SUSE-SU-2019:1767-1 -- SLES kgraft-patchID: oval:org.secpod.oval:def:89003379 | Date: (C)2021-02-27 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for the Linux Kernel 3.12.74-60_64_115 fixes several issues. The following security issues were fixed: - CVE-2019-11487: The Linux kernel allowed page-gt;_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests . - CVE-2018-5390: Linux kernel could be forced to make very expensive calls to tcp_collapse_ofo_queue and tcp_prune_ofo_queue for every incoming packet which can lead to a denial of service .
Platform: |
SUSE Linux Enterprise Server 12 SP2 |