File _patchinfo of Package patchinfo.13847
<patchinfo incident="13847"> <issue id="1103203" tracker="bnc">VUL-0: CVE-2017-18344: kernel live patch: The timer_create syscall implementationdoesn't properly validate the sigevent->sigev_notifyfield, which leads to out-of-bounds access</issue> <issue id="1160467" tracker="bnc">VUL-0: CVE-2019-14897: kernel live patch: Stack Overflow in lbs_ibss_join_existing() function of Marvell Wifi Driver</issue> <issue id="1160468" tracker="bnc">VUL-0: CVE-2019-14896: kernel live patch: Heap Overflow in add_ie_rates() function of Marvell Wifi Driver</issue> <issue id="2019-14896" tracker="cve" /> <issue id="2019-14897" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>nstange</packager> <description>This update for the Linux Kernel 4.12.14-150_27 fixes several issues. The following security issues were fixed: - CVE-2019-14896: A heap-based buffer overflow vulnerability was found in the Marvell WiFi chip driver. A remote attacker could cause a denial of service (system crash) or, possibly execute arbitrary code, when the lbs_ibss_join_existing function is called after a STA connects to an AP (bsc#1157157). - CVE-2019-14897: A stack-based buffer overflow was found in the Marvell WiFi chip driver. An attacker was able to cause a denial of service (system crash) or, possibly execute arbitrary code, when a STA works in IBSS mode (allows connecting stations together without the use of an AP) and connects to another STA (bsc#1157155). </description> <summary>Security update for the Linux Kernel (Live Patch 12 for SLE 15)</summary> </patchinfo>
