suse-su-2018:0841-1
Vulnerability from csaf_suse
Published
2018-03-29 09:58
Modified
2018-03-29 09:58
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).
The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.
- CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver, i40e/i40evf driver and the DPDK, additionally multiple vendor NIC firmware is affected (bnc#1077355).
- CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908).
- CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).
- CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).
- CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922).
- CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).
- CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).
- CVE-2018-5333: In the Linux kernel rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).
The following non-security bugs were fixed:
- Add proper NX hadnling for !NX-capable systems also to kaiser_add_user_map(). (bsc#1076278).
- alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1045538).
- alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538).
- alsa: aloop: Release cable upon open error path (bsc#1045538).
- alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1045538).
- alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1045538).
- alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1045538).
- alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538).
- alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538).
- btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction (FATE#325056).
- btrfs: copy fsid to super_block s_uuid (bsc#1080774).
- btrfs: do not wait for all the writers circularly during the transaction commit (FATE#325056).
- btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1080363).
- btrfs: fix two use-after-free bugs with transaction cleanup (FATE#325056).
- btrfs: make the state of the transaction more readable (FATE#325056).
- btrfs: qgroup: exit the rescan worker during umount (bsc#1080685).
- btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#1080685).
- btrfs: reset intwrite on transaction abort (FATE#325056).
- btrfs: set qgroup_ulist to be null after calling ulist_free() (bsc#1080359).
- btrfs: stop waiting on current trans if we aborted (FATE#325056).
- cdc-acm: apply quirk for card reader (bsc#1060279).
- cdrom: factor out common open_for_* code (bsc#1048585).
- cdrom: wait for tray to close (bsc#1048585).
- delay: add poll_event_interruptible (bsc#1048585).
- dm flakey: add corrupt_bio_byte feature (bsc#1080372).
- dm flakey: add drop_writes (bsc#1080372).
- dm flakey: error READ bios during the down_interval (bsc#1080372).
- dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372).
- dm flakey: fix reads to be issued if drop_writes configured (bsc#1080372).
- dm flakey: introduce 'error_writes' feature (bsc#1080372).
- dm flakey: support feature args (bsc#1080372).
- dm flakey: use dm_target_offset and support discards (bsc#1080372).
- ext2: free memory allocated and forget buffer head when io error happens (bnc#1069508).
- ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508).
- ext3: add necessary check in case IO error happens (bnc#1069508).
- ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508).
- fork: clear thread stack upon allocation (bsc#1077560).
- kabi/severities ignore Cell-specific symbols
- kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz
- kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the pagetable hierarchy.
- kaiser: Fix trampoline stack loading issue on XEN PV
- kaiser: handle non-accessible stack in sysretl_from_sys_call properly (bsc#bsc#1080579)
- kaiser: make sure not to touch stack after CR3 switch in compat syscall return
- kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry (bsc#1080579)
- kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032).
- keys: trusted: fix writing past end of buffer in trusted_read() (bsc#1074880).
- media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431).
- mISDN: fix a loop count (bsc#1077191).
- mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500).
- nfsd: do not share group_info among threads (bsc@1070623).
- ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert thread (bsc#1076437).
- ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can not be granted at once (bsc#1076437).
- ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257).
- powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075088).
- powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088).
- powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088).
- powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075088).
- powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075088).
- powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075088).
- powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088).
- powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088).
- powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075088).
- powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).
- powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075088).
- powerpc: Fix register clobbering when accumulating stolen time (bsc#1059174).
- powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487).
- powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088).
- powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619, git-fixes).
- powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133).
- powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (bsc#1068032, bsc#1075088).
- powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075088).
- powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075088).
- powerpc/pseries: Kill all prefetch streams on context switch (bsc#1068032, bsc#1075088).
- powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075088).
- powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088).
- powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1075088).
- powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088).
- powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075088).
- powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088).
- powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088).
- powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075088).
- powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075088).
- powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1075088).
- powerpc/vdso64: Use double word compare on pointers (bsc#1070781).
- rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088).
- rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088).
- rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1075088).
- rfi-flush: Switch to new linear fallback flush (bsc#1068032, bsc#1075088).
- s390: add ppa to the idle loop (bnc#1077406, LTC#163910).
- s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741).
- scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875).
- scsi: sr: wait for the medium to become ready (bsc#1048585).
- scsi: virtio_scsi: let host do exception handling (bsc#936530,bsc#1060682).
- storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410).
- sysfs/cpu: Add vulnerability folder (bnc#1012382).
- sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).
- sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
- Update config files: enable CPU vulnerabilities reporting via sysfs
- x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984).
- x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984).
- x86/boot: Fix early command-line parsing when matching at end (bsc#1068032).
- x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091).
- x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
- x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
- x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278).
- x86/kaiser: use trampoline stack for kernel entry.
- x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305).
- x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305).
- x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091).
- x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032).
- x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091).
- x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091).
- x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).
Patchnames
slertesp4-kernel-rt-20180209-13539
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).\n\n The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka \u0027retpolines\u0027.\n\n- CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF\u0027s assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver, i40e/i40evf driver and the DPDK, additionally multiple vendor NIC firmware is affected (bnc#1077355).\n- CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908).\n- CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).\n- CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).\n- CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port-\u003eexists value can change after it is validated (bnc#1077922).\n- CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).\n- CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n- CVE-2018-5333: In the Linux kernel rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).\n\nThe following non-security bugs were fixed:\n\n- Add proper NX hadnling for !NX-capable systems also to kaiser_add_user_map(). (bsc#1076278).\n- alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1045538).\n- alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538).\n- alsa: aloop: Release cable upon open error path (bsc#1045538).\n- alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1045538).\n- alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1045538).\n- alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1045538).\n- alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538).\n- alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538).\n- btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction (FATE#325056).\n- btrfs: copy fsid to super_block s_uuid (bsc#1080774).\n- btrfs: do not wait for all the writers circularly during the transaction commit (FATE#325056).\n- btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1080363).\n- btrfs: fix two use-after-free bugs with transaction cleanup (FATE#325056).\n- btrfs: make the state of the transaction more readable (FATE#325056).\n- btrfs: qgroup: exit the rescan worker during umount (bsc#1080685).\n- btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#1080685).\n- btrfs: reset intwrite on transaction abort (FATE#325056).\n- btrfs: set qgroup_ulist to be null after calling ulist_free() (bsc#1080359).\n- btrfs: stop waiting on current trans if we aborted (FATE#325056).\n- cdc-acm: apply quirk for card reader (bsc#1060279).\n- cdrom: factor out common open_for_* code (bsc#1048585).\n- cdrom: wait for tray to close (bsc#1048585).\n- delay: add poll_event_interruptible (bsc#1048585).\n- dm flakey: add corrupt_bio_byte feature (bsc#1080372).\n- dm flakey: add drop_writes (bsc#1080372).\n- dm flakey: error READ bios during the down_interval (bsc#1080372).\n- dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372).\n- dm flakey: fix reads to be issued if drop_writes configured (bsc#1080372).\n- dm flakey: introduce \u0027error_writes\u0027 feature (bsc#1080372).\n- dm flakey: support feature args (bsc#1080372).\n- dm flakey: use dm_target_offset and support discards (bsc#1080372).\n- ext2: free memory allocated and forget buffer head when io error happens (bnc#1069508).\n- ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n- ext3: add necessary check in case IO error happens (bnc#1069508).\n- ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n- fork: clear thread stack upon allocation (bsc#1077560).\n- kabi/severities ignore Cell-specific symbols\n- kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz\n- kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the pagetable hierarchy.\n- kaiser: Fix trampoline stack loading issue on XEN PV\n- kaiser: handle non-accessible stack in sysretl_from_sys_call properly (bsc#bsc#1080579)\n- kaiser: make sure not to touch stack after CR3 switch in compat syscall return\n- kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry (bsc#1080579)\n- kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032).\n- keys: trusted: fix writing past end of buffer in trusted_read() (bsc#1074880).\n- media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431).\n- mISDN: fix a loop count (bsc#1077191).\n- mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500).\n- nfsd: do not share group_info among threads (bsc@1070623).\n- ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert thread (bsc#1076437).\n- ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can not be granted at once (bsc#1076437).\n- ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257).\n- powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075088).\n- powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088).\n- powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088).\n- powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075088).\n- powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075088).\n- powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075088).\n- powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088).\n- powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088).\n- powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075088).\n- powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n- powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075088).\n- powerpc: Fix register clobbering when accumulating stolen time (bsc#1059174).\n- powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487).\n- powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088).\n- powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619, git-fixes).\n- powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133).\n- powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags \u0026 wrapper (bsc#1068032, bsc#1075088).\n- powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075088).\n- powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075088).\n- powerpc/pseries: Kill all prefetch streams on context switch (bsc#1068032, bsc#1075088).\n- powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075088).\n- powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088).\n- powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1075088).\n- powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088).\n- powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075088).\n- powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088).\n- powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088).\n- powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075088).\n- powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075088).\n- powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1075088).\n- powerpc/vdso64: Use double word compare on pointers (bsc#1070781).\n- rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088).\n- rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088).\n- rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1075088).\n- rfi-flush: Switch to new linear fallback flush (bsc#1068032, bsc#1075088).\n- s390: add ppa to the idle loop (bnc#1077406, LTC#163910).\n- s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741).\n- scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875).\n- scsi: sr: wait for the medium to become ready (bsc#1048585).\n- scsi: virtio_scsi: let host do exception handling (bsc#936530,bsc#1060682).\n- storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410).\n- sysfs/cpu: Add vulnerability folder (bnc#1012382).\n- sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n- sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n- Update config files: enable CPU vulnerabilities reporting via sysfs\n- x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984).\n- x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984).\n- x86/boot: Fix early command-line parsing when matching at end (bsc#1068032).\n- x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091).\n- x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n- x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).\n- x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278).\n- x86/kaiser: use trampoline stack for kernel entry.\n- x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305).\n- x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305).\n- x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091).\n- x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032).\n- x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091).\n- x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091).\n- x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slertesp4-kernel-rt-20180209-13539",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0841-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0841-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180841-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0841-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-March/003854.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012382",
"url": "https://bugzilla.suse.com/1012382"
},
{
"category": "self",
"summary": "SUSE Bug 1045538",
"url": "https://bugzilla.suse.com/1045538"
},
{
"category": "self",
"summary": "SUSE Bug 1048585",
"url": "https://bugzilla.suse.com/1048585"
},
{
"category": "self",
"summary": "SUSE Bug 1049128",
"url": "https://bugzilla.suse.com/1049128"
},
{
"category": "self",
"summary": "SUSE Bug 1050431",
"url": "https://bugzilla.suse.com/1050431"
},
{
"category": "self",
"summary": "SUSE Bug 1054305",
"url": "https://bugzilla.suse.com/1054305"
},
{
"category": "self",
"summary": "SUSE Bug 1059174",
"url": "https://bugzilla.suse.com/1059174"
},
{
"category": "self",
"summary": "SUSE Bug 1060279",
"url": "https://bugzilla.suse.com/1060279"
},
{
"category": "self",
"summary": "SUSE Bug 1060682",
"url": "https://bugzilla.suse.com/1060682"
},
{
"category": "self",
"summary": "SUSE Bug 1063544",
"url": "https://bugzilla.suse.com/1063544"
},
{
"category": "self",
"summary": "SUSE Bug 1064861",
"url": "https://bugzilla.suse.com/1064861"
},
{
"category": "self",
"summary": "SUSE Bug 1068032",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "self",
"summary": "SUSE Bug 1068984",
"url": "https://bugzilla.suse.com/1068984"
},
{
"category": "self",
"summary": "SUSE Bug 1069508",
"url": "https://bugzilla.suse.com/1069508"
},
{
"category": "self",
"summary": "SUSE Bug 1070623",
"url": "https://bugzilla.suse.com/1070623"
},
{
"category": "self",
"summary": "SUSE Bug 1070781",
"url": "https://bugzilla.suse.com/1070781"
},
{
"category": "self",
"summary": "SUSE Bug 1073311",
"url": "https://bugzilla.suse.com/1073311"
},
{
"category": "self",
"summary": "SUSE Bug 1074488",
"url": "https://bugzilla.suse.com/1074488"
},
{
"category": "self",
"summary": "SUSE Bug 1074621",
"url": "https://bugzilla.suse.com/1074621"
},
{
"category": "self",
"summary": "SUSE Bug 1074880",
"url": "https://bugzilla.suse.com/1074880"
},
{
"category": "self",
"summary": "SUSE Bug 1075088",
"url": "https://bugzilla.suse.com/1075088"
},
{
"category": "self",
"summary": "SUSE Bug 1075091",
"url": "https://bugzilla.suse.com/1075091"
},
{
"category": "self",
"summary": "SUSE Bug 1075410",
"url": "https://bugzilla.suse.com/1075410"
},
{
"category": "self",
"summary": "SUSE Bug 1075617",
"url": "https://bugzilla.suse.com/1075617"
},
{
"category": "self",
"summary": "SUSE Bug 1075621",
"url": "https://bugzilla.suse.com/1075621"
},
{
"category": "self",
"summary": "SUSE Bug 1075908",
"url": "https://bugzilla.suse.com/1075908"
},
{
"category": "self",
"summary": "SUSE Bug 1075994",
"url": "https://bugzilla.suse.com/1075994"
},
{
"category": "self",
"summary": "SUSE Bug 1076017",
"url": "https://bugzilla.suse.com/1076017"
},
{
"category": "self",
"summary": "SUSE Bug 1076154",
"url": "https://bugzilla.suse.com/1076154"
},
{
"category": "self",
"summary": "SUSE Bug 1076278",
"url": "https://bugzilla.suse.com/1076278"
},
{
"category": "self",
"summary": "SUSE Bug 1076437",
"url": "https://bugzilla.suse.com/1076437"
},
{
"category": "self",
"summary": "SUSE Bug 1076849",
"url": "https://bugzilla.suse.com/1076849"
},
{
"category": "self",
"summary": "SUSE Bug 1077191",
"url": "https://bugzilla.suse.com/1077191"
},
{
"category": "self",
"summary": "SUSE Bug 1077355",
"url": "https://bugzilla.suse.com/1077355"
},
{
"category": "self",
"summary": "SUSE Bug 1077406",
"url": "https://bugzilla.suse.com/1077406"
},
{
"category": "self",
"summary": "SUSE Bug 1077487",
"url": "https://bugzilla.suse.com/1077487"
},
{
"category": "self",
"summary": "SUSE Bug 1077560",
"url": "https://bugzilla.suse.com/1077560"
},
{
"category": "self",
"summary": "SUSE Bug 1077922",
"url": "https://bugzilla.suse.com/1077922"
},
{
"category": "self",
"summary": "SUSE Bug 1078875",
"url": "https://bugzilla.suse.com/1078875"
},
{
"category": "self",
"summary": "SUSE Bug 1079917",
"url": "https://bugzilla.suse.com/1079917"
},
{
"category": "self",
"summary": "SUSE Bug 1080133",
"url": "https://bugzilla.suse.com/1080133"
},
{
"category": "self",
"summary": "SUSE Bug 1080359",
"url": "https://bugzilla.suse.com/1080359"
},
{
"category": "self",
"summary": "SUSE Bug 1080363",
"url": "https://bugzilla.suse.com/1080363"
},
{
"category": "self",
"summary": "SUSE Bug 1080372",
"url": "https://bugzilla.suse.com/1080372"
},
{
"category": "self",
"summary": "SUSE Bug 1080579",
"url": "https://bugzilla.suse.com/1080579"
},
{
"category": "self",
"summary": "SUSE Bug 1080685",
"url": "https://bugzilla.suse.com/1080685"
},
{
"category": "self",
"summary": "SUSE Bug 1080774",
"url": "https://bugzilla.suse.com/1080774"
},
{
"category": "self",
"summary": "SUSE Bug 1081500",
"url": "https://bugzilla.suse.com/1081500"
},
{
"category": "self",
"summary": "SUSE Bug 936530",
"url": "https://bugzilla.suse.com/936530"
},
{
"category": "self",
"summary": "SUSE Bug 962257",
"url": "https://bugzilla.suse.com/962257"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-1142857 page",
"url": "https://www.suse.com/security/cve/CVE-2015-1142857/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-13215 page",
"url": "https://www.suse.com/security/cve/CVE-2017-13215/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-17741 page",
"url": "https://www.suse.com/security/cve/CVE-2017-17741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18017 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18079 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18079/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-5715 page",
"url": "https://www.suse.com/security/cve/CVE-2017-5715/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000004 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5332 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5333 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5333/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2018-03-29T09:58:40Z",
"generator": {
"date": "2018-03-29T09:58:40Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0841-1",
"initial_release_date": "2018-03-29T09:58:40Z",
"revision_history": [
{
"date": "2018-03-29T09:58:40Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"product": {
"name": "kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"product_id": "kernel-rt-3.0.101.rt130-69.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"product": {
"name": "kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"product_id": "kernel-rt-base-3.0.101.rt130-69.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"product": {
"name": "kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"product_id": "kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"product": {
"name": "kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"product_id": "kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"product": {
"name": "kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"product_id": "kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"product": {
"name": "kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"product_id": "kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"product": {
"name": "kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"product_id": "kernel-source-rt-3.0.101.rt130-69.21.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64",
"product": {
"name": "kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64",
"product_id": "kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:suse-linux-enterprise-rt:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-3.0.101.rt130-69.21.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64"
},
"product_reference": "kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-base-3.0.101.rt130-69.21.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64"
},
"product_reference": "kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64"
},
"product_reference": "kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64"
},
"product_reference": "kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64"
},
"product_reference": "kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64"
},
"product_reference": "kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-3.0.101.rt130-69.21.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64"
},
"product_reference": "kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
},
"product_reference": "kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-1142857",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-1142857"
}
],
"notes": [
{
"category": "general",
"text": "On multiple SR-IOV cars it is possible for VF\u0027s assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver before commit f079fa005aae08ee0e1bc32699874ff4f02e11c1, the Linux Kernel i40e/i40evf driver before e7358f54a3954df16d4f87e3cad35063f1c17de5 and the DPDK before commit 3f12b9f23b6499ff66ec8b0de941fb469297e5d0, additionally Multiple vendor NIC firmware is affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-1142857",
"url": "https://www.suse.com/security/cve/CVE-2015-1142857"
},
{
"category": "external",
"summary": "SUSE Bug 1077355 for CVE-2015-1142857",
"url": "https://bugzilla.suse.com/1077355"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2015-1142857",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1105108 for CVE-2015-1142857",
"url": "https://bugzilla.suse.com/1105108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-29T09:58:40Z",
"details": "moderate"
}
],
"title": "CVE-2015-1142857"
},
{
"cve": "CVE-2017-13215",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-13215"
}
],
"notes": [
{
"category": "general",
"text": "A elevation of privilege vulnerability in the Upstream kernel skcipher. Product: Android. Versions: Android kernel. Android ID: A-64386293. References: Upstream kernel.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-13215",
"url": "https://www.suse.com/security/cve/CVE-2017-13215"
},
{
"category": "external",
"summary": "SUSE Bug 1075908 for CVE-2017-13215",
"url": "https://bugzilla.suse.com/1075908"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-13215",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-29T09:58:40Z",
"details": "moderate"
}
],
"title": "CVE-2017-13215"
},
{
"cve": "CVE-2017-17741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-17741"
}
],
"notes": [
{
"category": "general",
"text": "The KVM implementation in the Linux kernel through 4.14.7 allows attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-17741",
"url": "https://www.suse.com/security/cve/CVE-2017-17741"
},
{
"category": "external",
"summary": "SUSE Bug 1073311 for CVE-2017-17741",
"url": "https://bugzilla.suse.com/1073311"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-17741",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-29T09:58:40Z",
"details": "important"
}
],
"title": "CVE-2017-17741"
},
{
"cve": "CVE-2017-18017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18017"
}
],
"notes": [
{
"category": "general",
"text": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18017",
"url": "https://www.suse.com/security/cve/CVE-2017-18017"
},
{
"category": "external",
"summary": "SUSE Bug 1074488 for CVE-2017-18017",
"url": "https://bugzilla.suse.com/1074488"
},
{
"category": "external",
"summary": "SUSE Bug 1080255 for CVE-2017-18017",
"url": "https://bugzilla.suse.com/1080255"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-18017",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-18017",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 971126 for CVE-2017-18017",
"url": "https://bugzilla.suse.com/971126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-29T09:58:40Z",
"details": "important"
}
],
"title": "CVE-2017-18017"
},
{
"cve": "CVE-2017-18079",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18079"
}
],
"notes": [
{
"category": "general",
"text": "drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port-\u003eexists value can change after it is validated.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18079",
"url": "https://www.suse.com/security/cve/CVE-2017-18079"
},
{
"category": "external",
"summary": "SUSE Bug 1077922 for CVE-2017-18079",
"url": "https://bugzilla.suse.com/1077922"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-18079",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-29T09:58:40Z",
"details": "low"
}
],
"title": "CVE-2017-18079"
},
{
"cve": "CVE-2017-5715",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-5715"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-5715",
"url": "https://www.suse.com/security/cve/CVE-2017-5715"
},
{
"category": "external",
"summary": "SUSE Bug 1068032 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "external",
"summary": "SUSE Bug 1074562 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074562"
},
{
"category": "external",
"summary": "SUSE Bug 1074578 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074578"
},
{
"category": "external",
"summary": "SUSE Bug 1074701 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074701"
},
{
"category": "external",
"summary": "SUSE Bug 1074741 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074741"
},
{
"category": "external",
"summary": "SUSE Bug 1074919 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1074919"
},
{
"category": "external",
"summary": "SUSE Bug 1075006 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075006"
},
{
"category": "external",
"summary": "SUSE Bug 1075007 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075007"
},
{
"category": "external",
"summary": "SUSE Bug 1075262 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075262"
},
{
"category": "external",
"summary": "SUSE Bug 1075419 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1075419"
},
{
"category": "external",
"summary": "SUSE Bug 1076115 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076115"
},
{
"category": "external",
"summary": "SUSE Bug 1076372 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076372"
},
{
"category": "external",
"summary": "SUSE Bug 1076606 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1076606"
},
{
"category": "external",
"summary": "SUSE Bug 1078353 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1078353"
},
{
"category": "external",
"summary": "SUSE Bug 1080039 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1080039"
},
{
"category": "external",
"summary": "SUSE Bug 1087887 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1087887"
},
{
"category": "external",
"summary": "SUSE Bug 1087939 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1087939"
},
{
"category": "external",
"summary": "SUSE Bug 1088147 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1088147"
},
{
"category": "external",
"summary": "SUSE Bug 1089055 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1089055"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1095735 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1095735"
},
{
"category": "external",
"summary": "SUSE Bug 1102517 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1102517"
},
{
"category": "external",
"summary": "SUSE Bug 1105108 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1105108"
},
{
"category": "external",
"summary": "SUSE Bug 1126516 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1126516"
},
{
"category": "external",
"summary": "SUSE Bug 1173489 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1173489"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201457 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1201457"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1201877"
},
{
"category": "external",
"summary": "SUSE Bug 1203236 for CVE-2017-5715",
"url": "https://bugzilla.suse.com/1203236"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-29T09:58:40Z",
"details": "important"
}
],
"title": "CVE-2017-5715"
},
{
"cve": "CVE-2018-1000004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000004",
"url": "https://www.suse.com/security/cve/CVE-2018-1000004"
},
{
"category": "external",
"summary": "SUSE Bug 1076017 for CVE-2018-1000004",
"url": "https://bugzilla.suse.com/1076017"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-1000004",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-29T09:58:40Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000004"
},
{
"cve": "CVE-2018-5332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5332",
"url": "https://www.suse.com/security/cve/CVE-2018-5332"
},
{
"category": "external",
"summary": "SUSE Bug 1075621 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1075621"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-29T09:58:40Z",
"details": "low"
}
],
"title": "CVE-2018-5332"
},
{
"cve": "CVE-2018-5333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5333",
"url": "https://www.suse.com/security/cve/CVE-2018-5333"
},
{
"category": "external",
"summary": "SUSE Bug 1075617 for CVE-2018-5333",
"url": "https://bugzilla.suse.com/1075617"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-5333",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.21.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.21.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-29T09:58:40Z",
"details": "low"
}
],
"title": "CVE-2018-5333"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…