The SUSE Linux Enterprise 12 SP3 Realtime kernel was updated to 4.4.120 to
receive various security and bugfixes.
The following security bugs were fixed:
CVE-2017-5715: Systems with microprocessors utilizing speculative
execution and indirect branch prediction may allow unauthorized
disclosure of information to an attacker with local user access via a
side-channel analysis (bnc#1068032).
The previous fix using CPU Microcode has been complemented by building
the Linux Kernel with return trampolines aka "retpolines".
CVE-2017-13166: An elevation of privilege vulnerability in the v4l2
video driver. (bnc#1072865).
CVE-2017-15129: A use-after-free vulnerability was found in network
namespaces code affecting the Linux kernel. The function
get_net_ns_by_id() in net/core/net_namespace.c did not check for the
net::count value after it has found a peer network in netns_ids idr,
which could lead to double free and memory corruption. This
vulnerability could allow an unprivileged local user to induce kernel
memory corruption on the system, leading to a crash. Due to the nature
of the flaw, privilege escalation cannot be fully ruled out, although it
is thought to be unlikely (bnc#1074839).
CVE-2017-15951: The KEYS subsystem in the Linux kernel did not correctly
synchronize the actions of updating versus finding a key in the
"negative" state to avoid a race condition, which allowed local users to
cause a denial of service or possibly have unspecified other impact via
crafted system calls (bnc#1065615).
CVE-2017-16912: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c)
in the Linux Kernel allowed attackers to cause a denial of service
(out-of-bounds read) via a specially crafted USB over IP packet
(bnc#1078673).
CVE-2017-16913: The "stub_recv_cmd_submit()" function
(drivers/usb/usbip/stub_rx.c) in the Linux Kernel when handling
CMD_SUBMIT packets allowed attackers to cause a denial of service
(arbitrary memory allocation) via a specially crafted USB over IP packet
(bnc#1078672).
CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the
Linux kernel has a race condition in inet->hdrincl that leads to
uninitialized stack pointer usage; this allowed a local user to execute
code and gain privileges (bnc#1073229 1073230).
CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignores
unreachable code, even though it would still be processed by JIT
compilers. This behavior, also considered an improper branch-pruning
logic issue, could possibly be used by local users for denial of service
(bnc#1073928).
CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled
states_equal comparisons between the pointer data type and the
UNKNOWN_VALUE data type, which allowed local users to obtain potentially
sensitive address information, aka a "pointer leak (bnc#1073928).
CVE-2017-17975: Use-after-free in the usbtv_probe function in
drivers/media/usb/usbtv/usbtv-core.c allowed attackers to cause a denial
of service (system crash) or possibly have unspecified other impact by
triggering failure of audio registration, because a kfree of the usbtv
data structure occurs during a usbtv_video_free call, but the
usbtv_video_fail label’s code attempts to both access and free this data
structure (bnc#1074426).
CVE-2017-18017: The tcpmss_mangle_packet function in
net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers
to cause a denial of service (use-after-free and memory corruption) or
possibly have unspecified other impact by leveraging the presence of
xt_TCPMSS in an iptables action (bnc#1074488).
CVE-2017-18174: In the Linux kernel the amd_gpio_remove function in
drivers/pinctrl/pinctrl-amd.c calls the pinctrl_unregister function,
leading to a double free (bnc#1080533).
CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed
local users to cause a denial of service (infinite loop) by triggering
use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).
CVE-2018-1000004: In the Linux kernel a race condition vulnerability
existed in the sound system, which could lead to a deadlock and denial
of service condition (bnc#1076017).
CVE-2018-1000026: Linux kernel version contained a insufficient input
validation vulnerability in bnx2x network card driver that can result in
DoS: Network card firmware assertion takes card off-line. This attack
appear to be exploitable via an attacker that must pass a very large,
specially crafted packet to the bnx2x card. This can be done from an
untrusted guest VM. (bnc#1079384).
CVE-2018-5332: In the Linux kernel through 4.14.13, the
rds_message_alloc_sgs() function did not validate a value that is used
during DMA page allocation, leading to a heap-based out-of-bounds write
(related to the rds_rdma_extra_size function in net/rds/rdma.c)
(bnc#1075621).
CVE-2018-5333: In the Linux kernel through 4.14.13, the rds_cmsg_atomic
function in net/rds/rdma.c mishandled cases where page pinning fails or
an invalid address is supplied, leading to an rds_atomic_free_op NULL
pointer dereference (bnc#1075617).
CVE-2018-8087: Memory leak in the hwsim_new_radio_nl function in
drivers/net/wireless/mac80211_hwsim.c allowed local users to cause a
denial of service (memory consumption) by triggering an out-of-array
error case (bnc#1085053).
CVE-2017-16644: The hdpvr_probe function in
drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a
denial of service (improper error handling and system crash) or possibly
have unspecified other impact via a crafted USB device (bnc#1067118).
The following non-security bugs were fixed:
bugzilla.suse.com/1006867
bugzilla.suse.com/1012382
bugzilla.suse.com/1015342
bugzilla.suse.com/1015343
bugzilla.suse.com/1019784
bugzilla.suse.com/1020645
bugzilla.suse.com/1022595
bugzilla.suse.com/1022607
bugzilla.suse.com/1022912
bugzilla.suse.com/1024296
bugzilla.suse.com/1024376
bugzilla.suse.com/1027054
bugzilla.suse.com/1031492
bugzilla.suse.com/1031717
bugzilla.suse.com/1033587
bugzilla.suse.com/1034503
bugzilla.suse.com/1037838
bugzilla.suse.com/1038078
bugzilla.suse.com/1038085
bugzilla.suse.com/1040182
bugzilla.suse.com/1042286
bugzilla.suse.com/1043441
bugzilla.suse.com/1043652
bugzilla.suse.com/1043725
bugzilla.suse.com/1043726
bugzilla.suse.com/1048325
bugzilla.suse.com/1048585
bugzilla.suse.com/1053472
bugzilla.suse.com/1060279
bugzilla.suse.com/1062129
bugzilla.suse.com/1065600
bugzilla.suse.com/1065615
bugzilla.suse.com/1066163
bugzilla.suse.com/1066223
bugzilla.suse.com/1067118
bugzilla.suse.com/1068032
bugzilla.suse.com/1068038
bugzilla.suse.com/1068569
bugzilla.suse.com/1068984
bugzilla.suse.com/1069135
bugzilla.suse.com/1069138
bugzilla.suse.com/1069160
bugzilla.suse.com/1070052
bugzilla.suse.com/1070404
bugzilla.suse.com/1070799
bugzilla.suse.com/1071306
bugzilla.suse.com/1071892
bugzilla.suse.com/1072163
bugzilla.suse.com/1072363
bugzilla.suse.com/1072484
bugzilla.suse.com/1072689
bugzilla.suse.com/1072739
bugzilla.suse.com/1072865
bugzilla.suse.com/1073229
bugzilla.suse.com/1073401
bugzilla.suse.com/1073407
bugzilla.suse.com/1073928
bugzilla.suse.com/1074134
bugzilla.suse.com/1074198
bugzilla.suse.com/1074426
bugzilla.suse.com/1074488
bugzilla.suse.com/1074621
bugzilla.suse.com/1074839
bugzilla.suse.com/1074847
bugzilla.suse.com/1075066
bugzilla.suse.com/1075078
bugzilla.suse.com/1075087
bugzilla.suse.com/1075091
bugzilla.suse.com/1075397
bugzilla.suse.com/1075428
bugzilla.suse.com/1075617
bugzilla.suse.com/1075621
bugzilla.suse.com/1075627
bugzilla.suse.com/1075811
bugzilla.suse.com/1075994
bugzilla.suse.com/1076017
bugzilla.suse.com/1076110
bugzilla.suse.com/1076187
bugzilla.suse.com/1076232
bugzilla.suse.com/1076282
bugzilla.suse.com/1076693
bugzilla.suse.com/1076760
bugzilla.suse.com/1076805
bugzilla.suse.com/1076847
bugzilla.suse.com/1076872
bugzilla.suse.com/1076899
bugzilla.suse.com/1076982
bugzilla.suse.com/1077068
bugzilla.suse.com/1077241
bugzilla.suse.com/1077285
bugzilla.suse.com/1077513
bugzilla.suse.com/1077560
bugzilla.suse.com/1077592
bugzilla.suse.com/1077704
bugzilla.suse.com/1077779
bugzilla.suse.com/1077871
bugzilla.suse.com/1078002
bugzilla.suse.com/1078583
bugzilla.suse.com/1078672
bugzilla.suse.com/1078673
bugzilla.suse.com/1078681
bugzilla.suse.com/1078787
bugzilla.suse.com/1079029
bugzilla.suse.com/1079038
bugzilla.suse.com/1079195
bugzilla.suse.com/1079313
bugzilla.suse.com/1079384
bugzilla.suse.com/1079609
bugzilla.suse.com/1079886
bugzilla.suse.com/1079989
bugzilla.suse.com/1080014
bugzilla.suse.com/1080263
bugzilla.suse.com/1080321
bugzilla.suse.com/1080344
bugzilla.suse.com/1080364
bugzilla.suse.com/1080384
bugzilla.suse.com/1080464
bugzilla.suse.com/1080533
bugzilla.suse.com/1080656
bugzilla.suse.com/1080774
bugzilla.suse.com/1080813
bugzilla.suse.com/1080851
bugzilla.suse.com/1081134
bugzilla.suse.com/1081431
bugzilla.suse.com/1081436
bugzilla.suse.com/1081437
bugzilla.suse.com/1081491
bugzilla.suse.com/1081498
bugzilla.suse.com/1081500
bugzilla.suse.com/1081512
bugzilla.suse.com/1081514
bugzilla.suse.com/1081681
bugzilla.suse.com/1081735
bugzilla.suse.com/1082089
bugzilla.suse.com/1082223
bugzilla.suse.com/1082299
bugzilla.suse.com/1082373
bugzilla.suse.com/1082478
bugzilla.suse.com/1082632
bugzilla.suse.com/1082795
bugzilla.suse.com/1082864
bugzilla.suse.com/1082897
bugzilla.suse.com/1082979
bugzilla.suse.com/1082993
bugzilla.suse.com/1083048
bugzilla.suse.com/1083056
bugzilla.suse.com/1083086
bugzilla.suse.com/1083223
bugzilla.suse.com/1083387
bugzilla.suse.com/1083409
bugzilla.suse.com/1083494
bugzilla.suse.com/1083548
bugzilla.suse.com/1083750
bugzilla.suse.com/1083770
bugzilla.suse.com/1084041
bugzilla.suse.com/1084397
bugzilla.suse.com/1084427
bugzilla.suse.com/1084610
bugzilla.suse.com/1084772
bugzilla.suse.com/1084888
bugzilla.suse.com/1084926
bugzilla.suse.com/1084928
bugzilla.suse.com/1084967
bugzilla.suse.com/1085011
bugzilla.suse.com/1085015
bugzilla.suse.com/1085045
bugzilla.suse.com/1085047
bugzilla.suse.com/1085050
bugzilla.suse.com/1085053
bugzilla.suse.com/1085054
bugzilla.suse.com/1085056
bugzilla.suse.com/1085107
bugzilla.suse.com/1085224
bugzilla.suse.com/1085239
bugzilla.suse.com/863764
bugzilla.suse.com/963844
bugzilla.suse.com/966170
bugzilla.suse.com/966172
bugzilla.suse.com/966328
bugzilla.suse.com/969476
bugzilla.suse.com/969477
bugzilla.suse.com/973818
bugzilla.suse.com/975772
bugzilla.suse.com/983145
bugzilla.suse.com/985025