OpenSUSE Linux update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 13 |
| CVE-ID | CVE-2018-13096 CVE-2018-13097 CVE-2018-13098 CVE-2018-13099 CVE-2018-13100 CVE-2018-14613 CVE-2018-14617 CVE-2018-14633 CVE-2018-16276 CVE-2018-16597 CVE-2018-17182 CVE-2018-7480 CVE-2018-7757 |
| CWE-ID | CWE-125 CWE-369 CWE-476 CWE-121 CWE-119 CWE-863 CWE-416 CWE-415 CWE-401 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #5 is available. Public exploit code for vulnerability #6 is available. Public exploit code for vulnerability #7 is available. |
| Vulnerable software Subscribe |
Opensuse Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 13 vulnerabilities.
1) Out-of-bounds read
EUVDB-ID: #VU13845
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-13096
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists in the build_sit_info() function in the Flash-Friendly File System (F2FS) component, as defined in the source code file fs/f2fs/super.c due to boundary error when mounting F2FS filesystems. A local attacker can access the system and mount an F2FS filesystem that submits malicious input in an abnormal bitmap size, trigger out-of-bounds memory read and cause the affected software to terminate abnormally.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Divide by zero
EUVDB-ID: #VU13844
Risk: Low
CVSSv3.1: 6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:U/RC:C]
CVE-ID: CVE-2018-13097
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists in the user_block_count() function in the Flash-Friendly File System (F2FS) component, as defined in the source code file fs/f2fs/super.c due to boundary error when mounting F2FS filesystems. A local attacker can access the system and mount an F2FS filesystem that submits malicious input, trigger divide-by-zero memory error and cause the affected software to terminate abnormally.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer over-read
EUVDB-ID: #VU13600
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-13098
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds read in fs/f2fs/inode.c file that occurs for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer over-read
EUVDB-ID: #VU13599
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-13099
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to an out-of-bounds read in fs/f2fs/inline.c file that occurs for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Divide-by-zero
EUVDB-ID: #VU13601
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-13100
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to improper validation of secs_per_zone information in a corrupted Flash-Friendly File System (F2FS) image. A local attacker can mount a specially crafted F2FS image, trigger a divide-by-zero condition in the reset_curseg() function, as defined in the fs/f2fs/super.c source code file and cause the system to crash.
Update the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Null pointer dereference
EUVDB-ID: #VU14180
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2018-14613
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists in the check_leaf_item() function, as defined in the source code file fs/btrfs/tree-checker.c, due to the affected software improperly validates block group items. A local attacker can mount and operate a specially crafted Btrfs filesystem that submits malicious input, trigger an invalid pointer dereference error in the io_ctl_map_page() function and cause the affected software to terminate abnormally.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
7) Null pointer dereference
EUVDB-ID: #VU14182
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2018-14617
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to NULL pointer dereference when the hfsplus_lookup() function, as defined in the fs/hfsplus/dir.c source code file of the affected software, opens a file in a read-only Hierarchical File System Plus (HFS+) filesystem without a metadata directory and with malformed catalog data. A local attacker can mount a malicious HFS+ filesystem image, open a file in the image and cause kernel panic.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
8) Stack-based buffer overflow
EUVDB-ID: #VU14920
Risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-14633
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory corruption
EUVDB-ID: #VU14625
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16276
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to an out-of-bounds access condition in the yurex_read function, as defined in the drivers/usb/misc/yurex.c source code file. A remote unauthenticated attacker can execute a specially crafted program that submits malicious, trigger memory corruption and gain elevated privileges or cause the service to crash.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Authorization bypass
EUVDB-ID: #VU28412
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-16597
CWE-ID:
CWE-863 - Incorrect Authorization
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to manipulate data.
An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Use-after-free
EUVDB-ID: #VU14817
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-17182
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a use-after-free error in vmacache_flush_all() function in mm/vmacache.c file. A local user can trigger the use-after-free error via certain thread creation, map, unmap, invalidation, and dereference operations and execute arbitrary code on the system with elevated privileges.
MitigationUpdate the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Double-free error
EUVDB-ID: #VU10769
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7480
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the block/blk-cgroup.c source code in the blkcg_init_queue function due to double free. A remote attacker can trigger memory corruption and cause the service to crash.
Update the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Memory leak
EUVDB-ID: #VU10927
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-7757
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the drivers/scsi/libsas/sas_expander.c source code in the sas_smp_get_phy_events function due to memory leak. A local attacker can trigger memory corruption and cause the system to crash.
Update the affected packages.
Opensuse: 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
