The SUSE Linux Enterprise 12 SP4 kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
CVE-2018-19824: A local user could exploit a use-after-free in the ALSA driver by supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usbaudioprobe in sound/usb/card.c (bnc#1118152).
CVE-2018-18281: The mremap() syscall performs TLB flushes after dropping pagetable locks. If a syscall such as ftruncate() removed entries from the pagetables of a task that is in the middle of mremap(), a stale TLB entry could remain for a short time that permits access to a physical page after it has been released back to the page allocator and reused. (bnc#1113769).
CVE-2018-18710: An information leak in cdromioctlselect_disc in drivers/cdrom/cdrom.c could be used by local attackers to read kernel memory because a cast from unsigned long to int interferes with bounds checking. This is similar to CVE-2018-10940 and CVE-2018-16658 (bnc#1113751).
CVE-2018-18445: Faulty computation of numeric bounds in the BPF verifier permitted out-of-bounds memory accesses because adjustscalarminmaxvals in kernel/bpf/verifier.c mishandled 32-bit right shifts (bnc#1112372).
CVE-2018-18386: drivers/tty/n_tty.c allowed local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ (bnc#1094825).
CVE-2017-18224: fs/ocfs2/aops.c omitted use of a semaphore and consequently had a race condition for access to the extent tree during read operations in DIRECT mode, which allowed local users to cause a denial of service (BUG) by modifying a certain e_cpos field (bnc#1084831).
CVE-2017-16533: The usbhid_parse function in drivers/hid/usbhid/hid-core.c allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066674).
The following non-security bugs were fixed:
ACPI/APEI: Handle GSIV and GPIO notification types (bsc#1115567).
ACPICA: Tables: Add WSMT support (bsc#1089350).
ACPI/IORT: Fix iortgetplatformdevicedomain() uninitialized pointer value (bsc#1051510).
ACPI / LPSS: Add alternative ACPI HIDs for Cherry Trail DMA controllers (bsc#1051510).
ACPI, nfit: Fix ARS overflow continuation (bsc#1116895).
ACPI, nfit: Prefer _DSM over _LSR for namespace label reads (bsc#1112128).
ACPI/nfit, x86/mce: Handle only uncorrectable machine checks (bsc#1114279).
ACPI/nfit, x86/mce: Validate a MCE's address before using it (bsc#1114279).
ACPI / platform: Add SMB0001 HID to forbiddenidlist (bsc#1051510).
ACPI / processor: Fix the return value of acpiprocessorids_walk() (bsc#1051510).
PCI/ASPM: Do not initialize link state when aspm_disabled is set (bsc#1051510).
PCI/ASPM: Fix link_state teardown on device removal (bsc#1051510).
PCI: dwc: remove duplicate fix References: bsc#1115269 Patch has been already applied by the following commit: 9f73db8b7c PCI: dwc: Fix enumeration end when reaching root subordinate (bsc#1051510)
PCI: hv: Do not wait forever on a device that has disappeared (bsc#1109806).
PCI: hv: Use effective affinity mask (bsc#1109772).
PCI: imx6: Fix link training status detection in link up check (bsc#1109806).
PCI: iproc: Remove PAXC slot check to allow VF support (bsc#1109806).
PCI/MSI: Warn and return error if driver enables MSI/MSI-X twice (bsc#1051510).
PCI: Reprogram bridge prefetch registers on resume (bsc#1051510).
PCI: vmd: Assign vector zero to all bridges (bsc#1109806).
PCI: vmd: Detach resources after stopping root bus (bsc#1109806).
PCI: vmd: White list for fast interrupt handlers (bsc#1109806).
pcmcia: Implement CLKRUN protocol disabling for Ricoh bridges (bsc#1051510).
percpu: make thiscpugeneric_read() atomic w.r.t. interrupts (bsc#1114279).
perf: fix invalid bit in diagnostic entry (git-fixes).
pinctrl: at91-pio4: fix hasconfig check in atmelpctldtsubnodetomap() (bsc#1051510).