SUSE-SU-2018:0986-1

The SUSE Linux Enterprise 12 SP3 Realtime kernel was updated to 4.4.120 to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).

  The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.

• CVE-2017-13166: An elevation of privilege vulnerability in the v4l2 video driver. (bnc#1072865).

• CVE-2017-15129: A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel. The function get_net_ns_by_id() in net/core/net_namespace.c did not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely (bnc#1074839).

• CVE-2017-15951: The KEYS subsystem in the Linux kernel did not correctly synchronize the actions of updating versus finding a key in the 'negative' state to avoid a race condition, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls (bnc#1065615).

• CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673).

• CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over...