SUSE-SU-2018:2864-1 -- SLES kgraft-patchID: oval:org.secpod.oval:def:89002596 | Date: (C)2021-02-25 (M)2024-04-17 |
Class: PATCH | Family: unix |
This update for the Linux Kernel 4.4.121-92_92 fixes several issues. The following security issues were fixed: - CVE-2018-5390: Prevent very expensive calls to tcp_collapse_ofo_queue and tcp_prune_ofo_queue for every incoming TCP packet which can lead to a denial of service . - CVE-2018-10938: Fixed an infinite loop in the cipso_v4_optptr function leading to a denial-of-service via crafted network packets . - CVE-2018-10902: It was found that the raw midi kernel driver did not protect against concurrent access which lead to a double realloc in snd_rawmidi_input_params and snd_rawmidi_output_status, allowing a malicious local attacker to use this for privilege escalation .
Platform: |
SUSE Linux Enterprise Server 12 SP2 |