SUSE-SU-2018:2940-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:2940-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2018:2940-1
- Related
- Published
- 2018-09-28T11:14:36Z
- Modified
- 2018-09-28T11:14:36Z
- Summary
- Security update for the Linux Kernel (Live Patch 1 for SLE 15)
- Details
-
This update for the Linux Kernel 4.12.14-25_3 fixes several issues.
The following security issues were fixed:
- CVE-2018-10938: It was found that a crafted network packet sent remotely by an attacker may force the kernel to enter an infinite loop in the cipsov4optptr() function in net/ipv4/cipso_ipv4.c leading to a denial-of-service. A certain non-default configuration of LSM (Linux Security Module) and NetLabel should be set up on a system an attacker could leverage this flaw.
- CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc (double free) in sndrawmidiinputparams() and sndrawmidioutputstatus(), allowing a malicious local attacker to use this for privilege escalation (bsc#1105323).
- References
Affected packages
SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_0
Package
- Name
- kernel-livepatch-SLE15_Update_0
- Purl
- purl:rpm/suse/kernel-livepatch-SLE15_Update_0&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015
SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_1
Package
- Name
- kernel-livepatch-SLE15_Update_1
- Purl
- purl:rpm/suse/kernel-livepatch-SLE15_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015
SUSE:Linux Enterprise Live Patching 15 / kernel-livepatch-SLE15_Update_0
Package
- Name
- kernel-livepatch-SLE15_Update_0
- Purl
- purl:rpm/suse/kernel-livepatch-SLE15_Update_0&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015