SUSE-SU-2019:0470-1
Vulnerability from csaf_suse - Published: 2019-02-22 12:47 - Updated: 2019-02-22 12:47Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch: The SUSE Linux Enterprise 12 realtime kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2017-18249: Fixed tracking on allocated nid in the add_free_nid function fs/f2fs/node.c, which previously allowed local users to cause a denial of service (bnc#1087036).
- CVE-2019-3459: Fixed remote heap address information leak in use of l2cap_get_conf_opt (bnc#1120758).
- CVE-2019-3460: Fixed remote data leak in multiple location in the function l2cap_parse_conf_rsp (bnc#1120758).
The following non-security bugs were fixed:
- Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).
- Fix problem with sharetransport= and NFSv4 (bsc#1114893).
- Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
- Yama: Check for pid death before checking ancestry (bnc#1012382).
- acpi / processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)).
- acpi/nfit: Block function zero DSMs (bsc#1123321).
- acpi/nfit: Fix command-supported detection (bsc#1123323).
- acpi: power: Skip duplicate power resource references in _PRx (bnc#1012382).
- alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).
- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382).
- arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).
- arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).
- arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).
- ata: Fix racy link clearance (bsc#1107866).
- block/loop: Use global lock for ioctl() operation (bnc#1012382).
- block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes).
- Btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382).
- Btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).
- Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).
- Btrfs: tree-checker: Fix misleading group system information (bnc#1012382).
- Btrfs: validate type when reading a chunk (bnc#1012382).
- Btrfs: wait on ordered extents on abort cleanup (bnc#1012382).
- can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382).
- cifs: Do not hide EINTR after sending network packets (bnc#1012382).
- cifs: Fix potential OOB access of lock element array (bnc#1012382).
- clk: imx6q: reset exclusive gates on init (bnc#1012382).
- crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).
- crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382).
- crypto: cts - fix crash on short inputs (bnc#1012382).
- crypto: user - support incremental algorithm dumps (bsc#1120902).
- dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes).
- dm crypt: factor IV constructor out to separate function (Git-fixes).
- dm crypt: fix crash by adding missing check for auth key size (git-fixes).
- dm crypt: fix error return code in crypt_ctr() (git-fixes).
- dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).
- dm crypt: introduce new format of cipher with 'capi:' prefix (Git-fixes).
- dm crypt: wipe kernel key copy after IV initialization (Git-fixes).
- dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).
- dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382).
- dm: do not allow readahead to limit IO size (git fixes (readahead)).
- e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).
- edac: Raise the maximum number of memory controllers (bsc#1120722).
- efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650).
- ext4: Fix crash during online resizing (bsc#1122779).
- ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382).
- f2fs: Add sanity_check_inode() function (bnc#1012382).
- f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).
- f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).
- f2fs: clean up argument of recover_data (bnc#1012382).
- f2fs: clean up with is_valid_blkaddr() (bnc#1012382).
- f2fs: detect wrong layout (bnc#1012382).
- f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382).
- f2fs: factor out fsync inode entry operations (bnc#1012382).
- f2fs: fix inode cache leak (bnc#1012382).
- f2fs: fix invalid memory access (bnc#1012382).
- f2fs: fix missing up_read (bnc#1012382).
- f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382).
- f2fs: fix to convert inline directory correctly (bnc#1012382).
- f2fs: fix to determine start_cp_addr by sbi->cur_cp_pack (bnc#1012382).
- f2fs: fix to do sanity check with block address in main area (bnc#1012382).
- f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382).
- f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).
- f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).
- f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382).
- f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).
- f2fs: fix to do sanity check with user_block_count (bnc#1012382).
- f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382).
- f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).
- f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).
- f2fs: introduce and spread verify_blkaddr (bnc#1012382).
- f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).
- f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).
- f2fs: not allow to write illegal blkaddr (bnc#1012382).
- f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382).
- f2fs: remove an obsolete variable (bnc#1012382).
- f2fs: return error during fill_super (bnc#1012382).
- f2fs: sanity check on sit entry (bnc#1012382).
- f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382).
- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).
- i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382).
- ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).
- ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).
- ibmvnic: Increase maximum queue size limit (bsc#1121726).
- ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).
- iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).
- iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).
- iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).
- iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).
- ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382).
- ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).
- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382).
- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382).
- ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).
- jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382).
- kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653).
- kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382).
- kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382).
- loop: Fix double mutex_unlock(&loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382).
- loop: Fold __loop_release into loop_release (bnc#1012382).
- loop: Get rid of loop_index_mutex (bnc#1012382).
- lsm: Check for NULL cred-security on free (bnc#1012382).
- md: batch flush requests (bsc#1119680).
- media: em28xx: Fix misplaced reset of dev->v4l::field_count (bnc#1012382).
- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382).
- media: vb2: be sure to unlock mutex on errors (bnc#1012382).
- media: vb2: vb2_mmap: move lock up (bnc#1012382).
- media: vivid: fix error handling of kthread_run (bnc#1012382).
- media: vivid: set min width/height to a value > 0 (bnc#1012382).
- mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).
- mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur (bnc#1012382).
- mips: fix n32 compat_ipc_parse_version (bnc#1012382).
- mm, proc: be more verbose about unstable VMA flags in /proc/<pid>/smaps (bnc#1012382).
- mm, slab: faster active and free stats (bsc#1116653, VM Performance).
- mm, slab: maintain total slab count instead of active count (bsc#1116653, VM Performance).
- mm/page-writeback.c: do not break integrity writeback on ->writepage() error (bnc#1012382).
- mm/slab: improve performance of gathering slabinfo stats (bsc#1116653, VM Performance).
- mm: only report isolation failures when offlining memory (generic hotplug debugability).
- mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).
- net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382).
- net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382).
- net: speed up skb_rbtree_purge() (bnc#1012382).
- ocfs2: fix panic due to unrecovered local alloc (bnc#1012382).
- omap2fb: Fix stack memory disclosure (bsc#1106929)
- packet: Do not leak dev refcounts on error exit (bnc#1012382).
- pci: altera: Check link status before retrain link (bnc#1012382).
- pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382).
- pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382).
- pci: altera: Poll for link training status after retraining the link (bnc#1012382).
- pci: altera: Poll for link up status after retraining the link (bnc#1012382).
- pci: altera: Reorder read/write functions (bnc#1012382).
- pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382).
- perf intel-pt: Fix error with config term 'pt=0' (bnc#1012382).
- perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382).
- perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382).
- platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382).
- powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695).
- powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695).
- powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382).
- powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).
- powerpc/smp: Add Power9 scheduler topology (bsc#1109695).
- powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).
- powerpc/smp: Rework CPU topology construction (bsc#1109695).
- powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).
- powerpc/xmon: Fix invocation inside lock region (bsc#1122885).
- powerpc: Detect the presence of big-cores via 'ibm, thread-groups' (bsc#1109695).
- powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695).
- powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695).
- proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823).
- pstore/ram: Do not treat empty buffers as valid (bnc#1012382).
- r8169: Add support for new Realtek Ethernet (bnc#1012382).
- scsi: megaraid: fix out-of-bound array accesses (bnc#1012382).
- scsi: sd: Fix cache_type_store() (bnc#1012382).
- scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382).
- sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382).
- selinux: fix GPF on invalid policy (bnc#1012382).
- slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382).
- sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382).
- sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382).
- tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382).
- tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382).
- usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382).
- usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382).
- usb: storage: add quirk for SMI SM3350 (bnc#1012382).
- usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382).
- writeback: do not decrement wb->refcnt if !wb->bdi (git fixes (writeback)).
- x86/pkeys: Properly copy pkey state at fork() (bsc#1106105).
Patchnames: SUSE-2019-470,SUSE-SLE-RT-12-SP3-2019-470
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "The SUSE Linux Enterprise 12 realtime kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2017-18249: Fixed tracking on allocated nid in the add_free_nid function fs/f2fs/node.c, which previously allowed local users to cause a denial of service (bnc#1087036).\n- CVE-2019-3459: Fixed remote heap address information leak in use of l2cap_get_conf_opt (bnc#1120758).\n- CVE-2019-3460: Fixed remote data leak in multiple location in the function l2cap_parse_conf_rsp (bnc#1120758).\n\nThe following non-security bugs were fixed:\n\n- Disable MSI also when pcie-octeon.pcie_disable on (bnc#1012382).\n- Fix problem with sharetransport= and NFSv4 (bsc#1114893).\n- Revert \u0027bs-upload-kernel: do not set %opensuse_bs\u0027 This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.\n- Yama: Check for pid death before checking ancestry (bnc#1012382).\n- acpi / processor: Fix the return value of acpi_processor_ids_walk() (git fixes (acpi)).\n- acpi/nfit: Block function zero DSMs (bsc#1123321).\n- acpi/nfit: Fix command-supported detection (bsc#1123323).\n- acpi: power: Skip duplicate power resource references in _PRx (bnc#1012382).\n- alsa: bebob: fix model-id of unit for Apogee Ensemble (bnc#1012382).\n- alsa: hda/realtek - Disable headset Mic VREF for headset mode of ALC225 (bnc#1012382).\n- arm64/kvm: consistently handle host HCR_EL2 flags (bnc#1012382).\n- arm64: Do not trap host pointer auth use to EL2 (bnc#1012382).\n- arm64: perf: set suppress_bind_attrs flag to true (bnc#1012382).\n- ata: Fix racy link clearance (bsc#1107866).\n- block/loop: Use global lock for ioctl() operation (bnc#1012382).\n- block/swim3: Fix -EBUSY error when re-opening device after unmount (Git-fixes).\n- Btrfs: tree-check: reduce stack consumption in check_dir_item (bnc#1012382).\n- Btrfs: tree-checker: Check level for leaves and nodes (bnc#1012382).\n- Btrfs: tree-checker: Do not check max block group size as current max chunk size limit is unreliable (fixes for bnc#1012382 bsc#1102875 bsc#1102877 bsc#1102879 bsc#1102882 bsc#1102896).\n- Btrfs: tree-checker: Fix misleading group system information (bnc#1012382).\n- Btrfs: validate type when reading a chunk (bnc#1012382).\n- Btrfs: wait on ordered extents on abort cleanup (bnc#1012382).\n- can: gw: ensure DLC boundaries after CAN frame modification (bnc#1012382).\n- cifs: Do not hide EINTR after sending network packets (bnc#1012382).\n- cifs: Fix potential OOB access of lock element array (bnc#1012382).\n- clk: imx6q: reset exclusive gates on init (bnc#1012382).\n- crypto: authenc - fix parsing key with misaligned rta_len (bnc#1012382).\n- crypto: authencesn - Avoid twice completion call in decrypt path (bnc#1012382).\n- crypto: cts - fix crash on short inputs (bnc#1012382).\n- crypto: user - support incremental algorithm dumps (bsc#1120902).\n- dm crypt: add cryptographic data integrity protection (authenticated encryption) (Git-fixes).\n- dm crypt: factor IV constructor out to separate function (Git-fixes).\n- dm crypt: fix crash by adding missing check for auth key size (git-fixes).\n- dm crypt: fix error return code in crypt_ctr() (git-fixes).\n- dm crypt: fix memory leak in crypt_ctr_cipher_old() (git-fixes).\n- dm crypt: introduce new format of cipher with \u0027capi:\u0027 prefix (Git-fixes).\n- dm crypt: wipe kernel key copy after IV initialization (Git-fixes).\n- dm kcopyd: Fix bug causing workqueue stalls (bnc#1012382).\n- dm snapshot: Fix excessive memory usage and workqueue stalls (bnc#1012382).\n- dm: do not allow readahead to limit IO size (git fixes (readahead)).\n- e1000e: allow non-monotonic SYSTIM readings (bnc#1012382).\n- edac: Raise the maximum number of memory controllers (bsc#1120722).\n- efi/libstub/arm64: Use hidden attribute for struct screen_info reference (bsc#1122650).\n- ext4: Fix crash during online resizing (bsc#1122779).\n- ext4: fix a potential fiemap/page fault deadlock w/ inline_data (bnc#1012382).\n- f2fs: Add sanity_check_inode() function (bnc#1012382).\n- f2fs: avoid unneeded loop in build_sit_entries (bnc#1012382).\n- f2fs: check blkaddr more accuratly before issue a bio (bnc#1012382).\n- f2fs: clean up argument of recover_data (bnc#1012382).\n- f2fs: clean up with is_valid_blkaddr() (bnc#1012382).\n- f2fs: detect wrong layout (bnc#1012382).\n- f2fs: enhance sanity_check_raw_super() to avoid potential overflow (bnc#1012382).\n- f2fs: factor out fsync inode entry operations (bnc#1012382).\n- f2fs: fix inode cache leak (bnc#1012382).\n- f2fs: fix invalid memory access (bnc#1012382).\n- f2fs: fix missing up_read (bnc#1012382).\n- f2fs: fix to avoid reading out encrypted data in page cache (bnc#1012382).\n- f2fs: fix to convert inline directory correctly (bnc#1012382).\n- f2fs: fix to determine start_cp_addr by sbi-\u003ecur_cp_pack (bnc#1012382).\n- f2fs: fix to do sanity check with block address in main area (bnc#1012382).\n- f2fs: fix to do sanity check with block address in main area v2 (bnc#1012382).\n- f2fs: fix to do sanity check with cp_pack_start_sum (bnc#1012382).\n- f2fs: fix to do sanity check with node footer and iblocks (bnc#1012382).\n- f2fs: fix to do sanity check with reserved blkaddr of inline inode (bnc#1012382).\n- f2fs: fix to do sanity check with secs_per_zone (bnc#1012382).\n- f2fs: fix to do sanity check with user_block_count (bnc#1012382).\n- f2fs: fix validation of the block count in sanity_check_raw_super (bnc#1012382).\n- f2fs: free meta pages if sanity check for ckpt is failed (bnc#1012382).\n- f2fs: give -EINVAL for norecovery and rw mount (bnc#1012382).\n- f2fs: introduce and spread verify_blkaddr (bnc#1012382).\n- f2fs: introduce get_checkpoint_version for cleanup (bnc#1012382).\n- f2fs: move sanity checking of cp into get_valid_checkpoint (bnc#1012382).\n- f2fs: not allow to write illegal blkaddr (bnc#1012382).\n- f2fs: put directory inodes before checkpoint in roll-forward recovery (bnc#1012382).\n- f2fs: remove an obsolete variable (bnc#1012382).\n- f2fs: return error during fill_super (bnc#1012382).\n- f2fs: sanity check on sit entry (bnc#1012382).\n- f2fs: use crc and cp version to determine roll-forward recovery (bnc#1012382).\n- gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB (Git-fixes).\n- i2c: dev: prevent adapter retries and timeout being set as minus value (bnc#1012382).\n- ibmveth: Do not process frames after calling napi_reschedule (bcs#1123357).\n- ibmvnic: Add ethtool private flag for driver-defined queue limits (bsc#1121726).\n- ibmvnic: Increase maximum queue size limit (bsc#1121726).\n- ibmvnic: Introduce driver limits for ring sizes (bsc#1121726).\n- iommu/amd: Call free_iova_fast with pfn in map_sg (bsc#1106105).\n- iommu/amd: Fix IOMMU page flush when detach device from a domain (bsc#1106105).\n- iommu/amd: Unmap all mapped pages in error path of map_sg (bsc#1106105).\n- iommu/vt-d: Fix memory leak in intel_iommu_put_resv_regions() (bsc#1106105).\n- ip: on queued skb use skb_header_pointer instead of pskb_may_pull (bnc#1012382).\n- ipmi:ssif: Fix handling of multi-part return messages (bnc#1012382).\n- ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address (bnc#1012382).\n- ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses (bnc#1012382).\n- ipv6: fix kernel-infoleak in ipv6_local_error() (bnc#1012382).\n- jffs2: Fix use of uninitialized delayed_work, lockdep breakage (bnc#1012382).\n- kabi: reorder new slabinfo fields in struct kmem_cache_node (bnc#1116653).\n- kconfig: fix file name and line number of warn_ignored_character() (bnc#1012382).\n- kconfig: fix memory leak when EOF is encountered in quotation (bnc#1012382).\n- loop: Fix double mutex_unlock(\u0026loop_ctl_mutex) in loop_control_ioctl() (bnc#1012382).\n- loop: Fold __loop_release into loop_release (bnc#1012382).\n- loop: Get rid of loop_index_mutex (bnc#1012382).\n- lsm: Check for NULL cred-security on free (bnc#1012382).\n- md: batch flush requests (bsc#1119680).\n- media: em28xx: Fix misplaced reset of dev-\u003ev4l::field_count (bnc#1012382).\n- media: firewire: Fix app_info parameter type in avc_ca{,_app}_info (bnc#1012382).\n- media: vb2: be sure to unlock mutex on errors (bnc#1012382).\n- media: vb2: vb2_mmap: move lock up (bnc#1012382).\n- media: vivid: fix error handling of kthread_run (bnc#1012382).\n- media: vivid: set min width/height to a value \u003e 0 (bnc#1012382).\n- mfd: tps6586x: Handle interrupts on suspend (bnc#1012382).\n- mips: SiByte: Enable swiotlb for SWARM, LittleSur and BigSur (bnc#1012382).\n- mips: fix n32 compat_ipc_parse_version (bnc#1012382).\n- mm, proc: be more verbose about unstable VMA flags in /proc/\u0026lt;pid\u003e/smaps (bnc#1012382).\n- mm, slab: faster active and free stats (bsc#1116653, VM Performance).\n- mm, slab: maintain total slab count instead of active count (bsc#1116653, VM Performance).\n- mm/page-writeback.c: do not break integrity writeback on -\u003ewritepage() error (bnc#1012382).\n- mm/slab: improve performance of gathering slabinfo stats (bsc#1116653, VM Performance).\n- mm: only report isolation failures when offlining memory (generic hotplug debugability).\n- mmc: atmel-mci: do not assume idle after atmci_request_end (bnc#1012382).\n- net: bridge: fix a bug on using a neighbour cache entry without checking its state (bnc#1012382).\n- net: call sk_dst_reset when set SO_DONTROUTE (bnc#1012382).\n- net: speed up skb_rbtree_purge() (bnc#1012382).\n- ocfs2: fix panic due to unrecovered local alloc (bnc#1012382).\n- omap2fb: Fix stack memory disclosure (bsc#1106929)\n- packet: Do not leak dev refcounts on error exit (bnc#1012382).\n- pci: altera: Check link status before retrain link (bnc#1012382).\n- pci: altera: Fix altera_pcie_link_is_up() (bnc#1012382).\n- pci: altera: Move retrain from fixup to altera_pcie_host_init() (bnc#1012382).\n- pci: altera: Poll for link training status after retraining the link (bnc#1012382).\n- pci: altera: Poll for link up status after retraining the link (bnc#1012382).\n- pci: altera: Reorder read/write functions (bnc#1012382).\n- pci: altera: Rework config accessors for use without a struct pci_bus (bnc#1012382).\n- perf intel-pt: Fix error with config term \u0027pt=0\u0027 (bnc#1012382).\n- perf parse-events: Fix unchecked usage of strncpy() (bnc#1012382).\n- perf svghelper: Fix unchecked usage of strncpy() (bnc#1012382).\n- platform/x86: asus-wmi: Tell the EC the OS will handle the display off hotkey (bnc#1012382).\n- powerpc, hotplug: Avoid to touch non-existent cpumasks (bsc#1109695).\n- powerpc/cacheinfo: Report the correct shared_cpu_map on big-cores (bsc#1109695).\n- powerpc/pseries/cpuidle: Fix preempt warning (bnc#1012382).\n- powerpc/setup: Add cpu_to_phys_id array (bsc#1109695).\n- powerpc/smp: Add Power9 scheduler topology (bsc#1109695).\n- powerpc/smp: Add cpu_l2_cache_map (bsc#1109695).\n- powerpc/smp: Rework CPU topology construction (bsc#1109695).\n- powerpc/smp: Use cpu_to_chip_id() to find core siblings (bsc#1109695).\n- powerpc/xmon: Fix invocation inside lock region (bsc#1122885).\n- powerpc: Detect the presence of big-cores via \u0027ibm, thread-groups\u0027 (bsc#1109695).\n- powerpc: Use cpu_smallcore_sibling_mask at SMT level on bigcores (bsc#1109695).\n- powerpc: make use of for_each_node_by_type() instead of open-coding it (bsc#1109695).\n- proc: Remove empty line in /proc/self/status (bnc#1012382 bsc#1094823).\n- pstore/ram: Do not treat empty buffers as valid (bnc#1012382).\n- r8169: Add support for new Realtek Ethernet (bnc#1012382).\n- scsi: megaraid: fix out-of-bound array accesses (bnc#1012382).\n- scsi: sd: Fix cache_type_store() (bnc#1012382).\n- scsi: target: use consistent left-aligned ASCII INQUIRY data (bnc#1012382).\n- sctp: allocate sctp_sockaddr_entry with kzalloc (bnc#1012382).\n- selinux: fix GPF on invalid policy (bnc#1012382).\n- slab: alien caches must not be initialized if the allocation of the alien cache failed (bnc#1012382).\n- sunrpc: handle ENOMEM in rpcb_getport_async (bnc#1012382).\n- sysfs: Disable lockdep for driver bind/unbind files (bnc#1012382).\n- tipc: fix uninit-value in tipc_nl_compat_bearer_enable (bnc#1012382).\n- tipc: fix uninit-value in tipc_nl_compat_doit (bnc#1012382).\n- tipc: fix uninit-value in tipc_nl_compat_link_reset_stats (bnc#1012382).\n- tipc: fix uninit-value in tipc_nl_compat_link_set (bnc#1012382).\n- tipc: fix uninit-value in tipc_nl_compat_name_table_dump (bnc#1012382).\n- tty/ldsem: Wake up readers after timed out down_write() (bnc#1012382).\n- usb: Add USB_QUIRK_DELAY_CTRL_MSG quirk for Corsair K70 RGB (bnc#1012382).\n- usb: cdc-acm: send ZLP for Telit 3G Intel based modems (bnc#1012382).\n- usb: storage: add quirk for SMI SM3350 (bnc#1012382).\n- usb: storage: do not insert sane sense for SPC3+ when bad sense specified (bnc#1012382).\n- writeback: do not decrement wb-\u003erefcnt if !wb-\u003ebdi (git fixes (writeback)).\n- x86/pkeys: Properly copy pkey state at fork() (bsc#1106105).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2019-470,SUSE-SLE-RT-12-SP3-2019-470",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_0470-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2019:0470-1",
"url": "https://www.suse.com/support/update/announcement/2019/suse-su-20190470-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2019:0470-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2019-February/005147.html"
},
{
"category": "self",
"summary": "SUSE Bug 1012382",
"url": "https://bugzilla.suse.com/1012382"
},
{
"category": "self",
"summary": "SUSE Bug 1023175",
"url": "https://bugzilla.suse.com/1023175"
},
{
"category": "self",
"summary": "SUSE Bug 1087036",
"url": "https://bugzilla.suse.com/1087036"
},
{
"category": "self",
"summary": "SUSE Bug 1094823",
"url": "https://bugzilla.suse.com/1094823"
},
{
"category": "self",
"summary": "SUSE Bug 1102875",
"url": "https://bugzilla.suse.com/1102875"
},
{
"category": "self",
"summary": "SUSE Bug 1102877",
"url": "https://bugzilla.suse.com/1102877"
},
{
"category": "self",
"summary": "SUSE Bug 1102879",
"url": "https://bugzilla.suse.com/1102879"
},
{
"category": "self",
"summary": "SUSE Bug 1102882",
"url": "https://bugzilla.suse.com/1102882"
},
{
"category": "self",
"summary": "SUSE Bug 1102896",
"url": "https://bugzilla.suse.com/1102896"
},
{
"category": "self",
"summary": "SUSE Bug 1106105",
"url": "https://bugzilla.suse.com/1106105"
},
{
"category": "self",
"summary": "SUSE Bug 1106929",
"url": "https://bugzilla.suse.com/1106929"
},
{
"category": "self",
"summary": "SUSE Bug 1107866",
"url": "https://bugzilla.suse.com/1107866"
},
{
"category": "self",
"summary": "SUSE Bug 1109695",
"url": "https://bugzilla.suse.com/1109695"
},
{
"category": "self",
"summary": "SUSE Bug 1114893",
"url": "https://bugzilla.suse.com/1114893"
},
{
"category": "self",
"summary": "SUSE Bug 1116653",
"url": "https://bugzilla.suse.com/1116653"
},
{
"category": "self",
"summary": "SUSE Bug 1119680",
"url": "https://bugzilla.suse.com/1119680"
},
{
"category": "self",
"summary": "SUSE Bug 1120722",
"url": "https://bugzilla.suse.com/1120722"
},
{
"category": "self",
"summary": "SUSE Bug 1120758",
"url": "https://bugzilla.suse.com/1120758"
},
{
"category": "self",
"summary": "SUSE Bug 1120902",
"url": "https://bugzilla.suse.com/1120902"
},
{
"category": "self",
"summary": "SUSE Bug 1121726",
"url": "https://bugzilla.suse.com/1121726"
},
{
"category": "self",
"summary": "SUSE Bug 1122650",
"url": "https://bugzilla.suse.com/1122650"
},
{
"category": "self",
"summary": "SUSE Bug 1122651",
"url": "https://bugzilla.suse.com/1122651"
},
{
"category": "self",
"summary": "SUSE Bug 1122779",
"url": "https://bugzilla.suse.com/1122779"
},
{
"category": "self",
"summary": "SUSE Bug 1122885",
"url": "https://bugzilla.suse.com/1122885"
},
{
"category": "self",
"summary": "SUSE Bug 1123321",
"url": "https://bugzilla.suse.com/1123321"
},
{
"category": "self",
"summary": "SUSE Bug 1123323",
"url": "https://bugzilla.suse.com/1123323"
},
{
"category": "self",
"summary": "SUSE Bug 1123357",
"url": "https://bugzilla.suse.com/1123357"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18249 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3459 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3460 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3460/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2019-02-22T12:47:15Z",
"generator": {
"date": "2019-02-22T12:47:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2019:0470-1",
"initial_release_date": "2019-02-22T12:47:15Z",
"revision_history": [
{
"date": "2019-02-22T12:47:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-4.4.172-3.35.1.noarch",
"product": {
"name": "kernel-devel-rt-4.4.172-3.35.1.noarch",
"product_id": "kernel-devel-rt-4.4.172-3.35.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-4.4.172-3.35.1.noarch",
"product": {
"name": "kernel-source-rt-4.4.172-3.35.1.noarch",
"product_id": "kernel-source-rt-4.4.172-3.35.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"product_id": "cluster-md-kmp-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"product_id": "dlm-kmp-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "dlm-kmp-rt_debug-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"product_id": "gfs2-kmp-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-base-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt-base-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt-base-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt-devel-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt-devel-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt-extra-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt-extra-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-kgraft-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt-kgraft-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt-kgraft-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt_debug-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-base-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt_debug-base-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt_debug-base-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt_debug-devel-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt_debug-extra-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-kgraft-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-rt_debug-kgraft-4.4.172-3.35.1.x86_64",
"product_id": "kernel-rt_debug-kgraft-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "kernel-syms-rt-4.4.172-3.35.1.x86_64",
"product_id": "kernel-syms-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-4.4.172-3.35.1.x86_64",
"product_id": "kselftests-kmp-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"product_id": "ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-4.4.172-3.35.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Real Time 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-linux-enterprise-rt:12:sp3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-4.4.172-3.35.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch"
},
"product_reference": "kernel-devel-rt-4.4.172-3.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "kernel-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-base-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64"
},
"product_reference": "kernel-rt-base-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64"
},
"product_reference": "kernel-rt-devel-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-4.4.172-3.35.1.noarch as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch"
},
"product_reference": "kernel-source-rt-4.4.172-3.35.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "kernel-syms-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-4.4.172-3.35.1.x86_64 as component of SUSE Linux Enterprise Real Time 12 SP3",
"product_id": "SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Real Time 12 SP3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-18249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18249"
}
],
"notes": [
{
"category": "general",
"text": "The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18249",
"url": "https://www.suse.com/security/cve/CVE-2017-18249"
},
{
"category": "external",
"summary": "SUSE Bug 1087036 for CVE-2017-18249",
"url": "https://bugzilla.suse.com/1087036"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-22T12:47:15Z",
"details": "moderate"
}
],
"title": "CVE-2017-18249"
},
{
"cve": "CVE-2019-3459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3459"
}
],
"notes": [
{
"category": "general",
"text": "A heap address information leak while using L2CAP_GET_CONF_OPT was discovered in the Linux kernel before 5.1-rc1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3459",
"url": "https://www.suse.com/security/cve/CVE-2019-3459"
},
{
"category": "external",
"summary": "SUSE Bug 1120758 for CVE-2019-3459",
"url": "https://bugzilla.suse.com/1120758"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-22T12:47:15Z",
"details": "moderate"
}
],
"title": "CVE-2019-3459"
},
{
"cve": "CVE-2019-3460",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3460"
}
],
"notes": [
{
"category": "general",
"text": "A heap data infoleak in multiple locations including L2CAP_PARSE_CONF_RSP was found in the Linux kernel before 5.1-rc1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3460",
"url": "https://www.suse.com/security/cve/CVE-2019-3460"
},
{
"category": "external",
"summary": "SUSE Bug 1120758 for CVE-2019-3460",
"url": "https://bugzilla.suse.com/1120758"
},
{
"category": "external",
"summary": "SUSE Bug 1155131 for CVE-2019-3460",
"url": "https://bugzilla.suse.com/1155131"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Real Time 12 SP3:cluster-md-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:dlm-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:gfs2-kmp-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-devel-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-base-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-rt_debug-devel-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-source-rt-4.4.172-3.35.1.noarch",
"SUSE Linux Enterprise Real Time 12 SP3:kernel-syms-rt-4.4.172-3.35.1.x86_64",
"SUSE Linux Enterprise Real Time 12 SP3:ocfs2-kmp-rt-4.4.172-3.35.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2019-02-22T12:47:15Z",
"details": "moderate"
}
],
"title": "CVE-2019-3460"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…