The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall interface
for bridging. This allowed a privileged user to arbitrarily write to a limited
range of kernel memory (bnc#1085107).
- CVE-2017-18221: The __munlock_pagevec function allowed local users to cause a
denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall
and munlockall system calls (bnc#1084323).
- CVE-2018-1066: Prevent NULL pointer dereference in
fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker controlling a
CIFS server to kernel panic a client that has this server mounted, because an
empty TargetInfo field in an NTLMSSP setup negotiation response was mishandled
during session recovery (bnc#1083640).
- CVE-2017-13166: Prevent elevation of privilege vulnerability in the kernel
v4l2 video driver (bnc#1072865).
- CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose
kernel memory addresses. Successful exploitation required that a USB device was
attached over IP (bnc#1078674).
- CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key that
already exists but is uninstantiated, which allowed local users to cause a
denial of service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via a crafted system call (bnc#1063416).
- CVE-2017-18208: The madvise_willneed function kernel allowed local users to
cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED
for a DAX mapping (bnc#1083494).
- CVE-2018-7566: The ALSA sequencer core initializes the event pool on demand
by invoking snd_seq_pool_init() when the first write happens and the pool is
empty. A user could have reset the pool size manually via ioctl concurrently,
which may have lead UAF or out-of-bound access (bsc#1083483).
- CVE-2017-18204:...