The following list describes the CVEs that are fixed in this release. The content provided here is automatically generated and includes the CVE identifier and a summary of the issue. The associated internal Oracle bug identifiers are also included to reference work that was carried out to address each issue.

• CVE-2012-3430

  The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (Bug: 27364391 )

  See https://linux.oracle.com/cve/CVE-2012-3430.html for more information.

• CVE-2015-6937

  The __rds_conn_create function in net/rds/connection.c in the Linux kernel through 4.2.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by using a socket that was not properly bound. (Bug: 27364391 )

  See https://linux.oracle.com/cve/CVE-2015-6937.html for more information.

• CVE-2017-5715

  Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. (Bug: 27445757 27477740 27526549 27601617 27832367 27832383 )

  See https://linux.oracle.com/cve/CVE-2017-5715.html for more information.

• CVE-2017-5754

  Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis of the data cache.

  See https://linux.oracle.com/cve/CVE-2017-5754.html for more information.

• CVE-2017-8824

  The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state. (Bug: 27220222 )

  See https://linux.oracle.com/cve/CVE-2017-8824.html for more information.

• CVE-2018-1000004

  In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition.

  See https://linux.oracle.com/cve/CVE-2018-1000004.html for more information.

• CVE-2018-10323

  The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image. (Bug: 28004007 )

  See https://linux.oracle.com/cve/CVE-2018-10323.html for more information.

• CVE-2018-1093

  The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers. (Bug: 27823858 )

  See https://linux.oracle.com/cve/CVE-2018-1093.html for more information.

• CVE-2018-1095

  The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux kernel through 4.15.15 does not properly validate xattr sizes, which causes misinterpretation of a size as an error code, and consequently allows attackers to cause a denial of service (get_acl NULL pointer dereference and system crash) via a crafted ext4 image. (Bug: 27823895 )

• CVE-2018-3639

  Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4. (Bug: 28041775 28063989 )

  See https://linux.oracle.com/cve/CVE-2018-3639.html for more information.

• CVE-2018-5703

  The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.14.11 allows attackers to cause a denial of service (slab out-of-bounds write) or possibly have unspecified other impact via vectors involving TLS. (Bug: 28202897 )