export (bsc#1121273).\n- char_dev: extend dynamic allocation of majors into a higher range (bsc#1121058).\n- char_dev: Fix off-by-one bugs in find_dynamic_major() (bsc#1121058).\n- clk: mmp: Off by one in mmp_clk_add() (bsc#1051510).\n- clk: mvebu: Off by one bugs in cp110_of_clk_get() (bsc#1051510).\n- compiler-gcc.h: Add __attribute__((gnu_inline)) to all inline declarations (git-fixes).\n- config: arm64: enable erratum 1024718\n- cpufeature: avoid warning when compiling with clang (Git-fixes).\n- cpufreq / CPPC: Add cpuinfo_cur_freq support for CPPC (bsc#1117115).\n- cpufreq: CPPC: fix build in absence of v3 support (bsc#1117115).\n- cpupower: remove stringop-truncation waring (git-fixes).\n- crypto: bcm - fix normal/non key hash algorithm failure (bsc#1051510).\n- crypto: ccp - Add DOWNLOAD_FIRMWARE SEV command ().\n- crypto: ccp - Add GET_ID SEV command ().\n- crypto: ccp - Add psp enabled message when initialization succeeds ().\n- crypto: ccp - Add support for new CCP/PSP device ID ().\n- crypto: ccp - Allow SEV firmware to be chosen based on Family and Model ().\n- crypto: ccp - Fix static checker warning ().\n- crypto: ccp - Remove unused #defines ().\n- crypto: ccp - Support register differences between PSP devices ().\n- dasd: fix deadlock in dasd_times_out (bsc#1121477, LTC#174111).\n- dax: Check page-\u003emapping isn\u0027t NULL (bsc#1120054).\n- dax: Do not access a freed inode (bsc#1120055).\n- device property: Define type of PROPERTY_ENRTY_*() macros (bsc#1051510).\n- device property: fix fwnode_graph_get_next_endpoint() documentation (bsc#1051510).\n- disable stringop truncation warnings for now (git-fixes).\n- dm: allocate struct mapped_device with kvzalloc (Git-fixes).\n- dm cache: destroy migration_cache if cache target registration failed (Git-fixes).\n- dm cache: fix resize crash if user does not reload cache table (Git-fixes).\n- dm cache metadata: ignore hints array being too small during resize (Git-fixes).\n- dm cache metadata: save in-core policy_hint_size to on-disk superblock (Git-fixes).\n- dm cache metadata: set dirty on all cache blocks after a crash (Git-fixes).\n- dm cache: only allow a single io_mode cache feature to be requested (Git-fixes).\n- dm crypt: do not decrease device limits (Git-fixes).\n- dm: fix report zone remapping to account for partition offset (Git-fixes).\n- dm integrity: change \u0027suspending\u0027 variable from bool to int (Git-fixes).\n- dm ioctl: harden copy_params()\u0027s copy_from_user() from malicious users (Git-fixes).\n- dm linear: eliminate linear_end_io call if CONFIG_DM_ZONED disabled (Git-fixes).\n- dm linear: fix linear_end_io conditional definition (Git-fixes).\n- dm thin: handle running out of data space vs concurrent discard (Git-fixes).\n- dm thin metadata: remove needless work from __commit_transaction (Git-fixes).\n- dm thin: stop no_space_timeout worker when switching to write-mode (Git-fixes).\n- dm writecache: fix a crash due to reading past end of dirty_bitmap (Git-fixes).\n- dm writecache: report start_sector in status line (Git-fixes).\n- dm zoned: fix metadata block ref counting (Git-fixes).\n- dm zoned: fix various dmz_get_mblock() issues (Git-fixes).\n- doc/README.SUSE: correct GIT url No more gitorious, github we use.\n- drivers/net/usb: add device id for TP-LINK UE300 USB 3.0 Ethernet (bsc#1119749).\n- drivers/net/usb/r8152: remove the unneeded variable \u0027ret\u0027 in rtl8152_system_suspend (bsc#1119749).\n- drm/amdgpu/gmc8: update MC firmware for polaris (bsc#1113722)\n- drm/amdgpu: update mc firmware image for polaris12 variants (bsc#1113722)\n- drm/amdgpu: update SMC firmware image for polaris10 variants (bsc#1113722)\n- drm/i915/execlists: Apply a full mb before execution for Braswell (bsc#1113722)\n- drm/ioctl: Fix Spectre v1 vulnerabilities (bsc#1113722)\n- drm/nouveau/kms: Fix memory leak in nv50_mstm_del() (bsc#1113722)\n- drm: rcar-du: Fix external clock error checks (bsc#1113722)\n- drm: rcar-du: Fix vblank initialization (bsc#1113722)\n- drm/rockchip: psr: do not dereference encoder before it is null (bsc#1113722)\n- drm: set is_master to 0 upon drm_new_set_master() failure (bsc#1113722)\n- drm/vc4: Set -\u003eis_yuv to false when num_planes == 1 (bsc#1113722)\n- drm/vc4: -\u003ex_scaling[1] should never be set to VC4_SCALING_NONE (bsc#1113722)\n- dt-bindings: add compatible string for Allwinner V3s SoC (git-fixes).\n- dt-bindings: arm: Document SoC compatible value for Armadillo-800 EVA (git-fixes).\n- dt-bindings: clock: add rk3399 DDR3 standard speed bins (git-fixes).\n- dt-bindings: clock: mediatek: add binding for fixed-factor clock axisel_d4 (git-fixes).\n- dt-bindings: mfd: axp20x: Add AXP806 to supported list of chips (git-fixes).\n- dt-bindings: net: Remove duplicate NSP Ethernet MAC binding document (git-fixes).\n- dt-bindings: panel: lvds: Fix path to display timing bindings (git-fixes).\n- dt-bindings: phy: sun4i-usb-phy: Add property descriptions for H3 (git-fixes).\n- dt-bindings: pwm: renesas: tpu: Fix \u0027compatible\u0027 prop description (git-fixes).\n- dt-bindings: rcar-dmac: Document missing error interrupt (git-fixes).\n- edac, {i7core,sb,skx}_edac: Fix uncorrected error counting (bsc#1114279).\n- edac, skx_edac: Fix logical channel intermediate decoding (bsc#1114279).\n- efi: Move some sysfs files to be read-only by root (bsc#1051510).\n- ethernet: fman: fix wrong of_node_put() in probe function (bsc#1119017).\n- exportfs: fix \u0027passing zero to ERR_PTR()\u0027 warning (bsc#1118773).\n- ext2: fix potential use after free (bsc#1118775).\n- ext4: avoid possible double brelse() in add_new_gdb() on error path (bsc#1118760).\n- ext4: fix EXT4_IOC_GROUP_ADD ioctl (bsc#1120604).\n- ext4: fix possible use after free in ext4_quota_enable (bsc#1120602).\n- ext4: missing unlock/put_page() in ext4_try_to_write_inline_data() (bsc#1120603).\n- extable: Consolidate *kernel_text_address() functions (bsc#1120092).\n- extable: Enable RCU if it is not watching in kernel_text_address() (bsc#1120092).\n- fbdev: fbcon: Fix unregister crash when more than one framebuffer (bsc#1113722)\n- fbdev: fbmem: behave better with small rotated displays and many CPUs (bsc#1113722)\n- firmware: add firmware_request_nowarn() - load firmware without warnings ().\n- Fix the breakage of KMP build on x86_64 (bsc#1121017)\n- fscache: Fix race in fscache_op_complete() due to split atomic_sub \u0026 read (Git-fixes).\n- fscache: Pass the correct cancelled indications to fscache_op_complete() (Git-fixes).\n- fs: fix lost error code in dio_complete (bsc#1118762).\n- fs/xfs: Use %pS printk format for direct addresses (git-fixes).\n- fuse: fix blocked_waitq wakeup (git-fixes).\n- fuse: fix leaked notify reply (git-fixes).\n- fuse: fix possibly missed wake-up after abort (git-fixes).\n- fuse: Fix use-after-free in fuse_dev_do_read() (git-fixes).\n- fuse: Fix use-after-free in fuse_dev_do_write() (git-fixes).\n- fuse: fix use-after-free in fuse_direct_IO() (git-fixes).\n- fuse: set FR_SENT while locked (git-fixes).\n- gcc-plugins: Add include required by GCC release 8 (git-fixes).\n- gcc-plugins: Use dynamic initializers (git-fixes).\n- gfs2: Do not leave s_fs_info pointing to freed memory in init_sbd (bsc#1118769).\n- gfs2: Fix loop in gfs2_rbm_find (bsc#1120601).\n- gfs2: Get rid of potential double-freeing in gfs2_create_inode (bsc#1120600).\n- gfs2_meta: -\u003emount() can get NULL dev_name (bsc#1118768).\n- gfs2: Put bitmap buffers in put_super (bsc#1118772).\n- git_sort.py: Remove non-existent remote tj/libata\n- gpio: davinci: Remove unused member of davinci_gpio_controller (git-fixes).\n- gpiolib-acpi: Only defer request_irq for GpioInt ACPI event handlers (bsc#1051510).\n- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (bsc#1051510).\n- gpio: max7301: fix driver for use with CONFIG_VMAP_STACK (bsc#1051510).\n- gpio: mvebu: only fail on missing clk if pwm is actually to be used (bsc#1051510).\n- HID: Add quirk for Primax PIXART OEM mice (bsc#1119410).\n- HID: input: Ignore battery reported by Symbol DS4308 (bsc#1051510).\n- HID: multitouch: Add pointstick support for Cirque Touchpad (bsc#1051510).\n- hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n- i2c: axxia: properly handle master timeout (bsc#1051510).\n- i2c: scmi: Fix probe error on devices with an empty SMB0001 ACPI device node (bsc#1051510).\n- ib/hfi1: Add mtu check for operational data VLs (bsc#1060463 ).\n- ibmvnic: Convert reset work item mutex to spin lock ().\n- ibmvnic: Fix non-atomic memory allocation in IRQ context ().\n- ib/rxe: support for 802.1q VLAN on the listener (bsc#1082387).\n- ieee802154: 6lowpan: set IFLA_LINK (bsc#1051510).\n- ieee802154: at86rf230: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n- ieee802154: at86rf230: use __func__ macro for debug messages (bsc#1051510).\n- ieee802154: fakelb: switch from BUG_ON() to WARN_ON() on problem (bsc#1051510).\n- Include modules.fips in kernel-binary as well as kernel-binary-base ().\n- initramfs: fix initramfs rebuilds w/ compression after disabling (git-fixes).\n- input: add official Raspberry Pi\u0027s touchscreen driver ().\n- input: cros_ec_keyb - fix button/switch capability reports (bsc#1051510).\n- input: elan_i2c - add ACPI ID for Lenovo IdeaPad 330-15ARR (bsc#1051510).\n- input: elan_i2c - add ELAN0620 to the ACPI table (bsc#1051510).\n- input: elan_i2c - add support for ELAN0621 touchpad (bsc#1051510).\n- input: hyper-v - fix wakeup from suspend-to-idle (bsc#1051510).\n- input: matrix_keypad - check for errors from of_get_named_gpio() (bsc#1051510).\n- input: nomadik-ske-keypad - fix a loop timeout test (bsc#1051510).\n- input: omap-keypad - fix keyboard debounce configuration (bsc#1051510).\n- input: synaptics - add PNP ID for ThinkPad P50 to SMBus (bsc#1051510).\n- input: synaptics - enable SMBus for HP 15-ay000 (bsc#1051510).\n- input: xpad - quirk all PDP Xbox One gamepads (bsc#1051510).\n- integrity/security: fix digsig.c build error with header file (bsc#1051510).\n- intel_th: msu: Fix an off-by-one in attribute store (bsc#1051510).\n- iommu/amd: Fix amd_iommu=force_isolation (bsc#1106105).\n- iommu/vt-d: Handle domain agaw being less than iommu agaw (bsc#1106105).\n- iwlwifi: add new cards for 9560, 9462, 9461 and killer series (bsc#1051510).\n- iwlwifi: fix LED command capability bit (bsc#1119086).\n- iwlwifi: nvm: get num of hw addresses from firmware (bsc#1119086).\n- iwlwifi: pcie: do not reset TXQ write pointer (bsc#1051510).\n- jffs2: free jffs2_sb_info through jffs2_kill_sb() (bsc#1118767).\n- jump_label: Split out code under the hotplug lock (bsc#1106913).\n- kabi: hwpoison, memory_hotplug: allow hwpoisoned pages to be offlined (bnc#1116336).\n- kabi protect hnae_ae_ops (bsc#1104353).\n- kbuild: allow to use GCC toolchain not in Clang search path (git-fixes).\n- kbuild: fix linker feature test macros when cross compiling with Clang (git-fixes).\n- kbuild: make missing $DEPMOD a Warning instead of an Error (git-fixes).\n- kbuild: rpm-pkg: keep spec file until make mrproper (git-fixes).\n- kbuild: suppress packed-not-aligned warning for default setting only (git-fixes).\n- kbuild: verify that $DEPMOD is installed (git-fixes).\n- kernfs: Replace strncpy with memcpy (bsc#1120053).\n- keys: Fix the use of the C++ keyword \u0027private\u0027 in uapi/linux/keyctl.h (Git-fixes).\n- kobject: Replace strncpy with memcpy (git-fixes).\n- kprobes: Make list and blacklist root user read only (git-fixes).\n- kvm: PPC: Book3S PR: Enable use on POWER9 inside HPT-mode guests (bsc#1118484).\n- kvm: svm: Ensure an IBPB on all affected CPUs when freeing a vmcb (bsc#1114279).\n- libata: whitelist all SAMSUNG MZ7KM* solid-state disks (bsc#1051510).\n- libceph: fall back to sendmsg for slab pages (bsc#1118316).\n- libnvdimm, pfn: Pad pfn namespaces relative to other regions (bsc#1118962).\n- lib/raid6: Fix arm64 test build (bsc#1051510).\n- lib/ubsan.c: do not mark __ubsan_handle_builtin_unreachable as noreturn (bsc#1051510).\n- Limit max FW API version for QCA9377 (bsc#1121714, bsc#1121715).\n- linux/bitmap.h: fix type of nbits in bitmap_shift_right() (bsc#1051510).\n- locking/barriers: Convert users of lockless_dereference() to READ_ONCE() (Git-fixes).\n- locking/static_keys: Improve uninitialized key warning (bsc#1106913).\n- mac80211: Clear beacon_int in ieee80211_do_stop (bsc#1051510).\n- mac80211: fix reordering of buffered broadcast packets (bsc#1051510).\n- mac80211_hwsim: fix module init error paths for netlink (bsc#1051510).\n- mac80211_hwsim: Timer should be initialized before device registered (bsc#1051510).\n- mac80211: ignore NullFunc frames in the duplicate detection (bsc#1051510).\n- mac80211: ignore tx status for PS stations in ieee80211_tx_status_ext (bsc#1051510).\n- Mark HI and TASKLET softirq synchronous (git-fixes).\n- media: em28xx: Fix use-after-free when disconnecting (bsc#1051510).\n- media: em28xx: make v4l2-compliance happier by starting sequence on zero (bsc#1051510).\n- media: omap3isp: Unregister media device as first (bsc#1051510).\n- mmc: bcm2835: reset host on timeout (bsc#1051510).\n- mmc: core: Allow BKOPS and CACHE ctrl even if no HPI support (bsc#1051510).\n- mmc: core: Reset HPI enabled state during re-init and in case of errors (bsc#1051510).\n- mmc: core: Use a minimum 1600ms timeout when enabling CACHE ctrl (bsc#1051510).\n- mmc: dw_mmc-bluefield: Add driver extension (bsc#1118752).\n- mmc: dw_mmc-k3: add sd support for hi3660 (bsc#1118752).\n- MMC: OMAP: fix broken MMC on OMAP15XX/OMAP5910/OMAP310 (bsc#1051510).\n- mmc: omap_hsmmc: fix DMA API warning (bsc#1051510).\n- mmc: sdhci: fix the timeout check window for clock and reset (bsc#1051510).\n- mm: do not miss the last page because of round-off error (bnc#1118798).\n- mm: do not warn about large allocations for slab (git fixes (slab)).\n- mm/huge_memory.c: reorder operations in __split_huge_page_tail() (VM Functionality bsc#1119962).\n- mm: hugetlb: yield when prepping struct pages (git fixes (memory initialisation)).\n- mm: lower the printk loglevel for __dump_page messages (generic hotplug debugability).\n- mm, memory_hotplug: be more verbose for memory offline failures (generic hotplug debugability).\n- mm, memory_hotplug: drop pointless block alignment checks from __offline_pages (generic hotplug debugability).\n- mm, memory_hotplug: print reason for the offlining failure (generic hotplug debugability).\n- mm: migration: fix migration of huge PMD shared pages (bnc#1086423).\n- mm: only report isolation failures when offlining memory (generic hotplug debugability).\n- mm: print more information about mapping in __dump_page (generic hotplug debugability).\n- mm: put_and_wait_on_page_locked() while page is migrated (bnc#1109272).\n- mm: sections are not offlined during memory hotremove (bnc#1119968).\n- mm: shmem.c: Correctly annotate new inodes for lockdep (Git fixes: shmem).\n- mm/vmstat.c: fix NUMA statistics updates (git fixes).\n- Move dell_rbu fix to sorted section (bsc#1087978).\n- mtd: cfi: convert inline functions to macros (git-fixes).\n- mtd: Fix comparison in map_word_andequal() (git-fixes).\n- namei: allow restricted O_CREAT of FIFOs and regular files (bsc#1118766).\n- nbd: do not allow invalid blocksize settings (Git-fixes).\n- net: bgmac: Fix endian access in bgmac_dma_tx_ring_free() (bsc#1051510).\n- net: dsa: mv88e6xxx: Fix binding documentation for MDIO busses (git-fixes).\n- net: dsa: qca8k: Add QCA8334 binding documentation (git-fixes).\n- net: ena: fix crash during ena_remove() (bsc#1111696 bsc#1117561).\n- net: ena: update driver version from 2.0.1 to 2.0.2 (bsc#1111696 bsc#1117561).\n- net: hns3: Add nic state check before calling netif_tx_wake_queue (bsc#1104353).\n- net: hns3: Add support for hns3_nic_netdev_ops.ndo_do_ioctl (bsc#1104353).\n- net: hns3: bugfix for buffer not free problem during resetting (bsc#1104353).\n- net: hns3: bugfix for handling mailbox while the command queue reinitialized (bsc#1104353).\n- net: hns3: bugfix for hclge_mdio_write and hclge_mdio_read (bsc#1104353).\n- net: hns3: bugfix for is_valid_csq_clean_head() (bsc#1104353 ).\n- net: hns3: bugfix for reporting unknown vector0 interrupt repeatly problem (bsc#1104353).\n- net: hns3: bugfix for rtnl_lock\u0027s range in the hclgevf_reset() (bsc#1104353).\n- net: hns3: bugfix for the initialization of command queue\u0027s spin lock (bsc#1104353).\n- net: hns3: Check hdev state when getting link status (bsc#1104353).\n- net: hns3: Clear client pointer when initialize client failed or unintialize finished (bsc#1104353).\n- net: hns3: Fix cmdq registers initialization issue for vf (bsc#1104353).\n- net: hns3: Fix error of checking used vlan id (bsc#1104353 ).\n- net: hns3: Fix ets validate issue (bsc#1104353).\n- net: hns3: Fix for netdev not up problem when setting mtu (bsc#1104353).\n- net: hns3: Fix for out-of-bounds access when setting pfc back pressure (bsc#1104353).\n- net: hns3: Fix for packet buffer setting bug (bsc#1104353 ).\n- net: hns3: Fix for rx vlan id handle to support Rev 0x21 hardware (bsc#1104353).\n- net: hns3: Fix for setting speed for phy failed problem (bsc#1104353).\n- net: hns3: Fix for vf vlan delete failed problem (bsc#1104353 ).\n- net: hns3: Fix loss of coal configuration while doing reset (bsc#1104353).\n- net: hns3: Fix parameter type for q_id in hclge_tm_q_to_qs_map_cfg() (bsc#1104353).\n- net: hns3: Fix ping exited problem when doing lp selftest (bsc#1104353).\n- net: hns3: Preserve vlan 0 in hardware table (bsc#1104353 ).\n- net: hns3: remove unnecessary queue reset in the hns3_uninit_all_ring() (bsc#1104353).\n- net: hns3: Set STATE_DOWN bit of hdev state when stopping net (bsc#1104353).\n- net/mlx4_core: Correctly set PFC param if global pause is turned off (bsc#1046299).\n- net: usb: r8152: constify usb_device_id (bsc#1119749).\n- net: usb: r8152: use irqsave() in USB\u0027s complete callback (bsc#1119749).\n- nospec: Allow index argument to have const-qualified type (git-fixes)\n- nospec: Kill array_index_nospec_mask_check() (git-fixes).\n- nvme-fc: resolve io failures during connect (bsc#1116803).\n- nvme-multipath: zero out ANA log buffer (bsc#1105168).\n- nvme: validate controller state before rescheduling keep alive (bsc#1103257).\n- objtool: Detect RIP-relative switch table references (bsc#1058115).\n- objtool: Detect RIP-relative switch table references, part 2 (bsc#1058115).\n- objtool: Fix another switch table detection issue (bsc#1058115).\n- objtool: Fix double-free in .cold detection error path (bsc#1058115).\n- objtool: Fix GCC 8 cold subfunction detection for aliased functions (bsc#1058115).\n- objtool: Fix \u0027noreturn\u0027 detection for recursive sibling calls (bsc#1058115).\n- objtool: Fix segfault in .cold detection with -ffunction-sections (bsc#1058115).\n- objtool: Support GCC 8\u0027s cold subfunctions (bsc#1058115).\n- objtool: Support GCC 8 switch tables (bsc#1058115).\n- panic: avoid deadlocks in re-entrant console drivers (bsc#1088386).\n- PCI: Add ACS quirk for Ampere root ports (bsc#1120058).\n- PCI: Add ACS quirk for APM X-Gene devices (bsc#1120058).\n- PCI: Convert device-specific ACS quirks from NULL termination to ARRAY_SIZE (bsc#1120058).\n- PCI: Delay after FLR of Intel DC P3700 NVMe (bsc#1120058).\n- PCI: Disable Samsung SM961/PM961 NVMe before FLR (bsc#1120058).\n- PCI: Export pcie_has_flr() (bsc#1120058).\n- PCI: iproc: Activate PAXC bridge quirk for more devices (bsc#1120058).\n- PCI: Mark Ceton InfiniTV4 INTx masking as broken (bsc#1120058).\n- PCI: Mark fall-through switch cases before enabling -Wimplicit-fallthrough (bsc#1120058).\n- PCI: Mark Intel XXV710 NIC INTx masking as broken (bsc#1120058).\n- perf tools: Fix tracing_path_mount proper path (git-fixes).\n- platform-msi: Free descriptors in platform_msi_domain_free() (bsc#1051510).\n- powerpc/64s: consolidate MCE counter increment (bsc#1094244).\n- powerpc/64s/radix: Fix process table entry cache invalidation (bsc#1055186, git-fixes).\n- powerpc/boot: Expose Kconfig symbols to wrapper (bsc#1065729).\n- powerpc/boot: Fix build failures with -j 1 (bsc#1065729).\n- powerpc/pkeys: Fix handling of pkey state across fork() (bsc#1078248, git-fixes).\n- powerpc/powernv: Fix save/restore of SPRG3 on entry/exit from stop (idle) (bsc#1055121).\n- powerpc/pseries: Track LMB nid instead of using device tree (bsc#1108270).\n- powerpc/traps: restore recoverability of machine_check interrupts (bsc#1094244).\n- power: supply: olpc_battery: correct the temperature units (bsc#1051510).\n- ptrace: Remove unused ptrace_may_access_sched() and MODE_IBRS (bsc#1106913).\n- qed: Add driver support for 20G link speed (bsc#1110558).\n- qed: Add support for virtual link (bsc#1111795).\n- qede: Add driver support for 20G link speed (bsc#1110558).\n- r8152: add byte_enable for ocp_read_word function (bsc#1119749).\n- r8152: add Linksys USB3GIGV1 id (bsc#1119749).\n- r8152: add r8153_phy_status function (bsc#1119749).\n- r8152: adjust lpm settings for RTL8153 (bsc#1119749).\n- r8152: adjust rtl8153_runtime_enable function (bsc#1119749).\n- r8152: adjust the settings about MAC clock speed down for RTL8153 (bsc#1119749).\n- r8152: adjust U2P3 for RTL8153 (bsc#1119749).\n- r8152: avoid rx queue more than 1000 packets (bsc#1119749).\n- r8152: check if disabling ALDPS is finished (bsc#1119749).\n- r8152: correct the definition (bsc#1119749).\n- r8152: disable RX aggregation on Dell TB16 dock (bsc#1119749).\n- r8152: disable RX aggregation on new Dell TB16 dock (bsc#1119749).\n- r8152: fix wrong checksum status for received IPv4 packets (bsc#1119749).\n- r8152: move calling delay_autosuspend function (bsc#1119749).\n- r8152: move the default coalesce setting for RTL8153 (bsc#1119749).\n- r8152: move the initialization to reset_resume function (bsc#1119749).\n- r8152: move the setting of rx aggregation (bsc#1119749).\n- r8152: replace napi_complete with napi_complete_done (bsc#1119749).\n- r8152: set rx mode early when linking on (bsc#1119749).\n- r8152: split rtl8152_resume function (bsc#1119749).\n- r8152: support new chip 8050 (bsc#1119749).\n- r8152: support RTL8153B (bsc#1119749).\n- rbd: whitelist RBD_FEATURE_OPERATIONS feature bit (Git-fixes).\n- rcu: Allow for page faults in NMI handlers (bsc#1120092).\n- rdma/bnxt_re: Add missing spin lock initialization (bsc#1050244 ).\n- rdma/bnxt_re: Avoid accessing the device structure after it is freed (bsc#1050244).\n- rdma/bnxt_re: Avoid NULL check after accessing the pointer (bsc#1086283).\n- rdma/bnxt_re: Fix system hang when registration with L2 driver fails (bsc#1086283).\n- rdma/hns: Bugfix pbl configuration for rereg mr (bsc#1104427 ).\n- rdma_rxe: make rxe work over 802.1q VLAN devices (bsc#1082387).\n- reset: remove remaining WARN_ON() in \u003clinux/reset.h\u003e (Git-fixes).\n- Revert commit ef9209b642f \u0027staging: rtl8723bs: Fix indenting errors and an off-by-one mistake in core/rtw_mlme_ext.c\u0027 (bsc#1051510).\n- Revert \u0027iommu/io-pgtable-arm: Check for v7s-incapable systems\u0027 (bsc#1106105).\n- Revert \u0027PCI/ASPM: Do not initialize link state when aspm_disabled is set\u0027 (bsc#1051510).\n- Revert \u0027scsi: lpfc: ls_rjt erroneus FLOGIs\u0027 (bsc#1119322).\n- ring-buffer: Allow for rescheduling when removing pages (bsc#1120238).\n- ring-buffer: Do no reuse reader page if still in use (bsc#1120096).\n- ring-buffer: Mask out the info bits when returning buffer page length (bsc#1120094).\n- rtc: hctosys: Add missing range error reporting (bsc#1051510).\n- rtc: m41t80: Correct alarm month range with RTC reads (bsc#1051510).\n- rtc: pcf2127: fix a kmemleak caused in pcf2127_i2c_gather_write (bsc#1051510).\n- rtc: snvs: Add timeouts to avoid kernel lockups (bsc#1051510).\n- rtl8xxxu: Fix missing break in switch (bsc#1051510).\n- s390/dasd: simplify locking in dasd_times_out (bsc#1104967,).\n- s390/kdump: Fix elfcorehdr size calculation (bsc#1117953, LTC#171112).\n- s390/kdump: Make elfcorehdr size calculation ABI compliant (bsc#1117953, LTC#171112).\n- s390/qeth: fix length check in SNMP processing (bsc#1117953, LTC#173657).\n- s390/qeth: remove outdated portname debug msg (bsc#1117953, LTC#172960).\n- s390/qeth: sanitize strings in debug messages (bsc#1117953, LTC#172960).\n- sbitmap: fix race in wait batch accounting (Git-fixes).\n- sched/core: Fix cpu.max vs. cpuhotplug deadlock (bsc#1106913).\n- sched/fair: Fix infinite loop in update_blocked_averages() by reverting a9e7f6544b9c (Git fixes (scheduler)).\n- sched/smt: Expose sched_smt_present static key (bsc#1106913).\n- sched/smt: Make sched_smt_present track topology (bsc#1106913).\n- sched, tracing: Fix trace_sched_pi_setprio() for deboosting (bsc#1120228).\n- scripts/git-pre-commit: make executable.\n- scripts/git_sort/git_sort.py: change SCSI git repos to make series sorting more failsafe.\n- scsi: lpfc: Cap NPIV vports to 256 (bsc#1118215).\n- scsi: lpfc: Correct code setting non existent bits in sli4 ABORT WQE (bsc#1118215).\n- scsi: lpfc: Correct topology type reporting on G7 adapters (bsc#1118215).\n- scsi: lpfc: Defer LS_ACC to FLOGI on point to point logins (bsc#1118215).\n- scsi: lpfc: Enable Management features for IF_TYPE=6 (bsc#1119322).\n- scsi: lpfc: Fix a duplicate 0711 log message number (bsc#1118215).\n- scsi: lpfc: fix block guard enablement on SLI3 adapters (bsc#1079935).\n- scsi: lpfc: Fix dif and first burst use in write commands (bsc#1118215).\n- scsi: lpfc: Fix discovery failures during port failovers with lots of vports (bsc#1118215).\n- scsi: lpfc: Fix driver release of fw-logging buffers (bsc#1118215).\n- scsi: lpfc: Fix kernel Oops due to null pring pointers (bsc#1118215).\n- scsi: lpfc: Fix panic when FW-log buffsize is not initialized (bsc#1118215).\n- scsi: lpfc: ls_rjt erroneus FLOGIs (bsc#1118215).\n- scsi: lpfc: refactor mailbox structure context fields (bsc#1118215).\n- scsi: lpfc: rport port swap discovery issue (bsc#1118215).\n- scsi: lpfc: update driver version to 12.0.0.9 (bsc#1118215).\n- scsi: lpfc: update manufacturer attribute to reflect Broadcom (bsc#1118215).\n- scsi: target: add emulate_pr backstore attr to toggle PR support (bsc#1091405).\n- scsi: target: drop unused pi_prot_format attribute storage (bsc#1091405).\n- scsi: zfcp: fix posting too many status read buffers leading to adapter shutdown (bsc#1121483, LTC#174588).\n- skd: Avoid that module unloading triggers a use-after-free (Git-fixes).\n- skd: Submit requests to firmware before triggering the doorbell (Git-fixes).\n- soc: bcm2835: sync firmware properties with downstream ()\n- spi: bcm2835: Avoid finishing transfer prematurely in IRQ mode (bsc#1051510).\n- spi: bcm2835: Fix book-keeping of DMA termination (bsc#1051510).\n- spi: bcm2835: Fix race on DMA termination (bsc#1051510).\n- spi: bcm2835: Unbreak the build of esoteric configs (bsc#1051510).\n- splice: do not read more than available pipe space (bsc#1119212).\n- staging: bcm2835-camera: Abort probe if there is no camera (bsc#1051510).\n- staging: rtl8712: Fix possible buffer overrun (bsc#1051510).\n- staging: rtl8723bs: Add missing return for cfg80211_rtw_get_station (bsc#1051510).\n- staging: rts5208: fix gcc-8 logic error warning (bsc#1051510).\n- staging: wilc1000: fix missing read_write setting when reading data (bsc#1051510).\n- Stop building F2FS (boo#1109665) As per the information in the bugzilla issue f2fs is no longer supported on opensuse distributions.\n- supported.conf: add raspberrypi-ts driver\n- supported.conf: whitelist bluefield eMMC driver\n- target/iscsi: avoid NULL dereference in CHAP auth error path (bsc#1117165).\n- target: se_dev_attrib.emulate_pr ABI stability (bsc#1091405).\n- team: no need to do team_notify_peers or team_mcast_rejoin when disabling port (bsc#1051510).\n- termios, tty/tty_baudrate.c: fix buffer overrun (bsc#1051510).\n- test_hexdump: use memcpy instead of strncpy (bsc#1051510).\n- tmpfs: make lseek(SEEK_DATA/SEK_HOLE) return ENXIO with a negative offset (bsc#1051510).\n- tools: hv: fcopy: set \u0027error\u0027 in case an unknown operation was requested (git-fixes).\n- tools: hv: include string.h in hv_fcopy_daemon (git-fixes).\n- tools/power/cpupower: fix compilation with STATIC=true (git-fixes).\n- tools/power turbostat: fix possible sprintf buffer overflow (git-fixes).\n- tracing/blktrace: Fix to allow setting same value (Git-fixes).\n- tracing: Fix bad use of igrab in trace_uprobe.c (bsc#1120046).\n- tracing: Fix crash when freeing instances with event triggers (bsc#1120230).\n- tracing: Fix crash when it fails to alloc ring buffer (bsc#1120097).\n- tracing: Fix double free of event_trigger_data (bsc#1120234).\n- tracing: Fix missing return symbol in function_graph output (bsc#1120232).\n- tracing: Fix possible double free in event_enable_trigger_func() (bsc#1120235).\n- tracing: Fix possible double free on failure of allocating trace buffer (bsc#1120214).\n- tracing: Fix regex_match_front() to not over compare the test string (bsc#1120223).\n- tracing: Fix trace_pipe behavior for instance traces (bsc#1120088).\n- tracing: Remove RCU work arounds from stack tracer (bsc#1120092).\n- tracing/samples: Fix creation and deletion of simple_thread_fn creation (git-fixes).\n- tty: Do not return -EAGAIN in blocking read (bsc#1116040).\n- tty: do not set TTY_IO_ERROR flag if console port (bsc#1051510).\n- tty: serial: 8250_mtk: always resume the device in probe (bsc#1051510).\n- ubifs: Handle re-linking of inodes correctly while recovery (bsc#1120598).\n- udf: Allow mounting volumes with incorrect identification strings (bsc#1118774).\n- unifdef: use memcpy instead of strncpy (bsc#1051510).\n- usb: appledisplay: Add 27\u0027 Apple Cinema Display (bsc#1051510).\n- usb: core: quirks: add RESET_RESUME quirk for Cherry G230 Stream series (bsc#1051510).\n- usb: dwc2: host: use hrtimer for NAK retries (git-fixes).\n- usb: hso: Fix OOB memory access in hso_probe/hso_get_config_data (bsc#1051510).\n- usbip: vhci_hcd: check rhport before using in vhci_hub_control() (bsc#1090888).\n- usb: omap_udc: fix crashes on probe error and module removal (bsc#1051510).\n- usb: omap_udc: fix omap_udc_start() on 15xx machines (bsc#1051510).\n- usb: omap_udc: fix USB gadget functionality on Palm Tungsten E (bsc#1051510).\n- usb: omap_udc: use devm_request_irq() (bsc#1051510).\n- usb: quirk: add no-LPM quirk on SanDisk Ultra Flair device (bsc#1051510).\n- usb: serial: option: add Fibocom NL668 series (bsc#1051510).\n- usb: serial: option: add GosunCn ZTE WeLink ME3630 (bsc#1051510).\n- usb: serial: option: add HP lt4132 (bsc#1051510).\n- usb: serial: option: add Simcom SIM7500/SIM7600 (MBIM mode) (bsc#1051510).\n- usb: serial: option: add Telit LN940 series (bsc#1051510).\n- usb: usbip: Fix BUG: KASAN: slab-out-of-bounds in vhci_hub_control() (bsc#1106110).\n- usb: usb-storage: Add new IDs to ums-realtek (bsc#1051510).\n- usb: xhci: fix uninitialized completion when USB3 port got wrong status (bsc#1051510).\n- usb: xhci: Prevent bus suspend if a port connect change or polling state is detected (bsc#1051510).\n- userfaultfd: clear the vma-\u003evm_userfaultfd_ctx if UFFD_EVENT_FORK fails (bsc#1118761).\n- userfaultfd: remove uffd flags from vma-\u003evm_flags if UFFD_EVENT_FORK fails (bsc#1118809).\n- v9fs_dir_readdir: fix double-free on p9stat_read error (bsc#1118771).\n- watchdog/core: Add missing prototypes for weak functions (git-fixes).\n- wireless: airo: potential buffer overflow in sprintf() (bsc#1051510).\n- wlcore: Fix the return value in case of error in \u0027wlcore_vendor_cmd_smart_config_start()\u0027 (bsc#1051510).\n- x86/bugs: Add AMD\u0027s SPEC_CTRL MSR usage (bsc#1106913).\n- x86/bugs: Fix the AMD SSBD usage of the SPEC_CTRL MSR (bsc#1106913).\n- x86/bugs: Switch the selection of mitigation from CPU vendor to CPU features (bsc#1106913).\n- x86/decoder: Fix and update the opcodes map (bsc#1058115).\n- x86/kabi: Fix cpu_tlbstate issue (bsc#1106913).\n- x86/l1tf: Show actual SMT state (bsc#1106913).\n- x86/MCE/AMD: Fix the thresholding machinery initialization order (bsc#1114279).\n- x86/mm: Fix decoy address handling vs 32-bit builds (bsc#1120606).\n- x86/PCI: Add additional VMD device root ports to VMD AER quirk (bsc#1120058).\n- x86/PCI: Add \u0027pci=big_root_window\u0027 option for AMD 64-bit windows (bsc#1120058).\n- x86/PCI: Apply VMD\u0027s AERSID fixup generically (bsc#1120058).\n- x86/PCI: Avoid AMD SB7xx EHCI USB wakeup defect (bsc#1120058).\n- x86/PCI: Enable a 64bit BAR on AMD Family 15h (Models 00-1f, 30-3f, 60-7f) (bsc#1120058).\n- x86/PCI: Enable AMD 64-bit window on resume (bsc#1120058).\n- x86/PCI: Fix infinite loop in search for 64bit BAR placement (bsc#1120058).\n- x86/PCI: Move and shrink AMD 64-bit window to avoid conflict (bsc#1120058).\n- x86/PCI: Move VMD quirk to x86 fixups (bsc#1120058).\n- x86/PCI: Only enable a 64bit BAR on single-socket AMD Family 15h (bsc#1120058).\n- x86/PCI: Use is_vmd() rather than relying on the domain number (bsc#1120058).\n- x86/process: Consolidate and simplify switch_to_xtra() code (bsc#1106913).\n- x86/pti: Document fix wrong index (git-fixes).\n- x86/retpoline: Make CONFIG_RETPOLINE depend on compiler support (bsc#1106913).\n- x86/retpoline: Remove minimal retpoline support (bsc#1106913).\n- x86/speculataion: Mark command line parser data __initdata (bsc#1106913).\n- x86/speculation: Add command line control for indirect branch speculation (bsc#1106913).\n- x86/speculation: Add prctl() control for indirect branch speculation (bsc#1106913).\n- x86/speculation: Add seccomp Spectre v2 user space protection mode (bsc#1106913).\n- x86/speculation: Apply IBPB more strictly to avoid cross-process data leak (bsc#1106913).\n- x86/speculation: Avoid __switch_to_xtra() calls (bsc#1106913).\n- x86/speculation: Clean up spectre_v2_parse_cmdline() (bsc#1106913).\n- x86/speculation: Disable STIBP when enhanced IBRS is in use (bsc#1106913).\n- x86/speculation: Enable cross-hyperthread spectre v2 STIBP mitigation (bsc#1106913).\n- x86/speculation: Enable prctl mode for spectre_v2_user (bsc#1106913).\n- x86/speculation/l1tf: Drop the swap storage limit restriction when l1tf=off (bnc#1114871).\n- x86/speculation: Mark string arrays const correctly (bsc#1106913).\n- x86/speculation: Move STIPB/IBPB string conditionals out of cpu_show_common() (bsc#1106913).\n- x86/speculation: Prepare arch_smt_update() for PRCTL mode (bsc#1106913).\n- x86/speculation: Prepare for conditional IBPB in switch_mm() (bsc#1106913).\n- x86/speculation: Prepare for per task indirect branch speculation control (bsc#1106913).\n- x86/speculation: Prevent stale SPEC_CTRL msr content (bsc#1106913).\n- x86/speculation: Propagate information about RSB filling mitigation to sysfs (bsc#1106913).\n- x86/speculation: Provide IBPB always command line options (bsc#1106913).\n- x86/speculation: Remove unnecessary ret variable in cpu_show_common() (bsc#1106913).\n- x86/speculation: Rename SSBD update functions (bsc#1106913).\n- x86/speculation: Reorder the spec_v2 code (bsc#1106913).\n- x86/speculation: Reorganize speculation control MSRs update (bsc#1106913).\n- x86/speculation: Rework SMT state change (bsc#1106913).\n- x86/speculation: Split out TIF update (bsc#1106913).\n- x86/speculation: Unify conditional spectre v2 print functions (bsc#1106913).\n- x86/speculation: Update the TIF_SSBD comment (bsc#1106913).\n- xen/netfront: tolerate frags with no data (bnc#1119804).\n- xen/x86: add diagnostic printout to xen_mc_flush() in case of error (bnc#1116183).\n- xfs: Align compat attrlist_by_handle with native implementation (git-fixes).\n- xfs: Fix xqmstats offsets in /proc/fs/xfs/xqmstat (git-fixes).\n- xfs: xfs_buf: drop useless LIST_HEAD (git-fixes).\n- xhci: Add quirk to workaround the errata seen on Cavium Thunder-X2 Soc (bsc#1117162).\n- xhci: Do not prevent USB2 bus suspend in state check intended for USB3 only (bsc#1051510).\n- xhci: Prevent U1/U2 link pm states if exit latency is too long (bsc#1051510).\n- xfs: fix quotacheck dquot id overflow infinite loop (bsc#1121621).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2019-65",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2019_0065-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2019:0065-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HZOAR52RMMAMPTGY2TTSFPEKREAVGPNY/#HZOAR52RMMAMPTGY2TTSFPEKREAVGPNY"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2019:0065-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/HZOAR52RMMAMPTGY2TTSFPEKREAVGPNY/#HZOAR52RMMAMPTGY2TTSFPEKREAVGPNY"
},
{
"category": "self",
"summary": "SUSE Bug 1024718",
"url": "https://bugzilla.suse.com/1024718"
},
{
"category": "self",
"summary": "SUSE Bug 1046299",
"url": "https://bugzilla.suse.com/1046299"
},
{
"category": "self",
"summary": "SUSE Bug 1050242",
"url": "https://bugzilla.suse.com/1050242"
},
{
"category": "self",
"summary": "SUSE Bug 1050244",
"url": "https://bugzilla.suse.com/1050244"
},
{
"category": "self",
"summary": "SUSE Bug 1051510",
"url": "https://bugzilla.suse.com/1051510"
},
{
"category": "self",
"summary": "SUSE Bug 1055121",
"url": "https://bugzilla.suse.com/1055121"
},
{
"category": "self",
"summary": "SUSE Bug 1055186",
"url": "https://bugzilla.suse.com/1055186"
},
{
"category": "self",
"summary": "SUSE Bug 1058115",
"url": "https://bugzilla.suse.com/1058115"
},
{
"category": "self",
"summary": "SUSE Bug 1060463",
"url": "https://bugzilla.suse.com/1060463"
},
{
"category": "self",
"summary": "SUSE Bug 1065729",
"url": "https://bugzilla.suse.com/1065729"
},
{
"category": "self",
"summary": "SUSE Bug 1078248",
"url": "https://bugzilla.suse.com/1078248"
},
{
"category": "self",
"summary": "SUSE Bug 1079935",
"url": "https://bugzilla.suse.com/1079935"
},
{
"category": "self",
"summary": "SUSE Bug 1082387",
"url": "https://bugzilla.suse.com/1082387"
},
{
"category": "self",
"summary": "SUSE Bug 1083647",
"url": "https://bugzilla.suse.com/1083647"
},
{
"category": "self",
"summary": "SUSE Bug 1086282",
"url": "https://bugzilla.suse.com/1086282"
},
{
"category": "self",
"summary": "SUSE Bug 1086283",
"url": "https://bugzilla.suse.com/1086283"
},
{
"category": "self",
"summary": "SUSE Bug 1086423",
"url": "https://bugzilla.suse.com/1086423"
},
{
"category": "self",
"summary": "SUSE Bug 1087978",
"url": "https://bugzilla.suse.com/1087978"
},
{
"category": "self",
"summary": "SUSE Bug 1088386",
"url": "https://bugzilla.suse.com/1088386"
},
{
"category": "self",
"summary": "SUSE Bug 1090888",
"url": "https://bugzilla.suse.com/1090888"
},
{
"category": "self",
"summary": "SUSE Bug 1091405",
"url": "https://bugzilla.suse.com/1091405"
},
{
"category": "self",
"summary": "SUSE Bug 1094244",
"url": "https://bugzilla.suse.com/1094244"
},
{
"category": "self",
"summary": "SUSE Bug 1097593",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "self",
"summary": "SUSE Bug 1102875",
"url": "https://bugzilla.suse.com/1102875"
},
{
"category": "self",
"summary": "SUSE Bug 1102877",
"url": "https://bugzilla.suse.com/1102877"
},
{
"category": "self",
"summary": "SUSE Bug 1102879",
"url": "https://bugzilla.suse.com/1102879"
},
{
"category": "self",
"summary": "SUSE Bug 1102882",
"url": "https://bugzilla.suse.com/1102882"
},
{
"category": "self",
"summary": "SUSE Bug 1102896",
"url": "https://bugzilla.suse.com/1102896"
},
{
"category": "self",
"summary": "SUSE Bug 1103257",
"url": "https://bugzilla.suse.com/1103257"
},
{
"category": "self",
"summary": "SUSE Bug 1104353",
"url": "https://bugzilla.suse.com/1104353"
},
{
"category": "self",
"summary": "SUSE Bug 1104427",
"url": "https://bugzilla.suse.com/1104427"
},
{
"category": "self",
"summary": "SUSE Bug 1104967",
"url": "https://bugzilla.suse.com/1104967"
},
{
"category": "self",
"summary": "SUSE Bug 1105168",
"url": "https://bugzilla.suse.com/1105168"
},
{
"category": "self",
"summary": "SUSE Bug 1106105",
"url": "https://bugzilla.suse.com/1106105"
},
{
"category": "self",
"summary": "SUSE Bug 1106110",
"url": "https://bugzilla.suse.com/1106110"
},
{
"category": "self",
"summary": "SUSE Bug 1106615",
"url": "https://bugzilla.suse.com/1106615"
},
{
"category": "self",
"summary": "SUSE Bug 1106913",
"url": "https://bugzilla.suse.com/1106913"
},
{
"category": "self",
"summary": "SUSE Bug 1108270",
"url": "https://bugzilla.suse.com/1108270"
},
{
"category": "self",
"summary": "SUSE Bug 1109272",
"url": "https://bugzilla.suse.com/1109272"
},
{
"category": "self",
"summary": "SUSE Bug 1109665",
"url": "https://bugzilla.suse.com/1109665"
},
{
"category": "self",
"summary": "SUSE Bug 1110558",
"url": "https://bugzilla.suse.com/1110558"
},
{
"category": "self",
"summary": "SUSE Bug 1111188",
"url": "https://bugzilla.suse.com/1111188"
},
{
"category": "self",
"summary": "SUSE Bug 1111469",
"url": "https://bugzilla.suse.com/1111469"
},
{
"category": "self",
"summary": "SUSE Bug 1111696",
"url": "https://bugzilla.suse.com/1111696"
},
{
"category": "self",
"summary": "SUSE Bug 1111795",
"url": "https://bugzilla.suse.com/1111795"
},
{
"category": "self",
"summary": "SUSE Bug 1113722",
"url": "https://bugzilla.suse.com/1113722"
},
{
"category": "self",
"summary": "SUSE Bug 1114279",
"url": "https://bugzilla.suse.com/1114279"
},
{
"category": "self",
"summary": "SUSE Bug 1114871",
"url": "https://bugzilla.suse.com/1114871"
},
{
"category": "self",
"summary": "SUSE Bug 1116040",
"url": "https://bugzilla.suse.com/1116040"
},
{
"category": "self",
"summary": "SUSE Bug 1116183",
"url": "https://bugzilla.suse.com/1116183"
},
{
"category": "self",
"summary": "SUSE Bug 1116336",
"url": "https://bugzilla.suse.com/1116336"
},
{
"category": "self",
"summary": "SUSE Bug 1116803",
"url": "https://bugzilla.suse.com/1116803"
},
{
"category": "self",
"summary": "SUSE Bug 1116841",
"url": "https://bugzilla.suse.com/1116841"
},
{
"category": "self",
"summary": "SUSE Bug 1117115",
"url": "https://bugzilla.suse.com/1117115"
},
{
"category": "self",
"summary": "SUSE Bug 1117162",
"url": "https://bugzilla.suse.com/1117162"
},
{
"category": "self",
"summary": "SUSE Bug 1117165",
"url": "https://bugzilla.suse.com/1117165"
},
{
"category": "self",
"summary": "SUSE Bug 1117186",
"url": "https://bugzilla.suse.com/1117186"
},
{
"category": "self",
"summary": "SUSE Bug 1117561",
"url": "https://bugzilla.suse.com/1117561"
},
{
"category": "self",
"summary": "SUSE Bug 1117656",
"url": "https://bugzilla.suse.com/1117656"
},
{
"category": "self",
"summary": "SUSE Bug 1117953",
"url": "https://bugzilla.suse.com/1117953"
},
{
"category": "self",
"summary": "SUSE Bug 1118152",
"url": "https://bugzilla.suse.com/1118152"
},
{
"category": "self",
"summary": "SUSE Bug 1118215",
"url": "https://bugzilla.suse.com/1118215"
},
{
"category": "self",
"summary": "SUSE Bug 1118316",
"url": "https://bugzilla.suse.com/1118316"
},
{
"category": "self",
"summary": "SUSE Bug 1118319",
"url": "https://bugzilla.suse.com/1118319"
},
{
"category": "self",
"summary": "SUSE Bug 1118428",
"url": "https://bugzilla.suse.com/1118428"
},
{
"category": "self",
"summary": "SUSE Bug 1118484",
"url": "https://bugzilla.suse.com/1118484"
},
{
"category": "self",
"summary": "SUSE Bug 1118752",
"url": "https://bugzilla.suse.com/1118752"
},
{
"category": "self",
"summary": "SUSE Bug 1118760",
"url": "https://bugzilla.suse.com/1118760"
},
{
"category": "self",
"summary": "SUSE Bug 1118761",
"url": "https://bugzilla.suse.com/1118761"
},
{
"category": "self",
"summary": "SUSE Bug 1118762",
"url": "https://bugzilla.suse.com/1118762"
},
{
"category": "self",
"summary": "SUSE Bug 1118766",
"url": "https://bugzilla.suse.com/1118766"
},
{
"category": "self",
"summary": "SUSE Bug 1118767",
"url": "https://bugzilla.suse.com/1118767"
},
{
"category": "self",
"summary": "SUSE Bug 1118768",
"url": "https://bugzilla.suse.com/1118768"
},
{
"category": "self",
"summary": "SUSE Bug 1118769",
"url": "https://bugzilla.suse.com/1118769"
},
{
"category": "self",
"summary": "SUSE Bug 1118771",
"url": "https://bugzilla.suse.com/1118771"
},
{
"category": "self",
"summary": "SUSE Bug 1118772",
"url": "https://bugzilla.suse.com/1118772"
},
{
"category": "self",
"summary": "SUSE Bug 1118773",
"url": "https://bugzilla.suse.com/1118773"
},
{
"category": "self",
"summary": "SUSE Bug 1118774",
"url": "https://bugzilla.suse.com/1118774"
},
{
"category": "self",
"summary": "SUSE Bug 1118775",
"url": "https://bugzilla.suse.com/1118775"
},
{
"category": "self",
"summary": "SUSE Bug 1118798",
"url": "https://bugzilla.suse.com/1118798"
},
{
"category": "self",
"summary": "SUSE Bug 1118809",
"url": "https://bugzilla.suse.com/1118809"
},
{
"category": "self",
"summary": "SUSE Bug 1118962",
"url": "https://bugzilla.suse.com/1118962"
},
{
"category": "self",
"summary": "SUSE Bug 1119017",
"url": "https://bugzilla.suse.com/1119017"
},
{
"category": "self",
"summary": "SUSE Bug 1119086",
"url": "https://bugzilla.suse.com/1119086"
},
{
"category": "self",
"summary": "SUSE Bug 1119212",
"url": "https://bugzilla.suse.com/1119212"
},
{
"category": "self",
"summary": "SUSE Bug 1119322",
"url": "https://bugzilla.suse.com/1119322"
},
{
"category": "self",
"summary": "SUSE Bug 1119410",
"url": "https://bugzilla.suse.com/1119410"
},
{
"category": "self",
"summary": "SUSE Bug 1119714",
"url": "https://bugzilla.suse.com/1119714"
},
{
"category": "self",
"summary": "SUSE Bug 1119749",
"url": "https://bugzilla.suse.com/1119749"
},
{
"category": "self",
"summary": "SUSE Bug 1119804",
"url": "https://bugzilla.suse.com/1119804"
},
{
"category": "self",
"summary": "SUSE Bug 1119946",
"url": "https://bugzilla.suse.com/1119946"
},
{
"category": "self",
"summary": "SUSE Bug 1119962",
"url": "https://bugzilla.suse.com/1119962"
},
{
"category": "self",
"summary": "SUSE Bug 1119968",
"url": "https://bugzilla.suse.com/1119968"
},
{
"category": "self",
"summary": "SUSE Bug 1120036",
"url": "https://bugzilla.suse.com/1120036"
},
{
"category": "self",
"summary": "SUSE Bug 1120046",
"url": "https://bugzilla.suse.com/1120046"
},
{
"category": "self",
"summary": "SUSE Bug 1120053",
"url": "https://bugzilla.suse.com/1120053"
},
{
"category": "self",
"summary": "SUSE Bug 1120054",
"url": "https://bugzilla.suse.com/1120054"
},
{
"category": "self",
"summary": "SUSE Bug 1120055",
"url": "https://bugzilla.suse.com/1120055"
},
{
"category": "self",
"summary": "SUSE Bug 1120058",
"url": "https://bugzilla.suse.com/1120058"
},
{
"category": "self",
"summary": "SUSE Bug 1120088",
"url": "https://bugzilla.suse.com/1120088"
},
{
"category": "self",
"summary": "SUSE Bug 1120092",
"url": "https://bugzilla.suse.com/1120092"
},
{
"category": "self",
"summary": "SUSE Bug 1120094",
"url": "https://bugzilla.suse.com/1120094"
},
{
"category": "self",
"summary": "SUSE Bug 1120096",
"url": "https://bugzilla.suse.com/1120096"
},
{
"category": "self",
"summary": "SUSE Bug 1120097",
"url": "https://bugzilla.suse.com/1120097"
},
{
"category": "self",
"summary": "SUSE Bug 1120173",
"url": "https://bugzilla.suse.com/1120173"
},
{
"category": "self",
"summary": "SUSE Bug 1120214",
"url": "https://bugzilla.suse.com/1120214"
},
{
"category": "self",
"summary": "SUSE Bug 1120223",
"url": "https://bugzilla.suse.com/1120223"
},
{
"category": "self",
"summary": "SUSE Bug 1120228",
"url": "https://bugzilla.suse.com/1120228"
},
{
"category": "self",
"summary": "SUSE Bug 1120230",
"url": "https://bugzilla.suse.com/1120230"
},
{
"category": "self",
"summary": "SUSE Bug 1120232",
"url": "https://bugzilla.suse.com/1120232"
},
{
"category": "self",
"summary": "SUSE Bug 1120234",
"url": "https://bugzilla.suse.com/1120234"
},
{
"category": "self",
"summary": "SUSE Bug 1120235",
"url": "https://bugzilla.suse.com/1120235"
},
{
"category": "self",
"summary": "SUSE Bug 1120238",
"url": "https://bugzilla.suse.com/1120238"
},
{
"category": "self",
"summary": "SUSE Bug 1120594",
"url": "https://bugzilla.suse.com/1120594"
},
{
"category": "self",
"summary": "SUSE Bug 1120598",
"url": "https://bugzilla.suse.com/1120598"
},
{
"category": "self",
"summary": "SUSE Bug 1120600",
"url": "https://bugzilla.suse.com/1120600"
},
{
"category": "self",
"summary": "SUSE Bug 1120601",
"url": "https://bugzilla.suse.com/1120601"
},
{
"category": "self",
"summary": "SUSE Bug 1120602",
"url": "https://bugzilla.suse.com/1120602"
},
{
"category": "self",
"summary": "SUSE Bug 1120603",
"url": "https://bugzilla.suse.com/1120603"
},
{
"category": "self",
"summary": "SUSE Bug 1120604",
"url": "https://bugzilla.suse.com/1120604"
},
{
"category": "self",
"summary": "SUSE Bug 1120606",
"url": "https://bugzilla.suse.com/1120606"
},
{
"category": "self",
"summary": "SUSE Bug 1120612",
"url": "https://bugzilla.suse.com/1120612"
},
{
"category": "self",
"summary": "SUSE Bug 1120613",
"url": "https://bugzilla.suse.com/1120613"
},
{
"category": "self",
"summary": "SUSE Bug 1120614",
"url": "https://bugzilla.suse.com/1120614"
},
{
"category": "self",
"summary": "SUSE Bug 1120615",
"url": "https://bugzilla.suse.com/1120615"
},
{
"category": "self",
"summary": "SUSE Bug 1120616",
"url": "https://bugzilla.suse.com/1120616"
},
{
"category": "self",
"summary": "SUSE Bug 1120617",
"url": "https://bugzilla.suse.com/1120617"
},
{
"category": "self",
"summary": "SUSE Bug 1120618",
"url": "https://bugzilla.suse.com/1120618"
},
{
"category": "self",
"summary": "SUSE Bug 1120620",
"url": "https://bugzilla.suse.com/1120620"
},
{
"category": "self",
"summary": "SUSE Bug 1120621",
"url": "https://bugzilla.suse.com/1120621"
},
{
"category": "self",
"summary": "SUSE Bug 1120632",
"url": "https://bugzilla.suse.com/1120632"
},
{
"category": "self",
"summary": "SUSE Bug 1120633",
"url": "https://bugzilla.suse.com/1120633"
},
{
"category": "self",
"summary": "SUSE Bug 1120743",
"url": "https://bugzilla.suse.com/1120743"
},
{
"category": "self",
"summary": "SUSE Bug 1121017",
"url": "https://bugzilla.suse.com/1121017"
},
{
"category": "self",
"summary": "SUSE Bug 1121058",
"url": "https://bugzilla.suse.com/1121058"
},
{
"category": "self",
"summary": "SUSE Bug 1121263",
"url": "https://bugzilla.suse.com/1121263"
},
{
"category": "self",
"summary": "SUSE Bug 1121273",
"url": "https://bugzilla.suse.com/1121273"
},
{
"category": "self",
"summary": "SUSE Bug 1121477",
"url": "https://bugzilla.suse.com/1121477"
},
{
"category": "self",
"summary": "SUSE Bug 1121483",
"url": "https://bugzilla.suse.com/1121483"
},
{
"category": "self",
"summary": "SUSE Bug 1121621",
"url": "https://bugzilla.suse.com/1121621"
},
{
"category": "self",
"summary": "SUSE Bug 1121714",
"url": "https://bugzilla.suse.com/1121714"
},
{
"category": "self",
"summary": "SUSE Bug 1121715",
"url": "https://bugzilla.suse.com/1121715"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12232 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12232/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14625 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14625/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16862 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16862/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16884 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16884/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-18397 page",
"url": "https://www.suse.com/security/cve/CVE-2018-18397/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19407 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19407/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19824 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19824/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19854 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19854/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-19985 page",
"url": "https://www.suse.com/security/cve/CVE-2018-19985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-20169 page",
"url": "https://www.suse.com/security/cve/CVE-2018-20169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-9568 page",
"url": "https://www.suse.com/security/cve/CVE-2018-9568/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2019-03-23T10:47:17Z",
"generator": {
"date": "2019-03-23T10:47:17Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2019:0065-1",
"initial_release_date": "2019-03-23T10:47:17Z",
"revision_history": [
{
"date": "2019-03-23T10:47:17Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-4.12.14-lp150.12.45.1.noarch",
"product": {
"name": "kernel-devel-4.12.14-lp150.12.45.1.noarch",
"product_id": "kernel-devel-4.12.14-lp150.12.45.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-4.12.14-lp150.12.45.1.noarch",
"product": {
"name": "kernel-docs-4.12.14-lp150.12.45.1.noarch",
"product_id": "kernel-docs-4.12.14-lp150.12.45.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"product": {
"name": "kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"product_id": "kernel-docs-html-4.12.14-lp150.12.45.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-4.12.14-lp150.12.45.1.noarch",
"product": {
"name": "kernel-macros-4.12.14-lp150.12.45.1.noarch",
"product_id": "kernel-macros-4.12.14-lp150.12.45.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-4.12.14-lp150.12.45.1.noarch",
"product": {
"name": "kernel-source-4.12.14-lp150.12.45.1.noarch",
"product_id": "kernel-source-4.12.14-lp150.12.45.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"product": {
"name": "kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"product_id": "kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-debug-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-debug-base-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-default-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-default-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-default-base-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-default-devel-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-obs-build-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-syms-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-vanilla-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64",
"product": {
"name": "kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64",
"product_id": "kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.0",
"product": {
"name": "openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-base-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-default-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-4.12.14-lp150.12.45.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch"
},
"product_reference": "kernel-devel-4.12.14-lp150.12.45.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-4.12.14-lp150.12.45.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch"
},
"product_reference": "kernel-docs-4.12.14-lp150.12.45.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-docs-html-4.12.14-lp150.12.45.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch"
},
"product_reference": "kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-4.12.14-lp150.12.45.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch"
},
"product_reference": "kernel-macros-4.12.14-lp150.12.45.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-build-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-4.12.14-lp150.12.45.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch"
},
"product_reference": "kernel-source-4.12.14-lp150.12.45.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch"
},
"product_reference": "kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64 as component of openSUSE Leap 15.0",
"product_id": "openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
},
"product_reference": "kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-12232",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12232"
}
],
"notes": [
{
"category": "general",
"text": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12232",
"url": "https://www.suse.com/security/cve/CVE-2018-12232"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1097593 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1097593"
},
{
"category": "external",
"summary": "SUSE Bug 1125907 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1125907"
},
{
"category": "external",
"summary": "SUSE Bug 1127757 for CVE-2018-12232",
"url": "https://bugzilla.suse.com/1127757"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:47:17Z",
"details": "important"
}
],
"title": "CVE-2018-12232"
},
{
"cve": "CVE-2018-14625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14625"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux Kernel where an attacker may be able to have an uncontrolled read to kernel-memory from within a vm guest. A race condition between connect() and close() function may allow an attacker using the AF_VSOCK protocol to gather a 4 byte information leak or possibly intercept or corrupt AF_VSOCK messages destined to other clients.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14625",
"url": "https://www.suse.com/security/cve/CVE-2018-14625"
},
{
"category": "external",
"summary": "SUSE Bug 1106615 for CVE-2018-14625",
"url": "https://bugzilla.suse.com/1106615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:47:17Z",
"details": "moderate"
}
],
"title": "CVE-2018-14625"
},
{
"cve": "CVE-2018-16862",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16862"
}
],
"notes": [
{
"category": "general",
"text": "A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16862",
"url": "https://www.suse.com/security/cve/CVE-2018-16862"
},
{
"category": "external",
"summary": "SUSE Bug 1117186 for CVE-2018-16862",
"url": "https://bugzilla.suse.com/1117186"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:47:17Z",
"details": "moderate"
}
],
"title": "CVE-2018-16862"
},
{
"cve": "CVE-2018-16884",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16884"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux kernel\u0027s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16884",
"url": "https://www.suse.com/security/cve/CVE-2018-16884"
},
{
"category": "external",
"summary": "SUSE Bug 1119946 for CVE-2018-16884",
"url": "https://bugzilla.suse.com/1119946"
},
{
"category": "external",
"summary": "SUSE Bug 1119947 for CVE-2018-16884",
"url": "https://bugzilla.suse.com/1119947"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:47:17Z",
"details": "important"
}
],
"title": "CVE-2018-16884"
},
{
"cve": "CVE-2018-18397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-18397"
}
],
"notes": [
{
"category": "general",
"text": "The userfaultfd implementation in the Linux kernel before 4.19.7 mishandles access control for certain UFFDIO_ ioctl calls, as demonstrated by allowing local users to write data into holes in a tmpfs file (if the user has read-only access to that file, and that file contains holes), related to fs/userfaultfd.c and mm/userfaultfd.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-18397",
"url": "https://www.suse.com/security/cve/CVE-2018-18397"
},
{
"category": "external",
"summary": "SUSE Bug 1117656 for CVE-2018-18397",
"url": "https://bugzilla.suse.com/1117656"
},
{
"category": "external",
"summary": "SUSE Bug 1171522 for CVE-2018-18397",
"url": "https://bugzilla.suse.com/1171522"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:47:17Z",
"details": "moderate"
}
],
"title": "CVE-2018-18397"
},
{
"cve": "CVE-2018-19407",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19407"
}
],
"notes": [
{
"category": "general",
"text": "The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a situation where ioapic is uninitialized.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19407",
"url": "https://www.suse.com/security/cve/CVE-2018-19407"
},
{
"category": "external",
"summary": "SUSE Bug 1116841 for CVE-2018-19407",
"url": "https://bugzilla.suse.com/1116841"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:47:17Z",
"details": "moderate"
}
],
"title": "CVE-2018-19407"
},
{
"cve": "CVE-2018-19824",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19824"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in sound/usb/card.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19824",
"url": "https://www.suse.com/security/cve/CVE-2018-19824"
},
{
"category": "external",
"summary": "SUSE Bug 1118152 for CVE-2018-19824",
"url": "https://bugzilla.suse.com/1118152"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:47:17Z",
"details": "moderate"
}
],
"title": "CVE-2018-19824"
},
{
"cve": "CVE-2018-19854",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19854"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 4.19.3. crypto_report_one() and related functions in crypto/crypto_user.c (the crypto user configuration API) do not fully initialize structures that are copied to userspace, potentially leaking sensitive memory to user programs. NOTE: this is a CVE-2013-2547 regression but with easier exploitability because the attacker does not need a capability (however, the system must have the CONFIG_CRYPTO_USER kconfig option).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19854",
"url": "https://www.suse.com/security/cve/CVE-2018-19854"
},
{
"category": "external",
"summary": "SUSE Bug 1118428 for CVE-2018-19854",
"url": "https://bugzilla.suse.com/1118428"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:47:17Z",
"details": "low"
}
],
"title": "CVE-2018-19854"
},
{
"cve": "CVE-2018-19985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-19985"
}
],
"notes": [
{
"category": "general",
"text": "The function hso_get_config_data in drivers/net/usb/hso.c in the Linux kernel through 4.19.8 reads if_num from the USB device (as a u8) and uses it to index a small array, resulting in an object out-of-bounds (OOB) read that potentially allows arbitrary read in the kernel address space.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-19985",
"url": "https://www.suse.com/security/cve/CVE-2018-19985"
},
{
"category": "external",
"summary": "SUSE Bug 1120743 for CVE-2018-19985",
"url": "https://bugzilla.suse.com/1120743"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:47:17Z",
"details": "low"
}
],
"title": "CVE-2018-19985"
},
{
"cve": "CVE-2018-20169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-20169"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in the Linux kernel before 4.19.9. The USB subsystem mishandles size checks during the reading of an extra descriptor, related to __usb_get_extra_descriptor in drivers/usb/core/usb.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-20169",
"url": "https://www.suse.com/security/cve/CVE-2018-20169"
},
{
"category": "external",
"summary": "SUSE Bug 1119714 for CVE-2018-20169",
"url": "https://bugzilla.suse.com/1119714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:47:17Z",
"details": "moderate"
}
],
"title": "CVE-2018-20169"
},
{
"cve": "CVE-2018-9568",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-9568"
}
],
"notes": [
{
"category": "general",
"text": "In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-9568",
"url": "https://www.suse.com/security/cve/CVE-2018-9568"
},
{
"category": "external",
"summary": "SUSE Bug 1118319 for CVE-2018-9568",
"url": "https://bugzilla.suse.com/1118319"
},
{
"category": "external",
"summary": "SUSE Bug 1118320 for CVE-2018-9568",
"url": "https://bugzilla.suse.com/1118320"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Leap 15.0:kernel-debug-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-debug-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-default-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-devel-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-docs-html-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-kvmsmall-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-kvmsmall-devel-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-macros-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-obs-build-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-obs-qa-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-source-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-source-vanilla-4.12.14-lp150.12.45.1.noarch",
"openSUSE Leap 15.0:kernel-syms-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-base-4.12.14-lp150.12.45.1.x86_64",
"openSUSE Leap 15.0:kernel-vanilla-devel-4.12.14-lp150.12.45.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-03-23T10:47:17Z",
"details": "moderate"
}
],
"title": "CVE-2018-9568"
}
]
}
rhsa-2018:2948
Vulnerability from csaf_redhat
Published
2018-10-30 12:05
Modified
2025-08-04 12:06
Summary
Red Hat Security Advisory: kernel-alt security, bug fix, and enhancement update
Notes
Topic
An update for kernel-alt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The kernel-alt packages provide the Linux kernel version 4.x.
Security Fix(es):
* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, aarch64)
* A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390)
* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)
Space precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article:
https://access.redhat.com/articles/3658021
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391; Qualys Research Labs for reporting CVE-2018-1120; David Rientjes (Google) for reporting CVE-2018-1000200; and Wen Xu for reporting CVE-2018-1092, CVE-2018-1094, and CVE-2018-1095. The CVE-2018-14619 issue was discovered by Florian Weimer (Red Hat) and Ondrej Mosnacek (Red Hat).
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for kernel-alt is now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The kernel-alt packages provide the Linux kernel version 4.x.\n\nSecurity Fix(es):\n\n* An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load \u0026 Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor\u0027s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks. (CVE-2018-3639, aarch64)\n\n* A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses. (CVE-2018-5390)\n\n* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)\n\nSpace precludes documenting all of the security fixes in this advisory. See the descriptions of the remaining security fixes in the related Knowledge Article: \n\nhttps://access.redhat.com/articles/3658021\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nRed Hat would like to thank Ken Johnson (Microsoft Security Response Center) and Jann Horn (Google Project Zero) for reporting CVE-2018-3639; Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5390 and CVE-2018-5391; Qualys Research Labs for reporting CVE-2018-1120; David Rientjes (Google) for reporting CVE-2018-1000200; and Wen Xu for reporting CVE-2018-1092, CVE-2018-1094, and CVE-2018-1095. The CVE-2018-14619 issue was discovered by Florian Weimer (Red Hat) and Ondrej Mosnacek (Red Hat).\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2948",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/3553061",
"url": "https://access.redhat.com/articles/3553061"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/ssbd",
"url": "https://access.redhat.com/security/vulnerabilities/ssbd"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/3658021",
"url": "https://access.redhat.com/articles/3658021"
},
{
"category": "external",
"summary": "1516257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516257"
},
{
"category": "external",
"summary": "1528312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528312"
},
{
"category": "external",
"summary": "1528323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528323"
},
{
"category": "external",
"summary": "1533909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533909"
},
{
"category": "external",
"summary": "1539508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539508"
},
{
"category": "external",
"summary": "1539706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539706"
},
{
"category": "external",
"summary": "1541846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541846"
},
{
"category": "external",
"summary": "1547824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824"
},
{
"category": "external",
"summary": "1548412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548412"
},
{
"category": "external",
"summary": "1550142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142"
},
{
"category": "external",
"summary": "1551051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551051"
},
{
"category": "external",
"summary": "1551565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551565"
},
{
"category": "external",
"summary": "1552048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"
},
{
"category": "external",
"summary": "1553361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553361"
},
{
"category": "external",
"summary": "1560777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777"
},
{
"category": "external",
"summary": "1560788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788"
},
{
"category": "external",
"summary": "1560793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560793"
},
{
"category": "external",
"summary": "1566890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566890"
},
{
"category": "external",
"summary": "1568744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568744"
},
{
"category": "external",
"summary": "1571062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571062"
},
{
"category": "external",
"summary": "1571623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571623"
},
{
"category": "external",
"summary": "1573699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573699"
},
{
"category": "external",
"summary": "1575472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575472"
},
{
"category": "external",
"summary": "1577408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577408"
},
{
"category": "external",
"summary": "1583210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583210"
},
{
"category": "external",
"summary": "1589324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1589324"
},
{
"category": "external",
"summary": "1590215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590215"
},
{
"category": "external",
"summary": "1590799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590799"
},
{
"category": "external",
"summary": "1596795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596795"
},
{
"category": "external",
"summary": "1596802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596802"
},
{
"category": "external",
"summary": "1596806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596806"
},
{
"category": "external",
"summary": "1596812",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596812"
},
{
"category": "external",
"summary": "1596828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596828"
},
{
"category": "external",
"summary": "1596842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596842"
},
{
"category": "external",
"summary": "1596846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596846"
},
{
"category": "external",
"summary": "1599161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599161"
},
{
"category": "external",
"summary": "1601704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601704"
},
{
"category": "external",
"summary": "1609664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609664"
},
{
"category": "external",
"summary": "1610958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610958"
},
{
"category": "external",
"summary": "1622004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622004"
},
{
"category": "external",
"summary": "1623067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623067"
},
{
"category": "external",
"summary": "1629636",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629636"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2948.json"
}
],
"title": "Red Hat Security Advisory: kernel-alt security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-08-04T12:06:47+00:00",
"generator": {
"date": "2025-08-04T12:06:47+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.6"
}
},
"id": "RHSA-2018:2948",
"initial_release_date": "2018-10-30T12:05:20+00:00",
"revision_history": [
{
"date": "2018-10-30T12:05:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-10-30T12:05:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-08-04T12:06:47+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product": {
"name": "Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:7::server"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-debuginfo@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product_id": "python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-perf-debuginfo@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo-common-ppc64le@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-devel@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug-debuginfo@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-libs-devel@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debuginfo@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product_id": "perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf-debuginfo@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-debug-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-debug-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-debug-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-debug@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "perf-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "perf-0:4.14.0-115.el7a.ppc64le",
"product_id": "perf-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/perf@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-devel-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-devel-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-devel-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-devel@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-tools-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-tools-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "python-perf-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "python-perf-0:4.14.0-115.el7a.ppc64le",
"product_id": "python-perf-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-perf@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-bootwrapper@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-tools-libs@4.14.0-115.el7a?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "kernel-headers-0:4.14.0-115.el7a.ppc64le",
"product": {
"name": "kernel-headers-0:4.14.0-115.el7a.ppc64le",
"product_id": "kernel-headers-0:4.14.0-115.el7a.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-headers@4.14.0-115.el7a?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"product": {
"name": "kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"product_id": "kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-abi-whitelists@4.14.0-115.el7a?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "kernel-doc-0:4.14.0-115.el7a.noarch",
"product": {
"name": "kernel-doc-0:4.14.0-115.el7a.noarch",
"product_id": "kernel-doc-0:4.14.0-115.el7a.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-doc@4.14.0-115.el7a?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-alt-0:4.14.0-115.el7a.src",
"product": {
"name": "kernel-alt-0:4.14.0-115.el7a.src",
"product_id": "kernel-alt-0:4.14.0-115.el7a.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/kernel-alt@4.14.0-115.el7a?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-abi-whitelists-0:4.14.0-115.el7a.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch"
},
"product_reference": "kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-alt-0:4.14.0-115.el7a.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src"
},
"product_reference": "kernel-alt-0:4.14.0-115.el7a.src",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-debug-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-devel-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-doc-0:4.14.0-115.el7a.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch"
},
"product_reference": "kernel-doc-0:4.14.0-115.el7a.noarch",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-headers-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-headers-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-tools-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "perf-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-debuginfo-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-perf-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "python-perf-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7)",
"product_id": "7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-abi-whitelists-0:4.14.0-115.el7a.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch"
},
"product_reference": "kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-alt-0:4.14.0-115.el7a.src as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src"
},
"product_reference": "kernel-alt-0:4.14.0-115.el7a.src",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-debug-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debug-devel-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-devel-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-doc-0:4.14.0-115.el7a.noarch as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch"
},
"product_reference": "kernel-doc-0:4.14.0-115.el7a.noarch",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-headers-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-headers-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-tools-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "perf-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "perf-debuginfo-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-perf-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "python-perf-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le as a component of Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7)",
"product_id": "7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
},
"product_reference": "python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"relates_to_product_reference": "7Server-optional-RHELALT-7.6"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-13166",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"discovery_date": "2018-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1548412"
}
],
"notes": [
{
"category": "description",
"text": "A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space. This flaw could be exploited by an attacker to overwrite a kernel memory from an unprivileged userspace process, leading to privilege escalation.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-13166"
},
{
"category": "external",
"summary": "RHBZ#1548412",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1548412"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-13166",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13166"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-13166",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-13166"
}
],
"release_date": "2017-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"category": "workaround",
"details": "A systemtap script intercepting v4l2_compat_ioctl32() function of the [videodev] module and making it to return -ENOIOCTLCMD error value would work just fine, except breaking all 32bit video capturing software, but not 64bit ones.\n\nAlternatively, blacklisting [videodev] module will work too, but it will break all video capturing software.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation"
},
{
"cve": "CVE-2017-16648",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2017-11-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1516257"
}
],
"notes": [
{
"category": "description",
"text": "The dvb frontend management subsystem in the Linux kernel contains a use-after-free which can allow a malicious user to write to memory that may be assigned to another kernel structure. This could create memory corruption, panic, or possibly other side affects.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Use-after-free in drivers/media/dvb-core/dvb_frontend.c",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7, MRG-2 and real-time kernels.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux kernel-alt package.\n\nFuture Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-16648"
},
{
"category": "external",
"summary": "RHBZ#1516257",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516257"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-16648",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-16648"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-16648",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-16648"
}
],
"release_date": "2017-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Use-after-free in drivers/media/dvb-core/dvb_frontend.c"
},
{
"cve": "CVE-2017-17805",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1528312"
}
],
"notes": [
{
"category": "description",
"text": "The Salsa20 encryption algorithm in the Linux kernel, before 4.14.8, does not correctly handle zero-length inputs. This allows a local attacker the ability to use the AF_ALG-based skcipher interface to cause a denial of service (uninitialized-memory free and kernel crash) or have an unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 are vulnerable.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 as the code with the flaw is not present in the products listed.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64, and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-17805"
},
{
"category": "external",
"summary": "RHBZ#1528312",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528312"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-17805",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17805"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17805",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17805"
}
],
"release_date": "2017-11-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service"
},
{
"cve": "CVE-2017-17806",
"cwe": {
"id": "CWE-391",
"name": "Unchecked Error Condition"
},
"discovery_date": "2017-12-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1528323"
}
],
"notes": [
{
"category": "description",
"text": "The HMAC implementation (crypto/hmac.c) in the Linux kernel, before 4.14.8, does not validate that the underlying cryptographic hash algorithm is unkeyed. This allows a local attacker, able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack buffer overflow by executing a crafted sequence of system calls that encounter a missing SHA-3 initialization.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, its real-time kernel and Red Hat Enterprise MRG 2.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-17806"
},
{
"category": "external",
"summary": "RHBZ#1528323",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1528323"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-17806",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-17806"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-17806",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-17806"
}
],
"release_date": "2017-11-29T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: HMAC implementation does not validate that the underlying cryptographic hash algorithm is unkeyed allowing local attackers to cause denial-of-service"
},
{
"cve": "CVE-2017-18075",
"cwe": {
"id": "CWE-628",
"name": "Function Call with Incorrectly Specified Arguments"
},
"discovery_date": "2018-01-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1539508"
}
],
"notes": [
{
"category": "description",
"text": "crypto/pcrypt.c in the Linux kernel, before 4.14.13, mishandles freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and 7, its real-time kernel and Red Hat Enterprise MRG 2, as the code with the flaw is not enabled and is not built in the products listed.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18075"
},
{
"category": "external",
"summary": "RHBZ#1539508",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539508"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18075",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18075"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18075",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18075"
}
],
"release_date": "2017-12-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Mishandled freeing of instances in pcrypt.c can allow a local user to cause a denial of service"
},
{
"cve": "CVE-2017-18208",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"discovery_date": "2018-03-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1551565"
}
],
"notes": [
{
"category": "description",
"text": "The madvise_willneed function in the Linux kernel allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18208"
},
{
"category": "external",
"summary": "RHBZ#1551565",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551565"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18208",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18208"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18208",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18208"
},
{
"category": "external",
"summary": "https://lwn.net/Articles/618064/",
"url": "https://lwn.net/Articles/618064/"
},
{
"category": "external",
"summary": "https://www.kernel.org/doc/Documentation/filesystems/dax.txt",
"url": "https://www.kernel.org/doc/Documentation/filesystems/dax.txt"
}
],
"release_date": "2017-11-30T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service"
},
{
"cve": "CVE-2017-18344",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-07-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1610958"
}
],
"notes": [
{
"category": "description",
"text": "The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel doesn\u0027t properly validate the sigevent-\u003esigev_notify field, which leads to out-of-bounds access in the show_timer function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18344"
},
{
"category": "external",
"summary": "RHBZ#1610958",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610958"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18344",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18344"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18344",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18344"
}
],
"release_date": "2017-12-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"category": "workaround",
"details": "Attached to this bugzilla is a systemtap script that will prevent opening (and therefore reading) the /proc/\u003cprocess\u003e/timers file which is used to leak information.\n\nThe SystemTap script is relatively small and efficient, broken into 3 distinct sections as follows:\n\n--------\n\nprobe kernel.function(\"proc_timers_open@fs/proc/base.c\").return { \n // this is -EACCES\n\t$return = -13;\n message = sprintf(\"CVE-2017-18344 mitigation denied access to %s to %s(%d)\", file_name , execname(), pid());\n // print a warning message at KERN_INFO debug level\n printk(6, message);\n}\n\nprobe begin {\n printk(6, \"Mitigation for CVE-2017-18344 loaded.\\n\");\n}\n\n\nprobe end {\n printk(6, \"Mitigation for CVE-2017-18344 unloaded.\\n\");\n}\n\n\n---------\n\nFirst, the script places a probe at the return of the kernel function \u201cproc_timers_open\u201d when called. This modifies the return value to be EACCES which would return this value to userspace preventing this file from being opened. When the /proc/\u003cpid\u003e/timer file is attempted to be opened, a message will be logged to the kernel log subsystem showing the process and pid of the application attempting to access the timer file. \n\nThis file is not in widespread use at this time, although some applications may read from it to debug or understand their own timers that are set. This mitigation will not be useful in this context.\n\nFinally, the \u201cprobe begin\u201d and \u201cprobe end\u201d code blocks tell systemtap to add the supplied text to the kernel log buffer via the printk function. This creates an audit trail by registering in the system logs exactly when the mitigation is loaded and unloaded. This will need to be compiled with guru mode (-g parameter) to compile.\n\nThis will need to be loaded at each boot to remain effective. Red Hat Product security recommends updating to a patched kernel when it is available.\n\nRed Hat always seeks to provide both mitigations to disable attacks as well as the actual patches to treat the flaw. To learn more about SystemTap, and how it can be used in your management of your Red Hat systems, please refer to Using SystemTap[1] or one of our videos about it within our Customer Portal[2].\n\n1 - https://access.redhat.com/articles/17839\n2 - https://access.redhat.com/search/#/?q=systemtap",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c"
},
{
"cve": "CVE-2018-1065",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-02-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1547824"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the netfilter/iptables subsystem. A user with the netfilter modification capabilities could insert a rule which could panic the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: netfilter: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table() leading to a crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1065"
},
{
"category": "external",
"summary": "RHBZ#1547824",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1547824"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1065",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1065"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1065",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1065"
}
],
"release_date": "2018-02-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: netfilter: xtables NULL pointer dereference in ip6_tables.c:ip6t_do_table() leading to a crash"
},
{
"cve": "CVE-2018-1068",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-03-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1552048"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1068"
},
{
"category": "external",
"summary": "RHBZ#1552048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552048"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1068",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1068"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1068",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1068"
}
],
"release_date": "2018-03-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c"
},
{
"acknowledgments": [
{
"names": [
"Wen Xu"
]
}
],
"cve": "CVE-2018-1092",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560777"
}
],
"notes": [
{
"category": "description",
"text": "The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1092"
},
{
"category": "external",
"summary": "RHBZ#1560777",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560777"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1092",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1092"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1092",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1092"
}
],
"release_date": "2018-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image"
},
{
"acknowledgments": [
{
"names": [
"Wen Xu"
]
}
],
"cve": "CVE-2018-1094",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560788"
}
],
"notes": [
{
"category": "description",
"text": "The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1094"
},
{
"category": "external",
"summary": "RHBZ#1560788",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560788"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1094",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1094"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1094",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1094"
}
],
"release_date": "2018-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image"
},
{
"acknowledgments": [
{
"names": [
"Wen Xu"
]
}
],
"cve": "CVE-2018-1095",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-03-27T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1560793"
}
],
"notes": [
{
"category": "description",
"text": "The Linux kernel is vulnerable to an out-of-bound access bug in the fs/posix_acl.c:get_acl() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a system crash or other unspecified impact with a crafted ext4 image. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1095"
},
{
"category": "external",
"summary": "RHBZ#1560793",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560793"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1095",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1095"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1095",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1095"
}
],
"release_date": "2018-03-22T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: out-of-bound access in fs/posix_acl.c:get_acl() causes crash with crafted ext4 image"
},
{
"cve": "CVE-2018-1118",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1573699"
}
],
"notes": [
{
"category": "description",
"text": "The Linux kernel does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1118"
},
{
"category": "external",
"summary": "RHBZ#1573699",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573699"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1118",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1118"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1118",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1118"
}
],
"release_date": "2018-04-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()"
},
{
"acknowledgments": [
{
"names": [
"Qualys Research Labs"
]
}
],
"cve": "CVE-2018-1120",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-05-07T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575472"
}
],
"notes": [
{
"category": "description",
"text": "By mmap()ing a FUSE-backed file onto a process\u0027s memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/\u003cpid\u003e/cmdline (or /proc/\u003cpid\u003e/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1120"
},
{
"category": "external",
"summary": "RHBZ#1575472",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575472"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1120"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1120",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1120"
},
{
"category": "external",
"summary": "http://seclists.org/oss-sec/2018/q2/122",
"url": "http://seclists.org/oss-sec/2018/q2/122"
}
],
"release_date": "2018-05-17T17:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.8,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service"
},
{
"acknowledgments": [
{
"names": [
"Jann Horn"
],
"organization": "Google Project Zero"
},
{
"names": [
"Ken Johnson"
],
"organization": "Microsoft Security Response Center"
}
],
"cve": "CVE-2018-3639",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-03-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1566890"
}
],
"notes": [
{
"category": "description",
"text": "An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load \u0026 Store instructions (a commonly used performance optimization). It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory read from address to which a recent memory write has occurred may see an older value and subsequently cause an update into the microprocessor\u0027s data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to read privileged memory by conducting targeted cache side-channel attacks.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "hw: cpu: speculative store bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/security/vulnerabilities/ssbd",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-3639"
},
{
"category": "external",
"summary": "RHBZ#1566890",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566890"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-3639",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3639"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3639"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/vulnerabilities/ssbd",
"url": "https://access.redhat.com/security/vulnerabilities/ssbd"
},
{
"category": "external",
"summary": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528",
"url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1528"
},
{
"category": "external",
"summary": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf",
"url": "https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf"
},
{
"category": "external",
"summary": "https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf",
"url": "https://software.intel.com/sites/default/files/managed/c5/63/336996-Speculative-Execution-Side-Channel-Mitigations.pdf"
},
{
"category": "external",
"summary": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html"
}
],
"release_date": "2018-05-21T21:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "hw: cpu: speculative store bypass"
},
{
"cve": "CVE-2018-5344",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2018-01-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1533909"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s handling of loopback devices. An attacker, who has permissions to setup loopback disks, may create a denial of service or other unspecified actions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 and MRG-2.\n\nFuture Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5344"
},
{
"category": "external",
"summary": "RHBZ#1533909",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1533909"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5344",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5344"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5344",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5344"
}
],
"release_date": "2018-01-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service"
},
{
"acknowledgments": [
{
"names": [
"Juha-Matti Tilli"
],
"organization": "Aalto University - Department of Communications and Networking and Nokia Bell Labs"
}
],
"cve": "CVE-2018-5390",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1601704"
}
],
"notes": [
{
"category": "description",
"text": "A flaw named SegmentSmack was found in the way the Linux kernel handled specially crafted TCP packets. A remote attacker could use this flaw to trigger time and calculation expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() functions by sending specially modified packets within ongoing TCP sessions which could lead to a CPU saturation and hence a denial of service on the system. Maintaining the denial of service condition requires continuous two-way TCP sessions to a reachable open port, thus the attacks cannot be performed using spoofed IP addresses.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/3553061\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64, and Red Hat Enterprise Linux 7 for Power 9. Future kernel updates for the respective releases will address this issue.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, but to a lesser degree. As such, the issue severity for RHEL5 is considered Moderate. This is not currently planned to be addressed in future updates of the product due to its life cycle and the issue severity. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5390"
},
{
"category": "external",
"summary": "RHBZ#1601704",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1601704"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5390",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5390"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5390",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5390"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/3553061",
"url": "https://access.redhat.com/articles/3553061"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/962459",
"url": "https://www.kb.cert.org/vuls/id/962459"
},
{
"category": "external",
"summary": "https://www.spinics.net/lists/netdev/msg514742.html",
"url": "https://www.spinics.net/lists/netdev/msg514742.html"
}
],
"release_date": "2018-08-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: TCP segments with random offsets allow a remote denial of service (SegmentSmack)"
},
{
"acknowledgments": [
{
"names": [
"Juha-Matti Tilli"
],
"organization": "Aalto University - Department of Communications and Networking and Nokia Bell Labs"
}
],
"cve": "CVE-2018-5391",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-07-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1609664"
}
],
"notes": [
{
"category": "description",
"text": "A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security is aware of this issue. Updates will be released as they become available. For additional information, please refer to the Red Hat Knowledgebase article: https://access.redhat.com/articles/3553061\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64, and Red Hat Enterprise Linux 7 for Power 9. Future kernel updates for the respective releases will address this issue.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, but to a lesser degree. As such, the issue severity for RHEL5 is considered Moderate. This is not currently planned to be addressed in future updates of the product due to its life cycle and the issue severity. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5391"
},
{
"category": "external",
"summary": "RHBZ#1609664",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1609664"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5391",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5391"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5391",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5391"
},
{
"category": "external",
"summary": "https://access.redhat.com/articles/3553061",
"url": "https://access.redhat.com/articles/3553061"
},
{
"category": "external",
"summary": "https://www.kb.cert.org/vuls/id/641765",
"url": "https://www.kb.cert.org/vuls/id/641765"
}
],
"release_date": "2018-08-14T16:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"category": "workaround",
"details": "One may change the default 4MB and 3MB values of net.ipv4.ipfrag_high_thresh and net.ipv4.ipfrag_low_thresh (and their ipv6 counterparts net.ipv6.ipfrag_high_thresh and net.ipv6.ipfrag_low_thresh) to 256 kB and 192 kB (respectively) or below. Tests show some to significant CPU saturation drop during an attack, depending on a hardware, configuration and environment.\n\nThere can be some impact on performance though, due to ipfrag_high_thresh of 262144 bytes, as only two 64K fragments can fit in the reassembly queue at the same time. For example, there is a risk of breaking applications that rely on large UDP packets.\n\nSee the Mitigation section in the https://access.redhat.com/articles/3553061 article for the script to quickly change to/from default and lower settings.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)"
},
{
"cve": "CVE-2018-5750",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-01-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1539706"
}
],
"notes": [
{
"category": "description",
"text": "The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel, through 4.14.15, allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, and Red Hat Enterprise MRG 2, as KASLR feature is not present or enabled in these products.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5750"
},
{
"category": "external",
"summary": "RHBZ#1539706",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1539706"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5750",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5750"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5750",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5750"
}
],
"release_date": "2017-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass"
},
{
"cve": "CVE-2018-5803",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-03-01T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1551051"
}
],
"notes": [
{
"category": "description",
"text": "An error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5803"
},
{
"category": "external",
"summary": "RHBZ#1551051",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1551051"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5803",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5803"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5803",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5803"
}
],
"release_date": "2018-02-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service"
},
{
"cve": "CVE-2018-5848",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"discovery_date": "2018-05-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1590799"
}
],
"notes": [
{
"category": "description",
"text": "In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the \u2018ie_len\u2019 argument can cause a buffer overflow and thus a memory corruption leading to a system crash or other or unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-5848"
},
{
"category": "external",
"summary": "RHBZ#1590799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590799"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-5848",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5848"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-5848",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5848"
}
],
"release_date": "2017-12-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption"
},
{
"cve": "CVE-2018-7566",
"cwe": {
"id": "CWE-362",
"name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
},
"discovery_date": "2018-01-29T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1550142"
}
],
"notes": [
{
"category": "description",
"text": "ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user can reset the pool size manually via ioctl concurrently, and this may lead to UAF or out-of-bound access.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: race condition in snd_seq_write() may lead to UAF or OOB-access",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 5.\n\nThis issue affects the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-7566"
},
{
"category": "external",
"summary": "RHBZ#1550142",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1550142"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-7566",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7566"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7566",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7566"
}
],
"release_date": "2018-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: race condition in snd_seq_write() may lead to UAF or OOB-access"
},
{
"cve": "CVE-2018-7757",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-03-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1553361"
}
],
"notes": [
{
"category": "description",
"text": "Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-7757"
},
{
"category": "external",
"summary": "RHBZ#1553361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553361"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-7757",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-7757"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7757"
}
],
"release_date": "2018-03-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c"
},
{
"cve": "CVE-2018-8781",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2018-04-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1571062"
}
],
"notes": [
{
"category": "description",
"text": "A an integer overflow vulnerability was discovered in the Linux kernel, from version 3.4 through 4.15, in the drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An attacker with access to the udldrmfb driver could exploit this to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-8781"
},
{
"category": "external",
"summary": "RHBZ#1571062",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571062"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-8781",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-8781"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-8781",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8781"
}
],
"release_date": "2018-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space"
},
{
"cve": "CVE-2018-9363",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-08-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1623067"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow due to a singed-unsigned comparsion was found in hidp_process_report() in the net/bluetooth/hidp/core.c in the Linux kernel. The buffer length is an unsigned int but gets cast to a signed int which in certain conditions can lead to a system panic and a denial-of-service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Buffer overflow in hidp_process_report",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-9363"
},
{
"category": "external",
"summary": "RHBZ#1623067",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1623067"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-9363",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9363"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-9363",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-9363"
}
],
"release_date": "2018-08-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Buffer overflow in hidp_process_report"
},
{
"cve": "CVE-2018-10322",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-04-24T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1571623"
}
],
"notes": [
{
"category": "description",
"text": "The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel can cause a NULL pointer dereference in xfs_ilock_attr_map_shared function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted xfs filesystem image to cause a kernel panic and thus a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10322"
},
{
"category": "external",
"summary": "RHBZ#1571623",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571623"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10322",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10322"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10322",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10322"
}
],
"release_date": "2018-04-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service"
},
{
"cve": "CVE-2018-10877",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596795"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel ext4 filesystem. An out-of-bound access is possible in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: out-of-bound access in ext4_ext_drop_refs function with a crafted ext4 image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10877"
},
{
"category": "external",
"summary": "RHBZ#1596795",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596795"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10877",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10877"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10877",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10877"
}
],
"release_date": "2018-04-16T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 5.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: out-of-bound access in ext4_ext_drop_refs function with a crafted ext4 image"
},
{
"cve": "CVE-2018-10878",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596802"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10878"
},
{
"category": "external",
"summary": "RHBZ#1596802",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596802"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10878",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10878"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10878",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10878"
}
],
"release_date": "2018-05-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image"
},
{
"cve": "CVE-2018-10879",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596806"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10879"
},
{
"category": "external",
"summary": "RHBZ#1596806",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596806"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10879",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10879"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10879",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10879"
}
],
"release_date": "2018-06-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file"
},
{
"cve": "CVE-2018-10880",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596812"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s ext4 filesystem code. A stack-out-of-bounds write in ext4_update_inline_data() is possible when mounting and writing to a crafted ext4 image. An attacker could use this to cause a system crash and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: stack-out-of-bounds write in ext4_update_inline_data function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10880"
},
{
"category": "external",
"summary": "RHBZ#1596812",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596812"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10880",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10880"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10880",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10880"
}
],
"release_date": "2018-06-09T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: stack-out-of-bounds write in ext4_update_inline_data function"
},
{
"cve": "CVE-2018-10881",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596828"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10881"
},
{
"category": "external",
"summary": "RHBZ#1596828",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596828"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10881",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10881"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10881",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10881"
}
],
"release_date": "2018-06-10T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image"
},
{
"cve": "CVE-2018-10882",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596842"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause an out-of-bound write in the fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: stack-out-of-bounds write infs/jbd2/transaction.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10882"
},
{
"category": "external",
"summary": "RHBZ#1596842",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596842"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10882",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10882"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10882",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10882"
}
],
"release_date": "2018-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: stack-out-of-bounds write infs/jbd2/transaction.c"
},
{
"cve": "CVE-2018-10883",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2018-06-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1596846"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel\u0027s ext4 filesystem. A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10883"
},
{
"category": "external",
"summary": "RHBZ#1596846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10883",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10883"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10883",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10883"
}
],
"release_date": "2018-06-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "PHYSICAL",
"availabilityImpact": "HIGH",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function"
},
{
"cve": "CVE-2018-10940",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"discovery_date": "2018-05-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1577408"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel, before 4.16.6 where the cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-10940"
},
{
"category": "external",
"summary": "RHBZ#1577408",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1577408"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-10940",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-10940"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-10940",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10940"
}
],
"release_date": "2018-04-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c"
},
{
"cve": "CVE-2018-11506",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2018-05-28T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1583210"
}
],
"notes": [
{
"category": "description",
"text": "The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel allows local users to cause a denial of service via a stack-based buffer overflow or possibly have unspecified other impact because sense buffers have different sizes at the CDROM layer and the SCSI layer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of service or other unspecified impact",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-11506"
},
{
"category": "external",
"summary": "RHBZ#1583210",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583210"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-11506",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11506"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-11506",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11506"
}
],
"release_date": "2018-05-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Stack-based buffer overflow in drivers/scsi/sr_ioctl.c allows denial of service or other unspecified impact"
},
{
"cve": "CVE-2018-12232",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-06-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1590215"
}
],
"notes": [
{
"category": "description",
"text": "A NULL pointer dereference issue was found in the Linux kernel. If the close() and fchownat() system calls share a socket file descriptor as an argument, then the two calls can race and trigger a NULL pointer dereference leading to a system crash and a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-12232"
},
{
"category": "external",
"summary": "RHBZ#1590215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590215"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-12232",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-12232"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12232",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12232"
}
],
"release_date": "2018-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: NULL pointer dereference if close and fchownat system calls share a socket file descriptor"
},
{
"cve": "CVE-2018-13405",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"discovery_date": "2018-07-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1599161"
}
],
"notes": [
{
"category": "description",
"text": "A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set, in a scenario where a directory is SGID and belongs to a certain group and is writable by a user who is not a member of this group. This can lead to excessive permissions granted in case when they should not.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-13405"
},
{
"category": "external",
"summary": "RHBZ#1599161",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599161"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-13405",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-13405"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-13405",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13405"
}
],
"release_date": "2018-07-05T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members"
},
{
"acknowledgments": [
{
"names": [
"Florian Weimer",
"Ondrej Mosnacek"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-14619",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2018-08-22T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1622004"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the crypto subsystem that allowed an attacker \r\nto crash the system or possibly escalate privileges with a specially crafted program.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: crash (possible privesc) in kernel crypto api.",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14619"
},
{
"category": "external",
"summary": "RHBZ#1622004",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622004"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14619",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14619"
},
{
"category": "external",
"summary": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b32a7dc8aef1882fbf983eb354837488cc9d54dc",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b32a7dc8aef1882fbf983eb354837488cc9d54dc"
}
],
"release_date": "2018-08-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: crash (possible privesc) in kernel crypto api."
},
{
"cve": "CVE-2018-14641",
"cwe": {
"id": "CWE-456",
"name": "Missing Initialization of a Variable"
},
"discovery_date": "2018-09-09T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1629636"
}
],
"notes": [
{
"category": "description",
"text": "A security flaw was found in the ip_frag_reasm() function in net/ipv4/ip_fragment.c in the Linux kernel which can cause a later system crash in ip_do_fragment(). With certain non-default, but non-rare, configuration of a victim host, an attacker can trigger this crash remotely, thus leading to a remote denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment()",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-14641"
},
{
"category": "external",
"summary": "RHBZ#1629636",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629636"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-14641",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14641"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-14641",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14641"
}
],
"release_date": "2018-09-18T09:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "kernel: a bug in ip_frag_reasm() can cause a crash in ip_do_fragment()"
},
{
"cve": "CVE-2018-1000026",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2018-02-05T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1541846"
}
],
"notes": [
{
"category": "description",
"text": "Improper validation in the bnx2x network card driver of the Linux kernel version 4.15 can allow for denial of service (DoS) attacks via a packet with a gso_size larger than ~9700 bytes. Untrusted guest VMs can exploit this vulnerability in the host machine, causing a crash in the network card.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5 and 6, as supported configurations are not affected.\n\nThis issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7, its real-time kernel, Red Hat Enterprise MRG 2, Red Hat Enterprise Linux 7 for ARM 64 and Red Hat Enterprise Linux 7 for Power 9 LE. Future Linux kernel updates for the respective releases may address this issue.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000026"
},
{
"category": "external",
"summary": "RHBZ#1541846",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1541846"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000026",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000026"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000026",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000026"
}
],
"release_date": "2018-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet"
},
{
"acknowledgments": [
{
"names": [
"David Rientjes"
],
"organization": "Google"
}
],
"cve": "CVE-2018-1000200",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"discovery_date": "2018-04-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1568744"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in the Linux kernel where an out of memory (oom) killing of a process that has large spans of mlocked memory can result in deferencing a NULL pointer, leading to denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: NULL pointer dereference on OOM kill of large mlocked process",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000200"
},
{
"category": "external",
"summary": "RHBZ#1568744",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1568744"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000200",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000200"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000200",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000200"
}
],
"release_date": "2018-04-24T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "kernel: NULL pointer dereference on OOM kill of large mlocked process"
},
{
"cve": "CVE-2018-1000204",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"discovery_date": "2018-06-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1589324"
}
],
"notes": [
{
"category": "description",
"text": "A malformed SG_IO ioctl issued for a SCSI device in the Linux kernel leads to a local kernel data leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "kernel: Infoleak caused by incorrect handling of the SG_IO ioctl",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1000204"
},
{
"category": "external",
"summary": "RHBZ#1589324",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1589324"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1000204",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000204"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000204",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000204"
}
],
"release_date": "2018-05-18T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-10-30T12:05:20+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\nThe system must be rebooted for this update to take effect.",
"product_ids": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"7Server-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-abi-whitelists-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-alt-0:4.14.0-115.el7a.src",
"7Server-optional-RHELALT-7.6:kernel-bootwrapper-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debug-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-debuginfo-common-ppc64le-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-doc-0:4.14.0-115.el7a.noarch",
"7Server-optional-RHELALT-7.6:kernel-headers-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:kernel-tools-libs-devel-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:perf-debuginfo-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-0:4.14.0-115.el7a.ppc64le",
"7Server-optional-RHELALT-7.6:python-perf-debuginfo-0:4.14.0-115.el7a.ppc64le"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "kernel: Infoleak caused by incorrect handling of the SG_IO ioctl"
}
]
}
gsd-2018-12232
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-12232",
"description": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
"id": "GSD-2018-12232",
"references": [
"https://www.suse.com/security/cve/CVE-2018-12232.html",
"https://access.redhat.com/errata/RHSA-2018:2948",
"https://ubuntu.com/security/CVE-2018-12232",
"https://alas.aws.amazon.com/cve/html/CVE-2018-12232.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-12232"
],
"details": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash.",
"id": "GSD-2018-12232",
"modified": "2023-12-13T01:22:30.375395Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12232",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3752-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "USN-3752-3",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"name": "https://patchwork.ozlabs.org/patch/926519/",
"refsource": "MISC",
"url": "https://patchwork.ozlabs.org/patch/926519/"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"name": "https://lkml.org/lkml/2018/6/5/14",
"refsource": "MISC",
"url": "https://lkml.org/lkml/2018/6/5/14"
},
{
"name": "104453",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104453"
},
{
"name": "USN-3752-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"name": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.17.1",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12232"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://patchwork.ozlabs.org/patch/926519/",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://patchwork.ozlabs.org/patch/926519/"
},
{
"name": "https://lkml.org/lkml/2018/6/5/14",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://lkml.org/lkml/2018/6/5/14"
},
{
"name": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"name": "104453",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104453"
},
{
"name": "USN-3752-2",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"name": "USN-3752-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"name": "USN-3752-3",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"name": "RHSA-2018:2948",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
},
"lastModifiedDate": "2018-10-31T10:30Z",
"publishedDate": "2018-06-12T12:29Z"
}
}
}
fkie_cve-2018-12232
Vulnerability from fkie_nvd
Published
2018-06-12 12:29
Modified
2024-11-21 03:44
Severity ?
Summary
In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat's execution, leading to a NULL pointer dereference and system crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14 | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/104453 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:2948 | ||
| cve@mitre.org | https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lkml.org/lkml/2018/6/5/14 | Third Party Advisory | |
| cve@mitre.org | https://patchwork.ozlabs.org/patch/926519/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3752-1/ | ||
| cve@mitre.org | https://usn.ubuntu.com/3752-2/ | ||
| cve@mitre.org | https://usn.ubuntu.com/3752-3/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104453 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2948 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lkml.org/lkml/2018/6/5/14 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://patchwork.ozlabs.org/patch/926519/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3752-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3752-2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3752-3/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| linux | linux_kernel | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF7338D-D530-4EEA-B1D6-926A91AC72BE",
"versionEndIncluding": "4.17.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In net/socket.c in the Linux kernel through 4.17.1, there is a race condition between fchownat and close in cases where they target the same socket file descriptor, related to the sock_close and sockfs_setattr functions. fchownat does not increment the file descriptor reference count, which allows close to set the socket to NULL during fchownat\u0027s execution, leading to a NULL pointer dereference and system crash."
},
{
"lang": "es",
"value": "En net/socket.c en el kernel de Linux hasta la versi\u00f3n 4.17.1, hay una condici\u00f3n de carrera entre fchownat y close en los casos en los que apuntan al mismo descriptor de archivo socket. Esto est\u00e1 relacionado con las funciones sock_close y sockfs_setattr. fchownat no incrementa el conteo de referencia del descriptor de archivos, lo que permite que close establezca el socket como NULL durante la ejecuci\u00f3n de fchownat lo que conduce a una desreferencia de puntero NULL y a un cierre inesperado del sistema."
}
],
"id": "CVE-2018-12232",
"lastModified": "2024-11-21T03:44:49.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-12T12:29:00.210",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104453"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://lkml.org/lkml/2018/6/5/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://patchwork.ozlabs.org/patch/926519/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/3752-3/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:2948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/torvalds/linux/commit/6d8c50dcb029872b298eea68cc6209c866fd3e14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lkml.org/lkml/2018/6/5/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://patchwork.ozlabs.org/patch/926519/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3752-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3752-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3752-3/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…