The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: * A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. * kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c * kernel: Integer overflow in udl_fb_mmap can allow attackers to execute code in kernel space * kernel: MIDI driver race condition leads to a double-free * kernel: Missing check in inode_init_owner does not clear SGID bit on non-directories for non-members * kernel: AIO write triggers integer overflow in some protocols * kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation * kernel: Handling of might_cancel queueing is not properly pretected against race * kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service * kernel: Inifinite loop vulnerability in madvise_willneed function allows local denial of service * kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service * kernel: a null pointer dereference in dccp_write_xmit leads to a system crash * kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service * kernel: Missing length check of payload in _sctp_make_chunk function allows denial of service * kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie may lead to memory corruption * kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image * kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet * kernel: Information leak when handling NM entries containing NUL * kernel: Mishandling mutex within libsas allowing local Denial of Service * kernel: NULL pointer dereference in ext4_process_freed_data when mounting crafted ext4 image * kernel: NULL pointer dereference in ext4_xattr_inode_hash causes crash with crafted ext4 image * kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg * kernel: Denial of service in resv_map_release function in mm/hugetlb.c * kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c * kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared when mounting crafted xfs image allowing denial of service * kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file * kernel: out-of-bound access in ext4_get_group_info when mounting and operating a crafted ext4 image * kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function * kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c Red Hat would like to thank Juha-Matti Tilli for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.