SUSE-SU-2018:0834-1
Vulnerability from csaf_suse - Published: 2018-03-28 14:17 - Updated: 2018-03-28 14:17Summary
Security update for the Linux Kernel
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel
Description of the patch:
The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall interface
for bridging. This allowed a privileged user to arbitrarily write to a limited
range of kernel memory (bnc#1085107).
- CVE-2017-18221: The __munlock_pagevec function allowed local users to cause a
denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall
and munlockall system calls (bnc#1084323).
- CVE-2018-1066: Prevent NULL pointer dereference in
fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker controlling a
CIFS server to kernel panic a client that has this server mounted, because an
empty TargetInfo field in an NTLMSSP setup negotiation response was mishandled
during session recovery (bnc#1083640).
- CVE-2017-13166: Prevent elevation of privilege vulnerability in the kernel
v4l2 video driver (bnc#1072865).
- CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose
kernel memory addresses. Successful exploitation required that a USB device was
attached over IP (bnc#1078674).
- CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key that
already exists but is uninstantiated, which allowed local users to cause a
denial of service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via a crafted system call (bnc#1063416).
- CVE-2017-18208: The madvise_willneed function kernel allowed local users to
cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED
for a DAX mapping (bnc#1083494).
- CVE-2018-7566: The ALSA sequencer core initializes the event pool on demand
by invoking snd_seq_pool_init() when the first write happens and the pool is
empty. A user could have reset the pool size manually via ioctl concurrently,
which may have lead UAF or out-of-bound access (bsc#1083483).
- CVE-2017-18204: The ocfs2_setattr function allowed local users to cause a
denial of service (deadlock) via DIO requests (bnc#1083244).
- CVE-2017-16644: The hdpvr_probe function allowed local users to cause a
denial of service (improper error handling and system crash) or possibly have
unspecified other impact via a crafted USB device (bnc#1067118).
- CVE-2018-6927: The futex_requeue function allowed attackers to cause a denial
of service (integer overflow) or possibly have unspecified other impact by
triggering a negative wake or requeue value (bnc#1080757).
- CVE-2017-16914: The 'stub_send_ret_submit()' function allowed attackers to
cause a denial of service (NULL pointer dereference) via a specially crafted
USB over IP packet (bnc#1078669).
- CVE-2016-7915: The hid_input_field function allowed physically proximate
attackers to obtain sensitive information from kernel memory or cause a denial
of service (out-of-bounds read) by connecting a device (bnc#1010470).
- CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions did
unbalanced refcounting when a SCSI I/O vector had small consecutive buffers
belonging to the same page. The bio_add_pc_page function merged them into one,
but the page reference was never dropped. This caused a memory leak and
possible system lockup (exploitable against the host OS by a guest OS user, if
a SCSI disk is passed through to a virtual machine) due to an out-of-memory
condition (bnc#1062568).
- CVE-2017-16912: The 'get_pipe()' function allowed attackers to cause a denial
of service (out-of-bounds read) via a specially crafted USB over IP packet
(bnc#1078673).
- CVE-2017-16913: The 'stub_recv_cmd_submit()' function when handling
CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary
memory allocation) via a specially crafted USB over IP packet (bnc#1078672).
- CVE-2018-5332: The rds_message_alloc_sgs() function did not validate a value
that is used during DMA page allocation, leading to a heap-based out-of-bounds
write (related to the rds_rdma_extra_size function in net/rds/rdma.c)
(bnc#1075621).
- CVE-2018-5333: The rds_cmsg_atomic function in net/rds/rdma.c mishandled
cases where page pinning fails or an invalid address is supplied, leading to an
rds_atomic_free_op NULL pointer dereference (bnc#1075617).
- CVE-2017-18017: The tcpmss_mangle_packet function allowed remote attackers to
cause a denial of service (use-after-free and memory corruption) or possibly
have unspecified other impact by leveraging the presence of xt_TCPMSS in an
iptables action (bnc#1074488).
The following non-security bugs were fixed:
- Fix build on arm64 by defining empty gmb() (bnc#1068032).
- KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).
- KEYS: fix writing past end of user-supplied buffer in keyring_read() (bsc#1066001).
- KEYS: return full count in keyring_read() if buffer is too small (bsc#1066001).
- include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header (bsc#1077560).
- ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).
- ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).
- ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).
- x86/kaiser: use trampoline stack for kernel entry (bsc#1077560)
- leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).
- livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c. Shadow variables support (bsc#1082299).
- livepatch: introduce shadow variable API. Shadow variables support (bsc#1082299)
- media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF (bnc#1012382).
- media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 (bnc#1012382).
- media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 (bnc#1012382).
- media: v4l2-compat-ioctl32.c: do not copy back the result for certain errors (bnc#1012382).
- media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type (bnc#1012382).
- media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).
- media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 (bnc#1012382).
- media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).
- media: v4l2-ioctl.c: do not copy back the result for -ENOTTY (bnc#1012382).
- netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets (bsc#1085107).
- netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).
- packet: only call dev_add_pack() on freshly allocated fanout instances
- pipe: cap initial pipe capacity according to pipe-max-size limit (bsc#1045330).
- x86/espfix: Fix return stack in do_double_fault() (bsc#1085279).
Patchnames: SUSE-SLE-Module-Public-Cloud-12-2018-558,SUSE-SLE-SERVER-12-2018-558
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4.6 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.4 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.2 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
6.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
8.4 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
5.5 (Medium)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
7.3 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall interface\n for bridging. This allowed a privileged user to arbitrarily write to a limited\n range of kernel memory (bnc#1085107).\n- CVE-2017-18221: The __munlock_pagevec function allowed local users to cause a\n denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall\n and munlockall system calls (bnc#1084323).\n- CVE-2018-1066: Prevent NULL pointer dereference in\n fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker controlling a\n CIFS server to kernel panic a client that has this server mounted, because an\n empty TargetInfo field in an NTLMSSP setup negotiation response was mishandled\n during session recovery (bnc#1083640).\n- CVE-2017-13166: Prevent elevation of privilege vulnerability in the kernel\n v4l2 video driver (bnc#1072865).\n- CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose\n kernel memory addresses. Successful exploitation required that a USB device was\n attached over IP (bnc#1078674).\n- CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key that\n already exists but is uninstantiated, which allowed local users to cause a\n denial of service (NULL pointer dereference and system crash) or possibly have\n unspecified other impact via a crafted system call (bnc#1063416).\n- CVE-2017-18208: The madvise_willneed function kernel allowed local users to\n cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED\n for a DAX mapping (bnc#1083494).\n- CVE-2018-7566: The ALSA sequencer core initializes the event pool on demand\n by invoking snd_seq_pool_init() when the first write happens and the pool is\n empty. A user could have reset the pool size manually via ioctl concurrently,\n which may have lead UAF or out-of-bound access (bsc#1083483).\n- CVE-2017-18204: The ocfs2_setattr function allowed local users to cause a\n denial of service (deadlock) via DIO requests (bnc#1083244).\n- CVE-2017-16644: The hdpvr_probe function allowed local users to cause a\n denial of service (improper error handling and system crash) or possibly have\n unspecified other impact via a crafted USB device (bnc#1067118).\n- CVE-2018-6927: The futex_requeue function allowed attackers to cause a denial\n of service (integer overflow) or possibly have unspecified other impact by\n triggering a negative wake or requeue value (bnc#1080757).\n- CVE-2017-16914: The \u0027stub_send_ret_submit()\u0027 function allowed attackers to\n cause a denial of service (NULL pointer dereference) via a specially crafted\n USB over IP packet (bnc#1078669).\n- CVE-2016-7915: The hid_input_field function allowed physically proximate\n attackers to obtain sensitive information from kernel memory or cause a denial\n of service (out-of-bounds read) by connecting a device (bnc#1010470).\n- CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions did\n unbalanced refcounting when a SCSI I/O vector had small consecutive buffers\n belonging to the same page. The bio_add_pc_page function merged them into one,\n but the page reference was never dropped. This caused a memory leak and\n possible system lockup (exploitable against the host OS by a guest OS user, if\n a SCSI disk is passed through to a virtual machine) due to an out-of-memory\n condition (bnc#1062568).\n- CVE-2017-16912: The \u0027get_pipe()\u0027 function allowed attackers to cause a denial\n of service (out-of-bounds read) via a specially crafted USB over IP packet\n (bnc#1078673).\n- CVE-2017-16913: The \u0027stub_recv_cmd_submit()\u0027 function when handling\n CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary\n memory allocation) via a specially crafted USB over IP packet (bnc#1078672).\n- CVE-2018-5332: The rds_message_alloc_sgs() function did not validate a value\n that is used during DMA page allocation, leading to a heap-based out-of-bounds\n write (related to the rds_rdma_extra_size function in net/rds/rdma.c)\n (bnc#1075621).\n- CVE-2018-5333: The rds_cmsg_atomic function in net/rds/rdma.c mishandled\n cases where page pinning fails or an invalid address is supplied, leading to an\n rds_atomic_free_op NULL pointer dereference (bnc#1075617).\n- CVE-2017-18017: The tcpmss_mangle_packet function allowed remote attackers to\n cause a denial of service (use-after-free and memory corruption) or possibly\n have unspecified other impact by leveraging the presence of xt_TCPMSS in an\n iptables action (bnc#1074488).\n\nThe following non-security bugs were fixed:\n\n- Fix build on arm64 by defining empty gmb() (bnc#1068032).\n- KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).\n- KEYS: fix writing past end of user-supplied buffer in keyring_read() (bsc#1066001).\n- KEYS: return full count in keyring_read() if buffer is too small (bsc#1066001).\n- include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header (bsc#1077560).\n- ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).\n- ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).\n- ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).\n- x86/kaiser: use trampoline stack for kernel entry (bsc#1077560)\n- leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).\n- livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c. Shadow variables support (bsc#1082299).\n- livepatch: introduce shadow variable API. Shadow variables support (bsc#1082299)\n- media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: do not copy back the result for certain errors (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: move \u0027helper\u0027 functions to __get/put_v4l2_format32 (bnc#1012382).\n- media: v4l2-compat-ioctl32: Copy v4l2_window-\u003eglobal_alpha (bnc#1012382).\n- media: v4l2-ioctl.c: do not copy back the result for -ENOTTY (bnc#1012382).\n- netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets (bsc#1085107).\n- netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).\n- packet: only call dev_add_pack() on freshly allocated fanout instances\n- pipe: cap initial pipe capacity according to pipe-max-size limit (bsc#1045330).\n- x86/espfix: Fix return stack in do_double_fault() (bsc#1085279).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Module-Public-Cloud-12-2018-558,SUSE-SLE-SERVER-12-2018-558",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0834-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2018:0834-1",
"url": "https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2018:0834-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2018-March/003850.html"
},
{
"category": "self",
"summary": "SUSE Bug 1010470",
"url": "https://bugzilla.suse.com/1010470"
},
{
"category": "self",
"summary": "SUSE Bug 1012382",
"url": "https://bugzilla.suse.com/1012382"
},
{
"category": "self",
"summary": "SUSE Bug 1045330",
"url": "https://bugzilla.suse.com/1045330"
},
{
"category": "self",
"summary": "SUSE Bug 1062568",
"url": "https://bugzilla.suse.com/1062568"
},
{
"category": "self",
"summary": "SUSE Bug 1063416",
"url": "https://bugzilla.suse.com/1063416"
},
{
"category": "self",
"summary": "SUSE Bug 1066001",
"url": "https://bugzilla.suse.com/1066001"
},
{
"category": "self",
"summary": "SUSE Bug 1067118",
"url": "https://bugzilla.suse.com/1067118"
},
{
"category": "self",
"summary": "SUSE Bug 1068032",
"url": "https://bugzilla.suse.com/1068032"
},
{
"category": "self",
"summary": "SUSE Bug 1072689",
"url": "https://bugzilla.suse.com/1072689"
},
{
"category": "self",
"summary": "SUSE Bug 1072865",
"url": "https://bugzilla.suse.com/1072865"
},
{
"category": "self",
"summary": "SUSE Bug 1074488",
"url": "https://bugzilla.suse.com/1074488"
},
{
"category": "self",
"summary": "SUSE Bug 1075617",
"url": "https://bugzilla.suse.com/1075617"
},
{
"category": "self",
"summary": "SUSE Bug 1075621",
"url": "https://bugzilla.suse.com/1075621"
},
{
"category": "self",
"summary": "SUSE Bug 1077560",
"url": "https://bugzilla.suse.com/1077560"
},
{
"category": "self",
"summary": "SUSE Bug 1078669",
"url": "https://bugzilla.suse.com/1078669"
},
{
"category": "self",
"summary": "SUSE Bug 1078672",
"url": "https://bugzilla.suse.com/1078672"
},
{
"category": "self",
"summary": "SUSE Bug 1078673",
"url": "https://bugzilla.suse.com/1078673"
},
{
"category": "self",
"summary": "SUSE Bug 1078674",
"url": "https://bugzilla.suse.com/1078674"
},
{
"category": "self",
"summary": "SUSE Bug 1080255",
"url": "https://bugzilla.suse.com/1080255"
},
{
"category": "self",
"summary": "SUSE Bug 1080464",
"url": "https://bugzilla.suse.com/1080464"
},
{
"category": "self",
"summary": "SUSE Bug 1080757",
"url": "https://bugzilla.suse.com/1080757"
},
{
"category": "self",
"summary": "SUSE Bug 1082299",
"url": "https://bugzilla.suse.com/1082299"
},
{
"category": "self",
"summary": "SUSE Bug 1083244",
"url": "https://bugzilla.suse.com/1083244"
},
{
"category": "self",
"summary": "SUSE Bug 1083483",
"url": "https://bugzilla.suse.com/1083483"
},
{
"category": "self",
"summary": "SUSE Bug 1083494",
"url": "https://bugzilla.suse.com/1083494"
},
{
"category": "self",
"summary": "SUSE Bug 1083640",
"url": "https://bugzilla.suse.com/1083640"
},
{
"category": "self",
"summary": "SUSE Bug 1084323",
"url": "https://bugzilla.suse.com/1084323"
},
{
"category": "self",
"summary": "SUSE Bug 1085107",
"url": "https://bugzilla.suse.com/1085107"
},
{
"category": "self",
"summary": "SUSE Bug 1085114",
"url": "https://bugzilla.suse.com/1085114"
},
{
"category": "self",
"summary": "SUSE Bug 1085279",
"url": "https://bugzilla.suse.com/1085279"
},
{
"category": "self",
"summary": "SUSE Bug 1085447",
"url": "https://bugzilla.suse.com/1085447"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7915 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7915/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-12190 page",
"url": "https://www.suse.com/security/cve/CVE-2017-12190/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-13166 page",
"url": "https://www.suse.com/security/cve/CVE-2017-13166/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-15299 page",
"url": "https://www.suse.com/security/cve/CVE-2017-15299/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16644 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16644/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16911 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16911/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16912 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16912/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16913 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16914 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16914/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18017 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18017/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18204 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18204/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18208 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-18221 page",
"url": "https://www.suse.com/security/cve/CVE-2017-18221/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1066 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1066/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1068 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1068/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5332 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-5333 page",
"url": "https://www.suse.com/security/cve/CVE-2018-5333/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-6927 page",
"url": "https://www.suse.com/security/cve/CVE-2018-6927/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-7566 page",
"url": "https://www.suse.com/security/cve/CVE-2018-7566/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2018-03-28T14:17:49Z",
"generator": {
"date": "2018-03-28T14:17:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2018:0834-1",
"initial_release_date": "2018-03-28T14:17:49Z",
"revision_history": [
{
"date": "2018-03-28T14:17:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-3.12.61-52.125.1.noarch",
"product": {
"name": "kernel-devel-3.12.61-52.125.1.noarch",
"product_id": "kernel-devel-3.12.61-52.125.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-macros-3.12.61-52.125.1.noarch",
"product": {
"name": "kernel-macros-3.12.61-52.125.1.noarch",
"product_id": "kernel-macros-3.12.61-52.125.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-3.12.61-52.125.1.noarch",
"product": {
"name": "kernel-source-3.12.61-52.125.1.noarch",
"product_id": "kernel-source-3.12.61-52.125.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-3.12.61-52.125.1.ppc64le",
"product": {
"name": "kernel-default-3.12.61-52.125.1.ppc64le",
"product_id": "kernel-default-3.12.61-52.125.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-base-3.12.61-52.125.1.ppc64le",
"product": {
"name": "kernel-default-base-3.12.61-52.125.1.ppc64le",
"product_id": "kernel-default-base-3.12.61-52.125.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-3.12.61-52.125.1.ppc64le",
"product": {
"name": "kernel-default-devel-3.12.61-52.125.1.ppc64le",
"product_id": "kernel-default-devel-3.12.61-52.125.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-syms-3.12.61-52.125.1.ppc64le",
"product": {
"name": "kernel-syms-3.12.61-52.125.1.ppc64le",
"product_id": "kernel-syms-3.12.61-52.125.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-default-3.12.61-52.125.1.s390x",
"product": {
"name": "kernel-default-3.12.61-52.125.1.s390x",
"product_id": "kernel-default-3.12.61-52.125.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-base-3.12.61-52.125.1.s390x",
"product": {
"name": "kernel-default-base-3.12.61-52.125.1.s390x",
"product_id": "kernel-default-base-3.12.61-52.125.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-3.12.61-52.125.1.s390x",
"product": {
"name": "kernel-default-devel-3.12.61-52.125.1.s390x",
"product_id": "kernel-default-devel-3.12.61-52.125.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-default-man-3.12.61-52.125.1.s390x",
"product": {
"name": "kernel-default-man-3.12.61-52.125.1.s390x",
"product_id": "kernel-default-man-3.12.61-52.125.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-syms-3.12.61-52.125.1.s390x",
"product": {
"name": "kernel-syms-3.12.61-52.125.1.s390x",
"product_id": "kernel-syms-3.12.61-52.125.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-ec2-3.12.61-52.125.1.x86_64",
"product": {
"name": "kernel-ec2-3.12.61-52.125.1.x86_64",
"product_id": "kernel-ec2-3.12.61-52.125.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"product": {
"name": "kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"product_id": "kernel-ec2-devel-3.12.61-52.125.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"product": {
"name": "kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"product_id": "kernel-ec2-extra-3.12.61-52.125.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-3.12.61-52.125.1.x86_64",
"product": {
"name": "kernel-default-3.12.61-52.125.1.x86_64",
"product_id": "kernel-default-3.12.61-52.125.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-base-3.12.61-52.125.1.x86_64",
"product": {
"name": "kernel-default-base-3.12.61-52.125.1.x86_64",
"product_id": "kernel-default-base-3.12.61-52.125.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-default-devel-3.12.61-52.125.1.x86_64",
"product": {
"name": "kernel-default-devel-3.12.61-52.125.1.x86_64",
"product_id": "kernel-default-devel-3.12.61-52.125.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-3.12.61-52.125.1.x86_64",
"product": {
"name": "kernel-syms-3.12.61-52.125.1.x86_64",
"product_id": "kernel-syms-3.12.61-52.125.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-3.12.61-52.125.1.x86_64",
"product": {
"name": "kernel-xen-3.12.61-52.125.1.x86_64",
"product_id": "kernel-xen-3.12.61-52.125.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-base-3.12.61-52.125.1.x86_64",
"product": {
"name": "kernel-xen-base-3.12.61-52.125.1.x86_64",
"product_id": "kernel-xen-base-3.12.61-52.125.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-xen-devel-3.12.61-52.125.1.x86_64",
"product": {
"name": "kernel-xen-devel-3.12.61-52.125.1.x86_64",
"product_id": "kernel-xen-devel-3.12.61-52.125.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"product_id": "kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64",
"product_id": "kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ec2-3.12.61-52.125.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64"
},
"product_reference": "kernel-ec2-3.12.61-52.125.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ec2-devel-3.12.61-52.125.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64"
},
"product_reference": "kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-ec2-extra-3.12.61-52.125.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64"
},
"product_reference": "kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-3.12.61-52.125.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le"
},
"product_reference": "kernel-default-3.12.61-52.125.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-3.12.61-52.125.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x"
},
"product_reference": "kernel-default-3.12.61-52.125.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-3.12.61-52.125.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64"
},
"product_reference": "kernel-default-3.12.61-52.125.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-3.12.61-52.125.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le"
},
"product_reference": "kernel-default-base-3.12.61-52.125.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-3.12.61-52.125.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x"
},
"product_reference": "kernel-default-base-3.12.61-52.125.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-base-3.12.61-52.125.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64"
},
"product_reference": "kernel-default-base-3.12.61-52.125.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-3.12.61-52.125.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le"
},
"product_reference": "kernel-default-devel-3.12.61-52.125.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-3.12.61-52.125.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x"
},
"product_reference": "kernel-default-devel-3.12.61-52.125.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-devel-3.12.61-52.125.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64"
},
"product_reference": "kernel-default-devel-3.12.61-52.125.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-default-man-3.12.61-52.125.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x"
},
"product_reference": "kernel-default-man-3.12.61-52.125.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-3.12.61-52.125.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch"
},
"product_reference": "kernel-devel-3.12.61-52.125.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-3.12.61-52.125.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch"
},
"product_reference": "kernel-macros-3.12.61-52.125.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-3.12.61-52.125.1.noarch as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch"
},
"product_reference": "kernel-source-3.12.61-52.125.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-3.12.61-52.125.1.ppc64le as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le"
},
"product_reference": "kernel-syms-3.12.61-52.125.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-3.12.61-52.125.1.s390x as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x"
},
"product_reference": "kernel-syms-3.12.61-52.125.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-3.12.61-52.125.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64"
},
"product_reference": "kernel-syms-3.12.61-52.125.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-xen-3.12.61-52.125.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64"
},
"product_reference": "kernel-xen-3.12.61-52.125.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-xen-base-3.12.61-52.125.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64"
},
"product_reference": "kernel-xen-base-3.12.61-52.125.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-xen-devel-3.12.61-52.125.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64"
},
"product_reference": "kernel-xen-devel-3.12.61-52.125.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2016-7915",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7915"
}
],
"notes": [
{
"category": "general",
"text": "The hid_input_field function in drivers/hid/hid-core.c in the Linux kernel before 4.6 allows physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7915",
"url": "https://www.suse.com/security/cve/CVE-2016-7915"
},
{
"category": "external",
"summary": "SUSE Bug 1010470 for CVE-2016-7915",
"url": "https://bugzilla.suse.com/1010470"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2016-7915",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2016-7915"
},
{
"cve": "CVE-2017-12190",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-12190"
}
],
"notes": [
{
"category": "general",
"text": "The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-12190",
"url": "https://www.suse.com/security/cve/CVE-2017-12190"
},
{
"category": "external",
"summary": "SUSE Bug 1062568 for CVE-2017-12190",
"url": "https://bugzilla.suse.com/1062568"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-12190",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-12190"
},
{
"cve": "CVE-2017-13166",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-13166"
}
],
"notes": [
{
"category": "general",
"text": "An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-13166",
"url": "https://www.suse.com/security/cve/CVE-2017-13166"
},
{
"category": "external",
"summary": "SUSE Bug 1072865 for CVE-2017-13166",
"url": "https://bugzilla.suse.com/1072865"
},
{
"category": "external",
"summary": "SUSE Bug 1074488 for CVE-2017-13166",
"url": "https://bugzilla.suse.com/1074488"
},
{
"category": "external",
"summary": "SUSE Bug 1085447 for CVE-2017-13166",
"url": "https://bugzilla.suse.com/1085447"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-13166",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-13166",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-13166"
},
{
"cve": "CVE-2017-15299",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-15299"
}
],
"notes": [
{
"category": "general",
"text": "The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-15299",
"url": "https://www.suse.com/security/cve/CVE-2017-15299"
},
{
"category": "external",
"summary": "SUSE Bug 1063416 for CVE-2017-15299",
"url": "https://bugzilla.suse.com/1063416"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-15299"
},
{
"cve": "CVE-2017-16644",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16644"
}
],
"notes": [
{
"category": "general",
"text": "The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16644",
"url": "https://www.suse.com/security/cve/CVE-2017-16644"
},
{
"category": "external",
"summary": "SUSE Bug 1067118 for CVE-2017-16644",
"url": "https://bugzilla.suse.com/1067118"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16644",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-16644",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1146519 for CVE-2017-16644",
"url": "https://bugzilla.suse.com/1146519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-16644"
},
{
"cve": "CVE-2017-16911",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16911"
}
],
"notes": [
{
"category": "general",
"text": "The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16911",
"url": "https://www.suse.com/security/cve/CVE-2017-16911"
},
{
"category": "external",
"summary": "SUSE Bug 1078674 for CVE-2017-16911",
"url": "https://bugzilla.suse.com/1078674"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16911",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-16911",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "low"
}
],
"title": "CVE-2017-16911"
},
{
"cve": "CVE-2017-16912",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16912"
}
],
"notes": [
{
"category": "general",
"text": "The \"get_pipe()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16912",
"url": "https://www.suse.com/security/cve/CVE-2017-16912"
},
{
"category": "external",
"summary": "SUSE Bug 1078673 for CVE-2017-16912",
"url": "https://bugzilla.suse.com/1078673"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16912",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-16912",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-16912"
},
{
"cve": "CVE-2017-16913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16913"
}
],
"notes": [
{
"category": "general",
"text": "The \"stub_recv_cmd_submit()\" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16913",
"url": "https://www.suse.com/security/cve/CVE-2017-16913"
},
{
"category": "external",
"summary": "SUSE Bug 1078672 for CVE-2017-16913",
"url": "https://bugzilla.suse.com/1078672"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16913",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-16913",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-16913"
},
{
"cve": "CVE-2017-16914",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16914"
}
],
"notes": [
{
"category": "general",
"text": "The \"stub_send_ret_submit()\" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16914",
"url": "https://www.suse.com/security/cve/CVE-2017-16914"
},
{
"category": "external",
"summary": "SUSE Bug 1078669 for CVE-2017-16914",
"url": "https://bugzilla.suse.com/1078669"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-16914",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-16914",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "low"
}
],
"title": "CVE-2017-16914"
},
{
"cve": "CVE-2017-18017",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18017"
}
],
"notes": [
{
"category": "general",
"text": "The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel before 4.11, and 4.9.x before 4.9.36, allows remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18017",
"url": "https://www.suse.com/security/cve/CVE-2017-18017"
},
{
"category": "external",
"summary": "SUSE Bug 1074488 for CVE-2017-18017",
"url": "https://bugzilla.suse.com/1074488"
},
{
"category": "external",
"summary": "SUSE Bug 1080255 for CVE-2017-18017",
"url": "https://bugzilla.suse.com/1080255"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-18017",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-18017",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 971126 for CVE-2017-18017",
"url": "https://bugzilla.suse.com/971126"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-18017"
},
{
"cve": "CVE-2017-18204",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18204"
}
],
"notes": [
{
"category": "general",
"text": "The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18204",
"url": "https://www.suse.com/security/cve/CVE-2017-18204"
},
{
"category": "external",
"summary": "SUSE Bug 1083244 for CVE-2017-18204",
"url": "https://bugzilla.suse.com/1083244"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-18204"
},
{
"cve": "CVE-2017-18208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18208"
}
],
"notes": [
{
"category": "general",
"text": "The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18208",
"url": "https://www.suse.com/security/cve/CVE-2017-18208"
},
{
"category": "external",
"summary": "SUSE Bug 1083494 for CVE-2017-18208",
"url": "https://bugzilla.suse.com/1083494"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-18208",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2017-18208",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-18208"
},
{
"cve": "CVE-2017-18221",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-18221"
}
],
"notes": [
{
"category": "general",
"text": "The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-18221",
"url": "https://www.suse.com/security/cve/CVE-2017-18221"
},
{
"category": "external",
"summary": "SUSE Bug 1084323 for CVE-2017-18221",
"url": "https://bugzilla.suse.com/1084323"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2017-18221"
},
{
"cve": "CVE-2018-1066",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1066"
}
],
"notes": [
{
"category": "general",
"text": "The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1066",
"url": "https://www.suse.com/security/cve/CVE-2018-1066"
},
{
"category": "external",
"summary": "SUSE Bug 1083640 for CVE-2018-1066",
"url": "https://bugzilla.suse.com/1083640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-1066"
},
{
"cve": "CVE-2018-1068",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1068"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux 4.x kernel\u0027s implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1068",
"url": "https://www.suse.com/security/cve/CVE-2018-1068"
},
{
"category": "external",
"summary": "SUSE Bug 1085107 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1085107"
},
{
"category": "external",
"summary": "SUSE Bug 1085114 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1085114"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1123903 for CVE-2018-1068",
"url": "https://bugzilla.suse.com/1123903"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "important"
}
],
"title": "CVE-2018-1068"
},
{
"cve": "CVE-2018-5332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 3.2, the rds_message_alloc_sgs() function does not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5332",
"url": "https://www.suse.com/security/cve/CVE-2018-5332"
},
{
"category": "external",
"summary": "SUSE Bug 1075621 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1075621"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1091815"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2018-5332",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.6,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "low"
}
],
"title": "CVE-2018-5332"
},
{
"cve": "CVE-2018-5333",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-5333"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-5333",
"url": "https://www.suse.com/security/cve/CVE-2018-5333"
},
{
"category": "external",
"summary": "SUSE Bug 1075617 for CVE-2018-5333",
"url": "https://bugzilla.suse.com/1075617"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-5333",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "low"
}
],
"title": "CVE-2018-5333"
},
{
"cve": "CVE-2018-6927",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-6927"
}
],
"notes": [
{
"category": "general",
"text": "The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-6927",
"url": "https://www.suse.com/security/cve/CVE-2018-6927"
},
{
"category": "external",
"summary": "SUSE Bug 1080757 for CVE-2018-6927",
"url": "https://bugzilla.suse.com/1080757"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-6927",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-6927"
},
{
"cve": "CVE-2018-7566",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-7566"
}
],
"notes": [
{
"category": "general",
"text": "The Linux kernel 4.15 has a Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-7566",
"url": "https://www.suse.com/security/cve/CVE-2018-7566"
},
{
"category": "external",
"summary": "SUSE Bug 1083483 for CVE-2018-7566",
"url": "https://bugzilla.suse.com/1083483"
},
{
"category": "external",
"summary": "SUSE Bug 1083488 for CVE-2018-7566",
"url": "https://bugzilla.suse.com/1083488"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2018-7566",
"url": "https://bugzilla.suse.com/1087082"
},
{
"category": "external",
"summary": "SUSE Bug 1091815 for CVE-2018-7566",
"url": "https://bugzilla.suse.com/1091815"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:kernel-ec2-extra-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-default-man-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-devel-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-macros-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-source-3.12.61-52.125.1.noarch",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.ppc64le",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.s390x",
"SUSE Linux Enterprise Server 12-LTSS:kernel-syms-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-base-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kernel-xen-devel-3.12.61-52.125.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-default-1-1.3.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_125-xen-1-1.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2018-03-28T14:17:49Z",
"details": "moderate"
}
],
"title": "CVE-2018-7566"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…