Risk | Low |
Patch available | YES |
Number of vulnerabilities | 6 |
CVE-ID | CVE-2017-5731 CVE-2017-5732 CVE-2017-5733 CVE-2017-5734 CVE-2017-5735 CVE-2018-3613 |
CWE-ID | CWE-20 CWE-122 CWE-121 CWE-840 |
Exploitation vector | Local |
Public exploit | N/A |
Vulnerable software |
Opensuse Operating systems & Components / Operating system |
Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
EUVDB-ID: #VU16719
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-5731
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to an error when handling malicious input. A local attacker can supply specially crafted files in TianoCompress.c and gain elevated privileges.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-12/msg00059.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU16720
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-5732
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to an error when handling malicious input. A local attacker can supply specially crafted files in BaseUefiDecompressLib.c and gain elevated privileges.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-12/msg00059.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU16721
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-5733
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to boundary error when handling malicious input. A local attacker can supply specially crafted files in MakeTable() function, trigger heap-based buffer overflow and gain elevated privileges.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-12/msg00059.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU16722
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-5734
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to boundary error when handling malicious input. A local attacker can supply specially crafted files in MakeTable() function, trigger stack-based buffer overflow and gain elevated privileges.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-12/msg00059.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU16723
Risk: Low
CVSSv4.0: 2 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-5735
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to boundary error when handling malicious input. A local attacker can supply specially crafted files in Decode() function, trigger heap-based buffer overflow and gain elevated privileges.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-12/msg00059.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU16724
Risk: Low
CVSSv4.0: 5.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-3613
CWE-ID:
CWE-840 - Business Logic Errors (3.0)
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to logic error in MdeModulePkg. A local attacker can bypass configuration access controls and gain elevated privileges.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2018-12/msg00059.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.