Security update for the Linux Kernel

Announcement ID: SUSE-SU-2018:1221-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-0861 ( SUSE ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-0861 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-11089 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-11089 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2017-13220 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H
  • CVE-2017-13220 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-18203 ( SUSE ): 6.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2017-18203 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-10087 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-10087 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-10124 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  • CVE-2018-10124 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-1087 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-1087 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-7757 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-7757 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-8781 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-8781 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-8781 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-8822 ( SUSE ): 6.4 CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
  • CVE-2018-8822 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-8822 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-8897 ( SUSE ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2018-8897 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • Public Cloud Module 12
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP4
  • SUSE Linux Enterprise High Performance Computing 12 SP5
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 LTSS 12
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE Linux Enterprise Server 12 SP5
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4
  • SUSE Linux Enterprise Server for SAP Applications 12 SP5

An update that solves 11 vulnerabilities and has five security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088)
  • CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue. (bsc#1087088)
  • CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).
  • CVE-2018-10124: The kill_something_info function in kernel/signal.c might allow local users to cause a denial of service via an INT_MIN argument (bnc#1089752).
  • CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608).
  • CVE-2018-7757: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c allowed local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file (bnc#1084536 1087209).
  • CVE-2017-13220: An elevation of privilege vulnerability in the Upstream kernel bluez was fixed. (bnc#1076537).
  • CVE-2017-11089: A buffer overread was observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (bnc#1088261).
  • CVE-2017-0861: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem allowed attackers to gain privileges via unspecified vectors (bnc#1088260).
  • CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162).
  • CVE-2017-18203: The dm_get_from_kobject function in drivers/md/dm.c allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices (bnc#1083242).

The following non-security bugs were fixed:

  • Integrate fixes resulting from bsc#1088147 More info in the respective commit messages.
  • KABI: x86/kaiser: properly align trampoline stack (bsc#1087260).
  • kGraft: fix small race in reversion code (bsc#1083125).
  • kabi/severities: Ignore kgr_shadow_* kABI changes
  • kvm/x86: fix icebp instruction handling (bsc#1087088).
  • livepatch: Allow to call a custom callback when freeing shadow variables (bsc#1082299 fate#313296).
  • livepatch: Initialize shadow variables safely by a custom callback (bsc#1082299 fate#313296).
  • x86/entry/64: Do not use IST entry for #BP stack (bsc#1087088).
  • x86/kaiser: properly align trampoline stack (bsc#1087260).
  • x86/retpoline: do not perform thunk calls in ring3 vsyscall code (bsc#1085331).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Public Cloud Module 12
    zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2018-844=1
  • SUSE Linux Enterprise Server 12 LTSS 12
    zypper in -t patch SUSE-SLE-SERVER-12-2018-844=1

Package List:

  • Public Cloud Module 12 (nosrc x86_64)
    • kernel-ec2-3.12.61-52.128.1
  • Public Cloud Module 12 (x86_64)
    • kernel-ec2-debuginfo-3.12.61-52.128.1
    • kernel-ec2-debugsource-3.12.61-52.128.1
    • kernel-ec2-extra-3.12.61-52.128.1
    • kernel-ec2-extra-debuginfo-3.12.61-52.128.1
    • kernel-ec2-devel-3.12.61-52.128.1
  • SUSE Linux Enterprise Server 12 LTSS 12 (nosrc ppc64le s390x x86_64)
    • kernel-default-3.12.61-52.128.1
  • SUSE Linux Enterprise Server 12 LTSS 12 (ppc64le s390x x86_64)
    • kernel-default-base-3.12.61-52.128.1
    • kernel-default-debugsource-3.12.61-52.128.1
    • kernel-default-devel-3.12.61-52.128.1
    • kernel-default-debuginfo-3.12.61-52.128.1
    • kernel-syms-3.12.61-52.128.1
    • kernel-default-base-debuginfo-3.12.61-52.128.1
  • SUSE Linux Enterprise Server 12 LTSS 12 (noarch)
    • kernel-devel-3.12.61-52.128.1
    • kernel-macros-3.12.61-52.128.1
    • kernel-source-3.12.61-52.128.1
  • SUSE Linux Enterprise Server 12 LTSS 12 (s390x)
    • kernel-default-man-3.12.61-52.128.1
  • SUSE Linux Enterprise Server 12 LTSS 12 (nosrc x86_64)
    • kernel-xen-3.12.61-52.128.1
  • SUSE Linux Enterprise Server 12 LTSS 12 (x86_64)
    • kgraft-patch-3_12_61-52_128-default-1-1.3.1
    • kernel-xen-debuginfo-3.12.61-52.128.1
    • kernel-xen-base-3.12.61-52.128.1
    • kernel-xen-debugsource-3.12.61-52.128.1
    • kgraft-patch-3_12_61-52_128-xen-1-1.3.1
    • kernel-xen-base-debuginfo-3.12.61-52.128.1
    • kernel-xen-devel-3.12.61-52.128.1

References: