[SUSE-SU-2018:1855-2] Security update for the Linux Kernel

Severity Important

Affected Packages 8

CVEs 14

Security update for the Linux Kernel

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated receive various security and bugfixes.

The following security bugs were fixed:

CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356)
CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728).
CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036)
CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086)
CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400)
CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353).
CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c did not validate bitmap block numbers (bsc#1087095).
CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007).
CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012).
CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904).
CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650).
CVE-2018-5803: Prevent error in the '_sctp_make_chunk()' function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900).
CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962).
CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895).

The following non-security bugs were fixed:

ALSA: timer: Fix pause event notification (bsc#973378).
Fix excessive newline in /proc/*/status (bsc#1094823).
Fix the patch content (bsc#1085185)
KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281).
Revert 'bs-upload-kernel: do not set %opensuse_bs' This reverts commit e89e2b8cbef05df6c874ba70af3cb4c57f82a821.
ipv6: add mtu lock check in __ip6_rt_update_pmtu (bsc#1092552).
ipv6: omit traffic class when calculating flow hash (bsc#1095042).
kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033).
mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152, VM Functionality).
x86/boot: Fix early command-line parsing when partial word matches (bsc#1096140).
x86/bugs: IBRS: make runtime disabling fully dynamic (bsc#1096281).
x86/bugs: Respect retpoline command line option (bsc#1068032).
x86/bugs: correctly force-disable IBRS on !SKL systems (bsc#1092497).
x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140).
x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
xfs: convert XFS_AGFL_SIZE to a helper function (bsc#1090955, bsc#1090534).
xfs: detect agfl count corruption and reset agfl (bsc#1090955, bsc#1090534).
xfs: do not log/recover swapext extent owner changes for deleted inodes (bsc#1090955).

Package	Affected Version
pkg:rpm/suse/kgraft-patch-4_4_121-92_85-default?arch=x86_64&distro=sles-12&sp=2	< 1-3.5.1
pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=2	< 4.4.121-92.85.1
pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=2	< 4.4.121-92.85.1
pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=2	< 4.4.121-92.85.1
pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=2	< 4.4.121-92.85.1
pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=2	< 4.4.121-92.85.1
pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=2	< 4.4.121-92.85.1
pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=2	< 4.4.121-92.85.1

ID

SUSE-SU-2018:1855-2

Severity

important

URL

https://www.suse.com/support/update/announcement/2018/suse-su-20181855-2/

Published

2018-10-18T12:47:06
(6 years ago)

Modified

2018-10-18T12:47:06
(6 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1855-2.json
Suse	URL for SUSE-SU-2018:1855-2	https://www.suse.com/support/update/announcement/2018/suse-su-20181855-2/
Suse	E-Mail link for SUSE-SU-2018:1855-2	https://lists.suse.com/pipermail/sle-security-updates/2018-October/004702.html
Bugzilla	SUSE Bug 1068032	https://bugzilla.suse.com/1068032
Bugzilla	SUSE Bug 1079152	https://bugzilla.suse.com/1079152
Bugzilla	SUSE Bug 1082962	https://bugzilla.suse.com/1082962
Bugzilla	SUSE Bug 1083650	https://bugzilla.suse.com/1083650
Bugzilla	SUSE Bug 1083900	https://bugzilla.suse.com/1083900
Bugzilla	SUSE Bug 1085185	https://bugzilla.suse.com/1085185
Bugzilla	SUSE Bug 1086400	https://bugzilla.suse.com/1086400
Bugzilla	SUSE Bug 1087007	https://bugzilla.suse.com/1087007
Bugzilla	SUSE Bug 1087012	https://bugzilla.suse.com/1087012
Bugzilla	SUSE Bug 1087036	https://bugzilla.suse.com/1087036
Bugzilla	SUSE Bug 1087086	https://bugzilla.suse.com/1087086
Bugzilla	SUSE Bug 1087095	https://bugzilla.suse.com/1087095
Bugzilla	SUSE Bug 1089895	https://bugzilla.suse.com/1089895
Bugzilla	SUSE Bug 1090534	https://bugzilla.suse.com/1090534
Bugzilla	SUSE Bug 1090955	https://bugzilla.suse.com/1090955
Bugzilla	SUSE Bug 1092497	https://bugzilla.suse.com/1092497
Bugzilla	SUSE Bug 1092552	https://bugzilla.suse.com/1092552
Bugzilla	SUSE Bug 1092813	https://bugzilla.suse.com/1092813
Bugzilla	SUSE Bug 1092904	https://bugzilla.suse.com/1092904
Bugzilla	SUSE Bug 1094033	https://bugzilla.suse.com/1094033
Bugzilla	SUSE Bug 1094353	https://bugzilla.suse.com/1094353
Bugzilla	SUSE Bug 1094823	https://bugzilla.suse.com/1094823
Bugzilla	SUSE Bug 1095042	https://bugzilla.suse.com/1095042
Bugzilla	SUSE Bug 1096140	https://bugzilla.suse.com/1096140
Bugzilla	SUSE Bug 1096242	https://bugzilla.suse.com/1096242
Bugzilla	SUSE Bug 1096281	https://bugzilla.suse.com/1096281
Bugzilla	SUSE Bug 1096728	https://bugzilla.suse.com/1096728
Bugzilla	SUSE Bug 1097356	https://bugzilla.suse.com/1097356
Bugzilla	SUSE Bug 973378	https://bugzilla.suse.com/973378
CVE	SUSE CVE CVE-2017-13305 page	https://www.suse.com/security/cve/CVE-2017-13305/
CVE	SUSE CVE CVE-2017-18241 page	https://www.suse.com/security/cve/CVE-2017-18241/
CVE	SUSE CVE CVE-2017-18249 page	https://www.suse.com/security/cve/CVE-2017-18249/
CVE	SUSE CVE CVE-2018-1000199 page	https://www.suse.com/security/cve/CVE-2018-1000199/
CVE	SUSE CVE CVE-2018-1000204 page	https://www.suse.com/security/cve/CVE-2018-1000204/
CVE	SUSE CVE CVE-2018-1065 page	https://www.suse.com/security/cve/CVE-2018-1065/
CVE	SUSE CVE CVE-2018-1092 page	https://www.suse.com/security/cve/CVE-2018-1092/
CVE	SUSE CVE CVE-2018-1093 page	https://www.suse.com/security/cve/CVE-2018-1093/
CVE	SUSE CVE CVE-2018-1094 page	https://www.suse.com/security/cve/CVE-2018-1094/
CVE	SUSE CVE CVE-2018-1130 page	https://www.suse.com/security/cve/CVE-2018-1130/
CVE	SUSE CVE CVE-2018-3665 page	https://www.suse.com/security/cve/CVE-2018-3665/
CVE	SUSE CVE CVE-2018-5803 page	https://www.suse.com/security/cve/CVE-2018-5803/
CVE	SUSE CVE CVE-2018-5848 page	https://www.suse.com/security/cve/CVE-2018-5848/
CVE	SUSE CVE CVE-2018-7492 page	https://www.suse.com/security/cve/CVE-2018-7492/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/kgraft-patch-4_4_121-92_85-default?arch=x86_64&distro=sles-12&sp=2	suse	kgraft-patch-4_4_121-92_85-default	< 1-3.5.1	sles-12	x86_64
Affected	pkg:rpm/suse/kernel-syms?arch=x86_64&distro=sles-12&sp=2	suse	kernel-syms	< 4.4.121-92.85.1	sles-12	x86_64
Affected	pkg:rpm/suse/kernel-source?arch=noarch&distro=sles-12&sp=2	suse	kernel-source	< 4.4.121-92.85.1	sles-12	noarch
Affected	pkg:rpm/suse/kernel-macros?arch=noarch&distro=sles-12&sp=2	suse	kernel-macros	< 4.4.121-92.85.1	sles-12	noarch
Affected	pkg:rpm/suse/kernel-devel?arch=noarch&distro=sles-12&sp=2	suse	kernel-devel	< 4.4.121-92.85.1	sles-12	noarch
Affected	pkg:rpm/suse/kernel-default?arch=x86_64&distro=sles-12&sp=2	suse	kernel-default	< 4.4.121-92.85.1	sles-12	x86_64
Affected	pkg:rpm/suse/kernel-default-devel?arch=x86_64&distro=sles-12&sp=2	suse	kernel-default-devel	< 4.4.121-92.85.1	sles-12	x86_64
Affected	pkg:rpm/suse/kernel-default-base?arch=x86_64&distro=sles-12&sp=2	suse	kernel-default-base	< 4.4.121-92.85.1	sles-12	x86_64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date