[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2018:0841-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":32,"duplicates":33,"related":34,"reserved_at":9,"published_at":44,"modified_at":45,"state":9,"summary":46,"references_raw":48,"kevs":293,"epss":9,"epss_history":294,"metrics":295,"affected":296},"SUSE-SU-2018:0841-1","Security update for the Linux Kernel\n\n\n\nThe SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).\n\n  The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.\n\n- CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver, i40e/i40evf driver and the DPDK, additionally multiple vendor NIC firmware is affected (bnc#1077355).\n- CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908).\n- CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).\n- CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).\n- CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922).\n- CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).\n- CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).\n- CVE-2018-5333: In the Linux kernel rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).\n\nThe following non-security bugs were fixed:\n\n- Add proper NX hadnling for !NX-capable systems also to kaiser_add_user_map(). (bsc#1076278).\n- alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1045538).\n- alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538).\n- alsa: aloop: Release cable upon open error path (bsc#1045538).\n- alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1045538).\n- alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1045538).\n- alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1045538).\n- alsa: pcm: Remove incorrect snd_BUG_ON() usages (bsc#1045538).\n- alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538).\n- btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction (FATE#325056).\n- btrfs: copy fsid to super_block s_uuid (bsc#1080774).\n- btrfs: do not wait for all the writers circularly during the transaction commit (FATE#325056).\n- btrfs: do not WARN() in btrfs_transaction_abort() for IO errors (bsc#1080363).\n- btrfs: fix two use-after-free bugs with transaction cleanup (FATE#325056).\n- btrfs: make the state of the transaction more readable (FATE#325056).\n- btrfs: qgroup: exit the rescan worker during umount (bsc#1080685).\n- btrfs: qgroup: Fix dead judgement on qgroup_rescan_leaf() return value (bsc#1080685).\n- btrfs: reset intwrite on transaction abort (FATE#325056).\n- btrfs: set qgroup_ulist to be null after calling ulist_free() (bsc#1080359).\n- btrfs: stop waiting on current trans if we aborted (FATE#325056).\n- cdc-acm: apply quirk for card reader (bsc#1060279).\n- cdrom: factor out common open_for_* code (bsc#1048585).\n- cdrom: wait for tray to close (bsc#1048585).\n- delay: add poll_event_interruptible (bsc#1048585).\n- dm flakey: add corrupt_bio_byte feature (bsc#1080372).\n- dm flakey: add drop_writes (bsc#1080372).\n- dm flakey: error READ bios during the down_interval (bsc#1080372).\n- dm flakey: fix crash on read when corrupt_bio_byte not set (bsc#1080372).\n- dm flakey: fix reads to be issued if drop_writes configured (bsc#1080372).\n- dm flakey: introduce 'error_writes' feature (bsc#1080372).\n- dm flakey: support feature args (bsc#1080372).\n- dm flakey: use dm_target_offset and support discards (bsc#1080372).\n- ext2: free memory allocated and forget buffer head when io error happens (bnc#1069508).\n- ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n- ext3: add necessary check in case IO error happens (bnc#1069508).\n- ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508).\n- fork: clear thread stack upon allocation (bsc#1077560).\n- kabi/severities ignore Cell-specific symbols\n- kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz\n- kaiser: fix ia32 compat sysexit (bsc#1080579) sysexit_from_sys_call cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCH_USER_CR3_NO_STACK method to flip the pagetable hierarchy.\n- kaiser: Fix trampoline stack loading issue on XEN PV\n- kaiser: handle non-accessible stack in sysretl_from_sys_call properly (bsc#bsc#1080579)\n- kaiser: make sure not to touch stack after CR3 switch in compat syscall return\n- kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry (bsc#1080579)\n- kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032).\n- keys: trusted: fix writing past end of buffer in trusted_read() (bsc#1074880).\n- media: omap_vout: Fix a possible null pointer dereference in omap_vout_open() (bsc#1050431).\n- mISDN: fix a loop count (bsc#1077191).\n- mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500).\n- nfsd: do not share group_info among threads (bsc@1070623).\n- ocfs2: avoid blocking in ocfs2_mark_lockres_freeing() in downconvert thread (bsc#1076437).\n- ocfs2: do not set OCFS2_LOCK_UPCONVERT_FINISHING if nonblocking lock can not be granted at once (bsc#1076437).\n- ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with ocfs2_unblock_lock (bsc#962257).\n- powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075088).\n- powerpc/64: Convert fast_exception_return to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088).\n- powerpc/64: Convert the syscall exit path to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088).\n- powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075088).\n- powerpc/64s: Add support for RFI flush of L1-D cache  (bsc#1068032, bsc#1075088).\n- powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032,  bsc#1075088).\n- powerpc/64s: Convert slb_miss_common to use RFI_TO_USER/KERNEL (bsc#1068032, bsc#1075088).\n- powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088).\n- powerpc/64s: Support disabling RFI flush with no_rfi_flush and nopti (bsc#1068032, bsc#1075088).\n- powerpc/64s: Wire up cpu_show_meltdown() (bsc#1068032).\n- powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075088).\n- powerpc: Fix register clobbering when accumulating stolen time (bsc#1059174).\n- powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487).\n- powerpc: Mark CONFIG_PPC_DEBUG_RFI as BROKEN (bsc#1075088).\n- powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619, git-fixes).\n- powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133).\n- powerpc/pseries: Add H_GET_CPU_CHARACTERISTICS flags & wrapper (bsc#1068032, bsc#1075088).\n- powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075088).\n- powerpc/pseries: Introduce H_GET_CPU_CHARACTERISTICS (bsc#1068032, bsc#1075088).\n- powerpc/pseries: Kill all prefetch streams on context switch (bsc#1068032, bsc#1075088).\n- powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032,  bsc#1075088).\n- powerpc/pseries: rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1068032, bsc#1075088).\n- powerpc/pseries/rfi-flush: Call setup_rfi_flush() after LPM migration (bsc#1075088).\n- powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088).\n- powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032,  bsc#1075088).\n- powerpc/rfi-flush: Factor out init_fallback_flush() (bsc#1075088).\n- powerpc/rfi-flush: Make setup_rfi_flush() not __init (bsc#1075088).\n- powerpc/rfi-flush: Move RFI flush fields out of the paca  (unbreak kABI) (bsc#1068032, bsc#1075088).\n- powerpc/rfi-flush: Move the logic to avoid a redo into the  sysfs code (bsc#1068032, bsc#1075088).\n- powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1075088).\n- powerpc/vdso64: Use double word compare on pointers (bsc#1070781).\n- rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088).\n- rfi-flush: Move rfi_flush_fallback_area to end of paca (bsc#1075088).\n- rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1075088).\n- rfi-flush: Switch to new linear fallback flush (bsc#1068032, bsc#1075088).\n- s390: add ppa to the idle loop (bnc#1077406, LTC#163910).\n- s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741).\n- scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875).\n- scsi: sr: wait for the medium to become ready (bsc#1048585).\n- scsi: virtio_scsi: let host do exception handling (bsc#936530,bsc#1060682).\n- storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410).\n- sysfs/cpu: Add vulnerability folder (bnc#1012382).\n- sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).\n- sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).\n- Update config files: enable CPU vulnerabilities reporting via sysfs\n- x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984).\n- x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984).\n- x86/boot: Fix early command-line parsing when matching at end (bsc#1068032).\n- x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091).\n- x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).\n- x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).\n- x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278).\n- x86/kaiser: use trampoline stack for kernel entry.\n- x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305).\n- x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305).\n- x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091).\n- x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032).\n- x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091).\n- x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091).\n- x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30],{"_key":15},"CVE-2015-1142857",{"_key":17},"CVE-2017-13215",{"_key":19},"CVE-2017-17741",{"_key":21},"CVE-2017-18017",{"_key":23},"CVE-2017-18079",{"_key":25},"CVE-2017-5715",{"_key":27},"CVE-2018-1000004",{"_key":29},"CVE-2018-5332",{"_key":31},"CVE-2018-5333",[],[],[35,36,37,38,39,40,41,42,43],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},"2018-03-29T09:58:40Z","2026-02-04T03:48:02.362961Z",{"cisa_kev":47,"cisa_ransomware":47,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[49,55,60,64,68,72,76,80,84,88,92,96,100,104,108,112,116,120,124,128,132,136,140,144,148,152,156,160,164,168,172,176,180,184,188,192,196,200,204,208,212,216,220,224,228,232,236,240,244,248,252,256,261,265,269,273,277,281,285,289],{"url":50,"sources":51,"tags":53},"https://www.suse.com/support/update/announcement/2018/suse-su-20180841-1/",[52],"osv_suse",[54],"Advisory",{"url":56,"sources":57,"tags":58},"https://bugzilla.suse.com/1012382",[52],[59],"REPORT",{"url":61,"sources":62,"tags":63},"https://bugzilla.suse.com/1045538",[52],[59],{"url":65,"sources":66,"tags":67},"https://bugzilla.suse.com/1048585",[52],[59],{"url":69,"sources":70,"tags":71},"https://bugzilla.suse.com/1049128",[52],[59],{"url":73,"sources":74,"tags":75},"https://bugzilla.suse.com/1050431",[52],[59],{"url":77,"sources":78,"tags":79},"https://bugzilla.suse.com/1054305",[52],[59],{"url":81,"sources":82,"tags":83},"https://bugzilla.suse.com/1059174",[52],[59],{"url":85,"sources":86,"tags":87},"https://bugzilla.suse.com/1060279",[52],[59],{"url":89,"sources":90,"tags":91},"https://bugzilla.suse.com/1060682",[52],[59],{"url":93,"sources":94,"tags":95},"https://bugzilla.suse.com/1063544",[52],[59],{"url":97,"sources":98,"tags":99},"https://bugzilla.suse.com/1064861",[52],[59],{"url":101,"sources":102,"tags":103},"https://bugzilla.suse.com/1068032",[52],[59],{"url":105,"sources":106,"tags":107},"https://bugzilla.suse.com/1068984",[52],[59],{"url":109,"sources":110,"tags":111},"https://bugzilla.suse.com/1069508",[52],[59],{"url":113,"sources":114,"tags":115},"https://bugzilla.suse.com/1070623",[52],[59],{"url":117,"sources":118,"tags":119},"https://bugzilla.suse.com/1070781",[52],[59],{"url":121,"sources":122,"tags":123},"https://bugzilla.suse.com/1073311",[52],[59],{"url":125,"sources":126,"tags":127},"https://bugzilla.suse.com/1074488",[52],[59],{"url":129,"sources":130,"tags":131},"https://bugzilla.suse.com/1074621",[52],[59],{"url":133,"sources":134,"tags":135},"https://bugzilla.suse.com/1074880",[52],[59],{"url":137,"sources":138,"tags":139},"https://bugzilla.suse.com/1075088",[52],[59],{"url":141,"sources":142,"tags":143},"https://bugzilla.suse.com/1075091",[52],[59],{"url":145,"sources":146,"tags":147},"https://bugzilla.suse.com/1075410",[52],[59],{"url":149,"sources":150,"tags":151},"https://bugzilla.suse.com/1075617",[52],[59],{"url":153,"sources":154,"tags":155},"https://bugzilla.suse.com/1075621",[52],[59],{"url":157,"sources":158,"tags":159},"https://bugzilla.suse.com/1075908",[52],[59],{"url":161,"sources":162,"tags":163},"https://bugzilla.suse.com/1075994",[52],[59],{"url":165,"sources":166,"tags":167},"https://bugzilla.suse.com/1076017",[52],[59],{"url":169,"sources":170,"tags":171},"https://bugzilla.suse.com/1076154",[52],[59],{"url":173,"sources":174,"tags":175},"https://bugzilla.suse.com/1076278",[52],[59],{"url":177,"sources":178,"tags":179},"https://bugzilla.suse.com/1076437",[52],[59],{"url":181,"sources":182,"tags":183},"https://bugzilla.suse.com/1076849",[52],[59],{"url":185,"sources":186,"tags":187},"https://bugzilla.suse.com/1077191",[52],[59],{"url":189,"sources":190,"tags":191},"https://bugzilla.suse.com/1077355",[52],[59],{"url":193,"sources":194,"tags":195},"https://bugzilla.suse.com/1077406",[52],[59],{"url":197,"sources":198,"tags":199},"https://bugzilla.suse.com/1077487",[52],[59],{"url":201,"sources":202,"tags":203},"https://bugzilla.suse.com/1077560",[52],[59],{"url":205,"sources":206,"tags":207},"https://bugzilla.suse.com/1077922",[52],[59],{"url":209,"sources":210,"tags":211},"https://bugzilla.suse.com/1078875",[52],[59],{"url":213,"sources":214,"tags":215},"https://bugzilla.suse.com/1079917",[52],[59],{"url":217,"sources":218,"tags":219},"https://bugzilla.suse.com/1080133",[52],[59],{"url":221,"sources":222,"tags":223},"https://bugzilla.suse.com/1080359",[52],[59],{"url":225,"sources":226,"tags":227},"https://bugzilla.suse.com/1080363",[52],[59],{"url":229,"sources":230,"tags":231},"https://bugzilla.suse.com/1080372",[52],[59],{"url":233,"sources":234,"tags":235},"https://bugzilla.suse.com/1080579",[52],[59],{"url":237,"sources":238,"tags":239},"https://bugzilla.suse.com/1080685",[52],[59],{"url":241,"sources":242,"tags":243},"https://bugzilla.suse.com/1080774",[52],[59],{"url":245,"sources":246,"tags":247},"https://bugzilla.suse.com/1081500",[52],[59],{"url":249,"sources":250,"tags":251},"https://bugzilla.suse.com/936530",[52],[59],{"url":253,"sources":254,"tags":255},"https://bugzilla.suse.com/962257",[52],[59],{"url":257,"sources":258,"tags":259},"https://www.suse.com/security/cve/CVE-2015-1142857",[52],[260],"WEB",{"url":262,"sources":263,"tags":264},"https://www.suse.com/security/cve/CVE-2017-13215",[52],[260],{"url":266,"sources":267,"tags":268},"https://www.suse.com/security/cve/CVE-2017-17741",[52],[260],{"url":270,"sources":271,"tags":272},"https://www.suse.com/security/cve/CVE-2017-18017",[52],[260],{"url":274,"sources":275,"tags":276},"https://www.suse.com/security/cve/CVE-2017-18079",[52],[260],{"url":278,"sources":279,"tags":280},"https://www.suse.com/security/cve/CVE-2017-5715",[52],[260],{"url":282,"sources":283,"tags":284},"https://www.suse.com/security/cve/CVE-2018-1000004",[52],[260],{"url":286,"sources":287,"tags":288},"https://www.suse.com/security/cve/CVE-2018-5332",[52],[260],{"url":290,"sources":291,"tags":292},"https://www.suse.com/security/cve/CVE-2018-5333",[52],[260],[],[],[],[297,310,315,320],{"ecosystem":298,"name":299,"vendor":300,"product":301,"cpe_part":9,"purl_type":302,"purl_namespace":300,"purl_name":301,"source":9,"versions":303},"SUSE Linux Enterprise","kernel-rt_trace","suse","kernel-rt_trace&distro=SUSE Linux Enterprise Real Time 11 SP4","rpm",[304],{"version":305,"is_range":306,"range_type":307,"version_start":9,"version_start_type":9,"version_end":308,"version_end_type":309,"fixed_in":9},"lt3_0_101_rt130_69_21_1",true,"ecosystem","3.0.101.rt130-69.21.1","excluding",{"ecosystem":298,"name":311,"vendor":300,"product":312,"cpe_part":9,"purl_type":302,"purl_namespace":300,"purl_name":312,"source":9,"versions":313},"kernel-rt","kernel-rt&distro=SUSE Linux Enterprise Real Time 11 SP4",[314],{"version":305,"is_range":306,"range_type":307,"version_start":9,"version_start_type":9,"version_end":308,"version_end_type":309,"fixed_in":9},{"ecosystem":298,"name":316,"vendor":300,"product":317,"cpe_part":9,"purl_type":302,"purl_namespace":300,"purl_name":317,"source":9,"versions":318},"kernel-source-rt","kernel-source-rt&distro=SUSE Linux Enterprise Real Time 11 SP4",[319],{"version":305,"is_range":306,"range_type":307,"version_start":9,"version_start_type":9,"version_end":308,"version_end_type":309,"fixed_in":9},{"ecosystem":298,"name":321,"vendor":300,"product":322,"cpe_part":9,"purl_type":302,"purl_namespace":300,"purl_name":322,"source":9,"versions":323},"kernel-syms-rt","kernel-syms-rt&distro=SUSE Linux Enterprise Real Time 11 SP4",[324],{"version":305,"is_range":306,"range_type":307,"version_start":9,"version_start_type":9,"version_end":308,"version_end_type":309,"fixed_in":9}]