Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2018:1761-1
Rating:	important
References:	bsc#1038553 bsc#1046610 bsc#1079152 bsc#1082962 bsc#1083382 bsc#1083900 bsc#1087007 bsc#1087012 bsc#1087082 bsc#1087086 bsc#1087095 bsc#1092813 bsc#1092904 bsc#1094033 bsc#1094353 bsc#1094823 bsc#1096140 bsc#1096242 bsc#1096281 bsc#1096480 bsc#1096728 bsc#1097356
Cross-References:	CVE-2017-13305 CVE-2018-1000204 CVE-2018-1092 CVE-2018-1093 CVE-2018-1094 CVE-2018-1130 CVE-2018-3665 CVE-2018-5803 CVE-2018-5848 CVE-2018-7492
CVSS scores:	CVE-2017-13305 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-13305 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2018-1000204 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-1000204 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-1092 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2018-1092 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-1093 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2018-1093 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-1094 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2018-1094 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-1094 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-1130 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-1130 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-3665 ( SUSE ): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N CVE-2018-3665 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-5803 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-5803 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-5848 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-5848 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-7492 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-7492 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	Public Cloud Module 12 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves 10 vulnerabilities and has 12 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086)
• CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356)
• CVE-2018-1000204: Prevent infoleak caused by incorrect handling of the SG_IO ioctl (bsc#1096728)
• CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353)
• CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007).
• CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bsc#1087095).
• CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012).
• CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904)
• CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900)
• CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962)

The following non-security bugs were fixed:

• Btrfs: fix unexpected balance crash due to BUG_ON (bsc#1038553).
• Fix excessive newline in /proc/*/status (bsc#1094823).
• KVM: x86: Sync back MSR_IA32_SPEC_CTRL to VCPU data structure (bsc#1096242, bsc#1096281).
• dm thin metadata: call precommit before saving the roots (bsc#1083382).
• dm thin: fix inability to discard blocks when in out-of-data-space mode (bsc#1083382).
• dm thin: fix missing out-of-data-space to write mode transition if blocks are released (bsc#1083382).
• dm thin: restore requested 'error_if_no_space' setting on OODS to WRITE transition (bsc#1083382).
• dm: fix various targets to dm_register_target after module __init resources created (bsc#1083382).
• kABI: work around BPF SSBD removal (bsc#1087082).
• kgraft/bnx2fc: Do not block kGraft in bnx2fc_l2_rcv kthread (bsc#1094033).
• mm, page_alloc: do not break __GFP_THISNODE by zonelist reset (bsc#1079152).
• usbip: usbip_host: fix NULL-ptr deref and use-after-free errors (bsc#1096480).
• usbip: usbip_host: fix bad unlock balance during stub_probe() (bsc#1096480).
• x86/boot: Fix early command-line parsing when matching at end (bsc#1096281).
• x86/boot: Fix early command-line parsing when partial word matches (bsc#1096281).
• x86/bugs: spec_ctrl must be cleared from cpu_caps_set when being disabled (bsc#1096140).
• x86/kaiser: export symbol kaiser_set_shadow_pgd() (bsc#1092813)
• xen-netfront: fix req_prod check to avoid RX hang when index wraps (bsc#1046610).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• Public Cloud Module 12
  zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1183=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1183=1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1183=1

Package List:

• Public Cloud Module 12 (nosrc x86_64)
  • kernel-ec2-3.12.74-60.64.96.1
• Public Cloud Module 12 (x86_64)
  • kernel-ec2-extra-debuginfo-3.12.74-60.64.96.1
  • kernel-ec2-debugsource-3.12.74-60.64.96.1
  • kernel-ec2-debuginfo-3.12.74-60.64.96.1
  • kernel-ec2-extra-3.12.74-60.64.96.1
  • kernel-ec2-devel-3.12.74-60.64.96.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (nosrc ppc64le x86_64)
  • kernel-default-3.12.74-60.64.96.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • kernel-default-base-debuginfo-3.12.74-60.64.96.1
  • kernel-default-devel-3.12.74-60.64.96.1
  • kernel-default-debugsource-3.12.74-60.64.96.1
  • kernel-default-debuginfo-3.12.74-60.64.96.1
  • kernel-default-base-3.12.74-60.64.96.1
  • kernel-syms-3.12.74-60.64.96.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
  • kernel-xen-devel-3.12.74-60.64.96.1
  • kgraft-patch-3_12_74-60_64_96-default-1-2.3.1
  • kernel-xen-base-3.12.74-60.64.96.1
  • kernel-xen-debugsource-3.12.74-60.64.96.1
  • kgraft-patch-3_12_74-60_64_96-xen-1-2.3.1
  • kernel-xen-debuginfo-3.12.74-60.64.96.1
  • kernel-xen-base-debuginfo-3.12.74-60.64.96.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (noarch)
  • kernel-macros-3.12.74-60.64.96.1
  • kernel-devel-3.12.74-60.64.96.1
  • kernel-source-3.12.74-60.64.96.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (nosrc x86_64)
  • kernel-xen-3.12.74-60.64.96.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (nosrc ppc64le s390x x86_64)
  • kernel-default-3.12.74-60.64.96.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (ppc64le s390x x86_64)
  • kernel-default-base-debuginfo-3.12.74-60.64.96.1
  • kernel-default-devel-3.12.74-60.64.96.1
  • kernel-default-debugsource-3.12.74-60.64.96.1
  • kernel-default-debuginfo-3.12.74-60.64.96.1
  • kernel-default-base-3.12.74-60.64.96.1
  • kernel-syms-3.12.74-60.64.96.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (noarch)
  • kernel-macros-3.12.74-60.64.96.1
  • kernel-devel-3.12.74-60.64.96.1
  • kernel-source-3.12.74-60.64.96.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (s390x)
  • kernel-default-man-3.12.74-60.64.96.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (nosrc x86_64)
  • kernel-xen-3.12.74-60.64.96.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (x86_64)
  • kernel-xen-devel-3.12.74-60.64.96.1
  • kgraft-patch-3_12_74-60_64_96-default-1-2.3.1
  • kernel-xen-base-3.12.74-60.64.96.1
  • kernel-xen-debugsource-3.12.74-60.64.96.1
  • kgraft-patch-3_12_74-60_64_96-xen-1-2.3.1
  • kernel-xen-debuginfo-3.12.74-60.64.96.1
  • kernel-xen-base-debuginfo-3.12.74-60.64.96.1

References:

• https://www.suse.com/security/cve/CVE-2017-13305.html
• https://www.suse.com/security/cve/CVE-2018-1000204.html
• https://www.suse.com/security/cve/CVE-2018-1092.html
• https://www.suse.com/security/cve/CVE-2018-1093.html
• https://www.suse.com/security/cve/CVE-2018-1094.html
• https://www.suse.com/security/cve/CVE-2018-1130.html
• https://www.suse.com/security/cve/CVE-2018-3665.html
• https://www.suse.com/security/cve/CVE-2018-5803.html
• https://www.suse.com/security/cve/CVE-2018-5848.html
• https://www.suse.com/security/cve/CVE-2018-7492.html
• https://bugzilla.suse.com/show_bug.cgi?id=1038553
• https://bugzilla.suse.com/show_bug.cgi?id=1046610
• https://bugzilla.suse.com/show_bug.cgi?id=1079152
• https://bugzilla.suse.com/show_bug.cgi?id=1082962
• https://bugzilla.suse.com/show_bug.cgi?id=1083382
• https://bugzilla.suse.com/show_bug.cgi?id=1083900
• https://bugzilla.suse.com/show_bug.cgi?id=1087007
• https://bugzilla.suse.com/show_bug.cgi?id=1087012
• https://bugzilla.suse.com/show_bug.cgi?id=1087082
• https://bugzilla.suse.com/show_bug.cgi?id=1087086
• https://bugzilla.suse.com/show_bug.cgi?id=1087095
• https://bugzilla.suse.com/show_bug.cgi?id=1092813
• https://bugzilla.suse.com/show_bug.cgi?id=1092904
• https://bugzilla.suse.com/show_bug.cgi?id=1094033
• https://bugzilla.suse.com/show_bug.cgi?id=1094353
• https://bugzilla.suse.com/show_bug.cgi?id=1094823
• https://bugzilla.suse.com/show_bug.cgi?id=1096140
• https://bugzilla.suse.com/show_bug.cgi?id=1096242
• https://bugzilla.suse.com/show_bug.cgi?id=1096281
• https://bugzilla.suse.com/show_bug.cgi?id=1096480
• https://bugzilla.suse.com/show_bug.cgi?id=1096728
• https://bugzilla.suse.com/show_bug.cgi?id=1097356