Security update for drm

Announcement ID:	SUSE-SU-2018:0509-1
Rating:	moderate
References:	bsc#1041744 bsc#1046821 bsc#1047277 bsc#1047729 bsc#1048155 bsc#1050256 bsc#1055493 bsc#1066175 bsc#1077885
Cross-References:	CVE-2017-10810
CVSS scores:	CVE-2017-10810 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-10810 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-10810 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Workstation Extension 12 12-SP3

An update that solves one vulnerability and has eight security fixes can now be installed.

Description:

This update for drm provides the following fixes:

This security issue was fixed:

• CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277)

These non-security issues were fixed:

• Backport upstream 4.9.x stable fixes up to 4.9.81 (bsc#1041744).
• Fixed crash at suspend/resume on old Intel chipsets (bsc#1047729, bsc#1050256)
• Fixed large topology support for vmwgfx (bsc#1048155)
• Workaround for BXT aperture vs GTT chip bug (bsc#1046821)
• Limit the supplements for the default hardware support to only Intel Skylake / Kabylake and AMDGPU (bsc#1077885) 4.9.x i915 seems more buggy than expected for old chipsets.
• Conditionally build aarch64 as well (bsc#1066175)
• Build host1x module (taken from the kernel-source) as well for avoiding the unneeded dependency on kernel-default-extra on ARM64 (bsc#1066175)
• Enable AMDGPU CIK and SI (bsc#1066175):
• Add missing hisilicon hibmc driver (bsc#1066175):
• Add si_support and cik_support options to radeon and amdgpu (bsc#1066175):
• Update Module.supported and apply it properly; following SLE12-SP3 kernel status
• Backport the upstream DP-MST fixes, addressing a hang at S3 resume (bsc#1055493):

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Desktop 12 SP3
  zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-337=1
• SUSE Linux Enterprise Workstation Extension 12 12-SP3
  zypper in -t patch SUSE-SLE-WE-12-SP3-2018-337=1

Package List:

• SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
  • drm-kmp-default-4.9.33_k4.4.114_94.11-4.11.1
  • drm-kmp-default-debuginfo-4.9.33_k4.4.114_94.11-4.11.1
• SUSE Linux Enterprise Workstation Extension 12 12-SP3 (x86_64)
  • drm-kmp-default-4.9.33_k4.4.114_94.11-4.11.1
  • drm-kmp-default-debuginfo-4.9.33_k4.4.114_94.11-4.11.1

References:

• https://www.suse.com/security/cve/CVE-2017-10810.html
• https://bugzilla.suse.com/show_bug.cgi?id=1041744
• https://bugzilla.suse.com/show_bug.cgi?id=1046821
• https://bugzilla.suse.com/show_bug.cgi?id=1047277
• https://bugzilla.suse.com/show_bug.cgi?id=1047729
• https://bugzilla.suse.com/show_bug.cgi?id=1048155
• https://bugzilla.suse.com/show_bug.cgi?id=1050256
• https://bugzilla.suse.com/show_bug.cgi?id=1055493
• https://bugzilla.suse.com/show_bug.cgi?id=1066175
• https://bugzilla.suse.com/show_bug.cgi?id=1077885