Security update for the Linux Kernel

SUSE Security Update: Security update for the Linux Kernel
Announcement ID: SUSE-SU-2018:2366-1
Rating: important
References: #1082962 #1083900 #1085107 #1087081 #1089343 #1092904 #1094353 #1096480 #1096728 #1097234 #1098016 #1099924 #1099942 #1100418 #1104475 #1104684 #909361
Affected Products:
  • SUSE Linux Enterprise Server 11-SP3-LTSS
  • SUSE Linux Enterprise Server 11-EXTRA
  • SUSE Linux Enterprise Point of Sale 11-SP3
  • SUSE Linux Enterprise Debuginfo 11-SP3

  • An update that solves 13 vulnerabilities and has four fixes is now available.

    Description:



    The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
    various security and bugfixes.

    The following security bugs were fixed:

    - CVE-2016-8405: An information disclosure vulnerability in kernel
    components including the ION subsystem, Binder, USB driver and
    networking subsystem could enable a local malicious application to
    access data outside of its permission levels. (bnc#1099942).
    - CVE-2017-13305: A information disclosure vulnerability existed in the
    encrypted-keys handling. (bnc#1094353).
    - CVE-2018-1000204: A malformed SG_IO ioctl issued for a SCSI device could
    lead to a local kernel information leak manifesting in up to
    approximately 1000 memory pages copied to the userspace. The problem has
    limited scope as non-privileged users usually have no permissions to
    access SCSI device files. (bnc#1096728).
    - CVE-2018-1068: A flaw was found in the implementation of 32-bit syscall
    interface for bridging. This allowed a privileged user to arbitrarily
    write to a limited range of kernel memory (bnc#1085107).
    - CVE-2018-1130: A null pointer dereference in dccp_write_xmit() function
    in net/dccp/output.c allowed a local user to cause a denial of service
    by a number of certain crafted system calls (bnc#1092904).
    - CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c a memory
    corruption bug in JFS can be triggered by calling setxattr twice with
    two different extended attribute names on the same file. This
    vulnerability can be triggered by an unprivileged user with the ability
    to create files and execute programs. A kmalloc call is incorrect,
    leading to slab-out-of-bounds in jfs_xattr (bnc#1097234).
    - CVE-2018-13053: The alarm_timer_nsleep function in
    kernel/time/alarmtimer.c had an integer overflow via a large relative
    timeout because ktime_add_safe is not used (bnc#1099924).
    - CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in
    drivers/video/fbdev/uvesafb.c kernel could result in local attackers
    being able to crash the kernel or potentially elevate privileges because
    kmalloc_array is not used (bnc#1098016 1100418).
    - CVE-2018-3620: Local attackers on baremetal systems could use
    speculative code patterns on hyperthreaded processors to read data
    present in the L1 Datacache used by other hyperthreads on the same CPU
    core, potentially leaking sensitive data. (bnc#1087081).
    - CVE-2018-3646: Local attackers in virtualized guest systems could use
    speculative code patterns on hyperthreaded processors to read data
    present in the L1 Datacache used by other hyperthreads on the same CPU
    core, potentially leaking sensitive data, even from other virtual
    machines or the host system. (bnc#1089343).
    - CVE-2018-5803: An error in the "_sctp_make_chunk()" function
    (net/sctp/sm_make_chunk.c) when handling SCTP packets length could be
    exploited to cause a kernel crash (bnc#1083900).
    - CVE-2018-5814: Multiple race condition errors when handling probe,
    disconnect, and rebind operations could be exploited to trigger a
    use-after-free condition or a NULL pointer dereference by sending
    multiple USB over IP packets (bnc#1096480).
    - CVE-2018-7492: A NULL pointer dereference was found in the
    net/rds/rdma.c __rds_rdma_map() function allowing local attackers to
    cause a system panic and a denial-of-service, related to RDS_GET_MR and
    RDS_GET_MR_FOR_DEST (bnc#1082962).

    The following non-security bugs were fixed:

    - cpu/hotplug: Add sysfs state interface (bsc#1089343).
    - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
    - cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
    - cpu/hotplug: Split do_cpu_down() (bsc#1089343).
    - disable-prot_none_mitigation.patch: disable prot_none native mitigation
    (bnc#1104684)
    - fix pgd underflow (bnc#1104475) custom walk_page_range rework was
    incorrect and could underflow pgd if the given range was below a first
    vma.
    - slab: introduce kmalloc_array() (bsc#909361).
    - x86/apic: Ignore secondary threads if nosmt=force (bsc#1089343).
    - x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info
    (bsc#1089343).
    - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).
    - x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).
    - x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings
    (bsc#1089343).
    - x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).
    - x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
    - x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343).
    - x86/cpu: Remove the pointless CPU printout (bsc#1089343).
    - x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).
    - x86/smpboot: Do not use smp_num_siblings in __max_logical_packages
    calculation (bsc#1089343).
    - x86/smp: Provide topology_is_primary_thread() (bsc#1089343).
    - x86/topology: Add topology_max_smt_threads() (bsc#1089343).
    - x86/topology: Provide topology_smt_supported() (bsc#1089343).
    - xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
    - xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343).
    - xen/x86/cpu/topology: Provide detect_extended_topology_early()
    (bsc#1089343).
    - x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081, bnc#1104684).

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE Linux Enterprise Server 11-SP3-LTSS:
      zypper in -t patch slessp3-kernel-20180809-13731=1
    • SUSE Linux Enterprise Server 11-EXTRA:
      zypper in -t patch slexsp3-kernel-20180809-13731=1
    • SUSE Linux Enterprise Point of Sale 11-SP3:
      zypper in -t patch sleposp3-kernel-20180809-13731=1
    • SUSE Linux Enterprise Debuginfo 11-SP3:
      zypper in -t patch dbgsp3-kernel-20180809-13731=1

    Package List:

    • SUSE Linux Enterprise Server 11-SP3-LTSS (i586 s390x x86_64):
      • kernel-default-3.0.101-0.47.106.43.1
      • kernel-default-base-3.0.101-0.47.106.43.1
      • kernel-default-devel-3.0.101-0.47.106.43.1
      • kernel-source-3.0.101-0.47.106.43.1
      • kernel-syms-3.0.101-0.47.106.43.1
      • kernel-trace-3.0.101-0.47.106.43.1
      • kernel-trace-base-3.0.101-0.47.106.43.1
      • kernel-trace-devel-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Server 11-SP3-LTSS (i586 x86_64):
      • kernel-ec2-3.0.101-0.47.106.43.1
      • kernel-ec2-base-3.0.101-0.47.106.43.1
      • kernel-ec2-devel-3.0.101-0.47.106.43.1
      • kernel-xen-3.0.101-0.47.106.43.1
      • kernel-xen-base-3.0.101-0.47.106.43.1
      • kernel-xen-devel-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Server 11-SP3-LTSS (x86_64):
      • kernel-bigsmp-3.0.101-0.47.106.43.1
      • kernel-bigsmp-base-3.0.101-0.47.106.43.1
      • kernel-bigsmp-devel-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Server 11-SP3-LTSS (s390x):
      • kernel-default-man-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Server 11-SP3-LTSS (i586):
      • kernel-pae-3.0.101-0.47.106.43.1
      • kernel-pae-base-3.0.101-0.47.106.43.1
      • kernel-pae-devel-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Server 11-EXTRA (i586 ia64 ppc64 s390x x86_64):
      • kernel-default-extra-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Server 11-EXTRA (i586 x86_64):
      • kernel-xen-extra-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Server 11-EXTRA (x86_64):
      • kernel-bigsmp-extra-3.0.101-0.47.106.43.1
      • kernel-trace-extra-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Server 11-EXTRA (ppc64):
      • kernel-ppc64-extra-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Server 11-EXTRA (i586):
      • kernel-pae-extra-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Point of Sale 11-SP3 (i586):
      • kernel-default-3.0.101-0.47.106.43.1
      • kernel-default-base-3.0.101-0.47.106.43.1
      • kernel-default-devel-3.0.101-0.47.106.43.1
      • kernel-ec2-3.0.101-0.47.106.43.1
      • kernel-ec2-base-3.0.101-0.47.106.43.1
      • kernel-ec2-devel-3.0.101-0.47.106.43.1
      • kernel-pae-3.0.101-0.47.106.43.1
      • kernel-pae-base-3.0.101-0.47.106.43.1
      • kernel-pae-devel-3.0.101-0.47.106.43.1
      • kernel-source-3.0.101-0.47.106.43.1
      • kernel-syms-3.0.101-0.47.106.43.1
      • kernel-trace-3.0.101-0.47.106.43.1
      • kernel-trace-base-3.0.101-0.47.106.43.1
      • kernel-trace-devel-3.0.101-0.47.106.43.1
      • kernel-xen-3.0.101-0.47.106.43.1
      • kernel-xen-base-3.0.101-0.47.106.43.1
      • kernel-xen-devel-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64):
      • kernel-default-debuginfo-3.0.101-0.47.106.43.1
      • kernel-default-debugsource-3.0.101-0.47.106.43.1
      • kernel-trace-debuginfo-3.0.101-0.47.106.43.1
      • kernel-trace-debugsource-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Debuginfo 11-SP3 (i586 x86_64):
      • kernel-ec2-debuginfo-3.0.101-0.47.106.43.1
      • kernel-ec2-debugsource-3.0.101-0.47.106.43.1
      • kernel-xen-debuginfo-3.0.101-0.47.106.43.1
      • kernel-xen-debugsource-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Debuginfo 11-SP3 (x86_64):
      • kernel-bigsmp-debuginfo-3.0.101-0.47.106.43.1
      • kernel-bigsmp-debugsource-3.0.101-0.47.106.43.1
    • SUSE Linux Enterprise Debuginfo 11-SP3 (i586):
      • kernel-pae-debuginfo-3.0.101-0.47.106.43.1
      • kernel-pae-debugsource-3.0.101-0.47.106.43.1

    References: