SUSE-SU-2018:0834-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:0834-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:0834-1
Related
Published
2018-03-28T14:17:49Z
Modified
2018-03-28T14:17:49Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107).
  • CVE-2017-18221: The _munlockpagevec function allowed local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls (bnc#1084323).
  • CVE-2018-1066: Prevent NULL pointer dereference in fs/cifs/cifsencrypt.c:setupntlmv2rsp() that allowed an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response was mishandled during session recovery (bnc#1083640).
  • CVE-2017-13166: Prevent elevation of privilege vulnerability in the kernel v4l2 video driver (bnc#1072865).
  • CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose kernel memory addresses. Successful exploitation required that a USB device was attached over IP (bnc#1078674).
  • CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key that already exists but is uninstantiated, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call (bnc#1063416).
  • CVE-2017-18208: The madvisewillneed function kernel allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISEWILLNEED for a DAX mapping (bnc#1083494).
  • CVE-2018-7566: The ALSA sequencer core initializes the event pool on demand by invoking sndseqpool_init() when the first write happens and the pool is empty. A user could have reset the pool size manually via ioctl concurrently, which may have lead UAF or out-of-bound access (bsc#1083483).
  • CVE-2017-18204: The ocfs2_setattr function allowed local users to cause a denial of service (deadlock) via DIO requests (bnc#1083244).
  • CVE-2017-16644: The hdpvr_probe function allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118).
  • CVE-2018-6927: The futex_requeue function allowed attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757).
  • CVE-2017-16914: The 'stubsendret_submit()' function allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669).
  • CVE-2016-7915: The hidinputfield function allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device (bnc#1010470).
  • CVE-2017-12190: The biomapuseriov and biounmapuser functions did unbalanced refcounting when a SCSI I/O vector had small consecutive buffers belonging to the same page. The bioaddpcpage function merged them into one, but the page reference was never dropped. This caused a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568).
  • CVE-2017-16912: The 'get_pipe()' function allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673).
  • CVE-2017-16913: The 'stubrecvcmdsubmit()' function when handling CMDSUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672).
  • CVE-2018-5332: The rdsmessageallocsgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rdsrdmaextrasize function in net/rds/rdma.c) (bnc#1075621).
  • CVE-2018-5333: The rdscmsgatomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rdsatomicfree_op NULL pointer dereference (bnc#1075617).
  • CVE-2017-18017: The tcpmssmanglepacket function allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).

The following non-security bugs were fixed:

  • Fix build on arm64 by defining empty gmb() (bnc#1068032).
  • KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).
  • KEYS: fix writing past end of user-supplied buffer in keyring_read() (bsc#1066001).
  • KEYS: return full count in keyring_read() if buffer is too small (bsc#1066001).
  • include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header (bsc#1077560).
  • ipc/msg: introduce msgctl(MSGSTATANY) (bsc#1072689).
  • ipc/sem: introduce semctl(SEMSTATANY) (bsc#1072689).
  • ipc/shm: introduce shmctl(SHMSTATANY) (bsc#1072689).
  • x86/kaiser: use trampoline stack for kernel entry (bsc#1077560)
  • leds: do not overflow sysfs buffer in ledtriggershow (bsc#1080464).
  • livepatch: _kgrshadowgetor_alloc() is local to shadow.c. Shadow variables support (bsc#1082299).
  • livepatch: introduce shadow variable API. Shadow variables support (bsc#1082299)
  • media: v4l2-compat-ioctl32.c: add missing VIDIOCPREPAREBUF (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: copy clip list in putv4l2window32 (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: copy m.userptr in putv4l2plane32 (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: do not copy back the result for certain errors (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: move 'helper' functions to _get/putv4l2_format32 (bnc#1012382).
  • media: v4l2-compat-ioctl32: Copy v4l2window->globalalpha (bnc#1012382).
  • media: v4l2-ioctl.c: do not copy back the result for -ENOTTY (bnc#1012382).
  • netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets (bsc#1085107).
  • netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).
  • packet: only call devaddpack() on freshly allocated fanout instances
  • pipe: cap initial pipe capacity according to pipe-max-size limit (bsc#1045330).
  • x86/espfix: Fix return stack in dodoublefault() (bsc#1085279).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 12 / kernel-ec2

Package

Name
kernel-ec2
Purl
purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.125.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-ec2-extra": "3.12.61-52.125.1",
            "kernel-ec2": "3.12.61-52.125.1",
            "kernel-ec2-devel": "3.12.61-52.125.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.125.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.125.1",
            "kernel-devel": "3.12.61-52.125.1",
            "kernel-default-base": "3.12.61-52.125.1",
            "kernel-default-man": "3.12.61-52.125.1",
            "kernel-xen-devel": "3.12.61-52.125.1",
            "kernel-default": "3.12.61-52.125.1",
            "kgraft-patch-3_12_61-52_125-default": "1-1.3.1",
            "kernel-xen-base": "3.12.61-52.125.1",
            "kernel-source": "3.12.61-52.125.1",
            "kernel-syms": "3.12.61-52.125.1",
            "kernel-default-devel": "3.12.61-52.125.1",
            "kgraft-patch-3_12_61-52_125-xen": "1-1.3.1",
            "kernel-xen": "3.12.61-52.125.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.125.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.125.1",
            "kernel-devel": "3.12.61-52.125.1",
            "kernel-default-base": "3.12.61-52.125.1",
            "kernel-default-man": "3.12.61-52.125.1",
            "kernel-xen-devel": "3.12.61-52.125.1",
            "kernel-default": "3.12.61-52.125.1",
            "kgraft-patch-3_12_61-52_125-default": "1-1.3.1",
            "kernel-xen-base": "3.12.61-52.125.1",
            "kernel-source": "3.12.61-52.125.1",
            "kernel-syms": "3.12.61-52.125.1",
            "kernel-default-devel": "3.12.61-52.125.1",
            "kgraft-patch-3_12_61-52_125-xen": "1-1.3.1",
            "kernel-xen": "3.12.61-52.125.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.125.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.125.1",
            "kernel-devel": "3.12.61-52.125.1",
            "kernel-default-base": "3.12.61-52.125.1",
            "kernel-default-man": "3.12.61-52.125.1",
            "kernel-xen-devel": "3.12.61-52.125.1",
            "kernel-default": "3.12.61-52.125.1",
            "kgraft-patch-3_12_61-52_125-default": "1-1.3.1",
            "kernel-xen-base": "3.12.61-52.125.1",
            "kernel-source": "3.12.61-52.125.1",
            "kernel-syms": "3.12.61-52.125.1",
            "kernel-default-devel": "3.12.61-52.125.1",
            "kgraft-patch-3_12_61-52_125-xen": "1-1.3.1",
            "kernel-xen": "3.12.61-52.125.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.125.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.125.1",
            "kernel-devel": "3.12.61-52.125.1",
            "kernel-default-base": "3.12.61-52.125.1",
            "kernel-default-man": "3.12.61-52.125.1",
            "kernel-xen-devel": "3.12.61-52.125.1",
            "kernel-default": "3.12.61-52.125.1",
            "kgraft-patch-3_12_61-52_125-default": "1-1.3.1",
            "kernel-xen-base": "3.12.61-52.125.1",
            "kernel-source": "3.12.61-52.125.1",
            "kernel-syms": "3.12.61-52.125.1",
            "kernel-default-devel": "3.12.61-52.125.1",
            "kgraft-patch-3_12_61-52_125-xen": "1-1.3.1",
            "kernel-xen": "3.12.61-52.125.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kgraft-patch-SLE12_Update_33

Package

Name
kgraft-patch-SLE12_Update_33
Purl
purl:rpm/suse/kgraft-patch-SLE12_Update_33&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-1.3.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.125.1",
            "kernel-devel": "3.12.61-52.125.1",
            "kernel-default-base": "3.12.61-52.125.1",
            "kernel-default-man": "3.12.61-52.125.1",
            "kernel-xen-devel": "3.12.61-52.125.1",
            "kernel-default": "3.12.61-52.125.1",
            "kgraft-patch-3_12_61-52_125-default": "1-1.3.1",
            "kernel-xen-base": "3.12.61-52.125.1",
            "kernel-source": "3.12.61-52.125.1",
            "kernel-syms": "3.12.61-52.125.1",
            "kernel-default-devel": "3.12.61-52.125.1",
            "kgraft-patch-3_12_61-52_125-xen": "1-1.3.1",
            "kernel-xen": "3.12.61-52.125.1"
        }
    ]
}