The SUSE Linux Enterprise 11 SP3 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-14634: Prevent integer overflow in create_elf_tables that allowed a
local attacker to exploit this vulnerability via a SUID-root binary and obtain
full root privileges (bsc#1108912).
- CVE-2018-10940: The cdrom_ioctl_media_changed function allowed local
attackers to use a incorrect bounds check in the CDROM driver
CDROM_MEDIA_CHANGED ioctl to read out kernel memory (bsc#1092903)
- CVE-2018-16658: Prevent information leak in cdrom_ioctl_drive_status that
could have been used by local attackers to read kernel memory (bnc#1107689)
- CVE-2018-6555: The irda_setsockopt function allowed local users to cause a
denial of service (ias_object use-after-free and system crash) or possibly have
unspecified other impact via an AF_IRDA socket (bnc#1106511)
- CVE-2018-6554: Prevent memory leak in the irda_bind function that allowed
local users to cause a denial of service (memory consumption) by repeatedly
binding an AF_IRDA socket (bnc#1106509)
- CVE-2018-15572: The spectre_v2_select_mitigation function did not always fill
RSB upon a context switch, which made it easier for attackers to conduct
userspace-userspace spectreRSB attacks (bnc#1102517)
- CVE-2018-10902: Protect against concurrent access to prevent double realloc
(double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status(). A
malicious local attacker could have used this for privilege escalation
(bnc#1105322).
- CVE-2018-14734: ucma_leave_multicast accessed a certain data structure after
a cleanup step in ucma_process_join, which allowed attackers to cause a denial
of service (use-after-free) (bsc#1103119).
The following non-security bugs were fixed:
- KVM: VMX: Work around kABI breakage in 'enum vmx_l1d_flush_state' (bsc#1106369).
- KVM: VMX: fixes for vmentry_l1d_flush module parameter (bsc#1106369).
- KVM: x86: Free...