[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-SUSE-SU-2018:1172-1":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T08:53:30.047Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":54,"duplicates":55,"related":56,"reserved_at":9,"published_at":77,"modified_at":78,"state":9,"summary":79,"references_raw":81,"kevs":294,"epss":9,"epss_history":295,"metrics":296,"affected":297},"SUSE-SU-2018:1172-1","Security update for the Linux Kernel\n\n\n\nThe SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088)\n- CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088)\n- CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752).\n- CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608).\n- CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536 1087209).\n- CVE-2018-7566: A Buffer Overflow via an SNDRV_SEQ_IOCTL_SET_CLIENT_POOL ioctl write operation to /dev/snd/seq by a local user was fixed (bnc#1083483).\n- CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260).\n- CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162).\n- CVE-2017-13166: An elevation of privilege vulnerability in the kernel v4l2 video driver. (bnc#1072865).\n- CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242).\n- CVE-2017-16911: The vhci_hcd driver allowed allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP (bnc#1078674).\n- CVE-2017-18208: The madvise_willneed function in mm/madvise.c allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).\n- CVE-2017-16644: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118).\n- CVE-2018-6927: The futex_requeue function in kernel/futex.c might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757).\n- CVE-2017-16914: The 'stub_send_ret_submit()' function (drivers/usb/usbip/stub_tx.c) allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669).\n- CVE-2016-7915: The hid_input_field function in drivers/hid/hid-core.c allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device, as demonstrated by a Logitech DJ receiver (bnc#1010470).\n- CVE-2015-5156: The virtnet_probe function in drivers/net/virtio_net.c attempted to support a FRAGLIST feature without proper memory allocation, which allowed guest OS users to cause a denial of service (buffer overflow and memory corruption) via a crafted sequence of fragmented packets (bnc#940776).\n- CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions in block/bio.c did unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568).\n- CVE-2017-16912: The 'get_pipe()' function (drivers/usb/usbip/stub_rx.c) allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673).\n- CVE-2017-16913: The 'stub_recv_cmd_submit()' function (drivers/usb/usbip/stub_rx.c) when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672).\n\nThe following non-security bugs were fixed:\n\n- Integrate fixes resulting from bsc#1088147 More info in the respective commit messages.\n- KABI: x86/kaiser: properly align trampoline stack.\n- KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).\n- ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).\n- ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).\n- ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).\n- kvm/x86: fix icebp instruction handling (bsc#1087088).\n- leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).\n- mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack (bnc#1039348).\n- x86-64: Move the 'user' vsyscall segment out of the data segment (bsc#1082424).\n- x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).\n- x86/kaiser: properly align trampoline stack (bsc#1087260).\n- x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331).\n- xfs: check for buffer errors before waiting (bsc#1052943).\n- xfs: fix allocbt cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762).\n- xfs: really fix the cursor leak in xfs_alloc_ag_vextent_near (bsc#1087762).\n",null,[],[],[],[14,16,18,20,22,24,26,28,30,32,34,36,38,40,42,44,46,48,50,52],{"_key":15},"CVE-2015-5156",{"_key":17},"CVE-2016-7915",{"_key":19},"CVE-2017-0861",{"_key":21},"CVE-2017-12190",{"_key":23},"CVE-2017-13166",{"_key":25},"CVE-2017-16644",{"_key":27},"CVE-2017-16911",{"_key":29},"CVE-2017-16912",{"_key":31},"CVE-2017-16913",{"_key":33},"CVE-2017-16914",{"_key":35},"CVE-2017-18203",{"_key":37},"CVE-2017-18208",{"_key":39},"CVE-2018-10087",{"_key":41},"CVE-2018-10124",{"_key":43},"CVE-2018-1087",{"_key":45},"CVE-2018-6927",{"_key":47},"CVE-2018-7566",{"_key":49},"CVE-2018-7757",{"_key":51},"CVE-2018-8822",{"_key":53},"CVE-2018-8897",[],[],[57,58,59,60,61,62,63,64,65,66,67,68,69,70,71,72,73,74,75,76],{"_key":15},{"_key":17},{"_key":19},{"_key":21},{"_key":23},{"_key":25},{"_key":27},{"_key":29},{"_key":31},{"_key":33},{"_key":35},{"_key":37},{"_key":39},{"_key":41},{"_key":43},{"_key":45},{"_key":47},{"_key":49},{"_key":51},{"_key":53},"2018-05-08T17:33:21Z","2026-02-04T02:36:02.746290Z",{"cisa_kev":80,"cisa_ransomware":80,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[82,88,93,97,101,105,109,113,117,121,125,129,133,137,141,145,149,153,157,161,165,169,173,177,181,185,189,193,197,201,205,209,213,218,222,226,230,234,238,242,246,250,254,258,262,266,270,274,278,282,286,290],{"url":83,"sources":84,"tags":86},"https://www.suse.com/support/update/announcement/2018/suse-su-20181172-1/",[85],"osv_suse",[87],"Advisory",{"url":89,"sources":90,"tags":91},"https://bugzilla.suse.com/1010470",[85],[92],"REPORT",{"url":94,"sources":95,"tags":96},"https://bugzilla.suse.com/1039348",[85],[92],{"url":98,"sources":99,"tags":100},"https://bugzilla.suse.com/1052943",[85],[92],{"url":102,"sources":103,"tags":104},"https://bugzilla.suse.com/1062568",[85],[92],{"url":106,"sources":107,"tags":108},"https://bugzilla.suse.com/1062840",[85],[92],{"url":110,"sources":111,"tags":112},"https://bugzilla.suse.com/1063416",[85],[92],{"url":114,"sources":115,"tags":116},"https://bugzilla.suse.com/1067118",[85],[92],{"url":118,"sources":119,"tags":120},"https://bugzilla.suse.com/1072689",[85],[92],{"url":122,"sources":123,"tags":124},"https://bugzilla.suse.com/1072865",[85],[92],{"url":126,"sources":127,"tags":128},"https://bugzilla.suse.com/1078669",[85],[92],{"url":130,"sources":131,"tags":132},"https://bugzilla.suse.com/1078672",[85],[92],{"url":134,"sources":135,"tags":136},"https://bugzilla.suse.com/1078673",[85],[92],{"url":138,"sources":139,"tags":140},"https://bugzilla.suse.com/1078674",[85],[92],{"url":142,"sources":143,"tags":144},"https://bugzilla.suse.com/1080464",[85],[92],{"url":146,"sources":147,"tags":148},"https://bugzilla.suse.com/1080757",[85],[92],{"url":150,"sources":151,"tags":152},"https://bugzilla.suse.com/1082424",[85],[92],{"url":154,"sources":155,"tags":156},"https://bugzilla.suse.com/1083242",[85],[92],{"url":158,"sources":159,"tags":160},"https://bugzilla.suse.com/1083483",[85],[92],{"url":162,"sources":163,"tags":164},"https://bugzilla.suse.com/1083494",[85],[92],{"url":166,"sources":167,"tags":168},"https://bugzilla.suse.com/1084536",[85],[92],{"url":170,"sources":171,"tags":172},"https://bugzilla.suse.com/1085331",[85],[92],{"url":174,"sources":175,"tags":176},"https://bugzilla.suse.com/1086162",[85],[92],{"url":178,"sources":179,"tags":180},"https://bugzilla.suse.com/1087088",[85],[92],{"url":182,"sources":183,"tags":184},"https://bugzilla.suse.com/1087209",[85],[92],{"url":186,"sources":187,"tags":188},"https://bugzilla.suse.com/1087260",[85],[92],{"url":190,"sources":191,"tags":192},"https://bugzilla.suse.com/1087762",[85],[92],{"url":194,"sources":195,"tags":196},"https://bugzilla.suse.com/1088147",[85],[92],{"url":198,"sources":199,"tags":200},"https://bugzilla.suse.com/1088260",[85],[92],{"url":202,"sources":203,"tags":204},"https://bugzilla.suse.com/1089608",[85],[92],{"url":206,"sources":207,"tags":208},"https://bugzilla.suse.com/1089752",[85],[92],{"url":210,"sources":211,"tags":212},"https://bugzilla.suse.com/940776",[85],[92],{"url":214,"sources":215,"tags":216},"https://www.suse.com/security/cve/CVE-2015-5156",[85],[217],"WEB",{"url":219,"sources":220,"tags":221},"https://www.suse.com/security/cve/CVE-2016-7915",[85],[217],{"url":223,"sources":224,"tags":225},"https://www.suse.com/security/cve/CVE-2017-0861",[85],[217],{"url":227,"sources":228,"tags":229},"https://www.suse.com/security/cve/CVE-2017-12190",[85],[217],{"url":231,"sources":232,"tags":233},"https://www.suse.com/security/cve/CVE-2017-13166",[85],[217],{"url":235,"sources":236,"tags":237},"https://www.suse.com/security/cve/CVE-2017-16644",[85],[217],{"url":239,"sources":240,"tags":241},"https://www.suse.com/security/cve/CVE-2017-16911",[85],[217],{"url":243,"sources":244,"tags":245},"https://www.suse.com/security/cve/CVE-2017-16912",[85],[217],{"url":247,"sources":248,"tags":249},"https://www.suse.com/security/cve/CVE-2017-16913",[85],[217],{"url":251,"sources":252,"tags":253},"https://www.suse.com/security/cve/CVE-2017-16914",[85],[217],{"url":255,"sources":256,"tags":257},"https://www.suse.com/security/cve/CVE-2017-18203",[85],[217],{"url":259,"sources":260,"tags":261},"https://www.suse.com/security/cve/CVE-2017-18208",[85],[217],{"url":263,"sources":264,"tags":265},"https://www.suse.com/security/cve/CVE-2018-10087",[85],[217],{"url":267,"sources":268,"tags":269},"https://www.suse.com/security/cve/CVE-2018-10124",[85],[217],{"url":271,"sources":272,"tags":273},"https://www.suse.com/security/cve/CVE-2018-1087",[85],[217],{"url":275,"sources":276,"tags":277},"https://www.suse.com/security/cve/CVE-2018-6927",[85],[217],{"url":279,"sources":280,"tags":281},"https://www.suse.com/security/cve/CVE-2018-7566",[85],[217],{"url":283,"sources":284,"tags":285},"https://www.suse.com/security/cve/CVE-2018-7757",[85],[217],{"url":287,"sources":288,"tags":289},"https://www.suse.com/security/cve/CVE-2018-8822",[85],[217],{"url":291,"sources":292,"tags":293},"https://www.suse.com/security/cve/CVE-2018-8897",[85],[217],[],[],[],[298,311,316,320,325,329,334,338,343,347,352,356,361,365,370],{"ecosystem":299,"name":300,"vendor":301,"product":302,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":302,"source":9,"versions":304},"SUSE Linux Enterprise","kernel-bigsmp","suse","kernel-bigsmp&distro=SUSE Linux Enterprise Server 11 SP3-LTSS","rpm",[305],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},"lt3_0_101_0_47_106_22_1",true,"ecosystem","3.0.101-0.47.106.22.1","excluding",{"ecosystem":299,"name":312,"vendor":301,"product":313,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":313,"source":9,"versions":314},"kernel-default","kernel-default&distro=SUSE Linux Enterprise Point of Sale 11 SP3",[315],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":312,"vendor":301,"product":317,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":317,"source":9,"versions":318},"kernel-default&distro=SUSE Linux Enterprise Server 11 SP3-LTSS",[319],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":321,"vendor":301,"product":322,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":322,"source":9,"versions":323},"kernel-ec2","kernel-ec2&distro=SUSE Linux Enterprise Point of Sale 11 SP3",[324],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":321,"vendor":301,"product":326,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":326,"source":9,"versions":327},"kernel-ec2&distro=SUSE Linux Enterprise Server 11 SP3-LTSS",[328],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":330,"vendor":301,"product":331,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":331,"source":9,"versions":332},"kernel-pae","kernel-pae&distro=SUSE Linux Enterprise Point of Sale 11 SP3",[333],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":330,"vendor":301,"product":335,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":335,"source":9,"versions":336},"kernel-pae&distro=SUSE Linux Enterprise Server 11 SP3-LTSS",[337],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":339,"vendor":301,"product":340,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":340,"source":9,"versions":341},"kernel-source","kernel-source&distro=SUSE Linux Enterprise Point of Sale 11 SP3",[342],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":339,"vendor":301,"product":344,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":344,"source":9,"versions":345},"kernel-source&distro=SUSE Linux Enterprise Server 11 SP3-LTSS",[346],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":348,"vendor":301,"product":349,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":349,"source":9,"versions":350},"kernel-syms","kernel-syms&distro=SUSE Linux Enterprise Point of Sale 11 SP3",[351],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":348,"vendor":301,"product":353,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":353,"source":9,"versions":354},"kernel-syms&distro=SUSE Linux Enterprise Server 11 SP3-LTSS",[355],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":357,"vendor":301,"product":358,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":358,"source":9,"versions":359},"kernel-trace","kernel-trace&distro=SUSE Linux Enterprise Point of Sale 11 SP3",[360],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":357,"vendor":301,"product":362,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":362,"source":9,"versions":363},"kernel-trace&distro=SUSE Linux Enterprise Server 11 SP3-LTSS",[364],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":366,"vendor":301,"product":367,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":367,"source":9,"versions":368},"kernel-xen","kernel-xen&distro=SUSE Linux Enterprise Point of Sale 11 SP3",[369],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9},{"ecosystem":299,"name":366,"vendor":301,"product":371,"cpe_part":9,"purl_type":303,"purl_namespace":301,"purl_name":371,"source":9,"versions":372},"kernel-xen&distro=SUSE Linux Enterprise Server 11 SP3-LTSS",[373],{"version":306,"is_range":307,"range_type":308,"version_start":9,"version_start_type":9,"version_end":309,"version_end_type":310,"fixed_in":9}]