SUSE SLES12 Security Update : kernel (SUSE-SU-2018:3934-1)

High Nessus Plugin ID 119286


The remote SUSE host is missing one or more security updates.


The SUSE Linux Enterprise 12 SP4 kernel for Azure was updated to
receive various security and bugfixes.

The following security bugs were fixed :

CVE-2018-18710: An information leak in cdrom_ioctl_select_disc in
drivers/cdrom/cdrom.c could be used by local attackers to read kernel
memory because a cast from unsigned long to int interferes with bounds
checking. This is similar to CVE-2018-10940 and CVE-2018-16658

CVE-2018-18445: Faulty computation of numeric bounds in the BPF
verifier permits out-of-bounds memory accesses because
adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandled 32-bit
right shifts (bnc#1112372).

CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are
able to access pseudo terminals) to hang/block further usage of any
pseudo terminal devices due to an EXTPROC versus ICANON confusion in
TIOCINQ (bnc#1094825).

CVE-2017-18224: fs/ocfs2/aops.c omits use of a semaphore and
consequently has a race condition for access to the extent tree during
read operations in DIRECT mode, which allowed local users to cause a
denial of service (BUG) by modifying a certain e_cpos field

CVE-2017-16533: The usbhid_parse function in
drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of
service (out-of-bounds read and system crash) or possibly have
unspecified other impact via a crafted USB device (bnc#1066674).

The update package also includes non-security fixes. See advisory for

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.


To install this SUSE Security Update use the SUSE recommended
installation methods like YaST online_update or 'zypper patch'.

Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 12-SP4:zypper in -t patch

See Also

Plugin Details

Severity: High

ID: 119286

File Name: suse_SU-2018-3934-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2018/11/29

Modified: 2018/12/07

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-azure, p-cpe:/a:novell:suse_linux:kernel-azure-base, p-cpe:/a:novell:suse_linux:kernel-azure-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-azure-debuginfo, p-cpe:/a:novell:suse_linux:kernel-azure-debugsource, p-cpe:/a:novell:suse_linux:kernel-azure-devel, p-cpe:/a:novell:suse_linux:kernel-syms-azure, cpe:/o:novell:suse_linux:12

Patch Publication Date: 2018/11/28

Reference Information

CVE: CVE-2017-16533, CVE-2017-18224, CVE-2018-10940, CVE-2018-16658, CVE-2018-18386, CVE-2018-18445, CVE-2018-18710