SUSE Linux update for the Linux Kernel



Published: 2018-04-20
Risk Medium
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2017-13166
CVE-2018-1000004
CVE-2018-1068
CVE-2018-7566
CWE-ID CWE-264
CWE-362
CWE-119
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Google Android
Operating systems & Components / Operating system

Linux kernel
Operating systems & Components / Operating system

Vendor Google
Linux Foundation

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU10345

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13166

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the V4L2 video driver component of the Google Android kernel due to insufficient validation of user-supplied input. A local attacker can use a specially crafted application and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

Vulnerable software versions

Google Android: 5.0 - 8.0

External links

http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00054.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU10679

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000004

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to race condition in the sound system. A remote attacker can trigger deadlock and cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 2.6.0 - 4.12

External links

http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00054.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Privilege escalation

EUVDB-ID: #VU11145

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1068

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the implementation of 32 bit syscall interface. A local attacker can gain root privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 3.4.9 - 4.15.10

External links

http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00054.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

EUVDB-ID: #VU11458

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-7566

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to write arbitrary files on the target system.

The weakness exists due to out-of-bounds write while ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A local attacker can trigger buffer overflow and use after free and reset the pool size manually via ioctl concurrently and write arbitrary files.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.15

External links

http://lists.opensuse.org/opensuse-security-announce/2018-04/msg00054.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###