The SUSE Linux Enterprise 15 azure kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2018-5391: A remote attacker even with relatively low bandwidth could
have caused lots of CPU usage by triggering the worst case scenario during
fragment reassembly (bsc#1103097)
CVE-2018-3620, CVE-2018-3646: Local attackers in virtualized guest systems
could use speculative code patterns on hyperthreaded processors to read data
present in the L1 Datacache used by other hyperthreads on the same CPU core,
potentially leaking sensitive data, even from other virtual machines or the
host system. (bnc#1089343, bsc#1087081).
CVE-2018-10882: A local user could have caused an out-of-bound write, leading
to denial of service and a system crash by unmounting a crafted ext4 filesystem
image (bsc#1099849).
CVE-2018-10880: Prevent a stack-out-of-bounds write in the ext4 filesystem
code when mounting and writing crafted ext4 images. An attacker could have used
this to cause a system crash and a denial of service (bsc#1099845).
CVE-2018-10881: A local user could have caused an out-of-bound access and a
system crash by mounting and operating on a crafted ext4 filesystem image
(bsc#1099864).
CVE-2018-10877: Prevent an out-of-bound access in the ext4extdrop_refs()
function when operating on a crafted ext4 filesystem image (bsc#1099846).
CVE-2018-10876: Prevent use-after-free in ext4extremove_space() function
when mounting and operating a crafted ext4 image (bsc#1099811).
CVE-2018-10878: A local user could have caused an out-of-bounds write and a
denial of service by mounting and operating a crafted ext4 filesystem image
(bsc#1099813).
CVE-2018-10883: A local user could have caused an out-of-bounds write in
jbd2journaldirty_metadata(), a denial of service, and a system crash by
mounting and operating on a crafted ext4 filesystem image (bsc#1099863).
CVE-2018-10879: A local user could have caused a use-after-free in
ext4xattrset_entry function and a denial of service or unspecified other
impact may occur by renaming a file in a crafted ext4 filesystem image
(bsc#1099844).
CVE-2018-10853: A flaw was found in Linux Kernel KVM. In which certain
instructions such as sgdt/sidt call segmentedwritestd doesn't propagate
access correctly. As such, during userspace induced exception, the
guest can incorrectly assume that the exception happened in the kernel
and panic. (bnc#1097104).
The following non-security bugs were fixed:
apci / lpss: Only call pwmaddtable() for Bay Trail PWM if PMIC HRV is 2 (bsc#1051510).
acpi / pci: Bail early in acpipciadd_bus() if there is no ACPI handle (bsc#1051510).
afkey: Always verify length of provided sadbkey (bsc#1051510).
afkey: fix buffer overread in parseexthdrs() (bsc#1051510).
afkey: fix buffer overread in verifyaddress_len() (bsc#1051510).