SUSE-SU-2018:1221-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20181221-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:1221-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:1221-1
Related
Published
2018-05-11T15:16:24Z
Modified
2018-05-11T15:16:24Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088)
  • CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088)
  • CVE-2018-8781: The udlfbmmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).
  • CVE-2018-10124: The killsomethinginfo function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752).
  • CVE-2018-10087: The kernelwait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the -INTMIN value (bnc#1089608).
  • CVE-2018-7757: Memory leak in the sassmpgetphyevents function in drivers/scsi/libsas/sasexpander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sasphy directory, as demonstrated by the /sys/class/sasphy/phy-1:0:12/invaliddword_count file (bnc#1084536 1087209).
  • CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez was fixed. (bnc#1076537).
  • CVE-2017-11089: A buffer overread was observed in nl80211setstation when user space application sends attribute NL80211ATTRLOCALMESHPOWER_MODE with data of size less than 4 bytes (bnc#1088261).
  • CVE-2017-0861: Use-after-free vulnerability in the sndpcminfo function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260).
  • CVE-2018-8822: Incorrect buffer length handling in the ncpreadkernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162).
  • CVE-2017-18203: The dmgetfromkobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with _dm_destroy during creation and removal of DM devices (bnc#1083242).

The following non-security bugs were fixed:

  • Integrate fixes resulting from bsc#1088147 More info in the respective commit messages.
  • KABI: x86/kaiser: properly align trampoline stack (bsc#1087260).
  • kGraft: fix small race in reversion code (bsc#1083125).
  • kabi/severities: Ignore kgrshadow* kABI changes
  • kvm/x86: fix icebp instruction handling (bsc#1087088).
  • livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296).
  • livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296).
  • x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
  • x86/kaiser: properly align trampoline stack (bsc#1087260).
  • x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 12 / kernel-ec2

Package

Name
kernel-ec2
Purl
purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.128.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-ec2-extra": "3.12.61-52.128.1",
            "kernel-ec2": "3.12.61-52.128.1",
            "kernel-ec2-devel": "3.12.61-52.128.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.128.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.128.1",
            "kernel-devel": "3.12.61-52.128.1",
            "kernel-default-base": "3.12.61-52.128.1",
            "kgraft-patch-3_12_61-52_128-default": "1-1.3.1",
            "kernel-default-man": "3.12.61-52.128.1",
            "kernel-xen-devel": "3.12.61-52.128.1",
            "kernel-xen-base": "3.12.61-52.128.1",
            "kernel-default": "3.12.61-52.128.1",
            "kernel-source": "3.12.61-52.128.1",
            "kgraft-patch-3_12_61-52_128-xen": "1-1.3.1",
            "kernel-syms": "3.12.61-52.128.1",
            "kernel-default-devel": "3.12.61-52.128.1",
            "kernel-xen": "3.12.61-52.128.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.128.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.128.1",
            "kernel-devel": "3.12.61-52.128.1",
            "kernel-default-base": "3.12.61-52.128.1",
            "kgraft-patch-3_12_61-52_128-default": "1-1.3.1",
            "kernel-default-man": "3.12.61-52.128.1",
            "kernel-xen-devel": "3.12.61-52.128.1",
            "kernel-xen-base": "3.12.61-52.128.1",
            "kernel-default": "3.12.61-52.128.1",
            "kernel-source": "3.12.61-52.128.1",
            "kgraft-patch-3_12_61-52_128-xen": "1-1.3.1",
            "kernel-syms": "3.12.61-52.128.1",
            "kernel-default-devel": "3.12.61-52.128.1",
            "kernel-xen": "3.12.61-52.128.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.128.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.128.1",
            "kernel-devel": "3.12.61-52.128.1",
            "kernel-default-base": "3.12.61-52.128.1",
            "kgraft-patch-3_12_61-52_128-default": "1-1.3.1",
            "kernel-default-man": "3.12.61-52.128.1",
            "kernel-xen-devel": "3.12.61-52.128.1",
            "kernel-xen-base": "3.12.61-52.128.1",
            "kernel-default": "3.12.61-52.128.1",
            "kernel-source": "3.12.61-52.128.1",
            "kgraft-patch-3_12_61-52_128-xen": "1-1.3.1",
            "kernel-syms": "3.12.61-52.128.1",
            "kernel-default-devel": "3.12.61-52.128.1",
            "kernel-xen": "3.12.61-52.128.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.128.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.128.1",
            "kernel-devel": "3.12.61-52.128.1",
            "kernel-default-base": "3.12.61-52.128.1",
            "kgraft-patch-3_12_61-52_128-default": "1-1.3.1",
            "kernel-default-man": "3.12.61-52.128.1",
            "kernel-xen-devel": "3.12.61-52.128.1",
            "kernel-xen-base": "3.12.61-52.128.1",
            "kernel-default": "3.12.61-52.128.1",
            "kernel-source": "3.12.61-52.128.1",
            "kgraft-patch-3_12_61-52_128-xen": "1-1.3.1",
            "kernel-syms": "3.12.61-52.128.1",
            "kernel-default-devel": "3.12.61-52.128.1",
            "kernel-xen": "3.12.61-52.128.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kgraft-patch-SLE12_Update_34

Package

Name
kgraft-patch-SLE12_Update_34
Purl
purl:rpm/suse/kgraft-patch-SLE12_Update_34&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-1.3.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.128.1",
            "kernel-devel": "3.12.61-52.128.1",
            "kernel-default-base": "3.12.61-52.128.1",
            "kgraft-patch-3_12_61-52_128-default": "1-1.3.1",
            "kernel-default-man": "3.12.61-52.128.1",
            "kernel-xen-devel": "3.12.61-52.128.1",
            "kernel-xen-base": "3.12.61-52.128.1",
            "kernel-default": "3.12.61-52.128.1",
            "kernel-source": "3.12.61-52.128.1",
            "kgraft-patch-3_12_61-52_128-xen": "1-1.3.1",
            "kernel-syms": "3.12.61-52.128.1",
            "kernel-default-devel": "3.12.61-52.128.1",
            "kernel-xen": "3.12.61-52.128.1"
        }
    ]
}