suse-su-2019:0470-1
Vulnerability from csaf_suse
Published
2019-02-22 12:47
Modified
2019-02-22 12:47
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 12 realtime kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-18249: Fixed tracking on allocated nid in the add_free_nid function fs/f2fs/node.c, which previously allowed local users to cause a denial of service (bnc#1087036).
- CVE-2019-3459: Fixed remote heap address information leak in use of l2cap_get_conf_opt (bnc#1120758).
- CVE-2019-3460: Fixed remote data leak in multiple location in the function l2cap_parse_conf_rsp (bnc#1120758).
The following non-security bugs were fixed:
- Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).
- Fix problem with sharetransport= and NFSv4 (bsc#1114893).
- Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
- Yama: Check for pid death before checking ancestry (bnc#1012382).
- acpi / processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)).
- acpi/nfit: Block function zero DSMs (bsc#1123321).
- acpi/nfit: Fix command-supported detection (bsc#1123323).
- acpi: power: Skip duplicate power resource references in _PRx (bnc#1012382).
- alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).
- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382).
- arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).
- arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).
- arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).
- ata: Fix racy link clearance (bsc#1107866).
- block/loop: Use global lock for ioctl() operation (bnc#1012382).
- block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes).
- Btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382).
- Btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).
- Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).
- Btrfs: tree-checker: Fix misleading group system information (bnc#1012382).
- Btrfs: validate type when reading a chunk (bnc#1012382).
- Btrfs: wait on ordered extents on abort cleanup (bnc#1012382).
- can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382).
- cifs: Do not hide EINTR after sending network packets (bnc#1012382).
- cifs: Fix potential OOB access of lock element array (bnc#1012382).
- clk: imx6q: reset exclusive gates on init (bnc#1012382).
- crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).
- crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382).
- crypto: cts - fix crash on short inputs (bnc#1012382).
- crypto: user - support incremental algorithm dumps (bsc#1120902).
- dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes).
- dm crypt: factor IV constructor out to separate function (Git-fixes).
- dm crypt: fix crash by adding missing check for auth key size (git-fixes).
- dm crypt: fix error return code in crypt_ctr() (git-fixes).
- dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).
- dm crypt: introduce new format of cipher with 'capi:' prefix (Git-fixes).
- dm crypt: wipe kernel key copy after IV initialization (Git-fixes).
- dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).
- dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382).
- dm: do not allow readahead to limit IO size (git fixes (readahead)).
- e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).
- edac: Raise the maximum number of memory controllers (bsc#1120722).
- efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650).
- ext4: Fix crash during online resizing (bsc#1122779).
- ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382).
- f2fs: Add sanity_check_inode() function (bnc#1012382).
- f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).
- f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).
- f2fs: clean up argument of recover_data (bnc#1012382).
- f2fs: clean up with is_valid_blkaddr() (bnc#1012382).
- f2fs: detect wrong layout (bnc#1012382).
- f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382).
- f2fs: factor out fsync inode entry operations (bnc#1012382).
- f2fs: fix inode cache leak (bnc#1012382).
- f2fs: fix invalid memory access (bnc#1012382).
- f2fs: fix missing up_read (bnc#1012382).
- f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382).
- f2fs: fix to convert inline directory correctly (bnc#1012382).
- f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382).
- f2fs: fix to do sanity check with block address in main area (bnc#1012382).
- f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382).
- f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).
- f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).
- f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382).
- f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).
- f2fs: fix to do sanity check with user_block_count (bnc#1012382).
- f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382).
- f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).
- f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).
- f2fs: introduce and spread verify_blkaddr (bnc#1012382).
- f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).
- f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).
- f2fs: not allow to write illegal blkaddr (bnc#1012382).
- f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382).
- f2fs: remove an obsolete variable (bnc#1012382).
- f2fs: return error during fill_super (bnc#1012382).
- f2fs: sanity check on sit entry (bnc#1012382).
- f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382).
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).
- i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382).
- ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).
- ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).
- ibmvnic: Increase maximum queue size limit (bsc#1121726).
- ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).
- iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).
- iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).
- iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).
- iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).
- ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382).
- ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).
- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382).
- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382).
- ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).
- jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382).
- kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653).
- kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382).
- kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382).
- loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382).
- loop: Fold __loop_release into loop_release (bnc#1012382).
- loop: Get rid of loop_index_mutex (bnc#1012382).
- lsm: Check for NULL cred-security on free (bnc#1012382).
- md: batch flush requests (bsc#1119680).
- media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382).
- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382).
- media: vb2: be sure to unlock mutex on errors (bnc#1012382).
- media: vb2: vb2_mmap: move lock up (bnc#1012382).
- media: vivid: fix error handling of kthread_run (bnc#1012382).
- media: vivid: set min width/height to a value > 0 (bnc#1012382).
- mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).
- mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur (bnc#1012382).
- mips: fix n32 compat_ipc_parse_version (bnc#1012382).
- mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps (bnc#1012382).
- mm, slab: faster active and free stats (bsc#1116653, VM Performance).
- mm, slab: maintain total slab count instead of active count (bsc#1116653, VM Performance).
- mm/page-writeback.c: do not break integrity writeback on ->writepage() error (bnc#1012382).
- mm/slab: improve performance of gathering slabinfo stats (bsc#1116653, VM Performance).
- mm: only report isolation failures when offlining memory (generic hotplug debugability).
- mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).
- net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382).
- net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382).
- net: speed up skb_rbtree_purge() (bnc#1012382).
- ocfs2: fix panic due to unrecovered local alloc (bnc#1012382).
- omap2fb: Fix stack memory disclosure (bsc#1106929)
- packet: Do not leak dev refcounts on error exit (bnc#1012382).
- pci: altera: Check link status before retrain link (bnc#1012382).
- pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382).
- pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382).
- pci: altera: Poll for link training status after retraining the link (bnc#1012382).
- pci: altera: Poll for link up status after retraining the link (bnc#1012382).
- pci: altera: Reorder read/write functions (bnc#1012382).
- pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382).
- perf intel-pt: Fix error with config term 'pt=0' (bnc#1012382).
- perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382).
- perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382).
- platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382).
- powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695).
- powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695).
- powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382).
- powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).
- powerpc/smp: Add Power9 scheduler topology (bsc#1109695).
- powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).
- powerpc/smp: Rework CPU topology construction (bsc#1109695).
- powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).
- powerpc/xmon: Fix invocation inside lock region (bsc#1122885).
- powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695).
- powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695).
- powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695).
- proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823).
- pstore/ram: Do not treat empty buffers as valid (bnc#1012382).
- r8169: Add support for new Realtek Ethernet (bnc#1012382).
- scsi: megaraid: fix out-of-bound array accesses (bnc#1012382).
- scsi: sd: Fix cache_type_store() (bnc#1012382).
- scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382).
- sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382).
- selinux: fix GPF on invalid policy (bnc#1012382).
- slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382).
- sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382).
- sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382).
- tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382).
- usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382).
- usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382).
- usb: storage: add quirk for SMI SM3350 (bnc#1012382).
- usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382).
- writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)).
- x86/pkeys: Properly copy pkey state at fork() (bsc#1106105).
Patchnames
SUSE-2019-470,SUSE-SLE-RT-12-SP3-2019-470
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 12 realtime kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2017-18249: Fixed tracking on allocated nid in the add_free_nid function fs/f2fs/node.c, which previously allowed local users to cause a denial of service (bnc#1087036).\n- CVE-2019-3459: Fixed remote heap address information leak in use of l2cap_get_conf_opt (bnc#1120758).\n- CVE-2019-3460: Fixed remote data leak in multiple location in the function l2cap_parse_conf_rsp (bnc#1120758).\n\nThe following non-security bugs were fixed:\n\n- Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).\n- Fix problem with sharetransport= and NFSv4 (bsc#1114893).\n- Revert \u0027bs-upload-kernel: do not set %opensuse_bs\u0027 This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.\n- Yama: Check for pid death before checking ancestry (bnc#1012382).\n- acpi / processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)).\n- acpi/nfit: Block function zero DSMs (bsc#1123321).\n- acpi/nfit: Fix command-supported detection (bsc#1123323).\n- acpi: power: Skip duplicate power resource references in _PRx (bnc#1012382).\n- alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).\n- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382).\n- arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).\n- arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).\n- arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).\n- ata: Fix racy link clearance (bsc#1107866).\n- block/loop: Use global lock for ioctl() operation (bnc#1012382).\n- block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes).\n- Btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382).\n- Btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).\n- Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).\n- Btrfs: tree-checker: Fix misleading group system information (bnc#1012382).\n- Btrfs: validate type when reading a chunk (bnc#1012382).\n- Btrfs: wait on ordered extents on abort cleanup (bnc#1012382).\n- can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382).\n- cifs: Do not hide EINTR after sending network packets (bnc#1012382).\n- cifs: Fix potential OOB access of lock element array (bnc#1012382).\n- clk: imx6q: reset exclusive gates on init (bnc#1012382).\n- crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).\n- crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382).\n- crypto: cts - fix crash on short inputs (bnc#1012382).\n- crypto: user - support incremental algorithm dumps (bsc#1120902).\n- dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes).\n- dm crypt: factor IV constructor out to separate function (Git-fixes).\n- dm crypt: fix crash by adding missing check for auth key size (git-fixes).\n- dm crypt: fix error return code in crypt_ctr() (git-fixes).\n- dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).\n- dm crypt: introduce new format of cipher with \u0027capi:\u0027 prefix (Git-fixes).\n- dm crypt: wipe kernel key copy after IV initialization (Git-fixes).\n- dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).\n- dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382).\n- dm: do not allow readahead to limit IO size (git fixes (readahead)).\n- e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).\n- edac: Raise the maximum number of memory controllers (bsc#1120722).\n- efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650).\n- ext4: Fix crash during online resizing (bsc#1122779).\n- ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382).\n- f2fs: Add sanity_check_inode() function (bnc#1012382).\n- f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).\n- f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).\n- f2fs: clean up argument of recover_data (bnc#1012382).\n- f2fs: clean up with is_valid_blkaddr() (bnc#1012382).\n- f2fs: detect wrong layout (bnc#1012382).\n- f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382).\n- f2fs: factor out fsync inode entry operations (bnc#1012382).\n- f2fs: fix inode cache leak (bnc#1012382).\n- f2fs: fix invalid memory access (bnc#1012382).\n- f2fs: fix missing up_read (bnc#1012382).\n- f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382).\n- f2fs: fix to convert inline directory correctly (bnc#1012382).\n- f2fs: fix to determine start_cp_addr by sbi-\u003ecur_cp_pack (bnc#1012382).\n- f2fs: fix to do sanity check with block address in main area (bnc#1012382).\n- f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382).\n- f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).\n- f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).\n- f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382).\n- f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).\n- f2fs: fix to do sanity check with user_block_count (bnc#1012382).\n- f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382).\n- f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).\n- f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).\n- f2fs: introduce and spread verify_blkaddr (bnc#1012382).\n- f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).\n- f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).\n- f2fs: not allow to write illegal blkaddr (bnc#1012382).\n- f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382).\n- f2fs: remove an obsolete variable (bnc#1012382).\n- f2fs: return error during fill_super (bnc#1012382).\n- f2fs: sanity check on sit entry (bnc#1012382).\n- f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382).\n- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).\n- i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382).\n- ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).\n- ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).\n- ibmvnic: Increase maximum queue size limit (bsc#1121726).\n- ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).\n- iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).\n- iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).\n- iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).\n- iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).\n- ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382).\n- ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).\n- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382).\n- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382).\n- ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).\n- jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382).\n- kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653).\n- kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382).\n- kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382).\n- loop: Fix double mutex_unlock(\u0026loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382).\n- loop: Fold __loop_release into loop_release (bnc#1012382).\n- loop: Get rid of loop_index_mutex (bnc#1012382).\n- lsm: Check for NULL cred-security on free (bnc#1012382).\n- md: batch flush requests (bsc#1119680).\n- media: em28xx: Fix misplaced reset of dev-\u003ev4l::field_count (bnc#1012382).\n- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382).\n- media: vb2: be sure to unlock mutex on errors (bnc#1012382).\n- media: vb2: vb2_mmap: move lock up (bnc#1012382).\n- media: vivid: fix error handling of kthread_run (bnc#1012382).\n- media: vivid: set min width/height to a value \u003e 0 (bnc#1012382).\n- mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).\n- mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur (bnc#1012382).\n- mips: fix n32 compat_ipc_parse_version (bnc#1012382).\n- mm, proc: be more verbose about unstable VMA flags in /proc/\u0026lt;pid\u003e/smaps (bnc#1012382).\n- mm, slab: faster active and free stats (bsc#1116653, VM Performance).\n- mm, slab: maintain total slab count instead of active count (bsc#1116653, VM Performance).\n- mm/page-writeback.c: do not break integrity writeback on -\u003ewritepage() error (bnc#1012382).\n- mm/slab: improve performance of gathering slabinfo stats (bsc#1116653, VM Performance).\n- mm: only report isolation failures when offlining memory (generic hotplug debugability).\n- mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).\n- net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382).\n- net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382).\n- net: speed up skb_rbtree_purge() (bnc#1012382).\n- ocfs2: fix panic due to unrecovered local alloc (bnc#1012382).\n- omap2fb: Fix stack memory disclosure (bsc#1106929)\n- packet: Do not leak dev refcounts on error exit (bnc#1012382).\n- pci: altera: Check link status before retrain link (bnc#1012382).\n- pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382).\n- pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382).\n- pci: altera: Poll for link training status after retraining the link (bnc#1012382).\n- pci: altera: Poll for link up status after retraining the link (bnc#1012382).\n- pci: altera: Reorder read/write functions (bnc#1012382).\n- pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382).\n- perf intel-pt: Fix error with config term \u0027pt=0\u0027 (bnc#1012382).\n- perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382).\n- perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382).\n- platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382).\n- powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695).\n- powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695).\n- powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382).\n- powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).\n- powerpc/smp: Add Power9 scheduler topology (bsc#1109695).\n- powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).\n- powerpc/smp: Rework CPU topology construction (bsc#1109695).\n- powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).\n- powerpc/xmon: Fix invocation inside lock region (bsc#1122885).\n- powerpc: Detect the presence of big-cores via \u0027ibm, thread-groups\u0027 (bsc#1109695).\n- powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695).\n- powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695).\n- proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823).\n- pstore/ram: Do not treat empty buffers as valid (bnc#1012382).\n- r8169: Add support for new Realtek Ethernet (bnc#1012382).\n- scsi: megaraid: fix out-of-bound array accesses (bnc#1012382).\n- scsi: sd: Fix cache_type_store() (bnc#1012382).\n- scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382).\n- sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382).\n- selinux: fix GPF on invalid policy (bnc#1012382).\n- slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382).\n- sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382).\n- sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382).\n- tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382).\n- tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382).\n- tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382).\n- tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382).\n- tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382).\n- tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382).\n- usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382).\n- usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382).\n- usb: storage: add quirk for SMI SM3350 (bnc#1012382).\n- usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382).\n- writeback: do not decrement wb-\u003erefcnt if !wb-\u003ebdi (git fixes (writeback)).\n- x86/pkeys: Properly copy pkey state at fork() (bsc#1106105).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-470,SUSE-SLE-RT-12-SP3-2019-470",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0470-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0470-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190470-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0470-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005147.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012382",
"url": "https://bugzilla.suse.com/1012382"
},
{
"category": "self",
"summary": "SUSE Bug 1023175",
"url": "https://bugzilla.suse.com/1023175"
},
{
"category": "self",
"summary": "SUSE Bug 1087036",
"url": "https://bugzilla.suse.com/1087036"
},
{
"category": "self",
"summary": "SUSE Bug 1094823",
"url": "https://bugzilla.suse.com/1094823"
},
{
"category": "self",
"summary": "SUSE Bug 1102875",
"url": "https://bugzilla.suse.com/1102875"
},
{
"category": "self",
"summary": "SUSE Bug 1102877",
"url": "https://bugzilla.suse.com/1102877"
},
{
"category": "self",
"summary": "SUSE Bug 1102879",
"url": "https://bugzilla.suse.com/1102879"
},
{
"category": "self",
"summary": "SUSE Bug 1102882",
"url": "https://bugzilla.suse.com/1102882"
},
{
"category": "self",
"summary": "SUSE Bug 1102896",
"url": "https://bugzilla.suse.com/1102896"
},
{
"category": "self",
"summary": "SUSE Bug 1106105",
"url": "https://bugzilla.suse.com/1106105"
},
{
"category": "self",
"summary": "SUSE Bug 1106929",
"url": "https://bugzilla.suse.com/1106929"
},
{
"category": "self",
"summary": "SUSE Bug 1107866",
"url": "https://bugzilla.suse.com/1107866"
},
{
"category": "self",
"summary": "SUSE Bug 1109695",
"url": "https://bugzilla.suse.com/1109695"
},
{
"category": "self",
"summary": "SUSE Bug 1114893",
"url": "https://bugzilla.suse.com/1114893"
},
{
"category": "self",
"summary": "SUSE Bug 1116653",
"url": "https://bugzilla.suse.com/1116653"
},
{
"category": "self",
"summary": "SUSE Bug 1119680",
"url": "https://bugzilla.suse.com/1119680"
},
{
"category": "self",
"summary": "SUSE Bug 1120722",
"url": "https://bugzilla.suse.com/1120722"
},
{
"category": "self",
"summary": "SUSE Bug 1120758",
"url": "https://bugzilla.suse.com/1120758"
},
{
"category": "self",
"summary": "SUSE Bug 1120902",
"url": "https://bugzilla.suse.com/1120902"
},
{
"category": "self",
"summary": "SUSE Bug 1121726",
"url": "https://bugzilla.suse.com/1121726"
},
{
"category": "self",
"summary": "SUSE Bug 1122650",
"url": "https://bugzilla.suse.com/1122650"
},
{
"category": "self",
"summary": "SUSE Bug 1122651",
"url": "https://bugzilla.suse.com/1122651"
},
{
"category": "self",
"summary": "SUSE Bug 1122779",
"url": "https://bugzilla.suse.com/1122779"
},
{
"category": "self",
"summary": "SUSE Bug 1122885",
"url": "https://bugzilla.suse.com/1122885"
},
{
"category": "self",
"summary": "SUSE Bug 1123321",
"url": "https://bugzilla.suse.com/1123321"
},
{
"category": "self",
"summary": "SUSE Bug 1123323",
"url": "https://bugzilla.suse.com/1123323"
},
{
"category": "self",
"summary": "SUSE Bug 1123357",
"url": "https://bugzilla.suse.com/1123357"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18249 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3459 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3460 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3460/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2019-02-22T12:47:15Z",
"generator": {
"date": "2019-02-22T12:47:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0470-1",
"initial_release_date": "2019-02-22T12:47:15Z",
"revision_history": [
{
"date": "2019-02-22T12:47:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-4.4.172-3.35.1.noarch",
"product": {
"name": "kernel-devel-rt-4.4.172-3.35.1.noarch",
"product_id": "kernel-devel-rt-4.4.172-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-4.4.172-3.35.1.noarch",
"product": {
"name": "kernel-source-rt-4.4.172-3.35.1.noarch",
"product_id": "kernel-source-rt-4.4.172-3.35.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"product_id": "cluster-md-kmp-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"product_id": "dlm-kmp-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "dlm-kmp-rt_debug-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"product_id": "gfs2-kmp-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-base-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt-base-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt-base-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt-devel-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt-devel-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt-extra-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt-extra-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-kgraft-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt-kgraft-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt-kgraft-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt_debug-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-base-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt_debug-base-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt_debug-base-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt_debug-devel-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt_debug-extra-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-kgraft-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt_debug-kgraft-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt_debug-kgraft-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-syms-rt-4.4.172-3.35.1.x86_64",
"product_id": "kernel-syms-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-4.4.172-3.35.1.x86_64",
"product_id": "kselftests-kmp-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"product_id": "ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-linux-enterprise-rt:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-4.4.172-3.35.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch"
},
"product_reference": "kernel-devel-rt-4.4.172-3.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "kernel-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-base-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64"
},
"product_reference": "kernel-rt-base-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64"
},
"product_reference": "kernel-rt-devel-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-4.4.172-3.35.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch"
},
"product_reference": "kernel-source-rt-4.4.172-3.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "kernel-syms-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-18249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18249"
}
],
"notes": [
{
"category": "general",
"text": "The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18249",
"url": "https://www.suse.com/security/cve/CVE-2017-18249"
},
{
"category": "external",
"summary": "SUSE Bug 1087036 for CVE-2017-18249",
"url": "https://bugzilla.suse.com/1087036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-22T12:47:15Z",
"details": "moderate"
}
],
"title": "CVE-2017-18249"
},
{
"cve": "CVE-2019-3459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3459"
}
],
"notes": [
{
"category": "general",
"text": "A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3459",
"url": "https://www.suse.com/security/cve/CVE-2019-3459"
},
{
"category": "external",
"summary": "SUSE Bug 1120758 for CVE-2019-3459",
"url": "https://bugzilla.suse.com/1120758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-22T12:47:15Z",
"details": "moderate"
}
],
"title": "CVE-2019-3459"
},
{
"cve": "CVE-2019-3460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3460"
}
],
"notes": [
{
"category": "general",
"text": "A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3460",
"url": "https://www.suse.com/security/cve/CVE-2019-3460"
},
{
"category": "external",
"summary": "SUSE Bug 1120758 for CVE-2019-3460",
"url": "https://bugzilla.suse.com/1120758"
},
{
"category": "external",
"summary": "SUSE Bug 1155131 for CVE-2019-3460",
"url": "https://bugzilla.suse.com/1155131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-22T12:47:15Z",
"details": "moderate"
}
],
"title": "CVE-2019-3460"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…