suse-su-2018:2637-1
Vulnerability from csaf_suse
Published
2018-09-06 13:01
Modified
2018-09-06 13:01
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942).
- CVE-2017-13305: A information disclosure vulnerability was fixed in the encrypted-keys handling. (bnc#1094353).
- CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device lead to a local kernel data leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728).
- CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107).
- CVE-2018-1130: Linux kernel was vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904).
- CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS could be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr (bnc#1097234).
- CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924).
- CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418).
- CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis (bnc#1087081).
- CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bnc#1089343 bnc#1104365).
- CVE-2018-5803: An error in the '_sctp_make_chunk()' function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900).
- CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480).
- CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962).
The following non-security bugs were fixed:
- usb: add USB_DEVICE_INTERFACE_CLASS macro (bsc#1047487).
- usb: hub: fix non-SS hub-descriptor handling (bsc#1047487).
- usb: kobil_sct: fix non-atomic allocation in write path (bsc#1015828).
- usb: serial: ftdi_sio: fix latency-timer error handling (bsc#1037441).
- usb: serial: io_edgeport: fix NULL-deref at open (bsc#1015828).
- usb: serial: io_edgeport: fix possible sleep-in-atomic (bsc#1037441).
- usb: serial: keyspan_pda: fix modem-status error handling (bsc#1100132).
- usb: visor: Match I330 phone more precisely (bsc#1047487).
- cpu/hotplug: Add sysfs state interface (bsc#1089343).
- cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
- cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
- cpu/hotplug: Split do_cpu_down() (bsc#1089343).
- disable prot_none native mitigation (bnc#1104684)
- drm/i915: fix use-after-free in page_flip_completed() (bsc#1103909).
- drm: re-enable error handling (bsc#1103884)
- efivarfs: maintain the efivarfs interfaces when sysfs be created and removed (bsc#1097125).
- fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma.
- kthread, tracing: Do not expose half-written comm when creating kthreads (Git-fixes).
- nvme: add device id's with intel stripe quirk (bsc#1097562).
- perf/core: Fix group scheduling with mixed hw and sw events (Git-fixes).
- perf/x86/intel: Handle Broadwell family processors (bsc#1093183).
- s390/qeth: fix IPA command submission race (bnc#1099709, LTC#169004).
- scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1102087, LTC#168038).
- scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bnc#1102087, LTC#168765).
- scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bnc#1102087, LTC#168765).
- scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bnc#1102087, LTC#168765).
- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bnc#1102087, LTC#168765).
- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bnc#1102087, LTC#168765).
- scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bnc#1102087, LTC#168765).
- scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bnc#1102087, LTC#168765).
- series.conf: Remove trailing whitespaces
- slab: introduce kmalloc_array() (bsc#909361).
- smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132).
- x64/entry: move ENABLE_IBRS after switching from trampoline stack (bsc#1098658).
- x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343).
- x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343).
- x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343).
- x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).
- x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).
- x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).
- x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
- x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343).
- x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).
- x86/cpu: Remove the pointless CPU printout (bsc#1089343).
- x86/fpu: fix signal handling with eager FPU switching (bsc#1100091).
- x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684).
- x86/smp: Provide topology_is_primary_thread() (bsc#1089343).
- x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343).
- x86/topology: Add topology_max_smt_threads() (bsc#1089343).
- x86/topology: Provide topology_smt_supported() (bsc#1089343).
- x86/traps: Fix bad_iret_stack in fixup_bad_iret() (bsc#1098658).
- x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658).
- xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
- xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).
- xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343).
- xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bsc#1100132).
Patchnames
slertesp4-kernel-rt-20180827-13770
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942).\n- CVE-2017-13305: A information disclosure vulnerability was fixed in the encrypted-keys handling. (bnc#1094353).\n- CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device lead to a local kernel data leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728).\n- CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107).\n- CVE-2018-1130: Linux kernel was vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904).\n- CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS could be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr (bnc#1097234).\n- CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924).\n- CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418).\n- CVE-2018-3620: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis (bnc#1087081).\n- CVE-2018-3646: Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis (bnc#1089343 bnc#1104365).\n- CVE-2018-5803: An error in the \u0027_sctp_make_chunk()\u0027 function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900).\n- CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480).\n- CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962).\n\nThe following non-security bugs were fixed:\n\n- usb: add USB_DEVICE_INTERFACE_CLASS macro (bsc#1047487).\n- usb: hub: fix non-SS hub-descriptor handling (bsc#1047487).\n- usb: kobil_sct: fix non-atomic allocation in write path (bsc#1015828).\n- usb: serial: ftdi_sio: fix latency-timer error handling (bsc#1037441).\n- usb: serial: io_edgeport: fix NULL-deref at open (bsc#1015828).\n- usb: serial: io_edgeport: fix possible sleep-in-atomic (bsc#1037441).\n- usb: serial: keyspan_pda: fix modem-status error handling (bsc#1100132).\n- usb: visor: Match I330 phone more precisely (bsc#1047487).\n- cpu/hotplug: Add sysfs state interface (bsc#1089343).\n- cpu/hotplug: Provide knobs to control SMT (bsc#1089343).\n- cpu/hotplug: Provide knobs to control SMT (bsc#1089343).\n- cpu/hotplug: Split do_cpu_down() (bsc#1089343).\n- disable prot_none native mitigation (bnc#1104684)\n- drm/i915: fix use-after-free in page_flip_completed() (bsc#1103909).\n- drm: re-enable error handling (bsc#1103884)\n- efivarfs: maintain the efivarfs interfaces when sysfs be created and removed (bsc#1097125).\n- fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma.\n- kthread, tracing: Do not expose half-written comm when creating kthreads (Git-fixes).\n- nvme: add device id\u0027s with intel stripe quirk (bsc#1097562).\n- perf/core: Fix group scheduling with mixed hw and sw events (Git-fixes).\n- perf/x86/intel: Handle Broadwell family processors (bsc#1093183).\n- s390/qeth: fix IPA command submission race (bnc#1099709, LTC#169004).\n- scsi: zfcp: fix infinite iteration on ERP ready list (bnc#1102087, LTC#168038).\n- scsi: zfcp: fix misleading REC trigger trace where erp_action setup failed (bnc#1102087, LTC#168765).\n- scsi: zfcp: fix missing REC trigger trace for all objects in ERP_FAILED (bnc#1102087, LTC#168765).\n- scsi: zfcp: fix missing REC trigger trace on enqueue without ERP thread (bnc#1102087, LTC#168765).\n- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io early return (bnc#1102087, LTC#168765).\n- scsi: zfcp: fix missing REC trigger trace on terminate_rport_io for ERP_FAILED (bnc#1102087, LTC#168765).\n- scsi: zfcp: fix missing SCSI trace for result of eh_host_reset_handler (bnc#1102087, LTC#168765).\n- scsi: zfcp: fix missing SCSI trace for retry of abort / scsi_eh TMF (bnc#1102087, LTC#168765).\n- series.conf: Remove trailing whitespaces\n- slab: introduce kmalloc_array() (bsc#909361).\n- smsc75xx: Add workaround for gigabit link up hardware errata (bsc#1100132).\n- x64/entry: move ENABLE_IBRS after switching from trampoline stack (bsc#1098658).\n- x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343).\n- x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343).\n- x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343).\n- x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).\n- x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).\n- x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).\n- x86/cpu/common: Provide detect_ht_early() (bsc#1089343).\n- x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343).\n- x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).\n- x86/cpu: Remove the pointless CPU printout (bsc#1089343).\n- x86/fpu: fix signal handling with eager FPU switching (bsc#1100091).\n- x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684).\n- x86/smp: Provide topology_is_primary_thread() (bsc#1089343).\n- x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343).\n- x86/topology: Add topology_max_smt_threads() (bsc#1089343).\n- x86/topology: Provide topology_smt_supported() (bsc#1089343).\n- x86/traps: Fix bad_iret_stack in fixup_bad_iret() (bsc#1098658).\n- x86/traps: add missing kernel CR3 switch in bad_iret path (bsc#1098658).\n- xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343).\n- xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).\n- xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343).\n- xhci: xhci-mem: off by one in xhci_stream_id_to_ring() (bsc#1100132).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slertesp4-kernel-rt-20180827-13770",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2637-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:2637-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182637-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:2637-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-September/004537.html"
},
{
"category": "self",
"summary": "SUSE Bug 1015828",
"url": "https://bugzilla.suse.com/1015828"
},
{
"category": "self",
"summary": "SUSE Bug 1037441",
"url": "https://bugzilla.suse.com/1037441"
},
{
"category": "self",
"summary": "SUSE Bug 1047487",
"url": "https://bugzilla.suse.com/1047487"
},
{
"category": "self",
"summary": "SUSE Bug 1082962",
"url": "https://bugzilla.suse.com/1082962"
},
{
"category": "self",
"summary": "SUSE Bug 1083900",
"url": "https://bugzilla.suse.com/1083900"
},
{
"category": "self",
"summary": "SUSE Bug 1085107",
"url": "https://bugzilla.suse.com/1085107"
},
{
"category": "self",
"summary": "SUSE Bug 1087081",
"url": "https://bugzilla.suse.com/1087081"
},
{
"category": "self",
"summary": "SUSE Bug 1089343",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "self",
"summary": "SUSE Bug 1092904",
"url": "https://bugzilla.suse.com/1092904"
},
{
"category": "self",
"summary": "SUSE Bug 1093183",
"url": "https://bugzilla.suse.com/1093183"
},
{
"category": "self",
"summary": "SUSE Bug 1094353",
"url": "https://bugzilla.suse.com/1094353"
},
{
"category": "self",
"summary": "SUSE Bug 1096480",
"url": "https://bugzilla.suse.com/1096480"
},
{
"category": "self",
"summary": "SUSE Bug 1096728",
"url": "https://bugzilla.suse.com/1096728"
},
{
"category": "self",
"summary": "SUSE Bug 1097125",
"url": "https://bugzilla.suse.com/1097125"
},
{
"category": "self",
"summary": "SUSE Bug 1097234",
"url": "https://bugzilla.suse.com/1097234"
},
{
"category": "self",
"summary": "SUSE Bug 1097562",
"url": "https://bugzilla.suse.com/1097562"
},
{
"category": "self",
"summary": "SUSE Bug 1098016",
"url": "https://bugzilla.suse.com/1098016"
},
{
"category": "self",
"summary": "SUSE Bug 1098658",
"url": "https://bugzilla.suse.com/1098658"
},
{
"category": "self",
"summary": "SUSE Bug 1099709",
"url": "https://bugzilla.suse.com/1099709"
},
{
"category": "self",
"summary": "SUSE Bug 1099924",
"url": "https://bugzilla.suse.com/1099924"
},
{
"category": "self",
"summary": "SUSE Bug 1099942",
"url": "https://bugzilla.suse.com/1099942"
},
{
"category": "self",
"summary": "SUSE Bug 1100091",
"url": "https://bugzilla.suse.com/1100091"
},
{
"category": "self",
"summary": "SUSE Bug 1100132",
"url": "https://bugzilla.suse.com/1100132"
},
{
"category": "self",
"summary": "SUSE Bug 1100418",
"url": "https://bugzilla.suse.com/1100418"
},
{
"category": "self",
"summary": "SUSE Bug 1102087",
"url": "https://bugzilla.suse.com/1102087"
},
{
"category": "self",
"summary": "SUSE Bug 1103884",
"url": "https://bugzilla.suse.com/1103884"
},
{
"category": "self",
"summary": "SUSE Bug 1103909",
"url": "https://bugzilla.suse.com/1103909"
},
{
"category": "self",
"summary": "SUSE Bug 1104365",
"url": "https://bugzilla.suse.com/1104365"
},
{
"category": "self",
"summary": "SUSE Bug 1104475",
"url": "https://bugzilla.suse.com/1104475"
},
{
"category": "self",
"summary": "SUSE Bug 1104684",
"url": "https://bugzilla.suse.com/1104684"
},
{
"category": "self",
"summary": "SUSE Bug 909361",
"url": "https://bugzilla.suse.com/909361"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8405 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-13305 page",
"url": "https://www.suse.com/security/cve/CVE-2017-13305/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000204 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1068 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1130 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1130/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-12233 page",
"url": "https://www.suse.com/security/cve/CVE-2018-12233/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13053 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13053/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-13406 page",
"url": "https://www.suse.com/security/cve/CVE-2018-13406/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3620 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-3646 page",
"url": "https://www.suse.com/security/cve/CVE-2018-3646/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5803 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5803/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5814 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5814/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7492 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7492/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2018-09-06T13:01:35Z",
"generator": {
"date": "2018-09-06T13:01:35Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:2637-1",
"initial_release_date": "2018-09-06T13:01:35Z",
"revision_history": [
{
"date": "2018-09-06T13:01:35Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"product": {
"name": "kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"product_id": "kernel-rt-3.0.101.rt130-69.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"product": {
"name": "kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"product_id": "kernel-rt-base-3.0.101.rt130-69.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"product": {
"name": "kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"product_id": "kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"product": {
"name": "kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"product_id": "kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"product": {
"name": "kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"product_id": "kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"product": {
"name": "kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"product_id": "kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"product": {
"name": "kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"product_id": "kernel-source-rt-3.0.101.rt130-69.33.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64",
"product": {
"name": "kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64",
"product_id": "kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 11 SP4",
"product": {
"name": "SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4",
"product_identification_helper": {
"cpe": "cpe:/a:suse:suse-linux-enterprise-rt:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-3.0.101.rt130-69.33.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64"
},
"product_reference": "kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-base-3.0.101.rt130-69.33.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64"
},
"product_reference": "kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64"
},
"product_reference": "kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64"
},
"product_reference": "kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64"
},
"product_reference": "kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64"
},
"product_reference": "kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-3.0.101.rt130-69.33.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64"
},
"product_reference": "kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64 as component of SUSE Linux Enterprise Real Time 11 SP4",
"product_id": "SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
},
"product_reference": "kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 11 SP4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-8405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8405"
}
],
"notes": [
{
"category": "general",
"text": "An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31651010.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8405",
"url": "https://www.suse.com/security/cve/CVE-2016-8405"
},
{
"category": "external",
"summary": "SUSE Bug 1099942 for CVE-2016-8405",
"url": "https://bugzilla.suse.com/1099942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2016-8405"
},
{
"cve": "CVE-2017-13305",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-13305"
}
],
"notes": [
{
"category": "general",
"text": "A information disclosure vulnerability in the Upstream kernel encrypted-keys. Product: Android. Versions: Android kernel. Android ID: A-70526974.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-13305",
"url": "https://www.suse.com/security/cve/CVE-2017-13305"
},
{
"category": "external",
"summary": "SUSE Bug 1094353 for CVE-2017-13305",
"url": "https://bugzilla.suse.com/1094353"
},
{
"category": "external",
"summary": "SUSE Bug 1105412 for CVE-2017-13305",
"url": "https://bugzilla.suse.com/1105412"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "low"
}
],
"title": "CVE-2017-13305"
},
{
"cve": "CVE-2018-1000204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000204"
}
],
"notes": [
{
"category": "general",
"text": "Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don\u0027t usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it \"virtually impossible to exploit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000204",
"url": "https://www.suse.com/security/cve/CVE-2018-1000204"
},
{
"category": "external",
"summary": "SUSE Bug 1096728 for CVE-2018-1000204",
"url": "https://bugzilla.suse.com/1096728"
},
{
"category": "external",
"summary": "SUSE Bug 1105412 for CVE-2018-1000204",
"url": "https://bugzilla.suse.com/1105412"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000204"
},
{
"cve": "CVE-2018-1068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1068"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux 4.x kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1068",
"url": "https://www.suse.com/security/cve/CVE-2018-1068"
},
{
"category": "external",
"summary": "SUSE Bug 1085107 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1085107"
},
{
"category": "external",
"summary": "SUSE Bug 1085114 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1085114"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1123903 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1123903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "important"
}
],
"title": "CVE-2018-1068"
},
{
"cve": "CVE-2018-1130",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1130"
}
],
"notes": [
{
"category": "general",
"text": "Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1130",
"url": "https://www.suse.com/security/cve/CVE-2018-1130"
},
{
"category": "external",
"summary": "SUSE Bug 1092904 for CVE-2018-1130",
"url": "https://bugzilla.suse.com/1092904"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-1130"
},
{
"cve": "CVE-2018-12233",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-12233"
}
],
"notes": [
{
"category": "general",
"text": "In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-12233",
"url": "https://www.suse.com/security/cve/CVE-2018-12233"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-12233",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1097234 for CVE-2018-12233",
"url": "https://bugzilla.suse.com/1097234"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-12233",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-12233"
},
{
"cve": "CVE-2018-13053",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13053"
}
],
"notes": [
{
"category": "general",
"text": "The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13053",
"url": "https://www.suse.com/security/cve/CVE-2018-13053"
},
{
"category": "external",
"summary": "SUSE Bug 1099924 for CVE-2018-13053",
"url": "https://bugzilla.suse.com/1099924"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-13053",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "low"
}
],
"title": "CVE-2018-13053"
},
{
"cve": "CVE-2018-13406",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-13406"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-13406",
"url": "https://www.suse.com/security/cve/CVE-2018-13406"
},
{
"category": "external",
"summary": "SUSE Bug 1098016 for CVE-2018-13406",
"url": "https://bugzilla.suse.com/1098016"
},
{
"category": "external",
"summary": "SUSE Bug 1100418 for CVE-2018-13406",
"url": "https://bugzilla.suse.com/1100418"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-13406",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-13406"
},
{
"cve": "CVE-2018-3620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3620"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access via a terminal page fault and a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3620",
"url": "https://www.suse.com/security/cve/CVE-2018-3620"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3620",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087081 for CVE-2018-3620",
"url": "https://bugzilla.suse.com/1087081"
},
{
"category": "external",
"summary": "SUSE Bug 1089343 for CVE-2018-3620",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "external",
"summary": "SUSE Bug 1090340 for CVE-2018-3620",
"url": "https://bugzilla.suse.com/1090340"
},
{
"category": "external",
"summary": "SUSE Bug 1091107 for CVE-2018-3620",
"url": "https://bugzilla.suse.com/1091107"
},
{
"category": "external",
"summary": "SUSE Bug 1099306 for CVE-2018-3620",
"url": "https://bugzilla.suse.com/1099306"
},
{
"category": "external",
"summary": "SUSE Bug 1104894 for CVE-2018-3620",
"url": "https://bugzilla.suse.com/1104894"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2018-3620",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3620",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-3620"
},
{
"cve": "CVE-2018-3646",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-3646"
}
],
"notes": [
{
"category": "general",
"text": "Systems with microprocessors utilizing speculative execution and address translations may allow unauthorized disclosure of information residing in the L1 data cache to an attacker with local user access with guest OS privilege via a terminal page fault and a side-channel analysis.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-3646",
"url": "https://www.suse.com/security/cve/CVE-2018-3646"
},
{
"category": "external",
"summary": "SUSE Bug 1087078 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087078"
},
{
"category": "external",
"summary": "SUSE Bug 1087081 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1087081"
},
{
"category": "external",
"summary": "SUSE Bug 1089343 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1089343"
},
{
"category": "external",
"summary": "SUSE Bug 1091107 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1091107"
},
{
"category": "external",
"summary": "SUSE Bug 1099306 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1099306"
},
{
"category": "external",
"summary": "SUSE Bug 1104365 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104365"
},
{
"category": "external",
"summary": "SUSE Bug 1104894 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1104894"
},
{
"category": "external",
"summary": "SUSE Bug 1106548 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1106548"
},
{
"category": "external",
"summary": "SUSE Bug 1113534 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1113534"
},
{
"category": "external",
"summary": "SUSE Bug 1136865 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1136865"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1178658"
},
{
"category": "external",
"summary": "SUSE Bug 1201877 for CVE-2018-3646",
"url": "https://bugzilla.suse.com/1201877"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "important"
}
],
"title": "CVE-2018-3646"
},
{
"cve": "CVE-2018-5803",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5803"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the \"_sctp_make_chunk()\" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5803",
"url": "https://www.suse.com/security/cve/CVE-2018-5803"
},
{
"category": "external",
"summary": "SUSE Bug 1083900 for CVE-2018-5803",
"url": "https://bugzilla.suse.com/1083900"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-5803",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-5803",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-5803"
},
{
"cve": "CVE-2018-5814",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5814"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5814",
"url": "https://www.suse.com/security/cve/CVE-2018-5814"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-5814",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1096480 for CVE-2018-5814",
"url": "https://bugzilla.suse.com/1096480"
},
{
"category": "external",
"summary": "SUSE Bug 1133319 for CVE-2018-5814",
"url": "https://bugzilla.suse.com/1133319"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-5814"
},
{
"cve": "CVE-2018-7492",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7492"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7492",
"url": "https://www.suse.com/security/cve/CVE-2018-7492"
},
{
"category": "external",
"summary": "SUSE Bug 1082962 for CVE-2018-7492",
"url": "https://bugzilla.suse.com/1082962"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-base-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-rt_trace-devel-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-source-rt-3.0.101.rt130-69.33.1.x86_64",
"SUSE Linux Enterprise Real Time 11 SP4:kernel-syms-rt-3.0.101.rt130-69.33.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-09-06T13:01:35Z",
"details": "moderate"
}
],
"title": "CVE-2018-7492"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…