SUSE-SU-2018:0416-1

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.114 to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).

  The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.

• CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel The function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839).

• CVE-2017-17712: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel has a race condition in inet->hdrincl that leads to uninitialized stack pointer usage; this allowed a local user to execute code and gain privileges (bnc#1073229).

• CVE-2017-17862: kernel/bpf/verifier.c in the Linux kernel ignored unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service (bnc#1073928).

• CVE-2017-17864: kernel/bpf/verifier.c in the Linux kernel mishandled states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allowed local users to obtain potentially sensitive address information, aka a 'pointer leak (bnc#1073928).

• CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the...