Security update for the Linux Kernel

Announcement ID: SUSE-SU-2018:1816-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-13305 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2017-13305 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • CVE-2017-17741 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2017-17741 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-18241 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-18249 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-1000199 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2018-1000199 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1065 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1065 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1092 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1092 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-1093 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1093 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-1094 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1094 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-1094 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2018-1130 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1130 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-12233 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
  • CVE-2018-12233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2018-12233 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2018-3639 ( SUSE ): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
  • CVE-2018-3639 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2018-3639 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2018-3665 ( SUSE ): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
  • CVE-2018-3665 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2018-5803 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-5803 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-5848 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-5848 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-7492 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-7492 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-8781 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-8781 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-8781 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Real Time 12 SP3
  • SUSE Linux Enterprise Server 12 SP3

An update that solves 17 vulnerabilities and has 109 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 RT kernel was updated to 4.4.138 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-12233: A memory corruption bug in JFS could have been triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability could be triggered by an unprivileged user with the ability to create files and execute programs (bsc#1097234)
  • CVE-2018-3665: Prevent disclosure of FPU registers (including XMM and AVX registers) between processes. These registers might contain encryption keys when doing SSE accelerated AES enc/decryption (bsc#1087086)
  • CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument could have caused a buffer overflow (bnc#1097356)
  • CVE-2017-18249: The add_free_nid function did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036)
  • CVE-2017-18241: Prevent a NULL pointer dereference by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400)
  • CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read (bnc#1073311)
  • CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads the addresses of all prior memory writes are known may have allowed unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1087082).
  • CVE-2018-8781: The udl_fb_mmap function had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bsc#1090643).
  • CVE-2017-13305: Prevent information disclosure vulnerability in encrypted-keys (bsc#1094353)
  • CVE-2018-1093: The ext4_valid_block_bitmap function allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bsc#1087095)
  • CVE-2018-1094: The ext4_fill_super function did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bsc#1087007)
  • CVE-2018-1092: The ext4_iget function mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bsc#1087012)
  • CVE-2018-1130: NULL pointer dereference in dccp_write_xmit() function that allowed a local user to cause a denial of service by a number of certain crafted system calls (bsc#1092904)
  • CVE-2018-5803: Prevent error in the "_sctp_make_chunk()" function when handling SCTP packets length that could have been exploited to cause a kernel crash (bnc#1083900)
  • CVE-2018-1065: The netfilter subsystem mishandled the case of a rule blob that contains a jump but lacks a user-defined chain, which allowed local users to cause a denial of service (NULL pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN capability (bsc#1083650)
  • CVE-2018-7492: Prevent NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function that allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bsc#1082962)
  • CVE-2018-1000199: Prevent vulnerability in modify_user_hw_breakpoint() that could have caused a crash and possibly memory corruption (bsc#1089895)

The following non-security bugs were fixed:

  • 8139too: Use disable_irq_nosync() in rtl8139_poll_controller() (bnc#1012382).
  • ACPI / hotplug / PCI: Check presence of slot itself in get_slot_status() (bnc#1012382).
  • ACPI / scan: Send change uevent with offine environmental data (bsc#1082485).
  • ACPI / video: Add quirk to force acpi-video backlight on Samsung 670Z5E (bnc#1012382).
  • ACPI: acpi_pad: Fix memory leak in power saving threads (bnc#1012382).
  • ACPI: processor_perflib: Do not send _PPC change notification if not ready (bnc#1012382).
  • ACPICA: Events: add a return on failure from acpi_hw_register_read (bnc#1012382).
  • ACPICA: acpi: acpica: fix acpi operand cache leak in nseval.c (bnc#1012382).
  • ALSA: aloop: Add missing cable lock to ctl API callbacks (bnc#1012382).
  • ALSA: aloop: Mark paused device as inactive (bnc#1012382).
  • ALSA: asihpi: Hardening for potential Spectre v1 (bnc#1012382).
  • ALSA: control: Hardening for potential Spectre v1 (bnc#1012382).
  • ALSA: control: fix a redundant-copy issue (bnc#1012382).
  • ALSA: core: Report audio_tstamp in snd_pcm_sync_ptr (bnc#1012382).
  • ALSA: hda - New VIA controller suppor no-snoop path (bnc#1012382).
  • ALSA: hda - Use IS_REACHABLE() for dependency on input (bnc#1012382 bsc#1031717).
  • ALSA: hda/conexant - Add fixup for HP Z2 G4 workstation (bsc#1092975).
  • ALSA: hda/realtek - Add some fixes for ALC233 (bnc#1012382).
  • ALSA: hda: Add Lenovo C50 All in one to the power_save blacklist (bnc#1012382).
  • ALSA: hda: Hardening for potential Spectre v1 (bnc#1012382).
  • ALSA: hdspm: Hardening for potential Spectre v1 (bnc#1012382).
  • ALSA: line6: Use correct endpoint type for midi output (bnc#1012382).
  • ALSA: opl3: Hardening for potential Spectre v1 (bnc#1012382).
  • ALSA: oss: consolidate kmalloc/memset 0 call to kzalloc (bnc#1012382).
  • ALSA: pcm: Avoid potential races between OSS ioctls and read/write (bnc#1012382).
  • ALSA: pcm: Check PCM state at xfern compat ioctl (bnc#1012382).
  • ALSA: pcm: Fix UAF at PCM release via PCM timer access (bnc#1012382).
  • ALSA: pcm: Fix endless loop for XRUN recovery in OSS emulation (bnc#1012382).
  • ALSA: pcm: Fix mutex unbalance in OSS emulation ioctls (bnc#1012382).
  • ALSA: pcm: Return -EBUSY for OSS ioctls changing busy streams (bnc#1012382).
  • ALSA: pcm: Use ERESTARTSYS instead of EINTR in OSS emulation (bnc#1012382).
  • ALSA: rawmidi: Fix missing input substream checks in compat ioctls (bnc#1012382).
  • ALSA: rme9652: Hardening for potential Spectre v1 (bnc#1012382).
  • ALSA: seq: Fix races at MIDI encoding in snd_virmidi_output_trigger() (bnc#1012382).
  • ALSA: seq: oss: Fix unbalanced use lock for synth MIDI device (bnc#1012382).
  • ALSA: seq: oss: Hardening for potential Spectre v1 (bnc#1012382).
  • ALSA: timer: Call notifier in the same spinlock (bnc#1012382 bsc#973378).
  • ALSA: timer: Fix pause event notification (bnc#1012382 bsc#973378).
  • ALSA: timer: Fix pause event notification (bsc#973378).
  • ALSA: usb-audio: Skip broken EU on Dell dock USB-audio (bsc#1090658).
  • ALSA: usb: mixer: volume quirk for CM102-A+/102S+ (bnc#1012382).
  • ALSA: vmaster: Propagate slave error (bnc#1012382).
  • ARC: Fix malformed ARC_EMUL_UNALIGNED default (bnc#1012382).
  • ARM: 8748/1: mm: Define vdso_start, vdso_end as array (bnc#1012382).
  • ARM: 8769/1: kprobes: Fix to use get_kprobe_ctlblk after irq-disabed (bnc#1012382).
  • ARM: 8770/1: kprobes: Prohibit probing on optimized_callback (bnc#1012382).
  • ARM: 8771/1: kprobes: Prohibit kprobes on do_undefinstr (bnc#1012382).
  • ARM: 8772/1: kprobes: Prohibit kprobes on get_user functions (bnc#1012382).
  • ARM: OMAP1: clock: Fix debugfs_create_*() usage (bnc#1012382).
  • ARM: OMAP2+: timer: fix a kmemleak caused in omap_get_timer_dt (bnc#1012382).
  • ARM: OMAP3: Fix prm wake interrupt for resume (bnc#1012382).
  • ARM: OMAP: Fix dmtimer init for omap1 (bnc#1012382).
  • ARM: amba: Do not read past the end of sysfs "driver_override" buffer (bnc#1012382).
  • ARM: amba: Fix race condition with driver_override (bnc#1012382).
  • ARM: amba: Make driver_override output consistent with other buses (bnc#1012382).
  • ARM: dts: at91: at91sam9g25: fix mux-mask pinctrl property (bnc#1012382).
  • ARM: dts: at91: sama5d4: fix pinctrl compatible string (bnc#1012382).
  • ASoC: Intel: sst: remove redundant variable dma_dev_name (bnc#1012382).
  • ASoC: au1x: Fix timeout tests in au1xac97c_ac97_read() (bnc#1012382 bsc#1031717).
  • ASoC: fsl_esai: Fix divisor calculation failure at lower ratio (bnc#1012382).
  • ASoC: samsung: i2s: Ensure the RCLK rate is properly determined (bnc#1012382).
  • ASoC: ssm2602: Replace reg_default_raw with reg_default (bnc#1012382).
  • ASoC: topology: create TLV data for dapm widgets (bnc#1012382).
  • Bluetooth: Apply QCA Rome patches for some ATH3012 models (bsc#1082504, bsc#1095147).
  • Bluetooth: btusb: Add USB ID 7392:a611 for Edimax EW-7611ULB (bnc#1012382).
  • Bluetooth: btusb: Add device ID for RTL8822BE (bnc#1012382).
  • Btrfs: Fix out of bounds access in btrfs_search