Описание
Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP2)
This update for the Linux Kernel 4.4.114-92_64 fixes one issue.
The following security issue was fixed:
- CVE-2018-5848: Fixed an unsigned integer overflow in wmi_set_ie. This could lead to a buffer overflow (bsc#1097356).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-LTSS
kgraft-patch-4_4_120-92_70-default-9-2.1
kgraft-patch-4_4_121-92_73-default-8-2.1
kgraft-patch-4_4_121-92_80-default-8-2.1
kgraft-patch-4_4_103-92_56-default-12-2.1
kgraft-patch-4_4_103-92_53-default-12-2.1
kgraft-patch-4_4_114-92_67-default-10-2.1
kgraft-patch-4_4_114-92_64-default-10-2.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
kgraft-patch-4_4_120-92_70-default-9-2.1
kgraft-patch-4_4_121-92_73-default-8-2.1
kgraft-patch-4_4_121-92_80-default-8-2.1
kgraft-patch-4_4_103-92_56-default-12-2.1
kgraft-patch-4_4_103-92_53-default-12-2.1
kgraft-patch-4_4_114-92_67-default-10-2.1
kgraft-patch-4_4_114-92_64-default-10-2.1
Ссылки
- Link for SUSE-SU-2018:4127-1
- E-Mail link for SUSE-SU-2018:4127-1
- SUSE Security Ratings
- SUSE Bug 1097356
- SUSE CVE CVE-2018-5848 page
Описание
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_53-default-12-2.1
SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_103-92_56-default-12-2.1
SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_114-92_64-default-10-2.1
SUSE Linux Enterprise Server 12 SP2-LTSS:kgraft-patch-4_4_114-92_67-default-10-2.1
Ссылки
- CVE-2018-5848
- SUSE Bug 1087082
- SUSE Bug 1097356
- SUSE Bug 1105412
- SUSE Bug 1115339