1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2018:0848-1

[SUSE-SU-2018:0848-1] Security update for the Linux Kernel

Severity Important
Affected Packages 21
CVEs 19
Info Packages References Vulnerabilities

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107).
  • CVE-2017-18221: The __munlock_pagevec function allowed local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls (bnc#1084323).
  • CVE-2018-1066: Prevent NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response was mishandled during session recovery (bnc#1083640).
  • CVE-2017-13166: Prevent elevation of privilege vulnerability in the kernel v4l2 video driver (bnc#1072865).
  • CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose kernel memory addresses. Successful exploitation required that a USB device was attached over IP (bnc#1078674).
  • CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key that already exists but is uninstantiated, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call (bnc#1063416).
  • CVE-2017-18208: The madvise_willneed function kernel allowed local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping (bnc#1083494).
  • CVE-2018-7566: The ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A user could have reset the pool size manually via ioctl concurrently, which may have lead UAF or out-of-bound access (bsc#1083483).
  • CVE-2017-18204: The ocfs2_setattr function allowed local users to cause a denial of service (deadlock) via DIO requests (bnc#1083244).
  • CVE-2017-16644: The hdpvr_probe function allowed local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067118).
  • CVE-2018-6927: The futex_requeue function allowed attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value (bnc#1080757).
  • CVE-2017-16914: The 'stub_send_ret_submit()' function allowed attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet (bnc#1078669).
  • CVE-2016-7915: The hid_input_field function allowed physically proximate attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) by connecting a device (bnc#1010470).
  • CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions did unbalanced refcounting when a SCSI I/O vector had small consecutive buffers belonging to the same page. The bio_add_pc_page function merged them into one, but the page reference was never dropped. This caused a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition (bnc#1062568).
  • CVE-2017-16912: The 'get_pipe()' function allowed attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet (bnc#1078673).
  • CVE-2017-16913: The 'stub_recv_cmd_submit()' function when handling CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet (bnc#1078672).
  • CVE-2018-5332: The rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).
  • CVE-2018-5333: The rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).
  • CVE-2017-18017: The tcpmss_mangle_packet function allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).

The following non-security bugs were fixed:

  • KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).
  • KEYS: fix writing past end of user-supplied buffer in keyring_read() (bsc#1066001).
  • KEYS: return full count in keyring_read() if buffer is too small (bsc#1066001).
  • NFS: Add a cond_resched() to nfs_commit_release_pages() (bsc#1077779).
  • btrfs: qgroup: move noisy underflow warning to debugging build (bsc#1055755 and bsc#1080287).
  • ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).
  • ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).
  • ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).
  • x86/kaiser: use trampoline stack for kernel entry (bsc#1077560)
  • leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).
  • livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c. Shadow variables support (bsc#1082299).
  • livepatch: introduce shadow variable API. Shadow variables support (bsc#1082299)
  • media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: do not copy back the result for certain errors (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).
  • media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 (bnc#1012382).
  • media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).
  • media: v4l2-ioctl.c: do not copy back the result for -ENOTTY (bnc#1012382).
  • netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets (bsc#1085107).
  • netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).
  • packet: only call dev_add_pack() on freshly allocated fanout instances
  • pipe: cap initial pipe capacity according to pipe-max-size limit (bsc#1045330).
  • powerpc/64s: Improve RFI L1-D cache flush fallback (bsc#1068032, bsc#1077182).
  • powerpc/numa: Invalidate numa_cpu_lookup_table on cpu remove (bsc#1081512).
  • powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032, bsc#1077182).
  • powerpc/powernv: Support firmware disable of RFI flush (bsc#1068032, bsc#1077182).
  • powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032, bsc#1077182).
  • powerpc/pseries: Support firmware disable of RFI flush (bsc#1068032, bsc#1077182).
  • rfi-flush: Move the logic to avoid a redo into the debugfs code (bsc#1068032, bsc#1077182).
  • rfi-flush: Switch to new linear fallback flush (bsc#1068032, bsc#1077182).
Package Affected Version
pkg:rpm/suse/kgraft-patch-3_12_74-60_64_85-xen?arch=x86_64&distro=sles-12&sp=1 < 1-2.3.1
pkg:rpm/suse/kgraft-patch-3_12_74-60_64_85-default?arch=x86_64&distro=sles-12&sp=1 < 1-2.3.1
pkg:rpm/suse/kernel-xen?arch=x86_64&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-xen-devel?arch=x86_64&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-xen-base?arch=x86_64&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-12&sp=1 < 3.12.74-60.64.85.1
ID
SUSE-SU-2018:0848-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2018/suse-su-20180848-1/
Published
2018-03-29T12:28:31
(6 years ago)
Modified
2018-03-29T12:28:31
(6 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0848-1.json
Suse URL for SUSE-SU-2018:0848-1 https://www.suse.com/support/update/announcement/2018/suse-su-20180848-1/
Suse E-Mail link for SUSE-SU-2018:0848-1 https://lists.suse.com/pipermail/sle-security-updates/2018-March/003857.html
Bugzilla SUSE Bug 1010470 https://bugzilla.suse.com/1010470
Bugzilla SUSE Bug 1012382 https://bugzilla.suse.com/1012382
Bugzilla SUSE Bug 1045330 https://bugzilla.suse.com/1045330
Bugzilla SUSE Bug 1055755 https://bugzilla.suse.com/1055755
Bugzilla SUSE Bug 1062568 https://bugzilla.suse.com/1062568
Bugzilla SUSE Bug 1063416 https://bugzilla.suse.com/1063416
Bugzilla SUSE Bug 1066001 https://bugzilla.suse.com/1066001
Bugzilla SUSE Bug 1067118 https://bugzilla.suse.com/1067118
Bugzilla SUSE Bug 1068032 https://bugzilla.suse.com/1068032
Bugzilla SUSE Bug 1072689 https://bugzilla.suse.com/1072689
Bugzilla SUSE Bug 1072865 https://bugzilla.suse.com/1072865
Bugzilla SUSE Bug 1074488 https://bugzilla.suse.com/1074488
Bugzilla SUSE Bug 1075617 https://bugzilla.suse.com/1075617
Bugzilla SUSE Bug 1075621 https://bugzilla.suse.com/1075621
Bugzilla SUSE Bug 1077182 https://bugzilla.suse.com/1077182
Bugzilla SUSE Bug 1077560 https://bugzilla.suse.com/1077560
Bugzilla SUSE Bug 1077779 https://bugzilla.suse.com/1077779
Bugzilla SUSE Bug 1078669 https://bugzilla.suse.com/1078669
Bugzilla SUSE Bug 1078672 https://bugzilla.suse.com/1078672
Bugzilla SUSE Bug 1078673 https://bugzilla.suse.com/1078673
Bugzilla SUSE Bug 1078674 https://bugzilla.suse.com/1078674
Bugzilla SUSE Bug 1080255 https://bugzilla.suse.com/1080255
Bugzilla SUSE Bug 1080287 https://bugzilla.suse.com/1080287
Bugzilla SUSE Bug 1080464 https://bugzilla.suse.com/1080464
Bugzilla SUSE Bug 1080757 https://bugzilla.suse.com/1080757
Bugzilla SUSE Bug 1081512 https://bugzilla.suse.com/1081512
Bugzilla SUSE Bug 1082299 https://bugzilla.suse.com/1082299
Bugzilla SUSE Bug 1083244 https://bugzilla.suse.com/1083244
Bugzilla SUSE Bug 1083483 https://bugzilla.suse.com/1083483
Bugzilla SUSE Bug 1083494 https://bugzilla.suse.com/1083494
Bugzilla SUSE Bug 1083640 https://bugzilla.suse.com/1083640
Bugzilla SUSE Bug 1084323 https://bugzilla.suse.com/1084323
Bugzilla SUSE Bug 1085107 https://bugzilla.suse.com/1085107
Bugzilla SUSE Bug 1085114 https://bugzilla.suse.com/1085114
Bugzilla SUSE Bug 1085447 https://bugzilla.suse.com/1085447
CVE SUSE CVE CVE-2016-7915 page https://www.suse.com/security/cve/CVE-2016-7915/
CVE SUSE CVE CVE-2017-12190 page https://www.suse.com/security/cve/CVE-2017-12190/
CVE SUSE CVE CVE-2017-13166 page https://www.suse.com/security/cve/CVE-2017-13166/
CVE SUSE CVE CVE-2017-15299 page https://www.suse.com/security/cve/CVE-2017-15299/
CVE SUSE CVE CVE-2017-16644 page https://www.suse.com/security/cve/CVE-2017-16644/
CVE SUSE CVE CVE-2017-16911 page https://www.suse.com/security/cve/CVE-2017-16911/
CVE SUSE CVE CVE-2017-16912 page https://www.suse.com/security/cve/CVE-2017-16912/
CVE SUSE CVE CVE-2017-16913 page https://www.suse.com/security/cve/CVE-2017-16913/
CVE SUSE CVE CVE-2017-16914 page https://www.suse.com/security/cve/CVE-2017-16914/
CVE SUSE CVE CVE-2017-18017 page https://www.suse.com/security/cve/CVE-2017-18017/
CVE SUSE CVE CVE-2017-18204 page https://www.suse.com/security/cve/CVE-2017-18204/
CVE SUSE CVE CVE-2017-18208 page https://www.suse.com/security/cve/CVE-2017-18208/
CVE SUSE CVE CVE-2017-18221 page https://www.suse.com/security/cve/CVE-2017-18221/
CVE SUSE CVE CVE-2018-1066 page https://www.suse.com/security/cve/CVE-2018-1066/
CVE SUSE CVE CVE-2018-1068 page https://www.suse.com/security/cve/CVE-2018-1068/
CVE SUSE CVE CVE-2018-5332 page https://www.suse.com/security/cve/CVE-2018-5332/
CVE SUSE CVE CVE-2018-5333 page https://www.suse.com/security/cve/CVE-2018-5333/
CVE SUSE CVE CVE-2018-6927 page https://www.suse.com/security/cve/CVE-2018-6927/
CVE SUSE CVE CVE-2018-7566 page https://www.suse.com/security/cve/CVE-2018-7566/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/kgraft-patch-3_12_74-60_64_85-xen?arch=x86_64&distro=sles-12&sp=1 suse kgraft-patch-3_12_74-60_64_85-xen < 1-2.3.1 sles-12 x86_64
Affected pkg:rpm/suse/kgraft-patch-3_12_74-60_64_85-default?arch=x86_64&distro=sles-12&sp=1 suse kgraft-patch-3_12_74-60_64_85-default < 1-2.3.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-xen?arch=x86_64&distro=sles-12&sp=1 suse kernel-xen < 3.12.74-60.64.85.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-xen-devel?arch=x86_64&distro=sles-12&sp=1 suse kernel-xen-devel < 3.12.74-60.64.85.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-xen-base?arch=x86_64&distro=sles-12&sp=1 suse kernel-xen-base < 3.12.74-60.64.85.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=1 suse kernel-syms < 3.12.74-60.64.85.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-syms?arch=s390x&distro=sles-12&sp=1 suse kernel-syms < 3.12.74-60.64.85.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-syms?arch=ppc64le&distro=sles-12&sp=1 suse kernel-syms < 3.12.74-60.64.85.1 sles-12 ppc64le
Affected pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=1 suse kernel-source < 3.12.74-60.64.85.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=1 suse kernel-macros < 3.12.74-60.64.85.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=1 suse kernel-devel < 3.12.74-60.64.85.1 sles-12 noarch
Affected pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=1 suse kernel-default < 3.12.74-60.64.85.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-default?arch=s390x&distro=sles-12&sp=1 suse kernel-default < 3.12.74-60.64.85.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default?arch=ppc64le&distro=sles-12&sp=1 suse kernel-default < 3.12.74-60.64.85.1 sles-12 ppc64le
Affected pkg:rpm/suse/kernel-default-man?arch=s390x&distro=sles-12&sp=1 suse kernel-default-man < 3.12.74-60.64.85.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=1 suse kernel-default-devel < 3.12.74-60.64.85.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-default-devel?arch=s390x&distro=sles-12&sp=1 suse kernel-default-devel < 3.12.74-60.64.85.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default-devel?arch=ppc64le&distro=sles-12&sp=1 suse kernel-default-devel < 3.12.74-60.64.85.1 sles-12 ppc64le
Affected pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=1 suse kernel-default-base < 3.12.74-60.64.85.1 sles-12 x86_64
Affected pkg:rpm/suse/kernel-default-base?arch=s390x&distro=sles-12&sp=1 suse kernel-default-base < 3.12.74-60.64.85.1 sles-12 s390x
Affected pkg:rpm/suse/kernel-default-base?arch=ppc64le&distro=sles-12&sp=1 suse kernel-default-base < 3.12.74-60.64.85.1 sles-12 ppc64le
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date