Security update for the Linux Kernel

Announcement ID: SUSE-SU-2018:2384-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2018-13053 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-13053 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-13405 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
  • CVE-2018-13405 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-13405 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-13406 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-13406 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-13406 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-14734 ( SUSE ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-14734 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-3620 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2018-3620 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2018-3646 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
  • CVE-2018-3646 ( NVD ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Affected Products:
  • Public Cloud Module 12
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP4
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves six vulnerabilities and has 10 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081).
  • CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343).
  • CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119).
  • CVE-2018-13053: The alarm_timer_nsleep function in kernel/time/alarmtimer.c had via a large relative timeout because ktime_add_safe is not used (bnc#1099924).
  • CVE-2018-13405: The inode_init_owner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416).
  • CVE-2018-13406: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used (bnc#1098016 bnc#1100418).

The following non-security bugs were fixed:

  • bcache: add backing_request_endio() for bi_end_io (bsc#1064233).
  • bcache: add CACHE_SET_IO_DISABLE to struct cache_set flags (bsc#1064233).
  • bcache: add io_disable to struct cached_dev (bsc#1064233).
  • bcache: add journal statistic (bsc#1076110).
  • bcache: Add __printf annotation to __bch_check_keys() (bsc#1076110).
  • bcache: add stop_when_cache_set_failed option to backing device (bsc#1064233).
  • bcache: add wait_for_kthread_stop() in bch_allocator_thread() (bsc#1064233).
  • bcache: Annotate switch fall-through (bsc#1076110).
  • bcache: closures: move control bits one bit right (bsc#1076110).
  • bcache: correct flash only vols (check all uuids) (bsc#1064233).
  • bcache: count backing device I/O error for writeback I/O (bsc#1064233).
  • bcache: do not attach backing with duplicate UUID (bsc#1076110).
  • bcache: Fix a compiler warning in bcache_device_init() (bsc#1076110).
  • bcache: fix cached_dev->count usage for bch_cache_set_error() (bsc#1064233).
  • bcache: fix crashes in duplicate cache device register (bsc#1076110).
  • bcache: fix error return value in memory shrink (bsc#1076110).
  • bcache: fix for allocator and register thread race (bsc#1076110).
  • bcache: fix for data collapse after re-attaching an attached device (bsc#1076110).
  • bcache: fix high CPU occupancy during journal (bsc#1076110).
  • bcache: Fix, improve efficiency of closure_sync() (bsc#1076110).
  • bcache: fix incorrect sysfs output value of strip size (bsc#1076110).
  • bcache: Fix indentation (bsc#1076110).
  • bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1076110).
  • bcache: Fix kernel-doc warnings (bsc#1076110).
  • bcache: fix misleading error message in bch_count_io_errors() (bsc#1064233).
  • bcache: fix using of loop variable in memory shrink (bsc#1076110).
  • bcache: fix writeback target calc on large devices (bsc#1076110).
  • bcache: fix wrong return value in bch_debug_init() (bsc#1076110).
  • bcache: mark closure_sync() __sched (bsc#1076110).
  • bcache: move closure debug file into debug directory (bsc#1076110).
  • bcache: properly set task state in bch_writeback_thread() (bsc#1064233).
  • bcache: quit dc->writeback_thread when BCACHE_DEV_DETACHING is set (bsc#1064233).
  • bcache: reduce cache_set devices iteration by devices_max_used (bsc#1064233).
  • bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1076110).
  • bcache: Remove an unused variable (bsc#1076110).
  • bcache: ret IOERR when read meets metadata error (bsc#1076110).
  • bcache: return 0 from bch_debug_init() if CONFIG_DEBUG_FS=n (bsc#1064233).
  • bcache: return attach error when no cache set exist (bsc#1076110).
  • bcache: segregate flash only volume write streams (bsc#1076110).
  • bcache: set CACHE_SET_IO_DISABLE in bch_cached_dev_error() (bsc#1064233).
  • bcache: set dc->io_disable to true in conditional_stop_bcache_device() (bsc#1064233).
  • bcache: set error_limit correctly (bsc#1064233).
  • bcache: set writeback_rate_update_seconds in range [1, 60] seconds (bsc#1064233).
  • bcache: stop bcache device when backing device is offline (bsc#1064233).
  • bcache: stop dc->writeback_rate_update properly (bsc#1064233).
  • bcache: stop writeback thread after detaching (bsc#1076110).
  • bcache: store disk name in struct cache and struct cached_dev (bsc#1064233).
  • bcache: Suppress more warnings about set-but-not-used variables (bsc#1076110).
  • bcache: use pr_info() to inform duplicated CACHE_SET_IO_DISABLE set (bsc#1064233).
  • bcache: Use PTR_ERR_OR_ZERO() (bsc#1076110).
  • cpu/hotplug: Add sysfs state interface (bsc#1089343).
  • cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
  • cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
  • cpu/hotplug: Split do_cpu_down() (bsc#1089343).
  • drivers: hv: vmbus: avoid infinite loop in init_vp_index() (bsc#1099592).
  • procfs: add tunable for fd/fdinfo dentry retention (bsc#10866542).
  • Revert "KVM: Fix stack-out-of-bounds read in write_mmio" (bnc#1083635).
  • sched/sysctl: Check user input value of sysctl_sched_time_avg (bsc#1100089).
  • x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343).
  • x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).
  • x86/cpu/AMD: Evaluate smp_num_siblings early (bsc#1089343).
  • x86/CPU/AMD: Move TOPOEXT reenablement before reading smp_num_siblings (bsc#1089343).
  • x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).
  • x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
  • x86/cpufeatures: Add X86_BUG_SPECTRE_V[12] (bnc#1012382).
  • x86/cpu/intel: Evaluate smp_num_siblings early (bsc#1089343).
  • x86/cpu: Remove the pointless CPU printout (bsc#1089343).
  • x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).
  • x86/mm: Simplify p[g4um]d_page() macros (bnc#1087081).
  • x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081).
  • x86/smpboot: Do not use smp_num_siblings in __max_logical_packages calculation (bsc#1089343).
  • x86/smp: Provide topology_is_primary_thread() (bsc#1089343).
  • x86/topology: Add topology_max_smt_threads() (bsc#1089343).
  • x86/topology: Provide topology_smt_supported() (bsc#1089343).
  • x86/Xen: disable IBRS around CPU stopper function invocation (none so far).
  • xen/x86/cpu/common: Provide detect_ht_early() (bsc#1089343).
  • xen/x86/cpufeatures: Add X86_BUG_CPU_INSECURE (bnc#1012382).
  • xen/x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).
  • xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343).
  • xen/x86/cpu/topology: Provide detect_extended_topology_early() (bsc#1089343).
  • xen/x86/entry: Add a function to overwrite the RSB (bsc#1068032).
  • xen/x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032).
  • xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032).
  • xen/x86/mm: Set IBPB upon context switch (bsc#1068032).
  • xen/x86/pti: Rename BUG_CPU_INSECURE to BUG_CPU_MELTDOWN (bnc#1012382).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Public Cloud Module 12
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-1644=1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
    zypper in -t patch SUSE-SLE-SAP-12-SP1-2018-1644=1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
    zypper in -t patch SUSE-SLE-SERVER-12-SP1-2018-1644=1

Package List:

  • Public Cloud Module 12 (nosrc x86_64)
    • kernel-ec2-3.12.74-60.64.99.1
  • Public Cloud Module 12 (x86_64)
    • kernel-ec2-extra-debuginfo-3.12.74-60.64.99.1
    • kernel-ec2-debuginfo-3.12.74-60.64.99.1
    • kernel-ec2-extra-3.12.74-60.64.99.1
    • kernel-ec2-debugsource-3.12.74-60.64.99.1
    • kernel-ec2-devel-3.12.74-60.64.99.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (nosrc ppc64le x86_64)
    • kernel-default-3.12.74-60.64.99.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
    • kernel-default-debugsource-3.12.74-60.64.99.1
    • kernel-default-devel-3.12.74-60.64.99.1
    • kernel-default-base-debuginfo-3.12.74-60.64.99.1
    • kernel-default-base-3.12.74-60.64.99.1
    • kernel-default-debuginfo-3.12.74-60.64.99.1
    • kernel-syms-3.12.74-60.64.99.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (noarch)
    • kernel-macros-3.12.74-60.64.99.1
    • kernel-source-3.12.74-60.64.99.1
    • kernel-devel-3.12.74-60.64.99.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (nosrc x86_64)
    • kernel-xen-3.12.74-60.64.99.1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
    • kernel-xen-debuginfo-3.12.74-60.64.99.1
    • kernel-xen-base-3.12.74-60.64.99.1
    • kgraft-patch-3_12_74-60_64_99-default-1-2.3.1
    • kernel-xen-base-debuginfo-3.12.74-60.64.99.1
    • kernel-xen-devel-3.12.74-60.64.99.1
    • kgraft-patch-3_12_74-60_64_99-xen-1-2.3.1
    • lttng-modules-debugsource-2.7.0-4.2.1
    • kernel-xen-debugsource-3.12.74-60.64.99.1
    • lttng-modules-kmp-default-2.7.0_k3.12.74_60.64.99-4.2.1
    • lttng-modules-2.7.0-4.2.1
    • lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.74_60.64.99-4.2.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (nosrc ppc64le s390x x86_64)
    • kernel-default-3.12.74-60.64.99.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (ppc64le s390x x86_64)
    • kernel-default-debugsource-3.12.74-60.64.99.1
    • kernel-default-devel-3.12.74-60.64.99.1
    • kernel-default-base-debuginfo-3.12.74-60.64.99.1
    • kernel-default-base-3.12.74-60.64.99.1
    • kernel-default-debuginfo-3.12.74-60.64.99.1
    • kernel-syms-3.12.74-60.64.99.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (noarch)
    • kernel-macros-3.12.74-60.64.99.1
    • kernel-source-3.12.74-60.64.99.1
    • kernel-devel-3.12.74-60.64.99.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (s390x)
    • kernel-default-man-3.12.74-60.64.99.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (nosrc x86_64)
    • kernel-xen-3.12.74-60.64.99.1
  • SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (x86_64)
    • kernel-xen-debuginfo-3.12.74-60.64.99.1
    • kernel-xen-base-3.12.74-60.64.99.1
    • kgraft-patch-3_12_74-60_64_99-default-1-2.3.1
    • kernel-xen-base-debuginfo-3.12.74-60.64.99.1
    • kernel-xen-devel-3.12.74-60.64.99.1
    • kgraft-patch-3_12_74-60_64_99-xen-1-2.3.1
    • lttng-modules-debugsource-2.7.0-4.2.1
    • kernel-xen-debugsource-3.12.74-60.64.99.1
    • lttng-modules-kmp-default-2.7.0_k3.12.74_60.64.99-4.2.1
    • lttng-modules-2.7.0-4.2.1
    • lttng-modules-kmp-default-debuginfo-2.7.0_k3.12.74_60.64.99-4.2.1

References: