The openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes.

The following security bugs were fixed :

  - CVE-2018-3639: Systems with microprocessors utilizing     speculative execution and speculative execution of     memory reads before the addresses of all prior memory     writes are known may allow unauthorized disclosure of     information to an attacker with local user access via a     side-channel analysis, aka Speculative Store Bypass     (SSB), Variant 4 (bsc#1085308 bsc#1087082) This update     improves the previous Spectre Variant 4 fixes and also     mitigates them on the ARM architecture.

  - CVE-2018-3665: The FPU state and registers of x86 CPUs     were saved and restored in a lazy fashion, which opened     its disclosure by speculative side channel attacks. This     has been fixed by replacing the lazy save/restore by     eager saving and restoring (bnc#1087086)

  - CVE-2018-5848: In the function wmi_set_ie(), the length     validation code did not handle unsigned integer overflow     properly. As a result, a large value of the 'ie_len'     argument can cause a buffer overflow (bnc#1097356).

  - CVE-2017-18249: The add_free_nid function in     fs/f2fs/node.c did not properly track an allocated nid,     which allowed local users to cause a denial of service     (race condition) or possibly have unspecified other     impact via concurrent threads (bnc#1087036).

  - CVE-2017-18241: fs/f2fs/segment.c kernel allowed local     users to cause a denial of service (NULL pointer     dereference and panic) by using a noflush_merge option     that triggers a NULL value for a flush_cmd_control data     structure (bnc#1086400).

  - CVE-2017-17741: The KVM implementation allowed attackers     to obtain potentially sensitive information from kernel     memory, aka a write_mmio stack-based out-of-bounds read,     related to arch/x86/kvm/x86.c and     include/trace/events/kvm.h (bnc#1073311 1091815).

  - CVE-2017-13305: A information disclosure vulnerability     in the encrypted-keys. (bnc#1094353).

  - CVE-2018-1093: The ext4_valid_block_bitmap function in     fs/ext4/balloc.c allowed attackers to cause a denial of     service (out-of-bounds read and system crash) via a     crafted ext4 image because balloc.c and ialloc.c do not     validate bitmap block numbers (bnc#1087095).

  - CVE-2018-1094: The ext4_fill_super function in     fs/ext4/super.c did not always initialize the crc32c     checksum driver, which allowed attackers to cause a     denial of service (ext4_xattr_inode_hash NULL pointer     dereference and system crash) via a crafted ext4 image     (bnc#1087007 1092903).

  - CVE-2018-1092: The ext4_iget function in fs/ext4/inode.c     mishandled the case of a root directory with a zero     i_links_count, which allowed attackers to cause a denial     of service (ext4_process_freed_data NULL pointer     dereference and OOPS) via a crafted ext4 image     (bnc#1087012).

  - CVE-2018-12233: In the ea_get function in     fs/jfs/xattr.c, a memory corruption bug in JFS could be     triggered by calling setxattr twice with two different     extended attribute names on the same file. This     vulnerability can be triggered by an unprivileged user     with the ability to create files and execute programs. A     kmalloc call is incorrect, leading to slab-out-of-bounds     in jfs_xattr. (bsc#1097234)

Detections

Analytics

openSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre)

high Nessus Plugin ID 110658

Version 1.9

Version 1.8

Version 1.7

Version 1.9 Jan 12, 2026, 2:57 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Exploit attributes ("Exploit framework core" set to "True") Plugin Feed: 202601121457
Version 1.8 Sep 18, 2024, 9:15 PM Plugin metadata (Removed non-security fixes from plugin description) Plugin Feed: 202409182115
Version 1.7 Sep 17, 2024, 8:01 AM CVSS metrics ("CVSSv2 score" set to 6.8) CVSS metrics ("CVSSv2 vector" set to "CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P") CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H") CVSSv2 score source (set to "CVE-2018-12233") CVSSv2 severity (based on CVE-2018-12233, severity decreased from "High" to "Medium") CVSSv3 score source (set to "CVE-2018-5848") Plugin Feed: 202409170801