SUSE Linux update for xen



Published: 2018-03-15
Risk Medium
Patch available YES
Number of vulnerabilities 14
CVE-ID CVE-2017-11334
CVE-2017-15595
CVE-2017-17563
CVE-2017-17564
CVE-2017-17565
CVE-2017-17566
CVE-2017-18030
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
CVE-2017-5898
CVE-2018-5683
CVE-2018-7540
CVE-2018-7541
CWE-ID CWE-125
CWE-400
CWE-119
CWE-388
CWE-264
CWE-200
CWE-190
Exploitation vector Local network
Public exploit Public exploit code for vulnerability #8 is available.
Vulnerability #9 is being exploited in the wild.
Public exploit code for vulnerability #10 is available.
Vulnerable software
Subscribe
SUSE Linux
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 14 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU12552

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-11334

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows an adjacent authenticated attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read. An adjacent attacker can cause the service to crash by leveraging use of qemu_map_ram_ptr to access guest ram block area.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Resource exhaustion

EUVDB-ID: #VU9452

Risk: Low

CVSSv3.1: 4.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15595

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to gain elevated privileges or cause DoS conditions on the target system.

The weakness exists due to improper input validation. An adjacent attacker can supply specially crafted page-table stacking, trigger unbounded recursion, stack consumption, gain elevated privileges or cause hypervisor crash.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Memory corruption

EUVDB-ID: #VU10611

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17563

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to gain elevated privileges or cause a denial of service (DoS) condition on a targeted host system.

The weakness exists due to insufficient reference count overflow checking. An adjacent attacker can use a mask that is larger than the reference count that is set on a targeted system, trigger memory corruption and cause the hypervisor to crash or gain elevated privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Denial of service

EUVDB-ID: #VU10616

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17564

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition or gain elevated privileges.

The weakness exists due to improper error handling for reference counts. A remote attacker can trigger memory corruption, cause the hypervisor to crash or gain elevated privileges on the target system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Denial of service

EUVDB-ID: #VU10614

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17565

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to improper assertion related to machine-to-physical (M2P) translation table entries. A remote attacker can cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Denial of service

EUVDB-ID: #VU10613

Risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17566

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists due to improper auxiliary page mapping. A remote attacker can cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Out-of-bounds read

EUVDB-ID: #VU10940

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18030

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists in the cirrus_invalidate_region function in hw/display/cirrus_vga.c due to out-of-bounds read. A remote attacker can use vectors related to negative pitch, trigger memory error and cause QEMU process to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Information disclosure

EUVDB-ID: #VU9883

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-5715

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Information disclosure

EUVDB-ID: #VU9884

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2017-5753

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

10) Information disclosure

EUVDB-ID: #VU9882

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-5754

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Integer overflow

EUVDB-ID: #VU12554

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-5898

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the emulated_apdu_from_guest function in usb/dev-smartcard-reader.c due to integer overflow when built with the CCID Card device emulator support. A local attacker can cause the service to crash via a large Application Protocol Data Units (APDU) unit

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Out-of-bounds read

EUVDB-ID: #VU10941

Risk: Low

CVSSv3.1: 3.1 [CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-5683

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows an adjacent low-privileged attacker to cause DoS condition on the target system.

The weakness exists in the vga_draw_text function due to out-of-bounds read. A remote attacker can leverage improper memory address validation, trigger memory error and cause QEMU process to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Resource exhaustion

EUVDB-ID: #VU10780

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7540

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: No

Description

The vulnerability allows an adjacent authenticated attacker to cause a DoS condition on the target system.

The weakness exists due to non-preemptable L3/L4 pagetable freeing. An adjacent attacker can exhaust all available CPU resources and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Memory corruption

EUVDB-ID: #VU10779

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7541

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to cause DoS condition and gain elevated privileges on the target system.

The weakness exists due to an error when transitioning from v2 to v1. An adjacent attacker can trigger memory corruption, cause the service to crash and gain root privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00035.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###