SB2018042523 - SUSE Linux update for the Linux Kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018042523

SB2018042523 - SUSE Linux update for the Linux Kernel

Published: April 25, 2018

Security Bulletin ID SB2018042523
Severity
Medium
Patch available
YES
Number of vulnerabilities 18
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 6% Low 94%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 18 secuirty vulnerabilities.


1) Buffer overflow (CVE-ID: CVE-2015-5156)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists in the virtnet_probe function in drivers/net/virtio_net.c due to attempts to support a FRAGLIST feature without proper memory allocation. An adjacent attacker can submit a specially crafted sequence of fragmented packets, trigger buffer overflow and cause the service to crash.

2) Out-of-bounds read (CVE-ID: CVE-2016-7915)

The vulnerability allows a physical attacker to obtain potentially sensitive information or cause DoS condition on the target system.

The weakness exists in the hid_input_field function in drivers/hid/hid-core.c due to out-of-bounds read. A physical attacker can gain access to potentially sensitive information or cause the service to crash.

3) Use-after-free (CVE-ID: CVE-2017-0861)

The vulnerability allows a local user to perform a denial of service attack.

The vulnerability exists due to a use-after-free error in snd_pcm_info() function in the ALSA subsystem.  A local user can perform a denial of service attack.

4) Memory leak (CVE-ID: CVE-2017-12190)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an out-of-memory condition. A local attacker can cause a memory leak and possible system lock up.

5) Privilege escalation (CVE-ID: CVE-2017-13166)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the V4L2 video driver component of the Google Android kernel due to insufficient validation of user-supplied input. A local attacker can use a specially crafted application and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

6) Error handling (CVE-ID: CVE-2017-16644)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger improper error handling and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

7) Information disclosure (CVE-ID: CVE-2017-16911)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists n the vhci_hcd driver due to insufficient security restrictions. A local attacker with a USB device attached over IP can use the affected driver to bypass security restrictions and access sensitive information, such as kernel memory addresses on the targeted system.


8) Out-of-bounds read (CVE-ID: CVE-2017-16912)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the "get_pipe()" function (drivers/usb/usbip/stub_rx.c) due to out-of-bounds read. A local attacker can supply specially crafted USB over IP packet, trigger memory corruption and cause the service to crash.

9) Memory corruption (CVE-ID: CVE-2017-16913)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) due to boundary error when handling CMD_SUBMIT packets. A local attacker can supply specially crafted USB over IP packet, trigger memory corruption and cause the service to crash.

10) NULL pointer dereference (CVE-ID: CVE-2017-16914)

The vulnerability allows a remote attacker to cause DoS condition on the targtt system.

The weakness exists in the "stub_send_ret_submit()" function due to NULL pointer dereference. A remote attacker can cause the service to crash.

11) Race condition (CVE-ID: CVE-2017-18203)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the dm_get_from_kobject function due to race condition. A local attacker can cause the service to crash.

12) Infinite loop (CVE-ID: CVE-2017-18208)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the madvise_willneed function due to infinite loop. A local attacker can trigger use of MADVISE_WILLNEED for a DAX mapping and cause the service to crash.

13) Information disclosure (CVE-ID: CVE-2017-5715)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.


14) Improper input validation (CVE-ID: CVE-2018-10087)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the kernel_wait4 function in kernel/exit.c due to improper validation of the INT_MIN parameter. A local attacker can trigger an error condition and cause the service to crash.


15) Integer overflow (CVE-ID: CVE-2018-6927)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the futex_requeue function due to integer overflow. A local attacker can trigger a negative wake or requeue value and cause the service to crash.

16) Memory corruption (CVE-ID: CVE-2018-7566)

The vulnerability allows a local attacker to write arbitrary files on the target system.

The weakness exists due to out-of-bounds write while ALSA sequencer core initializes the event pool on demand by invoking snd_seq_pool_init() when the first write happens and the pool is empty. A local attacker can trigger buffer overflow and use after free and reset the pool size manually via ioctl concurrently and write arbitrary files.

17) Memory leak (CVE-ID: CVE-2018-7757)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the drivers/scsi/libsas/sas_expander.c source code in the sas_smp_get_phy_events function due to memory leak. A local attacker can trigger memory corruption and cause the system to crash.

18) Privilege escalation (CVE-ID: CVE-2018-8822)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the ncp_read_kernel function due to incorrect buffer length handling. A local attacker can submit specially crafted data from a malicious NCPFS server, trigger memory corruption and execute arbitrary code with root privileges.

Remediation

Install update from vendor's website.

References