Explore top 10 tips to secure your open-source projects now. Read More
×
This update for the Linux Kernel 4.4.74-92_38 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a
#1096564 #1097108 #1099306 #1103203
Cross- CVE-2017-11600 CVE-2017-18344 CVE-2018-10853
CVE-2018-3646
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
https://www.suse.com/security/cve/CVE-2017-11600.html
https://www.suse.com/security/cve/CVE-2017-18344.html
https://www.suse.com/security/cve/CVE-2018-10853.html
https://www.suse.com/security/cve/CVE-2018-3646.html
https://bugzilla.suse.com/1096564
https://bugzilla.suse.com/1097108
https://bugzilla.suse.com/1099306
https://bugzilla.suse.com/1103203
Get the latest Linux and open source security news straight to your inbox.