Chapter 2 Security Fixes for CVEs

This chapter lists security vulnerabilities and exposures (CVEs) that are specifically addressed in this release. Note that CVEs are continually handled in patch updates that are made available as errata builds for the current release. For this reason, it is absolutely critical that you keep your system up to date with the latest package updates for this kernel release.

You can keep up to date with the latest CVE information at https://linux.oracle.com/cve.

2.1 List of CVEs fixed in this release

The following list describes the CVEs that are fixed in this release. The content provided here is automatically generated and includes the CVE identifier and a summary of the issue. The associated internal Oracle bug identifiers are also included to reference work that was carried out to address each issue.

  • CVE-2012-3430.  The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (Bug: 27364391 )

    See https://linux.oracle.com/cve/CVE-2012-3430.html for more information.

  • CVE-2015-6937.  The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. (Bug: 27364391 )

    See https://linux.oracle.com/cve/CVE-2015-6937.html for more information.

  • CVE-2017-5715.  Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (Bug: 27445757 27477740 27526549 27601617 27832367 27832383 )

    See https://linux.oracle.com/cve/CVE-2017-5715.html for more information.

  • CVE-2017-5754.  Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

    See https://linux.oracle.com/cve/CVE-2017-5754.html for more information.

  • CVE-2017-8824.  The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. (Bug: 27220222 )

    See https://linux.oracle.com/cve/CVE-2017-8824.html for more information.

  • CVE-2018-1000004.  In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

    See https://linux.oracle.com/cve/CVE-2018-1000004.html for more information.

  • CVE-2018-10323.  The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. (Bug: 28004007 )

    See https://linux.oracle.com/cve/CVE-2018-10323.html for more information.

  • CVE-2018-1093.  The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. (Bug: 27823858 )

    See https://linux.oracle.com/cve/CVE-2018-1093.html for more information.

  • CVE-2018-1095.  The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image. (Bug: 27823895 )

  • CVE-2018-3639.  Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (Bug: 28041775 28063989 )

    See https://linux.oracle.com/cve/CVE-2018-3639.html for more information.

  • CVE-2018-5703.  The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS. (Bug: 28202897 )