File _patchinfo of Package patchinfo.11753

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.11753

<patchinfo incident="11753">
  <issue id="1102682" tracker="bnc">VUL-0: CVE-2018-5390: kernel live patch: denial of service conditions with low rates of specially modified packets aka "SegmentSmack"</issue>
  <issue id="1133191" tracker="bnc">VUL-0: CVE-2019-11487: kernel live patch:  allows page-&gt;_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/spl</issue>
  <issue id="2018-5390" tracker="cve" />
  <issue id="2019-11487" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>nstange</packager>
  <description>This update for the Linux Kernel 4.4.121-92_114 fixes several issues.

The following security issues were fixed:

- CVE-2019-11487: The Linux kernel allowed page-&gt;_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests (bsc#1133191).
- CVE-2018-5390: Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue() and tcp_prune_ofo_queue() for every incoming packet which can lead to a denial of service (bsc#1102682).
</description>
<summary>Security update for the Linux Kernel (Live Patch 30 for SLE 12 SP2)</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.11753

Places