SUSE-SU-2018:0572-1

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2017-18075

Published: 01 Mar 2018, 16:49

Last modified:04 Feb 2026, 03:32

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

01 Mar 2018, 16:49

Published

Vulnerability first disclosed

04 Feb 2026, 03:32

Last Modified

Vulnerability information updated

Description

Security update for the Linux Kernel (Live Patch 14 for SLE 12 SP2) This update for the Linux Kernel 4.4.90-92_45 fixes several issues. The following security issue was fixed: - CVE-2017-18075: crypto/pcrypt.c in the Linux kernel mishandled freeing instances, allowing a local user able to access the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT) to cause a denial of service (kfree of an incorrect pointer) or possibly have unspecified other impact by executing a crafted sequence of system calls (bsc#1077404). Non security issue fixed: - btrfs: account for pinned bytes in should_alloc_chunk (bsc#1077268)

Affected Systems

suse•kgraft-patch-SLE12-SP2_Update_14&distro=SUSE Linux Enterprise Live Patching 12
< 4-2.1

SUSE-SU-2018:0572-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (4)