Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 585
Alerts This Week
Warning Icon 1 585

SUSE: 2018:3100-1 Important: Linux Kernel Use-After-Free Risk

suse
Calendar Grey October 11, 2018
Dist Suse Esm H88
SUSE has released a security patch addressing a kernel vulnerability that permits privilege escalation via a use-after-free exploitation technique. More information available.
An update that solves one vulnerability and has one errata is now available

Summary

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2018-17182: An issue was discovered in the Linux kernel The vmacache_flush_all function in mm/vmacache.c mishandled sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations (bnc#1108399). The following non-security bugs were fixed: - x86/fpu: Do not do __thread_fpu_end() if use_eager_fpu() (bnc#1109967).

References

#1108399 #1109967

Cross- CVE-2018-17182

Affected Products:

SUSE Linux Enterprise Software Development Kit 11-SP4

SUSE Linux Enterprise Server 11-SP4

SUSE Linux Enterprise Server 11-EXTRA

SUSE Linux Enterprise Debuginfo 11-SP4

https://www.suse.com/security/cve/CVE-2018-17182.html

https://bugzilla.suse.com/1108399

https://bugzilla.suse.com/1109967

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2018:3100-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.