File _patchinfo of Package patchinfo.13847

<patchinfo incident="13847">
  <issue id="1103203" tracker="bnc">VUL-0: CVE-2017-18344: kernel live patch: The timer_create syscall implementationdoesn't properly validate the sigevent-&gt;sigev_notifyfield, which leads to out-of-bounds access</issue>
  <issue id="1160467" tracker="bnc">VUL-0: CVE-2019-14897: kernel live patch: Stack Overflow in lbs_ibss_join_existing() function of Marvell Wifi Driver</issue>
  <issue id="1160468" tracker="bnc">VUL-0: CVE-2019-14896: kernel live patch: Heap Overflow in add_ie_rates() function of Marvell Wifi Driver</issue>
  <issue id="2019-14896" tracker="cve" />
  <issue id="2019-14897" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 4.12.14-150_27 fixes several issues.

The following security issues were fixed:

- CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157).
- CVE-2019-14897: A stack-based buffer overflow was found in the  Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155).
</description>
<summary>Security update for the Linux Kernel (Live Patch 12 for SLE 15)</summary>
</patchinfo>