SUSE Linux 12 SP3 Update: Important Patch For Kernel Security Issues
suse
August 17, 2018
An update that fixes three vulnerabilities is now available
Summary
This update for the Linux Kernel 4.4.114-94_14 fixes several issues. The following security issues were fixed: - CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system (bsc#1099306). - CVE-2017-18344: The timer_create syscall implementation in kernel/time/posix-timers.c didn't properly validate the sigevent->sigev_notify field, which lead to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allowed userspace applications to read arbitrary kernel memory (on a
Topics Covered
References
#1097108 #1099306 #1103203
Cross- CVE-2017-18344 CVE-2018-10853 CVE-2018-3646
Affected Products:
SUSE Linux Enterprise Server for SAP 12-SP2
SUSE Linux Enterprise Server 12-SP2-LTSS
SUSE Linux Enterprise Live Patching 12-SP3
https://www.suse.com/security/cve/CVE-2017-18344.html
https://www.suse.com/security/cve/CVE-2018-10853.html
https://www.suse.com/security/cve/CVE-2018-3646.html
https://bugzilla.suse.com/1097108
https://bugzilla.suse.com/1099306
https://bugzilla.suse.com/1103203
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2018:2416-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!