ALT-PU-2018-1111-1
Package kernel-image-un-def updated to version 4.14.16-alt1 for branch sisyphus in task 198812.
Closed vulnerabilities
Published: 2018-01-07
BDU:2018-00003
Уязвимость процессоров Intel, ARM и AMD, связанная с особенностями функционирования модуля прогнозирования ветвлений, позволяющая нарушителю получить доступ к защищенной памяти из программы
Severity: MEDIUM (5.6)
Vector: AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
Published: 2018-01-04
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-5715
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
Severity: MEDIUM (5.6)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
References:
- SUSE-SU-2018:0006
- SUSE-SU-2018:0006
- SUSE-SU-2018:0007
- SUSE-SU-2018:0007
- SUSE-SU-2018:0008
- SUSE-SU-2018:0008
- SUSE-SU-2018:0009
- SUSE-SU-2018:0009
- SUSE-SU-2018:0010
- SUSE-SU-2018:0010
- SUSE-SU-2018:0011
- SUSE-SU-2018:0011
- SUSE-SU-2018:0012
- SUSE-SU-2018:0012
- openSUSE-SU-2018:0013
- openSUSE-SU-2018:0013
- SUSE-SU-2018:0019
- SUSE-SU-2018:0019
- SUSE-SU-2018:0020
- SUSE-SU-2018:0020
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0022
- openSUSE-SU-2018:0023
- openSUSE-SU-2018:0023
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4609
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4611
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4613
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://nvidia.custhelp.com/app/answers/detail/a_id/4614
- http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt
- VU#584653
- VU#584653
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
- 102376
- 102376
- 1040071
- 1040071
- http://xenbits.xen.org/xsa/advisory-254.html
- http://xenbits.xen.org/xsa/advisory-254.html
- RHSA-2018:0292
- RHSA-2018:0292
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://access.redhat.com/security/vulnerabilities/speculativeexecution
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-002
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert.vde.com/en-us/advisories/vde-2018-003
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update
- [debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update
- [debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update
- [debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update
- [debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20190624 [SECURITY] [DSA 4469-1] libvirt security update
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- 20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu
- FreeBSD-SA-18:03
- FreeBSD-SA-18:03
- FreeBSD-SA-19:26
- FreeBSD-SA-19:26
- GLSA-201810-06
- GLSA-201810-06
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://security.netapp.com/advisory/ntap-20180104-0001/
- https://security.paloaltonetworks.com/CVE-2017-5715
- https://security.paloaltonetworks.com/CVE-2017-5715
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-fr
- https://spectreattack.com/
- https://spectreattack.com/
- https://support.citrix.com/article/CTX231399
- https://support.citrix.com/article/CTX231399
- https://support.f5.com/csp/article/K91229003
- https://support.f5.com/csp/article/K91229003
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_us
- https://support.lenovo.com/us/en/solutions/LEN-18282
- https://support.lenovo.com/us/en/solutions/LEN-18282
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- 20180104 CPU Side-Channel Information Disclosure Vulnerabilities
- USN-3531-1
- USN-3531-1
- USN-3531-3
- USN-3531-3
- USN-3540-2
- USN-3540-2
- USN-3541-2
- USN-3541-2
- USN-3542-2
- USN-3542-2
- USN-3549-1
- USN-3549-1
- USN-3560-1
- USN-3560-1
- USN-3561-1
- USN-3561-1
- USN-3580-1
- USN-3580-1
- USN-3581-1
- USN-3581-1
- USN-3581-2
- USN-3581-2
- USN-3582-1
- USN-3582-1
- USN-3582-2
- USN-3582-2
- USN-3594-1
- USN-3594-1
- USN-3597-1
- USN-3597-1
- USN-3597-2
- USN-3597-2
- USN-3620-2
- USN-3620-2
- USN-3690-1
- USN-3690-1
- USN-3777-3
- USN-3777-3
- USN-3516-1
- USN-3516-1
- DSA-4120
- DSA-4120
- DSA-4187
- DSA-4187
- DSA-4188
- DSA-4188
- DSA-4213
- DSA-4213
- 43427
- 43427
- VU#180049
- VU#180049
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.synology.com/support/security/Synology_SA_18_01
- https://www.vmware.com/security/advisories/VMSA-2018-0007.html
- https://www.vmware.com/security/advisories/VMSA-2018-0007.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html
- https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html
Published: 2021-06-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-25015
An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8.
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.16
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.16
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0ff660058b88d12625a783ce9e5c1371c87951f
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0ff660058b88d12625a783ce9e5c1371c87951f
- https://security.netapp.com/advisory/ntap-20210720-0002/
- https://security.netapp.com/advisory/ntap-20210720-0002/
- https://sites.google.com/view/syzscope/warning-held-lock-freed
- https://sites.google.com/view/syzscope/warning-held-lock-freed
- https://syzkaller.appspot.com/bug?id=a8d38d1b68ffc744c53bd9b9fc1dbd6c86b1afe2
- https://syzkaller.appspot.com/bug?id=a8d38d1b68ffc744c53bd9b9fc1dbd6c86b1afe2
Published: 2018-01-26
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2018-5750
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
Severity: MEDIUM (5.5)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References:
- 1040319
- 1040319
- RHSA-2018:0676
- RHSA-2018:0676
- RHSA-2018:1062
- RHSA-2018:1062
- RHSA-2018:2948
- RHSA-2018:2948
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- https://patchwork.kernel.org/patch/10174835/
- https://patchwork.kernel.org/patch/10174835/
- USN-3631-1
- USN-3631-1
- USN-3631-2
- USN-3631-2
- USN-3697-1
- USN-3697-1
- USN-3697-2
- USN-3697-2
- USN-3698-1
- USN-3698-1
- USN-3698-2
- USN-3698-2
- DSA-4120
- DSA-4120
- DSA-4187
- DSA-4187