Security update for the Linux Kernel

Announcement ID: SUSE-SU-2018:0660-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-13215 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2017-13215 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-17741 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
  • CVE-2017-17741 ( NVD ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-18017 ( SUSE ): 5.4 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
  • CVE-2017-18017 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-18017 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-18079 ( SUSE ): 2.5 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2017-18079 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-18079 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-5715 ( SUSE ): 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5715 ( NVD ): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2017-5715 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2018-1000004 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1000004 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-5332 ( SUSE ): 3.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L
  • CVE-2018-5332 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-5332 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-5333 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-5333 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise Point of Service 11 SP3
  • SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3

An update that solves eight vulnerabilities and has 14 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-5715: Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis (bnc#1068032).

The previous fix using CPU Microcode has been complemented by building the Linux Kernel with return trampolines aka "retpolines".

  • CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function did not validate a value that is used during DMA page allocation, leading to a heap-based out-of-bounds write (related to the rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).
  • CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in net/rds/rdma.c mishandled cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference (bnc#1075617).
  • CVE-2017-18017: The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers to cause a denial of service (use-after-free and memory corruption) or possibly have unspecified other impact by leveraging the presence of xt_TCPMSS in an iptables action (bnc#1074488).
  • CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact because the port->exists value can change after it is validated (bnc#1077922).
  • CVE-2017-17741: The KVM implementation in the Linux kernel allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).
  • CVE-2017-13215: A elevation of privilege vulnerability in the Upstream kernel skcipher. (bnc#1075908).
  • CVE-2018-1000004: In the Linux kernel a race condition vulnerability exists in the sound system, this can lead to a deadlock and denial of service condition (bnc#1076017).

The following non-security bugs were fixed:

  • cdc-acm: apply quirk for card reader (bsc#1060279).
  • Enable CPU vulnerabilities reporting via sysfs
  • fork: clear thread stack upon allocation (bsc#1077560).
  • kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).
  • kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621 bsc#1068032).
  • Move kABI fixup for retpolines to proper place.
  • powerpc/vdso64: Use double word compare on pointers (bsc#1070781).
  • s390: add ppa to the idle loop (bnc#1077406, LTC#163910).
  • s390/cpuinfo: show facilities as reported by stfle (bnc#1076849, LTC#163741).
  • storvsc: do not assume SG list is continuous when doing bounce buffers (bsc#1075410).
  • sysfs/cpu: Add vulnerability folder (bnc#1012382).
  • sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).
  • sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
  • x86/acpi: Handle SCI interrupts above legacy space gracefully (bsc#1068984).
  • x86/acpi: Reduce code duplication in mp_override_legacy_irq() (bsc#1068984).
  • x86/boot: Fix early command-line parsing when matching at end (bsc#1068032).
  • x86/cpu: Factor out application of forced CPU caps (bsc#1075994 bsc#1075091).
  • x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
  • x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
  • x86/kaiser: Populate shadow PGD with NX bit only if supported by platform (bsc#1076154 bsc#1076278).
  • x86/kaiser: use trampoline stack for kernel entry.
  • x86/microcode/intel: Disable late loading on model 79 (bsc#1054305).
  • x86/microcode/intel: Extend BDW late-loading further with LLC size check (bsc#1054305).
  • x86/microcode/intel: Extend BDW late-loading with a revision check (bsc#1054305).
  • x86/microcode: Rescan feature flags upon late loading (bsc#1075994 bsc#1075091).
  • x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active (bsc#1068032).
  • x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly (bsc#1075994 bsc#1075091).
  • x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994 bsc#1075091).
  • x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Point of Service 11 SP3
    zypper in -t patch sleposp3-kernel-20180212-13505=1
  • SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3
    zypper in -t patch slessp3-kernel-20180212-13505=1

Package List:

  • SUSE Linux Enterprise Point of Service 11 SP3 (nosrc i586)
    • kernel-xen-3.0.101-0.47.106.19.1
    • kernel-ec2-3.0.101-0.47.106.19.1
    • kernel-pae-3.0.101-0.47.106.19.1
    • kernel-trace-3.0.101-0.47.106.19.1
    • kernel-default-3.0.101-0.47.106.19.1
  • SUSE Linux Enterprise Point of Service 11 SP3 (i586)
    • kernel-trace-base-3.0.101-0.47.106.19.1
    • kernel-pae-devel-3.0.101-0.47.106.19.1
    • kernel-xen-devel-3.0.101-0.47.106.19.1
    • kernel-ec2-base-3.0.101-0.47.106.19.1
    • kernel-syms-3.0.101-0.47.106.19.1
    • kernel-ec2-devel-3.0.101-0.47.106.19.1
    • kernel-default-base-3.0.101-0.47.106.19.1
    • kernel-pae-base-3.0.101-0.47.106.19.1
    • kernel-xen-base-3.0.101-0.47.106.19.1
    • kernel-source-3.0.101-0.47.106.19.1
    • kernel-trace-devel-3.0.101-0.47.106.19.1
    • kernel-default-devel-3.0.101-0.47.106.19.1
  • SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (nosrc s390x x86_64 i586)
    • kernel-trace-3.0.101-0.47.106.19.1
    • kernel-default-3.0.101-0.47.106.19.1
  • SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (s390x x86_64 i586)
    • kernel-trace-base-3.0.101-0.47.106.19.1
    • kernel-syms-3.0.101-0.47.106.19.1
    • kernel-default-base-3.0.101-0.47.106.19.1
    • kernel-source-3.0.101-0.47.106.19.1
    • kernel-trace-devel-3.0.101-0.47.106.19.1
    • kernel-default-devel-3.0.101-0.47.106.19.1
  • SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (nosrc x86_64 i586)
    • kernel-ec2-3.0.101-0.47.106.19.1
    • kernel-xen-3.0.101-0.47.106.19.1
  • SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (x86_64 i586)
    • kernel-xen-devel-3.0.101-0.47.106.19.1
    • kernel-ec2-devel-3.0.101-0.47.106.19.1
    • kernel-ec2-base-3.0.101-0.47.106.19.1
    • kernel-xen-base-3.0.101-0.47.106.19.1
  • SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (nosrc i586)
    • kernel-pae-3.0.101-0.47.106.19.1
  • SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (i586)
    • kernel-pae-devel-3.0.101-0.47.106.19.1
    • kernel-pae-base-3.0.101-0.47.106.19.1
  • SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (s390x)
    • kernel-default-man-3.0.101-0.47.106.19.1
  • SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (nosrc x86_64)
    • kernel-bigsmp-3.0.101-0.47.106.19.1
  • SUSE Linux Enterprise Server 11 SP3 LTSS 11-SP3 (x86_64)
    • kernel-bigsmp-devel-3.0.101-0.47.106.19.1
    • kernel-bigsmp-base-3.0.101-0.47.106.19.1

References: