Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2018:2332-1
Rating:	important
References:	bsc#1082962 bsc#1083900 bsc#1085107 bsc#1087081 bsc#1089343 bsc#1092904 bsc#1094353 bsc#1096480 bsc#1096728 bsc#1097234 bsc#1098016 bsc#1099924 bsc#1099942 bsc#1100418 bsc#1104475 bsc#1104684 bsc#909361
Cross-References:	CVE-2016-8405 CVE-2017-13305 CVE-2018-1000204 CVE-2018-1068 CVE-2018-1130 CVE-2018-12233 CVE-2018-13053 CVE-2018-13406 CVE-2018-3620 CVE-2018-3646 CVE-2018-5803 CVE-2018-5814 CVE-2018-7492
CVSS scores:	CVE-2016-8405 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2017-13305 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-13305 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVE-2018-1000204 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-1000204 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2018-1068 ( SUSE ): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-1068 ( NVD ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2018-1068 ( NVD ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2018-1130 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-1130 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-12233 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVE-2018-12233 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-12233 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-13053 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2018-13053 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2018-13406 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-13406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-13406 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-3620 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-3620 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-3646 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-3646 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2018-5803 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-5803 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-5814 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2018-5814 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2018-7492 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-7492 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SLES for SAP Applications 11-SP4 SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4

An update that solves 13 vulnerabilities and has four security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081).
• CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343).
• CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could lead to a local kernel information leak manifesting in up to approximately 1000 memory pages copied to the userspace. The problem has limited scope as non-privileged users usually have no permissions to access SCSI device files. (bnc#1096728).
• CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktime_add_safe is not used (bnc#1099924).
• CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418).
• CVE-2016-8405: An information disclosure vulnerability in kernel components including the ION subsystem, Binder, USB driver and networking subsystem could enable a local malicious application to access data outside of its permission levels. (bnc#1099942).
• CVE-2018-5814: Multiple race condition errors when handling probe, disconnect, and rebind operations could be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets (bnc#1096480).
• CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. (bnc#1097234).
• CVE-2017-13305: A information disclosure vulnerability in the Upstream kernel encrypted-keys. (bnc#1094353).
• CVE-2018-1130: A null pointer dereference in dccp_write_xmit() function in net/dccp/output.c allowed a local user to cause a denial of service by a number of certain crafted system calls (bnc#1092904).
• CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall interface for bridging. This allowed a privileged user to arbitrarily write to a limited range of kernel memory (bnc#1085107).
• CVE-2018-5803: An error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be exploited to cause a kernel crash (bnc#1083900).
• CVE-2018-7492: A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function allowed local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST (bnc#1082962).

The following non-security bugs were fixed:

• cpu/hotplug: Add sysfs state interface (bsc#1089343).
• cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
• cpu/hotplug: Split do_cpu_down() (bsc#1089343).
• disable-prot_none_mitigation.patch: disable prot_none native mitigation (bnc#1104684)
• fix pgd underflow (bnc#1104475) custom walk_page_range rework was incorrect and could underflow pgd if the given range was below a first vma.
• slab: introduce kmalloc_array() (bsc#909361).
• x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343).
• x86/cpu/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343).
• x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).
• x86/cpu/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343).
• x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).
• x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
• x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343).
• x86/cpu: Remove the pointless CPU printout (bsc#1089343).
• x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).
• x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343).
• x86/smp: Provide topology_is_primary_thread() (bsc#1089343).
• x86/topology: Add topology_max_smt_threads() (bsc#1089343).
• x86/topology: Provide topology_smt_supported() (bsc#1089343).
• xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
• xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343).
• xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).
• x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Software Development Kit 11 SP4
  zypper in -t patch sdksp4-kernel-201808-13728=1
• SUSE Linux Enterprise Server 11 SP4
  zypper in -t patch slessp4-kernel-201808-13728=1
• SLES for SAP Applications 11-SP4
  zypper in -t patch slessp4-kernel-201808-13728=1

Package List:

• SUSE Linux Enterprise Software Development Kit 11 SP4 (noarch)
  • kernel-docs-3.0.101-108.68.1
• SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64 nosrc)
  • kernel-trace-3.0.101-108.68.1
  • kernel-default-3.0.101-108.68.1
• SUSE Linux Enterprise Server 11 SP4 (s390x x86_64 i586 ppc64 ia64)
  • kernel-default-base-3.0.101-108.68.1
  • kernel-source-3.0.101-108.68.1
  • kernel-trace-devel-3.0.101-108.68.1
  • kernel-trace-base-3.0.101-108.68.1
  • kernel-syms-3.0.101-108.68.1
  • kernel-default-devel-3.0.101-108.68.1
• SUSE Linux Enterprise Server 11 SP4 (nosrc x86_64 i586)
  • kernel-ec2-3.0.101-108.68.1
  • kernel-xen-3.0.101-108.68.1
• SUSE Linux Enterprise Server 11 SP4 (x86_64 i586)
  • kernel-ec2-devel-3.0.101-108.68.1
  • kernel-xen-base-3.0.101-108.68.1
  • kernel-ec2-base-3.0.101-108.68.1
  • kernel-xen-devel-3.0.101-108.68.1
• SUSE Linux Enterprise Server 11 SP4 (nosrc i586)
  • kernel-pae-3.0.101-108.68.1
• SUSE Linux Enterprise Server 11 SP4 (i586)
  • kernel-pae-devel-3.0.101-108.68.1
  • kernel-pae-base-3.0.101-108.68.1
• SUSE Linux Enterprise Server 11 SP4 (ppc64 nosrc)
  • kernel-bigmem-3.0.101-108.68.1
  • kernel-ppc64-3.0.101-108.68.1
• SUSE Linux Enterprise Server 11 SP4 (ppc64)
  • kernel-bigmem-base-3.0.101-108.68.1
  • kernel-bigmem-devel-3.0.101-108.68.1
  • kernel-ppc64-devel-3.0.101-108.68.1
  • kernel-ppc64-base-3.0.101-108.68.1
• SUSE Linux Enterprise Server 11 SP4 (s390x)
  • kernel-default-man-3.0.101-108.68.1
• SLES for SAP Applications 11-SP4 (ppc64 nosrc)
  • kernel-bigmem-3.0.101-108.68.1
  • kernel-ppc64-3.0.101-108.68.1
• SLES for SAP Applications 11-SP4 (ppc64)
  • kernel-bigmem-base-3.0.101-108.68.1
  • kernel-bigmem-devel-3.0.101-108.68.1
  • kernel-ppc64-devel-3.0.101-108.68.1
  • kernel-ppc64-base-3.0.101-108.68.1
• SLES for SAP Applications 11-SP4 (ppc64 nosrc x86_64)
  • kernel-trace-3.0.101-108.68.1
  • kernel-default-3.0.101-108.68.1
• SLES for SAP Applications 11-SP4 (ppc64 x86_64)
  • kernel-default-base-3.0.101-108.68.1
  • kernel-source-3.0.101-108.68.1
  • kernel-trace-devel-3.0.101-108.68.1
  • kernel-trace-base-3.0.101-108.68.1
  • kernel-syms-3.0.101-108.68.1
  • kernel-default-devel-3.0.101-108.68.1
• SLES for SAP Applications 11-SP4 (nosrc x86_64)
  • kernel-ec2-3.0.101-108.68.1
  • kernel-xen-3.0.101-108.68.1
• SLES for SAP Applications 11-SP4 (x86_64)
  • kernel-ec2-devel-3.0.101-108.68.1
  • kernel-xen-base-3.0.101-108.68.1
  • kernel-ec2-base-3.0.101-108.68.1
  • kernel-xen-devel-3.0.101-108.68.1

References:

• https://www.suse.com/security/cve/CVE-2016-8405.html
• https://www.suse.com/security/cve/CVE-2017-13305.html
• https://www.suse.com/security/cve/CVE-2018-1000204.html
• https://www.suse.com/security/cve/CVE-2018-1068.html
• https://www.suse.com/security/cve/CVE-2018-1130.html
• https://www.suse.com/security/cve/CVE-2018-12233.html
• https://www.suse.com/security/cve/CVE-2018-13053.html
• https://www.suse.com/security/cve/CVE-2018-13406.html
• https://www.suse.com/security/cve/CVE-2018-3620.html
• https://www.suse.com/security/cve/CVE-2018-3646.html
• https://www.suse.com/security/cve/CVE-2018-5803.html
• https://www.suse.com/security/cve/CVE-2018-5814.html
• https://www.suse.com/security/cve/CVE-2018-7492.html
• https://bugzilla.suse.com/show_bug.cgi?id=1082962
• https://bugzilla.suse.com/show_bug.cgi?id=1083900
• https://bugzilla.suse.com/show_bug.cgi?id=1085107
• https://bugzilla.suse.com/show_bug.cgi?id=1087081
• https://bugzilla.suse.com/show_bug.cgi?id=1089343
• https://bugzilla.suse.com/show_bug.cgi?id=1092904
• https://bugzilla.suse.com/show_bug.cgi?id=1094353
• https://bugzilla.suse.com/show_bug.cgi?id=1096480
• https://bugzilla.suse.com/show_bug.cgi?id=1096728
• https://bugzilla.suse.com/show_bug.cgi?id=1097234
• https://bugzilla.suse.com/show_bug.cgi?id=1098016
• https://bugzilla.suse.com/show_bug.cgi?id=1099924
• https://bugzilla.suse.com/show_bug.cgi?id=1099942
• https://bugzilla.suse.com/show_bug.cgi?id=1100418
• https://bugzilla.suse.com/show_bug.cgi?id=1104475
• https://bugzilla.suse.com/show_bug.cgi?id=1104684
• https://bugzilla.suse.com/show_bug.cgi?id=909361