suse-su-2018:2150-1
Vulnerability from csaf_suse
Published
2018-07-31 11:22
Modified
2018-07-31 11:22
Summary
Security update for the Linux Kernel

Notes

Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.139 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a large relative timeout because ktime_add_safe was not used (bnc#1099924) - CVE-2018-9385: Prevent overread of the 'driver_override' buffer (bsc#1100491) - CVE-2018-13405: The inode_init_owner function allowed local users to create files with an unintended group ownership allowing attackers to escalate privileges by making a plain file executable and SGID (bnc#1100416) - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could have result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1100418) - CVE-2017-5753: Systems with microprocessors utilizing speculative execution and branch prediction may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bsc#1068032) The following non-security bugs were fixed: - 1wire: family module autoload fails because of upper/lower case mismatch (bnc#1012382). - ALSA: hda - Clean up ALC299 init code (bsc#1099810). - ALSA: hda - Enable power_save_node for CX20722 (bsc#1099810). - ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines (bsc#1099810). - ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bsc#1099810). - ALSA: hda - Fix pincfg at resume on Lenovo T470 dock (bsc#1099810). - ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() (bnc#1012382). - ALSA: hda - Use acpi_dev_present() (bsc#1099810). - ALSA: hda - add a new condition to check if it is thinkpad (bsc#1099810). - ALSA: hda - silence uninitialized variable warning in activate_amp_in() (bsc#1099810). - ALSA: hda/patch_sigmatel: Add AmigaOne X1000 pinconfigs (bsc#1099810). - ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1099810). - ALSA: hda/realtek - Add headset mode support for Dell laptop (bsc#1099810). - ALSA: hda/realtek - Add support headset mode for DELL WYSE (bsc#1099810). - ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup (bsc#1099810). - ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform (bsc#1099810). - ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs (bsc#1099810). - ALSA: hda/realtek - Fix Dell headset Mic can't record (bsc#1099810). - ALSA: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1099810). - ALSA: hda/realtek - Fix the problem of two front mics on more machines (bsc#1099810). - ALSA: hda/realtek - Fixup for HP x360 laptops with B and O speakers (bsc#1099810). - ALSA: hda/realtek - Fixup mute led on HP Spectre x360 (bsc#1099810). - ALSA: hda/realtek - Make dock sound work on ThinkPad L570 (bsc#1099810). - ALSA: hda/realtek - Refactor alc269_fixup_hp_mute_led_mic*() (bsc#1099810). - ALSA: hda/realtek - Reorder ALC269 ASUS quirk entries (bsc#1099810). - ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 (bsc#1099810). - ALSA: hda/realtek - Update ALC255 depop optimize (bsc#1099810). - ALSA: hda/realtek - adjust the location of one mic (bsc#1099810). - ALSA: hda/realtek - change the location for one of two front mics (bsc#1099810). - ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1099810). - ALSA: hda/realtek - update ALC215 depop optimize (bsc#1099810). - ALSA: hda/realtek - update ALC225 depop optimize (bsc#1099810). - ALSA: hda/realtek: Fix mic and headset jack sense on Asus X705UD (bsc#1099810). - ALSA: hda/realtek: Limit mic boost on T480 (bsc#1099810). - ALSA: hda: Fix forget to free resource in error handling code path in hda_codec_driver_probe (bsc#1099810). - ALSA: hda: add dock and led support for HP EliteBook 830 G5 (bsc#1099810). - ALSA: hda: add dock and led support for HP ProBook 640 G4 (bsc#1099810). - ALSA: hda: fix some klockwork scan warnings (bsc#1099810). - ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bnc#1012382). - ASoC: cirrus: i2s: Fix LRCLK configuration (bnc#1012382). - ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bnc#1012382). - ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it (bnc#1012382). - Bluetooth: Fix connection if directed advertising and privacy is used (bnc#1012382). - Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader (bnc#1012382). - Btrfs: fix clone vs chattr NODATASUM race (bnc#1012382). - Btrfs: fix unexpected cow in run_delalloc_nocow (bnc#1012382). - Btrfs: make raid6 rebuild retry more (bnc#1012382). - Btrfs: scrub: Do not use inode pages for device replace (bnc#1012382). - Correct the arguments to verbose() (bsc#1098425) - Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc@1097140). - IB/qib: Fix DMA api warning with debug kernel (bnc#1012382). - Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bnc#1012382). - Input: elan_i2c_smbus - fix more potential stack buffer overflows (bnc#1012382). - Input: elantech - enable middle button of touchpads on ThinkPad P52 (bnc#1012382). - Input: elantech - fix V4 report decoding for module with middle key (bnc#1012382). - MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum (bnc#1012382). - MIPS: io: Add barrier after register read in inX() (bnc#1012382). - NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (bnc#1012382). - PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume (bnc#1012382). - RDMA/mlx4: Discard unknown SQP work requests (bnc#1012382). - Refresh with upstream commit:62290a5c194b since the typo fix has been merged in upstream. (bsc#1085185) - Revert 'Btrfs: fix scrub to repair raid6 corruption' (bnc#1012382). - Revert 'kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183).' This turned out to be superfluous for 4.4.x kernels. - Revert 'scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525).' This reverts commit b054499f7615e2ffa7571ac0d05c7d5c9a8c0327. - UBIFS: Fix potential integer overflow in allocation (bnc#1012382). - Update patches.fixes/nvme-expand-nvmf_check_if_ready-checks.patch (bsc#1098527). - atm: zatm: fix memcmp casting (bnc#1012382). - backlight: as3711_bl: Fix Device Tree node lookup (bnc#1012382). - backlight: max8925_bl: Fix Device Tree node lookup (bnc#1012382). - backlight: tps65217_bl: Fix Device Tree node lookup (bnc#1012382). - block: Fix transfer when chunk sectors exceeds max (bnc#1012382). - bonding: re-evaluate force_primary when the primary slave name changes (bnc#1012382). - bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425). - branch-check: fix long->int truncation when profiling branches (bnc#1012382). - cdc_ncm: avoid padding beyond end of skb (bnc#1012382). - ceph: fix dentry leak in splice_dentry() (bsc#1098236). - ceph: fix use-after-free in ceph_statfs() (bsc#1098236). - ceph: fix wrong check for the case of updating link count (bsc#1098236). - ceph: prevent i_version from going back (bsc#1098236). - ceph: support file lock on directory (bsc#1098236). - cifs: Check for timeout on Negotiate stage (bsc#1091171). - cpufreq: Fix new policy initialization during limits updates via sysfs (bnc#1012382). - cpuidle: powernv: Fix promotion from snooze if next state disabled (bnc#1012382). - dm thin: handle running out of data space vs concurrent discard (bnc#1012382). - dm: convert DM printk macros to pr_level macros (bsc#1099918). - dm: fix printk() rate limiting code (bsc#1099918). - driver core: Do not ignore class_dir_create_and_add() failure (bnc#1012382). - e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bsc#1075876). - ext4: fix fencepost error in check for inode count overflow during resize (bnc#1012382). - ext4: fix unsupported feature message formatting (bsc#1098435). - ext4: update mtime in ext4_punch_hole even if no blocks are released (bnc#1012382). - fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279). - fuse: atomic_o_trunc should truncate pagecache (bnc#1012382). - fuse: do not keep dead fuse_conn at fuse_fill_super() (bnc#1012382). - fuse: fix control dir setup and teardown (bnc#1012382). - hv_netvsc: avoid repeated updates of packet filter (bsc#1097492). - hv_netvsc: defer queue selection to VF (bsc#1097492). - hv_netvsc: enable multicast if necessary (bsc#1097492). - hv_netvsc: filter multicast/broadcast (bsc#1097492). - hv_netvsc: fix filter flags (bsc#1097492). - hv_netvsc: fix locking during VF setup (bsc#1097492). - hv_netvsc: fix locking for rx_mode (bsc#1097492). - hv_netvsc: propagate rx filters to VF (bsc#1097492). - iio:buffer: make length types match kfifo types (bnc#1012382). - iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034). - ipmi:bt: Set the timeout before doing a capabilities check (bnc#1012382). - ipvs: fix buffer overflow with sync daemon and service (bnc#1012382). - iwlmvm: tdls: Check TDLS channel switch support (bsc#1099810). - iwlwifi: fix non_shared_ant for 9000 devices (bsc#1099810). - kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183). - lib/vsprintf: Remove atomic-unsafe support for %pCr (bnc#1012382). - libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bnc#1012382). - libata: zpodd: make arrays cdb static, reduces object code size (bnc#1012382). - libata: zpodd: small read overflow in eject_tray() (bnc#1012382). - linvdimm, pmem: Preserve read-only setting for pmem devices (bnc#1012382). - m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() (bnc#1012382). - mac80211: Fix condition validating WMM IE (bsc#1099810,bsc#1099732). - media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bnc#1012382). - media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (bnc#1012382). - media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918). - media: v4l2-compat-ioctl32: prevent go past max size (bnc#1012382). - mfd: intel-lpss: Program REMAP register in PIO mode (bnc#1012382). - mips: ftrace: fix static function graph tracing (bnc#1012382). - mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bnc#1012382). - mtd: cfi_cmdset_0002: Change write buffer to check correct value (bnc#1012382). - mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bnc#1012382). - mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bnc#1012382). - mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bnc#1012382). - mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS (bsc#1099918). - mtd: partitions: add helper for deleting partition (bsc#1099918). - mtd: partitions: remove sysfs files when deleting all master's partitions (bsc#1099918). - net/sonic: Use dma_mapping_error() (bnc#1012382). - net: qmi_wwan: Add Netgear Aircard 779S (bnc#1012382). - netfilter: ebtables: handle string from userspace with care (bnc#1012382). - nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (bnc#1012382). - nvme-fabrics: allow duplicate connections to the discovery controller (bsc#1098527). - nvme-fabrics: allow internal passthrough command on deleting controllers (bsc#1098527). - nvme-fabrics: centralize discovery controller defaults (bsc#1098527). - nvme-fabrics: fix and refine state checks in __nvmf_check_ready (bsc#1098527). - nvme-fabrics: refactor queue ready check (bsc#1098527). - nvme-fc: change controllers first connect to use reconnect path (bsc#1098527). - nvme-fc: fix nulling of queue data on reconnect (bsc#1098527). - nvme-fc: remove reinit_request routine (bsc#1098527). - nvme-fc: remove setting DNR on exception conditions (bsc#1098527). - nvme: allow duplicate controller if prior controller being deleted (bsc#1098527). - nvme: move init of keep_alive work item to controller initialization (bsc#1098527). - nvme: reimplement nvmf_check_if_ready() to avoid kabi breakage (bsc#1098527). - nvmet-fc: increase LS buffer count per fc port (bsc#1098527). - nvmet: switch loopback target state to connecting when resetting (bsc#1098527). - of: unittest: for strings, account for trailing \0 in property length field (bnc#1012382). - ovl: fix random return value on mount (bsc#1099993). - ovl: fix uid/gid when creating over whiteout (bsc#1099993). - ovl: override creds with the ones from the superblock mounter (bsc#1099993). - perf intel-pt: Fix 'Unexpected indirect branch' error (bnc#1012382). - perf intel-pt: Fix MTC timing after overflow (bnc#1012382). - perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP (bnc#1012382). - perf intel-pt: Fix packet decoding of CYC packets (bnc#1012382). - perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING (bnc#1012382). - perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 (bnc#1012382). - platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad (bsc#1099810). - powerpc/64s: Exception macro for stack frame and initial register save (bsc#1094244). - powerpc/64s: Fix mce accounting for powernv (bsc#1094244). - powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382). - powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382). - powerpc/ptrace: Fix enforcement of DAWR constraints (bnc#1012382). - powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG (bnc#1012382). - powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244). - procfs: add tunable for fd/fdinfo dentry retention (bsc#10866542). - qla2xxx: Fix NULL pointer derefrence for fcport search (bsc#1085657). - qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1085657). - qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1085657). - regulator: Do not return or expect -errno from of_map_mode() (bsc#1099042). - rmdir(),rename(): do shrink_dcache_parent() only on success (bsc#1100340). - s390/dasd: configurable IFCC handling (bsc#1097808). - sbitmap: check for valid bitmap in sbitmap_for_each (bsc#1090435). - sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089). - scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961). - scsi: ipr: new IOASC update (bsc#1097961). - scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (bsc#1092207). - scsi: lpfc: Driver NVME load fails when CPU cnt > WQ resource cnt (bsc#1092207). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525). - scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1095453). - scsi: lpfc: Fix MDS diagnostics failure (Rx lower than Tx) (bsc#1095453). - scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (bsc#1095453). - scsi: lpfc: Fix port initialization failure (bsc#1095453). - scsi: lpfc: Fix up log messages and stats counters in IO submit code path (bsc#1092207). - scsi: lpfc: Handle new link fault code returned by adapter firmware (bsc#1092207). - scsi: lpfc: correct oversubscription of nvme io requests for an adapter (bsc#1095453). - scsi: lpfc: update driver version to 11.4.0.7-3 (bsc#1092207). - scsi: lpfc: update driver version to 11.4.0.7-4 (bsc#1095453). - scsi: qedi: Fix truncation of CHAP name and secret (bsc#1097931) - scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bnc#1012382). - scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1097501) - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bnc#1099713, LTC#168765). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (LTC#168765 bnc#1012382 bnc#1099713). - scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bnc#1099713, LTC#168765). - serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version (bnc#1012382). - signal/xtensa: Consistenly use SIGBUS in do_unaligned_user (bnc#1012382). - sort and rename various hyperv patches - spi: Fix scatterlist elements size in spi_map_buf (bnc#1012382). - tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() (bnc#1012382). - tcp: verify the checksum of the first data segment in a new connection (bnc#1012382). - thinkpad_acpi: Add support for HKEY version 0x200 (bsc#1099810). - time: Make sure jiffies_to_msecs() preserves non-zero time periods (bnc#1012382). - ubi: fastmap: Cancel work upon detach (bnc#1012382). - udf: Detect incorrect directory size (bnc#1012382). - usb: do not reset if a low-speed or full-speed device timed out (bnc#1012382). - usb: musb: fix remote wakeup racing with suspend (bnc#1012382). - video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bsc#1090888 bsc#1099966). - video: uvesafb: Fix integer overflow in allocation (bnc#1012382). - w1: mxc_w1: Enable clock before calling clk_get_rate() on it (bnc#1012382). - x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask (bsc#1094643). - x86/mce: Improve error message when kernel cannot recover (git-fixes b2f9d678e28c). - x86/pti: do not report XenPV as vulnerable (bsc#1097551). - xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1012382). - xfrm6: avoid potential infinite loop in _decode_session6() (bnc#1012382). - xfrm: Ignore socket policies when rebuilding hash tables (bnc#1012382). - xfrm: skip policies marked as dead while rehashing (bnc#1012382).
Patchnames
SUSE-SLE-RT-12-SP3-2018-1460
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).



{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "\nThe SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.139 to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-13053: The alarm_timer_nsleep function had an integer overflow via a\n  large relative timeout because ktime_add_safe was not used (bnc#1099924)\n- CVE-2018-9385: Prevent overread of the \u0027driver_override\u0027 buffer (bsc#1100491)\n- CVE-2018-13405: The inode_init_owner function allowed local users to create\n  files with an unintended group ownership allowing attackers to escalate\n  privileges by making a plain file executable and SGID (bnc#1100416)\n- CVE-2018-13406: An integer overflow in the uvesafb_setcmap function could\n  have result in local attackers being able to crash the kernel or potentially\n  elevate privileges because kmalloc_array is not used (bnc#1100418)\n- CVE-2017-5753: Systems with microprocessors utilizing speculative execution\n  and branch prediction may have allowed unauthorized disclosure of information\n  to an attacker with local user access via a side-channel analysis (bsc#1068032)\n\nThe following non-security bugs were fixed:\n\n- 1wire: family module autoload fails because of upper/lower case mismatch (bnc#1012382).\n- ALSA: hda - Clean up ALC299 init code (bsc#1099810).\n- ALSA: hda - Enable power_save_node for CX20722 (bsc#1099810).\n- ALSA: hda - Fix a wrong FIXUP for alc289 on Dell machines (bsc#1099810).\n- ALSA: hda - Fix incorrect usage of IS_REACHABLE() (bsc#1099810).\n- ALSA: hda - Fix pincfg at resume on Lenovo T470 dock (bsc#1099810).\n- ALSA: hda - Handle kzalloc() failure in snd_hda_attach_pcm_stream() (bnc#1012382).\n- ALSA: hda - Use acpi_dev_present() (bsc#1099810).\n- ALSA: hda - add a new condition to check if it is thinkpad (bsc#1099810).\n- ALSA: hda - silence uninitialized variable warning in activate_amp_in() (bsc#1099810).\n- ALSA: hda/patch_sigmatel: Add AmigaOne X1000 pinconfigs (bsc#1099810).\n- ALSA: hda/realtek - Add a quirk for FSC ESPRIMO U9210 (bsc#1099810).\n- ALSA: hda/realtek - Add headset mode support for Dell laptop (bsc#1099810).\n- ALSA: hda/realtek - Add support headset mode for DELL WYSE (bsc#1099810).\n- ALSA: hda/realtek - Clevo P950ER ALC1220 Fixup (bsc#1099810).\n- ALSA: hda/realtek - Enable Thinkpad Dock device for ALC298 platform (bsc#1099810).\n- ALSA: hda/realtek - Enable mic-mute hotkey for several Lenovo AIOs (bsc#1099810).\n- ALSA: hda/realtek - Fix Dell headset Mic can\u0027t record (bsc#1099810).\n- ALSA: hda/realtek - Fix pop noise on Lenovo P50 and co (bsc#1099810).\n- ALSA: hda/realtek - Fix the problem of two front mics on more machines (bsc#1099810).\n- ALSA: hda/realtek - Fixup for HP x360 laptops with B and O speakers (bsc#1099810).\n- ALSA: hda/realtek - Fixup mute led on HP Spectre x360 (bsc#1099810).\n- ALSA: hda/realtek - Make dock sound work on ThinkPad L570 (bsc#1099810).\n- ALSA: hda/realtek - Refactor alc269_fixup_hp_mute_led_mic*() (bsc#1099810).\n- ALSA: hda/realtek - Reorder ALC269 ASUS quirk entries (bsc#1099810).\n- ALSA: hda/realtek - Support headset mode for ALC215/ALC285/ALC289 (bsc#1099810).\n- ALSA: hda/realtek - Update ALC255 depop optimize (bsc#1099810).\n- ALSA: hda/realtek - adjust the location of one mic (bsc#1099810).\n- ALSA: hda/realtek - change the location for one of two front mics (bsc#1099810).\n- ALSA: hda/realtek - set PINCFG_HEADSET_MIC to parse_flags (bsc#1099810).\n- ALSA: hda/realtek - update ALC215 depop optimize (bsc#1099810).\n- ALSA: hda/realtek - update ALC225 depop optimize (bsc#1099810).\n- ALSA: hda/realtek: Fix mic and headset jack sense on Asus X705UD (bsc#1099810).\n- ALSA: hda/realtek: Limit mic boost on T480 (bsc#1099810).\n- ALSA: hda: Fix forget to free resource in error handling code path in hda_codec_driver_probe (bsc#1099810).\n- ALSA: hda: add dock and led support for HP EliteBook 830 G5 (bsc#1099810).\n- ALSA: hda: add dock and led support for HP ProBook 640 G4 (bsc#1099810).\n- ALSA: hda: fix some klockwork scan warnings (bsc#1099810).\n- ARM: 8764/1: kgdb: fix NUMREGBYTES so that gdb_regs[] is the correct size (bnc#1012382).\n- ASoC: cirrus: i2s: Fix LRCLK configuration (bnc#1012382).\n- ASoC: cirrus: i2s: Fix {TX|RX}LinCtrlData setup (bnc#1012382).\n- ASoC: dapm: delete dapm_kcontrol_data paths list before freeing it (bnc#1012382).\n- Bluetooth: Fix connection if directed advertising and privacy is used (bnc#1012382).\n- Bluetooth: hci_qca: Avoid missing rampatch failure with userspace fw loader (bnc#1012382).\n- Btrfs: fix clone vs chattr NODATASUM race (bnc#1012382).\n- Btrfs: fix unexpected cow in run_delalloc_nocow (bnc#1012382).\n- Btrfs: make raid6 rebuild retry more (bnc#1012382).\n- Btrfs: scrub: Do not use inode pages for device replace (bnc#1012382).\n- Correct the arguments to verbose() (bsc#1098425)\n- Hang/soft lockup in d_invalidate with simultaneous calls (bsc#1094248, bsc@1097140).\n- IB/qib: Fix DMA api warning with debug kernel (bnc#1012382).\n- Input: elan_i2c - add ELAN0618 (Lenovo v330 15IKB) ACPI ID (bnc#1012382).\n- Input: elan_i2c_smbus - fix more potential stack buffer overflows (bnc#1012382).\n- Input: elantech - enable middle button of touchpads on ThinkPad P52 (bnc#1012382).\n- Input: elantech - fix V4 report decoding for module with middle key (bnc#1012382).\n- MIPS: BCM47XX: Enable 74K Core ExternalSync for PCIe erratum (bnc#1012382).\n- MIPS: io: Add barrier after register read in inX() (bnc#1012382).\n- NFSv4: Fix possible 1-byte stack overflow in nfs_idmap_read_and_verify_message (bnc#1012382).\n- PCI: pciehp: Clear Presence Detect and Data Link Layer Status Changed on resume (bnc#1012382).\n- RDMA/mlx4: Discard unknown SQP work requests (bnc#1012382).\n- Refresh with upstream commit:62290a5c194b since the typo fix has been merged in upstream. (bsc#1085185)\n- Revert \u0027Btrfs: fix scrub to repair raid6 corruption\u0027 (bnc#1012382).\n- Revert \u0027kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183).\u0027 This turned out to be superfluous for 4.4.x kernels.\n- Revert \u0027scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525).\u0027 This reverts commit b054499f7615e2ffa7571ac0d05c7d5c9a8c0327.\n- UBIFS: Fix potential integer overflow in allocation (bnc#1012382).\n- Update patches.fixes/nvme-expand-nvmf_check_if_ready-checks.patch (bsc#1098527).\n- atm: zatm: fix memcmp casting (bnc#1012382).\n- backlight: as3711_bl: Fix Device Tree node lookup (bnc#1012382).\n- backlight: max8925_bl: Fix Device Tree node lookup (bnc#1012382).\n- backlight: tps65217_bl: Fix Device Tree node lookup (bnc#1012382).\n- block: Fix transfer when chunk sectors exceeds max (bnc#1012382).\n- bonding: re-evaluate force_primary when the primary slave name changes (bnc#1012382).\n- bpf: properly enforce index mask to prevent out-of-bounds speculation (bsc#1098425).\n- branch-check: fix long-\u003eint truncation when profiling branches (bnc#1012382).\n- cdc_ncm: avoid padding beyond end of skb (bnc#1012382).\n- ceph: fix dentry leak in splice_dentry() (bsc#1098236).\n- ceph: fix use-after-free in ceph_statfs() (bsc#1098236).\n- ceph: fix wrong check for the case of updating link count (bsc#1098236).\n- ceph: prevent i_version from going back (bsc#1098236).\n- ceph: support file lock on directory (bsc#1098236).\n- cifs: Check for timeout on Negotiate stage (bsc#1091171).\n- cpufreq: Fix new policy initialization during limits updates via sysfs (bnc#1012382).\n- cpuidle: powernv: Fix promotion from snooze if next state disabled (bnc#1012382).\n- dm thin: handle running out of data space vs concurrent discard (bnc#1012382).\n- dm: convert DM printk macros to pr_level macros (bsc#1099918).\n- dm: fix printk() rate limiting code (bsc#1099918).\n- driver core: Do not ignore class_dir_create_and_add() failure (bnc#1012382).\n- e1000e: Ignore TSYNCRXCTL when getting I219 clock attributes (bsc#1075876).\n- ext4: fix fencepost error in check for inode count overflow during resize (bnc#1012382).\n- ext4: fix unsupported feature message formatting (bsc#1098435).\n- ext4: update mtime in ext4_punch_hole even if no blocks are released (bnc#1012382).\n- fs/binfmt_misc.c: do not allow offset overflow (bsc#1099279).\n- fuse: atomic_o_trunc should truncate pagecache (bnc#1012382).\n- fuse: do not keep dead fuse_conn at fuse_fill_super() (bnc#1012382).\n- fuse: fix control dir setup and teardown (bnc#1012382).\n- hv_netvsc: avoid repeated updates of packet filter (bsc#1097492).\n- hv_netvsc: defer queue selection to VF (bsc#1097492).\n- hv_netvsc: enable multicast if necessary (bsc#1097492).\n- hv_netvsc: filter multicast/broadcast (bsc#1097492).\n- hv_netvsc: fix filter flags (bsc#1097492).\n- hv_netvsc: fix locking during VF setup (bsc#1097492).\n- hv_netvsc: fix locking for rx_mode (bsc#1097492).\n- hv_netvsc: propagate rx filters to VF (bsc#1097492).\n- iio:buffer: make length types match kfifo types (bnc#1012382).\n- iommu/vt-d: Fix race condition in add_unmap() (bsc#1096790, bsc#1097034).\n- ipmi:bt: Set the timeout before doing a capabilities check (bnc#1012382).\n- ipvs: fix buffer overflow with sync daemon and service (bnc#1012382).\n- iwlmvm: tdls: Check TDLS channel switch support (bsc#1099810).\n- iwlwifi: fix non_shared_ant for 9000 devices (bsc#1099810).\n- kvm: nVMX: Enforce cpl=0 for VMX instructions (bsc#1099183).\n- lib/vsprintf: Remove atomic-unsafe support for %pCr (bnc#1012382).\n- libata: Drop SanDisk SD7UB3Q*G1001 NOLPM quirk (bnc#1012382).\n- libata: zpodd: make arrays cdb static, reduces object code size (bnc#1012382).\n- libata: zpodd: small read overflow in eject_tray() (bnc#1012382).\n- linvdimm, pmem: Preserve read-only setting for pmem devices (bnc#1012382).\n- m68k/mm: Adjust VM area to be unmapped by gap size for __iounmap() (bnc#1012382).\n- mac80211: Fix condition validating WMM IE (bsc#1099810,bsc#1099732).\n- media: cx231xx: Add support for AverMedia DVD EZMaker 7 (bnc#1012382).\n- media: dvb_frontend: fix locking issues at dvb_frontend_get_event() (bnc#1012382).\n- media: smiapp: fix timeout checking in smiapp_read_nvm (bsc#1099918).\n- media: v4l2-compat-ioctl32: prevent go past max size (bnc#1012382).\n- mfd: intel-lpss: Program REMAP register in PIO mode (bnc#1012382).\n- mips: ftrace: fix static function graph tracing (bnc#1012382).\n- mtd: cfi_cmdset_0002: Avoid walking all chips when unlocking (bnc#1012382).\n- mtd: cfi_cmdset_0002: Change write buffer to check correct value (bnc#1012382).\n- mtd: cfi_cmdset_0002: Fix unlocking requests crossing a chip boudary (bnc#1012382).\n- mtd: cfi_cmdset_0002: Use right chip in do_ppb_xxlock() (bnc#1012382).\n- mtd: cfi_cmdset_0002: fix SEGV unlocking multiple chips (bnc#1012382).\n- mtd: cmdlinepart: Update comment for introduction of OFFSET_CONTINUOUS (bsc#1099918).\n- mtd: partitions: add helper for deleting partition (bsc#1099918).\n- mtd: partitions: remove sysfs files when deleting all master\u0027s partitions (bsc#1099918).\n- net/sonic: Use dma_mapping_error() (bnc#1012382).\n- net: qmi_wwan: Add Netgear Aircard 779S (bnc#1012382).\n- netfilter: ebtables: handle string from userspace with care (bnc#1012382).\n- nfsd: restrict rd_maxcount to svc_max_payload in nfsd_encode_readdir (bnc#1012382).\n- nvme-fabrics: allow duplicate connections to the discovery controller (bsc#1098527).\n- nvme-fabrics: allow internal passthrough command on deleting controllers (bsc#1098527).\n- nvme-fabrics: centralize discovery controller defaults (bsc#1098527).\n- nvme-fabrics: fix and refine state checks in __nvmf_check_ready (bsc#1098527).\n- nvme-fabrics: refactor queue ready check (bsc#1098527).\n- nvme-fc: change controllers first connect to use reconnect path (bsc#1098527).\n- nvme-fc: fix nulling of queue data on reconnect (bsc#1098527).\n- nvme-fc: remove reinit_request routine (bsc#1098527).\n- nvme-fc: remove setting DNR on exception conditions (bsc#1098527).\n- nvme: allow duplicate controller if prior controller being deleted (bsc#1098527).\n- nvme: move init of keep_alive work item to controller initialization (bsc#1098527).\n- nvme: reimplement nvmf_check_if_ready() to avoid kabi breakage (bsc#1098527).\n- nvmet-fc: increase LS buffer count per fc port (bsc#1098527).\n- nvmet: switch loopback target state to connecting when resetting (bsc#1098527).\n- of: unittest: for strings, account for trailing \\0 in property length field (bnc#1012382).\n- ovl: fix random return value on mount (bsc#1099993).\n- ovl: fix uid/gid when creating over whiteout (bsc#1099993).\n- ovl: override creds with the ones from the superblock mounter (bsc#1099993).\n- perf intel-pt: Fix \u0027Unexpected indirect branch\u0027 error (bnc#1012382).\n- perf intel-pt: Fix MTC timing after overflow (bnc#1012382).\n- perf intel-pt: Fix decoding to accept CBR between FUP and corresponding TIP (bnc#1012382).\n- perf intel-pt: Fix packet decoding of CYC packets (bnc#1012382).\n- perf intel-pt: Fix sync_switch INTEL_PT_SS_NOT_TRACING (bnc#1012382).\n- perf tools: Fix symbol and object code resolution for vdso32 and vdsox32 (bnc#1012382).\n- platform/x86: thinkpad_acpi: Adding new hotkey ID for Lenovo thinkpad (bsc#1099810).\n- powerpc/64s: Exception macro for stack frame and initial register save (bsc#1094244).\n- powerpc/64s: Fix mce accounting for powernv (bsc#1094244).\n- powerpc/fadump: Unregister fadump on kexec down path (bnc#1012382).\n- powerpc/mm/hash: Add missing isync prior to kernel stack SLB switch (bnc#1012382).\n- powerpc/ptrace: Fix enforcement of DAWR constraints (bnc#1012382).\n- powerpc/ptrace: Fix setting 512B aligned breakpoints with PTRACE_SET_DEBUGREG (bnc#1012382).\n- powerpc: Machine check interrupt is a non-maskable interrupt (bsc#1094244).\n- procfs: add tunable for fd/fdinfo dentry retention (bsc#10866542).\n- qla2xxx: Fix NULL pointer derefrence for fcport search (bsc#1085657).\n- qla2xxx: Fix inconsistent DMA mem alloc/free (bsc#1085657).\n- qla2xxx: Fix kernel crash due to late workqueue allocation (bsc#1085657).\n- regulator: Do not return or expect -errno from of_map_mode() (bsc#1099042).\n- rmdir(),rename(): do shrink_dcache_parent() only on success (bsc#1100340).\n- s390/dasd: configurable IFCC handling (bsc#1097808).\n- sbitmap: check for valid bitmap in sbitmap_for_each (bsc#1090435).\n- sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089).\n- scsi: ipr: Format HCAM overlay ID 0x41 (bsc#1097961).\n- scsi: ipr: new IOASC update (bsc#1097961).\n- scsi: lpfc: Change IO submit return to EBUSY if remote port is recovering (bsc#1092207).\n- scsi: lpfc: Driver NVME load fails when CPU cnt \u003e WQ resource cnt (bsc#1092207).\n- scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1089525).\n- scsi: lpfc: Fix 16gb hbas failing cq create (bsc#1095453).\n- scsi: lpfc: Fix MDS diagnostics failure (Rx lower than Tx) (bsc#1095453).\n- scsi: lpfc: Fix crash in blk_mq layer when executing modprobe -r lpfc (bsc#1095453).\n- scsi: lpfc: Fix port initialization failure (bsc#1095453).\n- scsi: lpfc: Fix up log messages and stats counters in IO submit code path (bsc#1092207).\n- scsi: lpfc: Handle new link fault code returned by adapter firmware (bsc#1092207).\n- scsi: lpfc: correct oversubscription of nvme io requests for an adapter (bsc#1095453).\n- scsi: lpfc: update driver version to 11.4.0.7-3 (bsc#1092207).\n- scsi: lpfc: update driver version to 11.4.0.7-4 (bsc#1095453).\n- scsi: qedi: Fix truncation of CHAP name and secret (bsc#1097931)\n- scsi: qla2xxx: Fix setting lower transfer speed if GPSC fails (bnc#1012382).\n- scsi: qla2xxx: Spinlock recursion in qla_target (bsc#1097501)\n- scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (LTC#168765 bnc#1012382 bnc#1099713).\n- scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bnc#1099713, LTC#168765).\n- scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713).\n- scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bnc#1099713, LTC#168765).\n- scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (LTC#168765 bnc#1012382 bnc#1099713).\n- scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bnc#1099713, LTC#168765).\n- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (LTC#168765 bnc#1012382 bnc#1099713).\n- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bnc#1099713, LTC#168765).\n- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (LTC#168765 bnc#1012382 bnc#1099713).\n- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bnc#1099713, LTC#168765).\n- scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (LTC#168765 bnc#1012382 bnc#1099713).\n- scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bnc#1099713, LTC#168765).\n- scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (LTC#168765 bnc#1012382 bnc#1099713).\n- scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bnc#1099713, LTC#168765).\n- serial: sh-sci: Use spin_{try}lock_irqsave instead of open coding version (bnc#1012382).\n- signal/xtensa: Consistenly use SIGBUS in do_unaligned_user (bnc#1012382).\n- sort and rename various hyperv patches\n- spi: Fix scatterlist elements size in spi_map_buf (bnc#1012382).\n- tcp: do not overshoot window_clamp in tcp_rcv_space_adjust() (bnc#1012382).\n- tcp: verify the checksum of the first data segment in a new connection (bnc#1012382).\n- thinkpad_acpi: Add support for HKEY version 0x200 (bsc#1099810).\n- time: Make sure jiffies_to_msecs() preserves non-zero time periods (bnc#1012382).\n- ubi: fastmap: Cancel work upon detach (bnc#1012382).\n- udf: Detect incorrect directory size (bnc#1012382).\n- usb: do not reset if a low-speed or full-speed device timed out (bnc#1012382).\n- usb: musb: fix remote wakeup racing with suspend (bnc#1012382).\n- video/fbdev/stifb: Return -ENOMEM after a failed kzalloc() in stifb_init_fb() (bsc#1090888 bsc#1099966).\n- video: uvesafb: Fix integer overflow in allocation (bnc#1012382).\n- w1: mxc_w1: Enable clock before calling clk_get_rate() on it (bnc#1012382).\n- x86/cpu/amd: Derive L3 shared_cpu_map from cpu_llc_shared_mask (bsc#1094643).\n- x86/mce: Improve error message when kernel cannot recover (git-fixes b2f9d678e28c).\n- x86/pti: do not report XenPV as vulnerable (bsc#1097551).\n- xen: Remove unnecessary BUG_ON from __unbind_from_irq() (bnc#1012382).\n- xfrm6: avoid potential infinite loop in _decode_session6() (bnc#1012382).\n- xfrm: Ignore socket policies when rebuilding hash tables (bnc#1012382).\n- xfrm: skip policies marked as dead while rehashing (bnc#1012382).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-RT-12-SP3-2018-1460",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2150-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2150-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182150-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2150-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-July/004362.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1012382",
        "url": "https://bugzilla.suse.com/1012382"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1068032",
        "url": "https://bugzilla.suse.com/1068032"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1074562",
        "url": "https://bugzilla.suse.com/1074562"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1074578",
        "url": "https://bugzilla.suse.com/1074578"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1074701",
        "url": "https://bugzilla.suse.com/1074701"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1075006",
        "url": "https://bugzilla.suse.com/1075006"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1075419",
        "url": "https://bugzilla.suse.com/1075419"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1075748",
        "url": "https://bugzilla.suse.com/1075748"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1075876",
        "url": "https://bugzilla.suse.com/1075876"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1080039",
        "url": "https://bugzilla.suse.com/1080039"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1085185",
        "url": "https://bugzilla.suse.com/1085185"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1085657",
        "url": "https://bugzilla.suse.com/1085657"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1087084",
        "url": "https://bugzilla.suse.com/1087084"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1087939",
        "url": "https://bugzilla.suse.com/1087939"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1089525",
        "url": "https://bugzilla.suse.com/1089525"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1090435",
        "url": "https://bugzilla.suse.com/1090435"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1090888",
        "url": "https://bugzilla.suse.com/1090888"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1091171",
        "url": "https://bugzilla.suse.com/1091171"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1092207",
        "url": "https://bugzilla.suse.com/1092207"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1094244",
        "url": "https://bugzilla.suse.com/1094244"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1094248",
        "url": "https://bugzilla.suse.com/1094248"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1094643",
        "url": "https://bugzilla.suse.com/1094643"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1095453",
        "url": "https://bugzilla.suse.com/1095453"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1096790",
        "url": "https://bugzilla.suse.com/1096790"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097034",
        "url": "https://bugzilla.suse.com/1097034"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097140",
        "url": "https://bugzilla.suse.com/1097140"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097492",
        "url": "https://bugzilla.suse.com/1097492"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097501",
        "url": "https://bugzilla.suse.com/1097501"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097551",
        "url": "https://bugzilla.suse.com/1097551"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097808",
        "url": "https://bugzilla.suse.com/1097808"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097931",
        "url": "https://bugzilla.suse.com/1097931"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1097961",
        "url": "https://bugzilla.suse.com/1097961"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1098016",
        "url": "https://bugzilla.suse.com/1098016"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1098236",
        "url": "https://bugzilla.suse.com/1098236"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1098425",
        "url": "https://bugzilla.suse.com/1098425"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1098435",
        "url": "https://bugzilla.suse.com/1098435"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1098527",
        "url": "https://bugzilla.suse.com/1098527"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099042",
        "url": "https://bugzilla.suse.com/1099042"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099183",
        "url": "https://bugzilla.suse.com/1099183"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099279",
        "url": "https://bugzilla.suse.com/1099279"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099713",
        "url": "https://bugzilla.suse.com/1099713"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099732",
        "url": "https://bugzilla.suse.com/1099732"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099810",
        "url": "https://bugzilla.suse.com/1099810"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099918",
        "url": "https://bugzilla.suse.com/1099918"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099924",
        "url": "https://bugzilla.suse.com/1099924"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099966",
        "url": "https://bugzilla.suse.com/1099966"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1099993",
        "url": "https://bugzilla.suse.com/1099993"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1100089",
        "url": "https://bugzilla.suse.com/1100089"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1100340",
        "url": "https://bugzilla.suse.com/1100340"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1100416",
        "url": "https://bugzilla.suse.com/1100416"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1100418",
        "url": "https://bugzilla.suse.com/1100418"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1100491",
        "url": "https://bugzilla.suse.com/1100491"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-5753 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-5753/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-13053 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-13053/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-13405 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-13405/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-13406 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-13406/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-9385 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-9385/"
      }
    ],
    "title": "Security update for the Linux Kernel",
    "tracking": {
      "current_release_date": "2018-07-31T11:22:16Z",
      "generator": {
        "date": "2018-07-31T11:22:16Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2150-1",
      "initial_release_date": "2018-07-31T11:22:16Z",
      "revision_history": [
        {
          "date": "2018-07-31T11:22:16Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-devel-rt-4.4.139-3.17.1.noarch",
                "product": {
                  "name": "kernel-devel-rt-4.4.139-3.17.1.noarch",
                  "product_id": "kernel-devel-rt-4.4.139-3.17.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-source-rt-4.4.139-3.17.1.noarch",
                "product": {
                  "name": "kernel-source-rt-4.4.139-3.17.1.noarch",
                  "product_id": "kernel-source-rt-4.4.139-3.17.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
                "product": {
                  "name": "cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
                  "product_id": "cluster-md-kmp-rt-4.4.139-3.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "dlm-kmp-rt-4.4.139-3.17.1.x86_64",
                "product": {
                  "name": "dlm-kmp-rt-4.4.139-3.17.1.x86_64",
                  "product_id": "dlm-kmp-rt-4.4.139-3.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
                "product": {
                  "name": "gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
                  "product_id": "gfs2-kmp-rt-4.4.139-3.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-4.4.139-3.17.1.x86_64",
                "product": {
                  "name": "kernel-rt-4.4.139-3.17.1.x86_64",
                  "product_id": "kernel-rt-4.4.139-3.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-base-4.4.139-3.17.1.x86_64",
                "product": {
                  "name": "kernel-rt-base-4.4.139-3.17.1.x86_64",
                  "product_id": "kernel-rt-base-4.4.139-3.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt-devel-4.4.139-3.17.1.x86_64",
                "product": {
                  "name": "kernel-rt-devel-4.4.139-3.17.1.x86_64",
                  "product_id": "kernel-rt-devel-4.4.139-3.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
                "product": {
                  "name": "kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
                  "product_id": "kernel-rt_debug-devel-4.4.139-3.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-syms-rt-4.4.139-3.17.1.x86_64",
                "product": {
                  "name": "kernel-syms-rt-4.4.139-3.17.1.x86_64",
                  "product_id": "kernel-syms-rt-4.4.139-3.17.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "ocfs2-kmp-rt-4.4.139-3.17.1.x86_64",
                "product": {
                  "name": "ocfs2-kmp-rt-4.4.139-3.17.1.x86_64",
                  "product_id": "ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Real Time 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Real Time 12 SP3",
                  "product_id": "SUSE Linux Enterprise Real Time 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse-linux-enterprise-rt:12:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cluster-md-kmp-rt-4.4.139-3.17.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64"
        },
        "product_reference": "cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "dlm-kmp-rt-4.4.139-3.17.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64"
        },
        "product_reference": "dlm-kmp-rt-4.4.139-3.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "gfs2-kmp-rt-4.4.139-3.17.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64"
        },
        "product_reference": "gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-devel-rt-4.4.139-3.17.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch"
        },
        "product_reference": "kernel-devel-rt-4.4.139-3.17.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-4.4.139-3.17.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64"
        },
        "product_reference": "kernel-rt-4.4.139-3.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-base-4.4.139-3.17.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64"
        },
        "product_reference": "kernel-rt-base-4.4.139-3.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt-devel-4.4.139-3.17.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64"
        },
        "product_reference": "kernel-rt-devel-4.4.139-3.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-rt_debug-devel-4.4.139-3.17.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64"
        },
        "product_reference": "kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-source-rt-4.4.139-3.17.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch"
        },
        "product_reference": "kernel-source-rt-4.4.139-3.17.1.noarch",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-syms-rt-4.4.139-3.17.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64"
        },
        "product_reference": "kernel-syms-rt-4.4.139-3.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "ocfs2-kmp-rt-4.4.139-3.17.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
          "product_id": "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
        },
        "product_reference": "ocfs2-kmp-rt-4.4.139-3.17.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-5753",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-5753"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-5753",
          "url": "https://www.suse.com/security/cve/CVE-2017-5753"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1068032 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1068032"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074562 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1074562"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074578 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1074578"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1074701 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1074701"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075006 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1075006"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075419 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1075419"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1075748 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1075748"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1080039 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1080039"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087084 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1087084"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087939 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1087939"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1089055 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1089055"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1136865 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1136865"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1178658"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1201877 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1201877"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209547 for CVE-2017-5753",
          "url": "https://bugzilla.suse.com/1209547"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-07-31T11:22:16Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-5753"
    },
    {
      "cve": "CVE-2018-13053",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-13053"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-13053",
          "url": "https://www.suse.com/security/cve/CVE-2018-13053"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1099924 for CVE-2018-13053",
          "url": "https://bugzilla.suse.com/1099924"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2018-13053",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-07-31T11:22:16Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-13053"
    },
    {
      "cve": "CVE-2018-13405",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-13405"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-13405",
          "url": "https://www.suse.com/security/cve/CVE-2018-13405"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2018-13405",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100416 for CVE-2018-13405",
          "url": "https://bugzilla.suse.com/1100416"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1129735 for CVE-2018-13405",
          "url": "https://bugzilla.suse.com/1129735"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1195161 for CVE-2018-13405",
          "url": "https://bugzilla.suse.com/1195161"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1198702 for CVE-2018-13405",
          "url": "https://bugzilla.suse.com/1198702"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-07-31T11:22:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-13405"
    },
    {
      "cve": "CVE-2018-13406",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-13406"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-13406",
          "url": "https://www.suse.com/security/cve/CVE-2018-13406"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1098016 for CVE-2018-13406",
          "url": "https://bugzilla.suse.com/1098016"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100418 for CVE-2018-13406",
          "url": "https://bugzilla.suse.com/1100418"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2018-13406",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-07-31T11:22:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-13406"
    },
    {
      "cve": "CVE-2018-9385",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-9385"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74128061 References: Upstream kernel.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
          "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
          "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-9385",
          "url": "https://www.suse.com/security/cve/CVE-2018-9385"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1100491 for CVE-2018-9385",
          "url": "https://bugzilla.suse.com/1100491"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.139-3.17.1.noarch",
            "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.139-3.17.1.x86_64",
            "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.139-3.17.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-07-31T11:22:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-9385"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.


Loading…

Loading…