SUSE-SU-2018:0841-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20180841-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:0841-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:0841-1
Related
Published
2018-03-29T09:58:40Z
Modified
2018-03-29T09:58:40Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 11 SP4 Realtime kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).

    The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka 'retpolines'.

  • CVE-2015-1142857: On multiple SR-IOV cars it is possible for VF's assigned to guests to send ethernet flow control pause frames via the PF. This includes Linux kernel ixgbe driver, i40e/i40evf driver and the DPDK, additionally multiple vendor NIC firmware is affected (bnc#1077355).

  • CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908).
  • CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).
  • CVE-2017-18017: The tcpmssmanglepacket function in net/netfilter/xtTCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xtTCPMSS in an iptables action (bnc#1074488).
  • CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922).
  • CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).
  • CVE-2018-5332: In the Linux kernel the rdsmessageallocsgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rdsrdmaextrasize function in net/rds/rdma.c) (bnc#1075621).
  • CVE-2018-5333: In the Linux kernel rdscmsgatomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rdsatomicfree_op NULL pointer dereference (bnc#1075617).

The following non-security bugs were fixed:

  • Add proper NX hadnling for !NX-capable systems also to kaiseradduser_map(). (bsc#1076278).
  • alsa: aloop: Fix inconsistent format due to incomplete rule (bsc#1045538).
  • alsa: aloop: Fix racy hw constraints adjustment (bsc#1045538).
  • alsa: aloop: Release cable upon open error path (bsc#1045538).
  • alsa: pcm: Abort properly at pending signal in OSS read/write loops (bsc#1045538).
  • alsa: pcm: Add missing error checks in OSS emulation plugin builder (bsc#1045538).
  • alsa: pcm: Allow aborting mutex lock at OSS read/write loops (bsc#1045538).
  • alsa: pcm: Remove incorrect sndBUGON() usages (bsc#1045538).
  • alsa: pcm: Remove yet superfluous WARN_ON() (bsc#1045538).
  • btrfs: cleanup unnecessary assignment when cleaning up all the residual transaction (FATE#325056).
  • btrfs: copy fsid to superblock suuid (bsc#1080774).
  • btrfs: do not wait for all the writers circularly during the transaction commit (FATE#325056).
  • btrfs: do not WARN() in btrfstransactionabort() for IO errors (bsc#1080363).
  • btrfs: fix two use-after-free bugs with transaction cleanup (FATE#325056).
  • btrfs: make the state of the transaction more readable (FATE#325056).
  • btrfs: qgroup: exit the rescan worker during umount (bsc#1080685).
  • btrfs: qgroup: Fix dead judgement on qgrouprescanleaf() return value (bsc#1080685).
  • btrfs: reset intwrite on transaction abort (FATE#325056).
  • btrfs: set qgroupulist to be null after calling ulistfree() (bsc#1080359).
  • btrfs: stop waiting on current trans if we aborted (FATE#325056).
  • cdc-acm: apply quirk for card reader (bsc#1060279).
  • cdrom: factor out common openfor* code (bsc#1048585).
  • cdrom: wait for tray to close (bsc#1048585).
  • delay: add polleventinterruptible (bsc#1048585).
  • dm flakey: add corruptbiobyte feature (bsc#1080372).
  • dm flakey: add drop_writes (bsc#1080372).
  • dm flakey: error READ bios during the down_interval (bsc#1080372).
  • dm flakey: fix crash on read when corruptbiobyte not set (bsc#1080372).
  • dm flakey: fix reads to be issued if drop_writes configured (bsc#1080372).
  • dm flakey: introduce 'error_writes' feature (bsc#1080372).
  • dm flakey: support feature args (bsc#1080372).
  • dm flakey: use dmtargetoffset and support discards (bsc#1080372).
  • ext2: free memory allocated and forget buffer head when io error happens (bnc#1069508).
  • ext2: use unlikely to improve the efficiency of the kernel (bnc#1069508).
  • ext3: add necessary check in case IO error happens (bnc#1069508).
  • ext3: use unlikely to improve the efficiency of the kernel (bnc#1069508).
  • fork: clear thread stack upon allocation (bsc#1077560).
  • kabi/severities ignore Cell-specific symbols
  • kaiser: do not clobber ZF by calling ENABLE_IBRS after test and before jz
  • kaiser: fix ia32 compat sysexit (bsc#1080579) sysexitfromsyscall cannot make assumption of accessible stack after CR3 switch, and therefore should use the SWITCHUSERCR3NO_STACK method to flip the pagetable hierarchy.
  • kaiser: Fix trampoline stack loading issue on XEN PV
  • kaiser: handle non-accessible stack in sysretlfromsys_call properly (bsc#bsc#1080579)
  • kaiser: make sure not to touch stack after CR3 switch in compat syscall return
  • kaiser: really do switch away from trampoline stack to kernel stack in ia32_syscall entry (bsc#1080579)
  • kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032).
  • keys: trusted: fix writing past end of buffer in trusted_read() (bsc#1074880).
  • media: omapvout: Fix a possible null pointer dereference in omapvout_open() (bsc#1050431).
  • mISDN: fix a loop count (bsc#1077191).
  • mm: pin address_space before dereferencing it while isolating an LRU page (bnc#1081500).
  • nfsd: do not share group_info among threads (bsc@1070623).
  • ocfs2: avoid blocking in ocfs2marklockres_freeing() in downconvert thread (bsc#1076437).
  • ocfs2: do not set OCFS2LOCKUPCONVERT_FINISHING if nonblocking lock can not be granted at once (bsc#1076437).
  • ocfs2: NFS hangs in _ocfs2clusterlock due to race with ocfs2unblock_lock (bsc#962257).
  • powerpc/64: Add macros for annotating the destination of rfid/hrfid (bsc#1068032, bsc#1075088).
  • powerpc/64: Convert fastexceptionreturn to use RFITOUSER/KERNEL (bsc#1068032, bsc#1075088).
  • powerpc/64: Convert the syscall exit path to use RFITOUSER/KERNEL (bsc#1068032, bsc#1075088).
  • powerpc/64s: Add EX_SIZE definition for paca exception save areas (bsc#1068032, bsc#1075088).
  • powerpc/64s: Add support for RFI flush of L1-D cache (bsc#1068032, bsc#1075088).
  • powerpc/64s: Allow control of RFI flush via debugfs (bsc#1068032, bsc#1075088).
  • powerpc/64s: Convert slbmisscommon to use RFITOUSER/KERNEL (bsc#1068032, bsc#1075088).
  • powerpc/64s: Simple RFI macro conversions (bsc#1068032, bsc#1075088).
  • powerpc/64s: Support disabling RFI flush with norfiflush and nopti (bsc#1068032, bsc#1075088).
  • powerpc/64s: Wire up cpushowmeltdown() (bsc#1068032).
  • powerpc/asm: Allow including ppc_asm.h in asm files (bsc#1068032, bsc#1075088).
  • powerpc: Fix register clobbering when accumulating stolen time (bsc#1059174).
  • powerpc: Fix up the kdump base cap to 128M (bsc#1079917, bsc#1077487).
  • powerpc: Mark CONFIGPPCDEBUG_RFI as BROKEN (bsc#1075088).
  • powerpc/perf: Dereference BHRB entries safely (bsc#1064861, FATE#317619, git-fixes).
  • powerpc/perf: Fix book3s kernel to userspace backtraces (bsc#1080133).
  • powerpc/pseries: Add HGETCPU_CHARACTERISTICS flags & wrapper (bsc#1068032, bsc#1075088).
  • powerpc/pseries: include linux/types.h in asm/hvcall.h (bsc#1068032, bsc#1075088).
  • powerpc/pseries: Introduce HGETCPU_CHARACTERISTICS (bsc#1068032, bsc#1075088).
  • powerpc/pseries: Kill all prefetch streams on context switch (bsc#1068032, bsc#1075088).
  • powerpc/pseries: Query hypervisor for RFI flush settings (bsc#1068032, bsc#1075088).
  • powerpc/pseries: rfi-flush: Call setuprfiflush() after LPM migration (bsc#1068032, bsc#1075088).
  • powerpc/pseries/rfi-flush: Call setuprfiflush() after LPM migration (bsc#1075088).
  • powerpc/pseries/rfi-flush: Drop PVR-based selection (bsc#1075088).
  • powerpc/rfi-flush: Add DEBUG_RFI config option (bsc#1068032, bsc#1075088).
  • powerpc/rfi-flush: Factor out initfallbackflush() (bsc#1075088).
  • powerpc/rfi-flush: Make setuprfiflush() not __init (bsc#1075088).
  • powerpc/rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1068032, bsc#1075088).
  • powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1068032, bsc#1075088).
  • powerpc/rfi-flush: Move the logic to avoid a redo into the sysfs code (bsc#1075088).
  • powerpc/vdso64: Use double word compare on pointers (bsc#1070781).
  • rfi-flush: Make DEBUG_RFI a CONFIG option (bsc#1068032, bsc#1075088).
  • rfi-flush: Move rfiflushfallback_area to end of paca (bsc#1075088).
  • rfi-flush: Move RFI flush fields out of the paca (unbreak kABI) (bsc#1075088).
  • rfi-flush: Switch to new linear fallback flush (bsc#1068032, bsc#1075088).
  • s390: add ppa to the idle loop (bnc#1077406, LTC#163910).
  • s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741).
  • scsi: libiscsi: fix shifting of DID_REQUEUE host byte (bsc#1078875).
  • scsi: sr: wait for the medium to become ready (bsc#1048585).
  • scsi: virtio_scsi: let host do exception handling (bsc#936530,bsc#1060682).
  • storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410).
  • sysfs/cpu: Add vulnerability folder (bnc#1012382).
  • sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).
  • sysfs: spectrev2, handle specctrl (bsc#1075994 bsc#1075091).
  • Update config files: enable CPU vulnerabilities reporting via sysfs
  • x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984).
  • x86/acpi: Reduce code duplication in mpoverridelegacy_irq() (bsc#1068984).
  • x86/boot: Fix early command-line parsing when matching at end (bsc#1068032).
  • x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091).
  • x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
  • x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
  • x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278).
  • x86/kaiser: use trampoline stack for kernel entry.
  • x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305).
  • x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305).
  • x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091).
  • x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032).
  • x86/specctrl: handle late setting of X86FEATURESPECCTRL properly (bsc#1075994 bsc#1075091).
  • x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091).
  • x86/spectrev2: nospectrev2 means nospec too (bsc#1075994 bsc#1075091).
References

Affected packages

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-rt

Package

Name
kernel-rt
Purl
purl:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-69.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-69.21.1",
            "kernel-rt-devel": "3.0.101.rt130-69.21.1",
            "kernel-rt_trace": "3.0.101.rt130-69.21.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-69.21.1",
            "kernel-source-rt": "3.0.101.rt130-69.21.1",
            "kernel-rt": "3.0.101.rt130-69.21.1",
            "kernel-syms-rt": "3.0.101.rt130-69.21.1",
            "kernel-rt-base": "3.0.101.rt130-69.21.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-rt_trace

Package

Name
kernel-rt_trace
Purl
purl:rpm/suse/kernel-rt_trace&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-69.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-69.21.1",
            "kernel-rt-devel": "3.0.101.rt130-69.21.1",
            "kernel-rt_trace": "3.0.101.rt130-69.21.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-69.21.1",
            "kernel-source-rt": "3.0.101.rt130-69.21.1",
            "kernel-rt": "3.0.101.rt130-69.21.1",
            "kernel-syms-rt": "3.0.101.rt130-69.21.1",
            "kernel-rt-base": "3.0.101.rt130-69.21.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-source-rt

Package

Name
kernel-source-rt
Purl
purl:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-69.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-69.21.1",
            "kernel-rt-devel": "3.0.101.rt130-69.21.1",
            "kernel-rt_trace": "3.0.101.rt130-69.21.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-69.21.1",
            "kernel-source-rt": "3.0.101.rt130-69.21.1",
            "kernel-rt": "3.0.101.rt130-69.21.1",
            "kernel-syms-rt": "3.0.101.rt130-69.21.1",
            "kernel-rt-base": "3.0.101.rt130-69.21.1"
        }
    ]
}

SUSE:Linux Enterprise Real Time 11 SP4 / kernel-syms-rt

Package

Name
kernel-syms-rt
Purl
purl:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2011%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.0.101.rt130-69.21.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-rt_trace-base": "3.0.101.rt130-69.21.1",
            "kernel-rt-devel": "3.0.101.rt130-69.21.1",
            "kernel-rt_trace": "3.0.101.rt130-69.21.1",
            "kernel-rt_trace-devel": "3.0.101.rt130-69.21.1",
            "kernel-source-rt": "3.0.101.rt130-69.21.1",
            "kernel-rt": "3.0.101.rt130-69.21.1",
            "kernel-syms-rt": "3.0.101.rt130-69.21.1",
            "kernel-rt-base": "3.0.101.rt130-69.21.1"
        }
    ]
}