Overview

File _patchinfo of Package patchinfo.7082

<patchinfo incident="7082">
  <issue id="1073230" tracker="bnc">VUL-0: CVE-2017-17712: kernel live patch: The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel through 4.14.6has a race condition in inet-&gt;hdrincl that leads to uninitialized stack pointerusage; this allows a local user to execute</issue>
  <issue id="1076017" tracker="bnc">VUL-0: CVE-2018-1000004: kernel-source: ALSA: sequencer use-after-free / deadlock</issue>
  <issue id="1083488" tracker="bnc">VUL-0: CVE-2018-7566: kernel live patch: race condition in snd_seq_write() may lead to UAF or OOB-access</issue>
  <issue id="1085114" tracker="bnc">VUL-0:  CVE-2018-1068: kernel live patch: netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets</issue>
  <issue id="1085447" tracker="bnc">VUL-0: CVE-2017-13166: kernel live patch: An elevation of privilege vulnerability in the kernel v4l2 video driver.Product: Android. Versions: Android kernel. Android ID A-34624167.</issue>
  <issue id="2017-13166" tracker="cve" />
  <issue id="2018-1000004" tracker="cve" />
  <issue id="2018-1068" tracker="cve" />
  <issue id="2018-7566" tracker="cve" />
  <category>security</category>
  <rating>important</rating>
  <packager>mbenes</packager>
  <description>This update for the Linux Kernel 4.4.74-92_38 fixes several issues.

The following security issues were fixed:

- CVE-2017-13166: Prevent elevation of privilege vulnerability in the v4l2 video driver (bsc#1085447).
- CVE-2018-1068: A flaw in the implementation of 32-bit syscall interface for bridging allowed a privileged user to arbitrarily write to a limited range of kernel memory (bsc#1085114).
- CVE-2018-7566: Prevent buffer overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user (bsc#1083488).
- CVE-2018-1000004: Prevent race condition in the sound system that could have lead to a deadlock and denial of service condition (bsc#1076017).
</description>
<summary>Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP2)</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places