csaf_suse - suse-su-2018:2962-1

suse-su-2018:2962-1

Vulnerability from csaf_suse

Published

2018-10-01 16:04

Modified

2018-10-01 16:04

Summary

Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3)

Description of the patch

This update for the Linux Kernel 4.4.114-94_11 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682). - CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723). - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191). - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323).

Patchnames

SUSE-SLE-Live-Patching-12-SP3-2018-2098,SUSE-SLE-Live-Patching-12-SP3-2018-2099,SUSE-SLE-Live-Patching-12-SP3-2018-2100,SUSE-SLE-Live-Patching-12-SP3-2018-2101,SUSE-SLE-Live-Patching-12-SP3-2018-2102,SUSE-SLE-Live-Patching-12-SP3-2018-2104

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 4.4.114-94_11 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming TCP packet which can lead to a denial of service (bsc#1102682).\n- CVE-2018-1000026: Fixed an insufficient input validation in bnx2x network card driver that can result in DoS via very large, specially crafted packet to the bnx2x card due to a network card firmware assertion that will take the card offline (bsc#1096723).\n- CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr() function leading to a denial-of-service via crafted network packets (bsc#1106191).\n- CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-Live-Patching-12-SP3-2018-2098,SUSE-SLE-Live-Patching-12-SP3-2018-2099,SUSE-SLE-Live-Patching-12-SP3-2018-2100,SUSE-SLE-Live-Patching-12-SP3-2018-2101,SUSE-SLE-Live-Patching-12-SP3-2018-2102,SUSE-SLE-Live-Patching-12-SP3-2018-2104",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_2962-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:2962-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182962-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:2962-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20182962-1.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1096723",
        "url": "https://bugzilla.suse.com/1096723"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1102682",
        "url": "https://bugzilla.suse.com/1102682"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1105323",
        "url": "https://bugzilla.suse.com/1105323"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1106191",
        "url": "https://bugzilla.suse.com/1106191"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1000026 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1000026/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10902 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10902/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-10938 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-10938/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-5390 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-5390/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 8 for SLE 12 SP3)",
    "tracking": {
      "current_release_date": "2018-10-01T16:04:14Z",
      "generator": {
        "date": "2018-10-01T16:04:14Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:2962-1",
      "initial_release_date": "2018-10-01T16:04:14Z",
      "revision_history": [
        {
          "date": "2018-10-01T16:04:14Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
                "product": {
                  "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
                  "product_id": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
                "product": {
                  "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
                  "product_id": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
                "product": {
                  "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
                  "product_id": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
                "product": {
                  "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
                  "product_id": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
                "product": {
                  "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
                  "product_id": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
                  "product_id": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 12 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-live-patching:12:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1000026",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1000026"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1000026",
          "url": "https://www.suse.com/security/cve/CVE-2018-1000026"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1079384 for CVE-2018-1000026",
          "url": "https://bugzilla.suse.com/1079384"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2018-1000026",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1096723 for CVE-2018-1000026",
          "url": "https://bugzilla.suse.com/1096723"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-01T16:04:14Z",
          "details": "important"
        }
      ],
      "title": "CVE-2018-1000026"
    },
    {
      "cve": "CVE-2018-10902",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10902"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10902",
          "url": "https://www.suse.com/security/cve/CVE-2018-10902"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105322 for CVE-2018-10902",
          "url": "https://bugzilla.suse.com/1105322"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1105323 for CVE-2018-10902",
          "url": "https://bugzilla.suse.com/1105323"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-01T16:04:14Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-10902"
    },
    {
      "cve": "CVE-2018-10938",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-10938"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-10938",
          "url": "https://www.suse.com/security/cve/CVE-2018-10938"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1106016 for CVE-2018-10938",
          "url": "https://bugzilla.suse.com/1106016"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1106191 for CVE-2018-10938",
          "url": "https://bugzilla.suse.com/1106191"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-01T16:04:14Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-10938"
    },
    {
      "cve": "CVE-2018-5390",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-5390"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-5390",
          "url": "https://www.suse.com/security/cve/CVE-2018-5390"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2018-5390",
          "url": "https://bugzilla.suse.com/1087082"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102340 for CVE-2018-5390",
          "url": "https://bugzilla.suse.com/1102340"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1102682 for CVE-2018-5390",
          "url": "https://bugzilla.suse.com/1102682"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103097 for CVE-2018-5390",
          "url": "https://bugzilla.suse.com/1103097"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1103098 for CVE-2018-5390",
          "url": "https://bugzilla.suse.com/1103098"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1156434 for CVE-2018-5390",
          "url": "https://bugzilla.suse.com/1156434"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_33-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_103-6_38-default-9-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_11-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_114-94_14-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_18-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_92-6_30-default-9-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-01T16:04:14Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-5390"
    }
  ]
}

CVE-2018-10902 (GCVE-0-2018-10902)

Vulnerability from cvelistv5

Published

2018-08-21 19:00

Modified

2024-08-05 07:54

Severity ?

7.8 (High) - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-416

Summary

It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3776-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3776-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3847-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3847-2/	vendor-advisory, x_refsource_UBUNTU
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902	x_refsource_CONFIRM
	https://usn.ubuntu.com/3849-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2019:0415	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3849-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id/1041529	vdb-entry, x_refsource_SECTRACK
	https://www.debian.org/security/2018/dsa-4308	vendor-advisory, x_refsource_DEBIAN
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0	x_refsource_MISC
	https://usn.ubuntu.com/3847-3/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/105119	vdb-entry, x_refsource_BID
	https://access.redhat.com/errata/RHSA-2019:0641	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3217	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2019:3967	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	[UNKNOWN]	kernel	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:35.823Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "USN-3776-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3776-1/"
          },
          {
            "name": "USN-3776-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3776-2/"
          },
          {
            "name": "USN-3847-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3847-1/"
          },
          {
            "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
          },
          {
            "name": "USN-3847-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3847-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902"
          },
          {
            "name": "USN-3849-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3849-1/"
          },
          {
            "name": "RHSA-2019:0415",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0415"
          },
          {
            "name": "USN-3849-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3849-2/"
          },
          {
            "name": "1041529",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041529"
          },
          {
            "name": "DSA-4308",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4308"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0"
          },
          {
            "name": "USN-3847-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3847-3/"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "name": "105119",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105119"
          },
          {
            "name": "RHSA-2019:0641",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:0641"
          },
          {
            "name": "RHSA-2019:3217",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3217"
          },
          {
            "name": "RHSA-2019:3967",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3967"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "kernel",
          "vendor": "[UNKNOWN]",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-08-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-11-26T14:07:14",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "USN-3776-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3776-1/"
        },
        {
          "name": "USN-3776-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3776-2/"
        },
        {
          "name": "USN-3847-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3847-1/"
        },
        {
          "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
        },
        {
          "name": "USN-3847-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3847-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902"
        },
        {
          "name": "USN-3849-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3849-1/"
        },
        {
          "name": "RHSA-2019:0415",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0415"
        },
        {
          "name": "USN-3849-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3849-2/"
        },
        {
          "name": "1041529",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041529"
        },
        {
          "name": "DSA-4308",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4308"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0"
        },
        {
          "name": "USN-3847-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3847-3/"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "name": "105119",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105119"
        },
        {
          "name": "RHSA-2019:0641",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:0641"
        },
        {
          "name": "RHSA-2019:3217",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3217"
        },
        {
          "name": "RHSA-2019:3967",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3967"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10902",
    "datePublished": "2018-08-21T19:00:00",
    "dateReserved": "2018-05-09T00:00:00",
    "dateUpdated": "2024-08-05T07:54:35.823Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-10938 (GCVE-0-2018-10938)

Vulnerability from cvelistv5

Published

2018-08-27 13:00

Modified

2024-08-05 07:54

Severity ?

CWE

Summary

A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw.

References

►

URL

Tags

	http://seclists.org/oss-sec/2018/q3/179	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3797-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3797-1/	vendor-advisory, x_refsource_UBUNTU
	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1041569	vdb-entry, x_refsource_SECTRACK
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/105154	vdb-entry, x_refsource_BID
	https://www.debian.org/security/2018/dsa-4308	vendor-advisory, x_refsource_DEBIAN

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:35.481Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20180827 CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://seclists.org/oss-sec/2018/q3/179"
          },
          {
            "name": "USN-3797-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3797-2/"
          },
          {
            "name": "USN-3797-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3797-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149"
          },
          {
            "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
          },
          {
            "name": "1041569",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041569"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938"
          },
          {
            "name": "105154",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105154"
          },
          {
            "name": "DSA-4308",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4308"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-08-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-23T09:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[oss-security] 20180827 CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://seclists.org/oss-sec/2018/q3/179"
        },
        {
          "name": "USN-3797-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3797-2/"
        },
        {
          "name": "USN-3797-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3797-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149"
        },
        {
          "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
        },
        {
          "name": "1041569",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041569"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938"
        },
        {
          "name": "105154",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105154"
        },
        {
          "name": "DSA-4308",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4308"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2018-10938",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in the Linux kernel present since v4.0-rc1 and through v4.13-rc4. A crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipso_v4_optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system before an attacker could leverage this flaw."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20180827 CVE-2018-10938: Linux kernel: net: infinite loop in net/ipv4/cipso_ipv4.c:cipso_v4_optptr() allows a remote DoS",
              "refsource": "MLIST",
              "url": "http://seclists.org/oss-sec/2018/q3/179"
            },
            {
              "name": "USN-3797-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3797-2/"
            },
            {
              "name": "USN-3797-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3797-1/"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40413955ee265a5e42f710940ec78f5450d49149"
            },
            {
              "name": "[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/10/msg00003.html"
            },
            {
              "name": "1041569",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041569"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10938"
            },
            {
              "name": "105154",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105154"
            },
            {
              "name": "DSA-4308",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4308"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2018-10938",
    "datePublished": "2018-08-27T13:00:00",
    "dateReserved": "2018-05-09T00:00:00",
    "dateUpdated": "2024-08-05T07:54:35.481Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-5390 (GCVE-0-2018-5390)

Vulnerability from cvelistv5

Published

2018-08-06 20:00

Modified

2024-08-05 05:33

Severity ?

CWE

CWE-400

Summary

Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service.

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:2785	vendor-advisory, x_refsource_REDHAT
	https://www.kb.cert.org/vuls/id/962459	third-party-advisory, x_refsource_CERT-VN
	https://usn.ubuntu.com/3741-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2776	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2933	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2403	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2395	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3763-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2384	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3741-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2402	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3742-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securitytracker.com/id/1041434	vdb-entry, x_refsource_SECTRACK
	https://usn.ubuntu.com/3732-2/	vendor-advisory, x_refsource_UBUNTU
	http://www.securityfocus.com/bid/104976	vdb-entry, x_refsource_BID
	https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html	mailing-list, x_refsource_MLIST
	http://www.securitytracker.com/id/1041424	vdb-entry, x_refsource_SECTRACK
	https://usn.ubuntu.com/3742-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2924	vendor-advisory, x_refsource_REDHAT
	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp	vendor-advisory, x_refsource_CISCO
	https://access.redhat.com/errata/RHSA-2018:2789	vendor-advisory, x_refsource_REDHAT
	https://www.debian.org/security/2018/dsa-4266	vendor-advisory, x_refsource_DEBIAN
	https://access.redhat.com/errata/RHSA-2018:2645	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3732-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2791	vendor-advisory, x_refsource_REDHAT
	https://access.redhat.com/errata/RHSA-2018:2790	vendor-advisory, x_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2019/06/28/2	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/07/06/3	mailing-list, x_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2019/07/06/4	mailing-list, x_refsource_MLIST
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	x_refsource_CONFIRM
	https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0	x_refsource_CONFIRM
	https://security.netapp.com/advisory/ntap-20180815-0003/	x_refsource_CONFIRM
	http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt	x_refsource_CONFIRM
	https://www.synology.com/support/security/Synology_SA_18_41	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K95343321	x_refsource_CONFIRM
	https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack	x_refsource_CONFIRM
	https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e	x_refsource_CONFIRM
	https://support.f5.com/csp/article/K95343321?utm_source=f5support&amp%3Butm_medium=RSS	x_refsource_CONFIRM
	https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf	x_refsource_CONFIRM
	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en	x_refsource_CONFIRM

Impacted products

	Vendor	Product	Version
	Linux	Linux Kernel	Version: 4.9 < 4.9*

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T05:33:44.409Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2785",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2785"
          },
          {
            "name": "VU#962459",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/962459"
          },
          {
            "name": "USN-3741-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-2/"
          },
          {
            "name": "RHSA-2018:2776",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2776"
          },
          {
            "name": "RHSA-2018:2933",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2933"
          },
          {
            "name": "RHSA-2018:2403",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2403"
          },
          {
            "name": "RHSA-2018:2395",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2395"
          },
          {
            "name": "USN-3763-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3763-1/"
          },
          {
            "name": "RHSA-2018:2384",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2384"
          },
          {
            "name": "USN-3741-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3741-1/"
          },
          {
            "name": "RHSA-2018:2402",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2402"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "name": "USN-3742-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-2/"
          },
          {
            "name": "1041434",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041434"
          },
          {
            "name": "USN-3732-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3732-2/"
          },
          {
            "name": "104976",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104976"
          },
          {
            "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
          },
          {
            "name": "1041424",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041424"
          },
          {
            "name": "USN-3742-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3742-1/"
          },
          {
            "name": "RHSA-2018:2924",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2924"
          },
          {
            "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
          },
          {
            "name": "RHSA-2018:2789",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2789"
          },
          {
            "name": "DSA-4266",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4266"
          },
          {
            "name": "RHSA-2018:2645",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2645"
          },
          {
            "name": "USN-3732-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3732-1/"
          },
          {
            "name": "RHSA-2018:2791",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2791"
          },
          {
            "name": "RHSA-2018:2790",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2790"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
          },
          {
            "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_41"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K95343321"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux Kernel",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "4.9*",
              "status": "affected",
              "version": "4.9",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:22:59",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "name": "RHSA-2018:2785",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2785"
        },
        {
          "name": "VU#962459",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/962459"
        },
        {
          "name": "USN-3741-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-2/"
        },
        {
          "name": "RHSA-2018:2776",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2776"
        },
        {
          "name": "RHSA-2018:2933",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2933"
        },
        {
          "name": "RHSA-2018:2403",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2403"
        },
        {
          "name": "RHSA-2018:2395",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2395"
        },
        {
          "name": "USN-3763-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3763-1/"
        },
        {
          "name": "RHSA-2018:2384",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2384"
        },
        {
          "name": "USN-3741-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3741-1/"
        },
        {
          "name": "RHSA-2018:2402",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2402"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "name": "USN-3742-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-2/"
        },
        {
          "name": "1041434",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041434"
        },
        {
          "name": "USN-3732-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3732-2/"
        },
        {
          "name": "104976",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104976"
        },
        {
          "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
        },
        {
          "name": "1041424",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041424"
        },
        {
          "name": "USN-3742-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3742-1/"
        },
        {
          "name": "RHSA-2018:2924",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2924"
        },
        {
          "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
        },
        {
          "name": "RHSA-2018:2789",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2789"
        },
        {
          "name": "DSA-4266",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4266"
        },
        {
          "name": "RHSA-2018:2645",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2645"
        },
        {
          "name": "USN-3732-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3732-1/"
        },
        {
          "name": "RHSA-2018:2791",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2791"
        },
        {
          "name": "RHSA-2018:2790",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2790"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
        },
        {
          "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_41"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K95343321"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2018-5390",
          "STATE": "PUBLIC",
          "TITLE": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Linux Kernel",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003e=",
                            "version_affected": "\u003e=",
                            "version_name": "4.9",
                            "version_value": "4.9"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Linux"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Linux kernel versions 4.9+ can be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2785",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2785"
            },
            {
              "name": "VU#962459",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/962459"
            },
            {
              "name": "USN-3741-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-2/"
            },
            {
              "name": "RHSA-2018:2776",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2776"
            },
            {
              "name": "RHSA-2018:2933",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2933"
            },
            {
              "name": "RHSA-2018:2403",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2403"
            },
            {
              "name": "RHSA-2018:2395",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2395"
            },
            {
              "name": "USN-3763-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3763-1/"
            },
            {
              "name": "RHSA-2018:2384",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2384"
            },
            {
              "name": "USN-3741-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3741-1/"
            },
            {
              "name": "RHSA-2018:2402",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2402"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "USN-3742-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-2/"
            },
            {
              "name": "1041434",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041434"
            },
            {
              "name": "USN-3732-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3732-2/"
            },
            {
              "name": "104976",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104976"
            },
            {
              "name": "[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00014.html"
            },
            {
              "name": "1041424",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041424"
            },
            {
              "name": "USN-3742-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3742-1/"
            },
            {
              "name": "RHSA-2018:2924",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2924"
            },
            {
              "name": "20180824 Linux and FreeBSD Kernels TCP Reassembly Denial of Service Vulnerabilities Affecting Cisco Products: August 2018",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-tcp"
            },
            {
              "name": "RHSA-2018:2789",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2789"
            },
            {
              "name": "DSA-4266",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4266"
            },
            {
              "name": "RHSA-2018:2645",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2645"
            },
            {
              "name": "USN-3732-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3732-1/"
            },
            {
              "name": "RHSA-2018:2791",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2791"
            },
            {
              "name": "RHSA-2018:2790",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2790"
            },
            {
              "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/3"
            },
            {
              "name": "[oss-security] 20190706 Re: linux-distros membership application - Microsoft",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/07/06/4"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180815-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180815-0003/"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_41",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_41"
            },
            {
              "name": "https://support.f5.com/csp/article/K95343321",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K95343321"
            },
            {
              "name": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack",
              "refsource": "CONFIRM",
              "url": "https://www.a10networks.com/support/security-advisories/tcp-ip-cve-2018-5390-segmentsmack"
            },
            {
              "name": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e",
              "refsource": "CONFIRM",
              "url": "https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=1a4f14bab1868b443f0dd3c55b689a478f82e72e"
            },
            {
              "name": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K95343321?utm_source=f5support\u0026amp;utm_medium=RSS"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf"
            },
            {
              "name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en",
              "refsource": "CONFIRM",
              "url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181031-02-linux-en"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2018-5390",
    "datePublished": "2018-08-06T20:00:00",
    "dateReserved": "2018-01-12T00:00:00",
    "dateUpdated": "2024-08-05T05:33:44.409Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2018-1000026 (GCVE-0-2018-1000026)

Vulnerability from cvelistv5

Published

2018-02-09 23:00

Modified

2024-08-05 12:33

Severity ?

CWE

Summary

Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..

References

►

URL

Tags

	https://access.redhat.com/errata/RHSA-2018:3083	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3617-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3619-2/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3617-3/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3632-1/	vendor-advisory, x_refsource_UBUNTU
	https://usn.ubuntu.com/3620-2/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:2948	vendor-advisory, x_refsource_REDHAT
	https://patchwork.ozlabs.org/patch/859410/	x_refsource_MISC
	http://lists.openwall.net/netdev/2018/01/16/40	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3617-2/	vendor-advisory, x_refsource_UBUNTU
	http://lists.openwall.net/netdev/2018/01/18/96	mailing-list, x_refsource_MLIST
	https://usn.ubuntu.com/3620-1/	vendor-advisory, x_refsource_UBUNTU
	https://access.redhat.com/errata/RHSA-2018:3096	vendor-advisory, x_refsource_REDHAT
	https://usn.ubuntu.com/3619-1/	vendor-advisory, x_refsource_UBUNTU
	https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html	mailing-list, x_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:33:48.963Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:3083",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3083"
          },
          {
            "name": "USN-3617-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-1/"
          },
          {
            "name": "USN-3619-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-2/"
          },
          {
            "name": "USN-3617-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-3/"
          },
          {
            "name": "USN-3632-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3632-1/"
          },
          {
            "name": "USN-3620-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-2/"
          },
          {
            "name": "RHSA-2018:2948",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2948"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.ozlabs.org/patch/859410/"
          },
          {
            "name": "[netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.openwall.net/netdev/2018/01/16/40"
          },
          {
            "name": "USN-3617-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3617-2/"
          },
          {
            "name": "[netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.openwall.net/netdev/2018/01/18/96"
          },
          {
            "name": "USN-3620-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-1/"
          },
          {
            "name": "RHSA-2018:3096",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3096"
          },
          {
            "name": "USN-3619-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3619-1/"
          },
          {
            "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-01-18T00:00:00",
      "datePublic": "2018-01-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-05-03T11:06:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "RHSA-2018:3083",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3083"
        },
        {
          "name": "USN-3617-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-1/"
        },
        {
          "name": "USN-3619-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-2/"
        },
        {
          "name": "USN-3617-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-3/"
        },
        {
          "name": "USN-3632-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3632-1/"
        },
        {
          "name": "USN-3620-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-2/"
        },
        {
          "name": "RHSA-2018:2948",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2948"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.ozlabs.org/patch/859410/"
        },
        {
          "name": "[netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.openwall.net/netdev/2018/01/16/40"
        },
        {
          "name": "USN-3617-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3617-2/"
        },
        {
          "name": "[netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.openwall.net/netdev/2018/01/18/96"
        },
        {
          "name": "USN-3620-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-1/"
        },
        {
          "name": "RHSA-2018:3096",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3096"
        },
        {
          "name": "USN-3619-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3619-1/"
        },
        {
          "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "1/18/2018 7:01:42",
          "ID": "CVE-2018-1000026",
          "REQUESTER": "dja@axtens.net",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:3083",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3083"
            },
            {
              "name": "USN-3617-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-1/"
            },
            {
              "name": "USN-3619-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-2/"
            },
            {
              "name": "USN-3617-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-3/"
            },
            {
              "name": "USN-3632-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3632-1/"
            },
            {
              "name": "USN-3620-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-2/"
            },
            {
              "name": "RHSA-2018:2948",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2948"
            },
            {
              "name": "https://patchwork.ozlabs.org/patch/859410/",
              "refsource": "MISC",
              "url": "https://patchwork.ozlabs.org/patch/859410/"
            },
            {
              "name": "[netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40",
              "refsource": "MLIST",
              "url": "http://lists.openwall.net/netdev/2018/01/16/40"
            },
            {
              "name": "USN-3617-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3617-2/"
            },
            {
              "name": "[netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96",
              "refsource": "MLIST",
              "url": "http://lists.openwall.net/netdev/2018/01/18/96"
            },
            {
              "name": "USN-3620-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-1/"
            },
            {
              "name": "RHSA-2018:3096",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3096"
            },
            {
              "name": "USN-3619-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3619-1/"
            },
            {
              "name": "[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00002.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000026",
    "datePublished": "2018-02-09T23:00:00",
    "dateReserved": "2018-01-29T00:00:00",
    "dateUpdated": "2024-08-05T12:33:48.963Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2018:2962-1

Vulnerability from csaf_suse

CVE-2018-10902 (GCVE-0-2018-10902)

Vulnerability from cvelistv5

CVE-2018-10938 (GCVE-0-2018-10938)

Vulnerability from cvelistv5

CVE-2018-5390 (GCVE-0-2018-5390)

Vulnerability from cvelistv5

CVE-2018-1000026 (GCVE-0-2018-1000026)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature