{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for the Linux Kernel","title":"Title of the patch"},{"category":"description","text":"\nThe SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.156 to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-16597: Incorrect access checking in overlayfs mounts could have been\n  used by local attackers to modify or truncate files in the underlying\n  filesystem (bnc#1106512).\n- CVE-2018-14613: Prevent invalid pointer dereference in io_ctl_map_page() when\n  mounting and operating a crafted btrfs image, caused by a lack of block group\n  item validation in check_leaf_item (bsc#1102896)\n- CVE-2018-14617: Prevent NULL pointer dereference and panic in\n  hfsplus_lookup() when opening a file (that is purportedly a hard link) in an\n  hfs+ filesystem that has malformed catalog data, and is mounted read-only\n  without a metadata directory (bsc#1102870)\n- CVE-2018-16276: Incorrect bounds checking in the yurex USB driver in\n  yurex_read allowed local attackers to use user access read/writes to crash the\n  kernel or potentially escalate privileges (bsc#1106095)\n- CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in\n  drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of\n  service (memory consumption) via many read accesses to files in the\n  /sys/class/sas_phy directory, as demonstrated by the\n  /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536)\n- CVE-2018-7480: The blkcg_init_queue function allowed local users to cause a\n  denial of service (double free) or possibly have unspecified other impact by\n  triggering a creation failure (bsc#1082863).\n- CVE-2018-17182: The vmacache_flush_all function in mm/vmacache.c\n  mishandled sequence number overflows. An attacker can trigger a\n  use-after-free (and possibly gain privileges) via certain thread creation,\n  map, unmap, invalidation, and dereference operations (bnc#1108399).\n\nThe following non-security bugs were fixed:\n\n- asm/sections: add helpers to check for section data (bsc#1063026).\n- ASoC: wm8994: Fix missing break in switch (bnc#1012382).\n- block: bvec_nr_vecs() returns value for wrong slab (bsc#1082979).\n- bpf: fix overflow in prog accounting (bsc#1012382).\n- btrfs: Add checker for EXTENT_CSUM (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: Add sanity check for EXTENT_DATA when reading out leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: Check if item pointer overlaps with the item itself (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: Check that each block group has corresponding chunk at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: Introduce mount time chunk <-> dev extent mapping check (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: Move leaf and node validation checker to tree-checker.c (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: relocation: Only remove reloc rb_trees if reloc control has been initialized (bnc#1012382).\n- btrfs: replace: Reset on-disk dev stats value after replace (bnc#1012382).\n- btrfs: scrub: Do not use inode page cache in scrub_handle_errored_block() (bsc#1108096).\n- btrfs: tree-checker: Add checker for dir item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: tree-checker: Detect invalid and empty essential trees (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: tree-checker: Enhance btrfs_check_node output (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: tree-checker: Enhance output for btrfs_check_leaf (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: tree-checker: Enhance output for check_csum_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: tree-checker: Enhance output for check_extent_data_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: tree-checker: Fix false panic for sanity test (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: tree-checker: Replace root parameter with fs_info (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: tree-checker: use %zu format string for size_t (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: tree-checker: Verify block_group_item (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- btrfs: use correct compare function of dirty_metadata_bytes (bnc#1012382).\n- btrfs: Verify that every chunk has corresponding block group at mount time (bsc#1102882, bsc#1102896, bsc#1102879, bsc#1102877, bsc#1102875,).\n- cifs: check if SMB2 PDU size has been padded and suppress the warning (bnc#1012382).\n- crypto: clarify licensing of OpenSSL asm code ().\n- crypto: vmx - Remove overly verbose printk from AES XTS init (git-fixes).\n- debugobjects: Make stack check warning more informative (bnc#1012382).\n- dm kcopyd: avoid softlockup in run_complete_job (bnc#1012382).\n- dm-mpath: do not try to access NULL rq (bsc#1110337).\n- EDAC: Fix memleak in module init error path (bsc#1109441).\n- EDAC, i7core: Fix memleaks and use-after-free on probe and remove (1109441).\n- fat: validate ->i_start before using (bnc#1012382).\n- Fixes: Commit cdbf92675fad ('mm: numa: avoid waiting on freed migrated pages') (bnc#1012382).\n- Follow-up fix for patches.arch/01-jump_label-reduce-the-size-of-struct-static_key-kabi.patch (bsc#1108803).\n- fork: do not copy inconsistent signal handler state to child (bnc#1012382).\n- fs/dcache.c: fix kmemcheck splat at take_dentry_name_snapshot() (bnc#1012382).\n- genirq: Delay incrementing interrupt count if it's disabled/pending (bnc#1012382).\n- grow_cache: we still have a code which uses both __GFP_ZERO and constructors. The code seems to be correct and the warning does more harm than good so revert for the the meantime until we catch offenders. (bnc#1110297) \n- hfsplus: do not return 0 when fill_super() failed (bnc#1012382).\n- hfs: prevent crash on exit from failed search (bnc#1012382).\n- ib_srp: Remove WARN_ON in srp_terminate_io() (bsc#1094562).\n- ipvs: fix race between ip_vs_conn_new() and ip_vs_del_dest() (bnc#1012382).\n- irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP (bnc#1012382).\n- irqchip/gic-v3: Add missing barrier to 32bit version of gic_read_iar() (bnc#1012382).\n- kabi protect hnae_ae_ops (bsc#1107924).\n- kbuild: make missing $DEPMOD a Warning instead of an Error (bnc#1012382).\n- l2tp: cast l2tp traffic counter to unsigned (bsc#1099810).\n- mei: me: allow runtime pm for platform with D0i3 (bnc#1012382).\n- mfd: sm501: Set coherent_dma_mask when creating subdevices (bnc#1012382).\n- mm/fadvise.c: fix signed overflow UBSAN complaint (bnc#1012382).\n- net/9p: fix error path of p9_virtio_probe (bnc#1012382).\n- net: bcmgenet: use MAC link status for fixed phy (bnc#1012382).\n- net: ena: Eliminate duplicate barriers on weakly-ordered archs (bsc#1108240).\n- net: ena: fix device destruction to gracefully free resources (bsc#1108240).\n- net: ena: fix driver when PAGE_SIZE == 64kB (bsc#1108240).\n- net: ena: fix incorrect usage of memory barriers (bsc#1108240).\n- net: ena: fix missing calls to READ_ONCE (bsc#1108240).\n- net: ena: fix missing lock during device destruction (bsc#1108240).\n- net: ena: fix potential double ena_destroy_device() (bsc#1108240).\n- net: ena: fix surprise unplug NULL dereference kernel crash (bsc#1108240).\n- net: hns: add netif_carrier_off before change speed and duplex (bsc#1107924).\n- net: hns: add the code for cleaning pkt in chip (bsc#1107924).\n- nvme_fc: add 'nvme_discovery' sysfs attribute to fc transport device (bsc#1044189).\n- nvmet: fixup crash on NULL device path (bsc#1082979).\n- ovl: modify ovl_permission() to do checks on two inodes (bsc#1106512)\n- ovl: proper cleanup of workdir (bnc#1012382).\n- ovl: rename is_merge to is_lowest (bnc#1012382).\n- PCI: mvebu: Fix I/O space end address calculation (bnc#1012382).\n- platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 (bnc#1012382).\n- powerpc/64: Do load of PACAKBASE in LOAD_HANDLER (bsc#1094244).\n- powerpc/book3s: Fix MCE console messages for unrecoverable MCE (bsc#1094244).\n- powerpc/fadump: cleanup crash memory ranges support (bsc#1103269).\n- powerpc/fadump: re-register firmware-assisted dump if already registered (bsc#1108170, bsc#1108823).\n- powerpc: Fix size calculation using resource_size() (bnc#1012382).\n- powerpc/mce: Move 64-bit machine check code into mce.c (bsc#1094244).\n- powerpc/perf/hv-24x7: Fix off-by-one error in request_buffer check (git-fixes).\n- powerpc/powernv/ioda2: Reduce upper limit for DMA window size (bsc#1066223).\n- powerpc/powernv: Rename machine_check_pSeries_early() to powernv (bsc#1094244).\n- powerpc/pseries: Avoid using the size greater than RTAS_ERROR_LOG_MAX (bnc#1012382).\n- powerpc/pseries: Disable CPU hotplug across migrations (bsc#1066223).\n- powerpc/pseries: Remove prrn_work workqueue (bsc#1102495, bsc#1109337).\n- powerpc/pseries: Remove unneeded uses of dlpar work queue (bsc#1102495, bsc#1109337).\n- powerpc/tm: Fix userspace r13 corruption (bsc#1109333).\n- RDMA/rw: Fix rdma_rw_ctx_signature_init() kernel-doc header (bsc#1082979).\n- reiserfs: change j_timestamp type to time64_t (bnc#1012382).\n- Revert 'ARM: imx_v6_v7_defconfig: Select ULPI support' (bnc#1012382).\n- s390/dasd: fix hanging offline processing due to canceled worker (bnc#1012382).\n- s390/lib: use expoline for all bcr instructions (LTC#171029 bnc#1012382 bnc#1106934).\n- sch_hhf: fix null pointer dereference on init failure (bnc#1012382).\n- sch_htb: fix crash on init failure (bnc#1012382).\n- sch_multiq: fix double free on init failure (bnc#1012382).\n- sch_netem: avoid null pointer deref on init failure (bnc#1012382).\n- sch_tbf: fix two null pointer dereferences on init failure (bnc#1012382).\n- scripts: modpost: check memory allocation results (bnc#1012382).\n- scsi: aic94xx: fix an error code in aic94xx_init() (bnc#1012382).\n- scsi: ipr: System hung while dlpar adding primary ipr adapter back (bsc#1109336).\n- scsi: qla2xxx: Add changes for devloss timeout in driver (bsc#1084427).\n- scsi: qla2xxx: Add FC-NVMe abort processing (bsc#1084427).\n- scsi: qla2xxx: Add longer window for chip reset (bsc#1094555).\n- scsi: qla2xxx: Avoid double completion of abort command (bsc#1094555).\n- scsi: qla2xxx: Cleanup code to improve FC-NVMe error handling (bsc#1084427).\n- scsi: qla2xxx: Cleanup for N2N code (bsc#1094555).\n- scsi: qla2xxx: correctly shift host byte (bsc#1094555).\n- scsi: qla2xxx: Correct setting of SAM_STAT_CHECK_CONDITION (bsc#1094555).\n- scsi: qla2xxx: Delete session for nport id change (bsc#1094555).\n- scsi: qla2xxx: Fix Async GPN_FT for FCP and FC-NVMe scan (bsc#1084427).\n- scsi: qla2xxx: Fix crash on qla2x00_mailbox_command (bsc#1094555).\n- scsi: qla2xxx: Fix double free bug after firmware timeout (bsc#1094555).\n- scsi: qla2xxx: Fix driver unload by shutting down chip (bsc#1094555).\n- scsi: qla2xxx: fix error message on <qla2400 (bsc#1094555).\n- scsi: qla2xxx: Fix FC-NVMe IO abort during driver reset (bsc#1084427).\n- scsi: qla2xxx: Fix function argument descriptions (bsc#1094555).\n- scsi: qla2xxx: Fix Inquiry command being dropped in Target mode (bsc#1094555).\n- scsi: qla2xxx: Fix issue reported by static checker for qla2x00_els_dcmd2_sp_done() (bsc#1094555).\n- scsi: qla2xxx: Fix login retry count (bsc#1094555).\n- scsi: qla2xxx: Fix Management Server NPort handle reservation logic (bsc#1094555).\n- scsi: qla2xxx: Fix memory leak for allocating abort IOCB (bsc#1094555).\n- scsi: qla2xxx: Fix n2n_ae flag to prevent dev_loss on PDB change (bsc#1084427).\n- scsi: qla2xxx: Fix N2N link re-connect (bsc#1094555).\n- scsi: qla2xxx: Fix NPIV deletion by calling wait_for_sess_deletion (bsc#1094555).\n- scsi: qla2xxx: Fix race between switch cmd completion and timeout (bsc#1094555).\n- scsi: qla2xxx: Fix race condition between iocb timeout and initialisation (bsc#1094555).\n- scsi: qla2xxx: Fix redundant fc_rport registration (bsc#1094555).\n- scsi: qla2xxx: Fix retry for PRLI RJT with reason of BUSY (bsc#1084427).\n- scsi: qla2xxx: Fix Rport and session state getting out of sync (bsc#1094555).\n- scsi: qla2xxx: Fix sending ADISC command for login (bsc#1094555).\n- scsi: qla2xxx: Fix session state stuck in Get Port DB (bsc#1094555).\n- scsi: qla2xxx: Fix stalled relogin (bsc#1094555).\n- scsi: qla2xxx: Fix TMF and Multi-Queue config (bsc#1094555).\n- scsi: qla2xxx: Fix unintended Logout (bsc#1094555).\n- scsi: qla2xxx: Fix unintialized List head crash (bsc#1094555).\n- scsi: qla2xxx: Flush mailbox commands on chip reset (bsc#1094555).\n- scsi: qla2xxx: fx00 copypaste typo (bsc#1094555).\n- scsi: qla2xxx: Migrate NVME N2N handling into state machine (bsc#1094555).\n- scsi: qla2xxx: Move GPSC and GFPNID out of session management (bsc#1094555).\n- scsi: qla2xxx: Prevent relogin loop by removing stale code (bsc#1094555).\n- scsi: qla2xxx: Prevent sysfs access when chip is down (bsc#1094555).\n- scsi: qla2xxx: Reduce redundant ADISC command for RSCNs (bsc#1094555).\n- scsi: qla2xxx: remove irq save in qla2x00_poll() (bsc#1094555).\n- scsi: qla2xxx: Remove nvme_done_list (bsc#1084427).\n- scsi: qla2xxx: Remove stale debug value for login_retry flag (bsc#1094555).\n- scsi: qla2xxx: Remove unneeded message and minor cleanup for FC-NVMe (bsc#1084427).\n- scsi: qla2xxx: Restore ZIO threshold setting (bsc#1084427).\n- scsi: qla2xxx: Return busy if rport going away (bsc#1084427).\n- scsi: qla2xxx: Save frame payload size from ICB (bsc#1094555).\n- scsi: qla2xxx: Set IIDMA and fcport state before qla_nvme_register_remote() (bsc#1084427).\n- scsi: qla2xxx: Silent erroneous message (bsc#1094555).\n- scsi: qla2xxx: Update driver version to 10.00.00.06-k (bsc#1084427).\n- scsi: qla2xxx: Update driver version to 10.00.00.07-k (bsc#1094555).\n- scsi: qla2xxx: Update driver version to 10.00.00.08-k (bsc#1094555).\n- scsi: qla2xxx: Use dma_pool_zalloc() (bsc#1094555).\n- scsi: qla2xxx: Use predefined get_datalen_for_atio() inline function (bsc#1094555).\n- selftests/powerpc: Kill child processes on SIGINT (bnc#1012382).\n- smb3: fix reset of bytes read and written stats (bnc#1012382).\n- SMB3: Number of requests sent should be displayed for SMB3 not just CIFS (bnc#1012382).\n- staging: android: ion: fix ION_IOC_{MAP,SHARE} use-after-free (bnc#1012382).\n- staging: comedi: ni_mio_common: fix subdevice flags for PFI subdevice (bnc#1012382).\n- tcp: do not restart timewait timer on rst reception (bnc#1012382).\n- Update patches.suse/dm-Always-copy-cmd_flags-when-cloning-a-request.patch (bsc#1088087, bsc#1103156).\n- usbip: vhci_sysfs: fix potential Spectre v1 (bsc#1096547).\n- vti6: remove !skb->ignore_df check from vti6_xmit() (bnc#1012382).\n- watchdog: w83627hf_wdt: Add quirk for Inves system (bsc#1106434).\n- x86/entry/64: Remove %ebx handling from error_entry/exit (bnc#1102715).\n- x86/pae: use 64 bit atomic xchg function in native_ptep_get_and_clear (bnc#1012382).\n- x86/speculation/l1tf: Fix up pte->pfn conversion for PAE (bnc#1012382).\n- xen: avoid crash in disable_hotplug_cpu (bsc#1106594).\n- xfs: add a new xfs_iext_lookup_extent_before helper (bsc#1095344).\n- xfs: add asserts for the mmap lock in xfs_{insert,collapse}_file_space (bsc#1095344).\n- xfs: add a xfs_bmap_fork_to_state helper (bsc#1095344).\n- xfs: add a xfs_iext_update_extent helper (bsc#1095344).\n- xfs: add comments documenting the rebalance algorithm (bsc#1095344).\n- xfs: add some comments to xfs_iext_insert/xfs_iext_insert_node (bsc#1095344).\n- xfs: add xfs_trim_extent (bsc#1095344).\n- xfs: allow unaligned extent records in xfs_bmbt_disk_set_all (bsc#1095344).\n- xfs: borrow indirect blocks from freed extent when available (bsc#1095344).\n- xfs: cleanup xfs_bmap_last_before (bsc#1095344).\n- xfs: do not create overlapping extents in xfs_bmap_add_extent_delay_real (bsc#1095344).\n- xfs: do not rely on extent indices in xfs_bmap_collapse_extents (bsc#1095344).\n- xfs: do not rely on extent indices in xfs_bmap_insert_extents (bsc#1095344).\n- xfs: do not set XFS_BTCUR_BPRV_WASDEL in xfs_bunmapi (bsc#1095344).\n- xfs: during btree split, save new block key and ptr for future insertion (bsc#1095344).\n- xfs: factor out a helper to initialize a local format inode fork (bsc#1095344).\n- xfs: fix memory leak in xfs_iext_free_last_leaf (bsc#1095344).\n- xfs: fix number of records handling in xfs_iext_split_leaf (bsc#1095344).\n- xfs: fix transaction allocation deadlock in IO path (bsc#1090535).\n- xfs: handle indlen shortage on delalloc extent merge (bsc#1095344).\n- xfs: handle zero entries case in xfs_iext_rebalance_leaf (bsc#1095344).\n- xfs: improve kmem_realloc (bsc#1095344).\n- xfs: inline xfs_shift_file_space into callers (bsc#1095344).\n- xfs: introduce the xfs_iext_cursor abstraction (bsc#1095344).\n- xfs: iterate over extents in xfs_bmap_extents_to_btree (bsc#1095344).\n- xfs: iterate over extents in xfs_iextents_copy (bsc#1095344).\n- xfs: make better use of the 'state' variable in xfs_bmap_del_extent_real (bsc#1095344).\n- xfs: merge xfs_bmap_read_extents into xfs_iread_extents (bsc#1095344).\n- xfs: move pre/post-bmap tracing into xfs_iext_update_extent (bsc#1095344).\n- xfs: move some code around inside xfs_bmap_shift_extents (bsc#1095344).\n- xfs: move some more code into xfs_bmap_del_extent_real (bsc#1095344).\n- xfs: move xfs_bmbt_irec and xfs_exntst_t to xfs_types.h (bsc#1095344).\n- xfs: move xfs_iext_insert tracepoint to report useful information (bsc#1095344).\n- xfs: new inode extent list lookup helpers (bsc#1095344).\n- xfs: only run torn log write detection on dirty logs (bsc#1095753).\n- xfs: pass an on-disk extent to xfs_bmbt_validate_extent (bsc#1095344).\n- xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_lookup_eq (bsc#1095344).\n- xfs: pass a struct xfs_bmbt_irec to xfs_bmbt_update (bsc#1095344).\n- xfs: pass struct xfs_bmbt_irec to xfs_bmbt_validate_extent (bsc#1095344).\n- xfs: provide helper for counting extents from if_bytes (bsc#1095344).\n- xfs: refactor delalloc accounting in xfs_bmap_add_extent_delay_real (bsc#1095344).\n- xfs: refactor delalloc indlen reservation split into helper (bsc#1095344).\n- xfs: refactor dir2 leaf readahead shadow buffer cleverness (bsc#1095344).\n- xfs: refactor in-core log state update to helper (bsc#1095753).\n- xfs: refactor unmount record detection into helper (bsc#1095753).\n- xfs: refactor xfs_bmap_add_extent_delay_real (bsc#1095344).\n- xfs: refactor xfs_bmap_add_extent_hole_delay (bsc#1095344).\n- xfs: refactor xfs_bmap_add_extent_hole_real (bsc#1095344).\n- xfs: refactor xfs_bmap_add_extent_unwritten_real (bsc#1095344).\n- xfs: refactor xfs_bunmapi_cow (bsc#1095344).\n- xfs: refactor xfs_del_extent_real (bsc#1095344).\n- xfs: remove a duplicate assignment in xfs_bmap_add_extent_delay_real (bsc#1095344).\n- xfs: remove all xfs_bmbt_set_* helpers except for xfs_bmbt_set_all (bsc#1095344).\n- xfs: remove a superflous assignment in xfs_iext_remove_node (bsc#1095344).\n- xfs: remove if_rdev (bsc#1095344).\n- xfs: remove prev argument to xfs_bmapi_reserve_delalloc (bsc#1095344).\n- xfs: remove support for inlining data/extents into the inode fork (bsc#1095344).\n- xfs: remove the never fully implemented UUID fork format (bsc#1095344).\n- xfs: remove the nr_extents argument to xfs_iext_insert (bsc#1095344).\n- xfs: remove the nr_extents argument to xfs_iext_remove (bsc#1095344).\n- xfs: remove XFS_BMAP_MAX_SHIFT_EXTENTS (bsc#1095344).\n- xfs: remove XFS_BMAP_TRACE_EXLIST (bsc#1095344).\n- xfs: remove xfs_bmbt_get_state (bsc#1095344).\n- xfs: remove xfs_bmse_shift_one (bsc#1095344).\n- xfs: rename bno to end in __xfs_bunmapi (bsc#1095344).\n- xfs: replace xfs_bmbt_lookup_ge with xfs_bmbt_lookup_first (bsc#1095344).\n- xfs: replace xfs_qm_get_rtblks with a direct call to xfs_bmap_count_leaves (bsc#1095344).\n- xfs: rewrite getbmap using the xfs_iext_* helpers (bsc#1095344).\n- xfs: rewrite xfs_bmap_count_leaves using xfs_iext_get_extent (bsc#1095344).\n- xfs: rewrite xfs_bmap_first_unused to make better use of xfs_iext_get_extent (bsc#1095344).\n- xfs: separate log head record discovery from verification (bsc#1095753).\n- xfs: simplify the xfs_getbmap interface (bsc#1095344).\n- xfs: simplify validation of the unwritten extent bit (bsc#1095344).\n- xfs: split indlen reservations fairly when under reserved (bsc#1095344).\n- xfs: split xfs_bmap_shift_extents (bsc#1095344).\n- xfs: switch xfs_bmap_local_to_extents to use xfs_iext_insert (bsc#1095344).\n- xfs: treat idx as a cursor in xfs_bmap_add_extent_delay_real (bsc#1095344).\n- xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_delay (bsc#1095344).\n- xfs: treat idx as a cursor in xfs_bmap_add_extent_hole_real (bsc#1095344).\n- xfs: treat idx as a cursor in xfs_bmap_add_extent_unwritten_real (bsc#1095344).\n- xfs: treat idx as a cursor in xfs_bmap_collapse_extents (bsc#1095344).\n- xfs: treat idx as a cursor in xfs_bmap_del_extent_* (bsc#1095344).\n- xfs: update freeblocks counter after extent deletion (bsc#1095344).\n- xfs: update got in xfs_bmap_shift_update_extent (bsc#1095344).\n- xfs: use a b+tree for the in-core extent list (bsc#1095344).\n- xfs: use correct state defines in xfs_bmap_del_extent_{cow,delay} (bsc#1095344).\n- xfs: use new extent lookup helpers in xfs_bmapi_read (bsc#1095344).\n- xfs: use new extent lookup helpers in xfs_bmapi_write (bsc#1095344).\n- xfs: use new extent lookup helpers in __xfs_bunmapi (bsc#1095344).\n- xfs: use the state defines in xfs_bmap_del_extent_real (bsc#1095344).\n- xfs: use xfs_bmap_del_extent_delay for the data fork as well (bsc#1095344).\n- xfs: use xfs_iext_*_extent helpers in xfs_bmap_shift_extents (bsc#1095344).\n- xfs: use xfs_iext_*_extent helpers in xfs_bmap_split_extent_at (bsc#1095344).\n- xfs: use xfs_iext_get_extent instead of open coding it (bsc#1095344).\n- xfs: use xfs_iext_get_extent in xfs_bmap_first_unused (bsc#1095344).\n","title":"Description of the patch"},{"category":"details","text":"SUSE-SLE-Live-Patching-12-SP3-2018-2135","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_3004-1.json"},{"category":"self","summary":"URL for SUSE-SU-2018:3004-1","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20183004-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2018:3004-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2018-October/004641.html"},{"category":"self","summary":"SUSE Bug 1012382","url":"https://bugzilla.suse.com/1012382"},{"category":"self","summary":"SUSE Bug 1044189","url":"https://bugzilla.suse.com/1044189"},{"category":"self","summary":"SUSE Bug 1063026","url":"https://bugzilla.suse.com/1063026"},{"category":"self","summary":"SUSE Bug 1066223","url":"https://bugzilla.suse.com/1066223"},{"category":"self","summary":"SUSE Bug 1082863","url":"https://bugzilla.suse.com/1082863"},{"category":"self","summary":"SUSE Bug 1082979","url":"https://bugzilla.suse.com/1082979"},{"category":"self","summary":"SUSE Bug 1084427","url":"https://bugzilla.suse.com/1084427"},{"category":"self","summary":"SUSE Bug 1084536","url":"https://bugzilla.suse.com/1084536"},{"category":"self","summary":"SUSE Bug 1087209","url":"https://bugzilla.suse.com/1087209"},{"category":"self","summary":"SUSE Bug 1088087","url":"https://bugzilla.suse.com/1088087"},{"category":"self","summary":"SUSE Bug 1090535","url":"https://bugzilla.suse.com/1090535"},{"category":"self","summary":"SUSE Bug 1091815","url":"https://bugzilla.suse.com/1091815"},{"category":"self","summary":"SUSE Bug 1094244","url":"https://bugzilla.suse.com/1094244"},{"category":"self","summary":"SUSE Bug 1094555","url":"https://bugzilla.suse.com/1094555"},{"category":"self","summary":"SUSE Bug 1094562","url":"https://bugzilla.suse.com/1094562"},{"category":"self","summary":"SUSE Bug 1095344","url":"https://bugzilla.suse.com/1095344"},{"category":"self","summary":"SUSE Bug 1095753","url":"https://bugzilla.suse.com/1095753"},{"category":"self","summary":"SUSE Bug 1096547","url":"https://bugzilla.suse.com/1096547"},{"category":"self","summary":"SUSE Bug 1099810","url":"https://bugzilla.suse.com/1099810"},{"category":"self","summary":"SUSE Bug 1102495","url":"https://bugzilla.suse.com/1102495"},{"category":"self","summary":"SUSE Bug 1102715","url":"https://bugzilla.suse.com/1102715"},{"category":"self","summary":"SUSE Bug 1102870","url":"https://bugzilla.suse.com/1102870"},{"category":"self","summary":"SUSE Bug 1102875","url":"https://bugzilla.suse.com/1102875"},{"category":"self","summary":"SUSE Bug 1102877","url":"https://bugzilla.suse.com/1102877"},{"category":"self","summary":"SUSE Bug 1102879","url":"https://bugzilla.suse.com/1102879"},{"category":"self","summary":"SUSE Bug 1102882","url":"https://bugzilla.suse.com/1102882"},{"category":"self","summary":"SUSE Bug 1102896","url":"https://bugzilla.suse.com/1102896"},{"category":"self","summary":"SUSE Bug 1103156","url":"https://bugzilla.suse.com/1103156"},{"category":"self","summary":"SUSE Bug 1103269","url":"https://bugzilla.suse.com/1103269"},{"category":"self","summary":"SUSE Bug 1106095","url":"https://bugzilla.suse.com/1106095"},{"category":"self","summary":"SUSE Bug 1106434","url":"https://bugzilla.suse.com/1106434"},{"category":"self","summary":"SUSE Bug 1106512","url":"https://bugzilla.suse.com/1106512"},{"category":"self","summary":"SUSE Bug 1106594","url":"https://bugzilla.suse.com/1106594"},{"category":"self","summary":"SUSE Bug 1106934","url":"https://bugzilla.suse.com/1106934"},{"category":"self","summary":"SUSE Bug 1107924","url":"https://bugzilla.suse.com/1107924"},{"category":"self","summary":"SUSE Bug 1108096","url":"https://bugzilla.suse.com/1108096"},{"category":"self","summary":"SUSE Bug 1108170","url":"https://bugzilla.suse.com/1108170"},{"category":"self","summary":"SUSE Bug 1108240","url":"https://bugzilla.suse.com/1108240"},{"category":"self","summary":"SUSE Bug 1108399","url":"https://bugzilla.suse.com/1108399"},{"category":"self","summary":"SUSE Bug 1108803","url":"https://bugzilla.suse.com/1108803"},{"category":"self","summary":"SUSE Bug 1108823","url":"https://bugzilla.suse.com/1108823"},{"category":"self","summary":"SUSE Bug 1109333","url":"https://bugzilla.suse.com/1109333"},{"category":"self","summary":"SUSE Bug 1109336","url":"https://bugzilla.suse.com/1109336"},{"category":"self","summary":"SUSE Bug 1109337","url":"https://bugzilla.suse.com/1109337"},{"category":"self","summary":"SUSE Bug 1109441","url":"https://bugzilla.suse.com/1109441"},{"category":"self","summary":"SUSE Bug 1110297","url":"https://bugzilla.suse.com/1110297"},{"category":"self","summary":"SUSE Bug 1110337","url":"https://bugzilla.suse.com/1110337"},{"category":"self","summary":"SUSE CVE CVE-2018-14613 page","url":"https://www.suse.com/security/cve/CVE-2018-14613/"},{"category":"self","summary":"SUSE CVE CVE-2018-14617 page","url":"https://www.suse.com/security/cve/CVE-2018-14617/"},{"category":"self","summary":"SUSE CVE CVE-2018-16276 page","url":"https://www.suse.com/security/cve/CVE-2018-16276/"},{"category":"self","summary":"SUSE CVE CVE-2018-16597 page","url":"https://www.suse.com/security/cve/CVE-2018-16597/"},{"category":"self","summary":"SUSE CVE CVE-2018-17182 page","url":"https://www.suse.com/security/cve/CVE-2018-17182/"},{"category":"self","summary":"SUSE CVE CVE-2018-7480 page","url":"https://www.suse.com/security/cve/CVE-2018-7480/"},{"category":"self","summary":"SUSE CVE CVE-2018-7757 page","url":"https://www.suse.com/security/cve/CVE-2018-7757/"}],"title":"Security update for the Linux Kernel","tracking":{"current_release_date":"2018-10-04T12:01:39Z","generator":{"date":"2018-10-04T12:01:39Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2018:3004-1","initial_release_date":"2018-10-04T12:01:39Z","revision_history":[{"date":"2018-10-04T12:01:39Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","product":{"name":"kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","product_id":"kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le"}}],"category":"architecture","name":"ppc64le"},{"branches":[{"category":"product_version","name":"kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64","product":{"name":"kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64","product_id":"kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"}}],"category":"architecture","name":"x86_64"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Live Patching 12 SP3","product":{"name":"SUSE Linux Enterprise Live Patching 12 SP3","product_id":"SUSE Linux Enterprise Live Patching 12 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-live-patching:12:sp3"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le as component of SUSE Linux Enterprise Live Patching 12 SP3","product_id":"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le"},"product_reference":"kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 12 SP3"},{"category":"default_component_of","full_product_name":{"name":"kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64 as component of SUSE Linux Enterprise Live Patching 12 SP3","product_id":"SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"},"product_reference":"kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64","relates_to_product_reference":"SUSE Linux Enterprise Live Patching 12 SP3"}]},"vulnerabilities":[{"cve":"CVE-2018-14613","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-14613"}],"notes":[{"category":"general","text":"An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block group item validation in check_leaf_item in fs/btrfs/tree-checker.c.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-14613","url":"https://www.suse.com/security/cve/CVE-2018-14613"},{"category":"external","summary":"SUSE Bug 1102896 for CVE-2018-14613","url":"https://bugzilla.suse.com/1102896"},{"category":"external","summary":"SUSE Bug 1103800 for CVE-2018-14613","url":"https://bugzilla.suse.com/1103800"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":4.4,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"threats":[{"category":"impact","date":"2018-10-04T12:01:39Z","details":"moderate"}],"title":"CVE-2018-14613"},{"cve":"CVE-2018-14617","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-14617"}],"notes":[{"category":"general","text":"An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link) in an hfs+ filesystem that has malformed catalog data, and is mounted read-only without a metadata directory.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-14617","url":"https://www.suse.com/security/cve/CVE-2018-14617"},{"category":"external","summary":"SUSE Bug 1102870 for CVE-2018-14617","url":"https://bugzilla.suse.com/1102870"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"threats":[{"category":"impact","date":"2018-10-04T12:01:39Z","details":"moderate"}],"title":"CVE-2018-14617"},{"cve":"CVE-2018-16276","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16276"}],"notes":[{"category":"general","text":"An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16276","url":"https://www.suse.com/security/cve/CVE-2018-16276"},{"category":"external","summary":"SUSE Bug 1106095 for CVE-2018-16276","url":"https://bugzilla.suse.com/1106095"},{"category":"external","summary":"SUSE Bug 1115593 for CVE-2018-16276","url":"https://bugzilla.suse.com/1115593"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"threats":[{"category":"impact","date":"2018-10-04T12:01:39Z","details":"moderate"}],"title":"CVE-2018-16276"},{"cve":"CVE-2018-16597","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-16597"}],"notes":[{"category":"general","text":"An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-16597","url":"https://www.suse.com/security/cve/CVE-2018-16597"},{"category":"external","summary":"SUSE Bug 1106512 for CVE-2018-16597","url":"https://bugzilla.suse.com/1106512"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.3,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","version":"3.0"},"products":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"threats":[{"category":"impact","date":"2018-10-04T12:01:39Z","details":"moderate"}],"title":"CVE-2018-16597"},{"cve":"CVE-2018-17182","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-17182"}],"notes":[{"category":"general","text":"An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-17182","url":"https://www.suse.com/security/cve/CVE-2018-17182"},{"category":"external","summary":"SUSE Bug 1108399 for CVE-2018-17182","url":"https://bugzilla.suse.com/1108399"},{"category":"external","summary":"SUSE Bug 1110233 for CVE-2018-17182","url":"https://bugzilla.suse.com/1110233"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":7,"baseSeverity":"HIGH","vectorString":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"threats":[{"category":"impact","date":"2018-10-04T12:01:39Z","details":"moderate"}],"title":"CVE-2018-17182"},{"cve":"CVE-2018-7480","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-7480"}],"notes":[{"category":"general","text":"The blkcg_init_queue function in block/blk-cgroup.c in the Linux kernel before 4.11 allows local users to cause a denial of service (double free) or possibly have unspecified other impact by triggering a creation failure.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-7480","url":"https://www.suse.com/security/cve/CVE-2018-7480"},{"category":"external","summary":"SUSE Bug 1082863 for CVE-2018-7480","url":"https://bugzilla.suse.com/1082863"},{"category":"external","summary":"SUSE Bug 1084536 for CVE-2018-7480","url":"https://bugzilla.suse.com/1084536"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":6.7,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"threats":[{"category":"impact","date":"2018-10-04T12:01:39Z","details":"moderate"}],"title":"CVE-2018-7480"},{"cve":"CVE-2018-7757","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2018-7757"}],"notes":[{"category":"general","text":"Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]},"references":[{"category":"external","summary":"CVE-2018-7757","url":"https://www.suse.com/security/cve/CVE-2018-7757"},{"category":"external","summary":"SUSE Bug 1084536 for CVE-2018-7757","url":"https://bugzilla.suse.com/1084536"},{"category":"external","summary":"SUSE Bug 1087082 for CVE-2018-7757","url":"https://bugzilla.suse.com/1087082"},{"category":"external","summary":"SUSE Bug 1087209 for CVE-2018-7757","url":"https://bugzilla.suse.com/1087209"},{"category":"external","summary":"SUSE Bug 1091815 for CVE-2018-7757","url":"https://bugzilla.suse.com/1091815"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"scores":[{"cvss_v3":{"baseScore":5.5,"baseSeverity":"MEDIUM","vectorString":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","version":"3.0"},"products":["SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.ppc64le","SUSE Linux Enterprise Live Patching 12 SP3:kgraft-patch-4_4_156-94_57-default-1-4.3.5.x86_64"]}],"threats":[{"category":"impact","date":"2018-10-04T12:01:39Z","details":"moderate"}],"title":"CVE-2018-7757"}]}