SB2019081670 - OpenSUSE Linux update for the Linux Kernel

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Buffer overflow (CVE-ID: CVE-2018-20855)

The vulnerability allows a local attacker to access sensitive information on a targeted system.

The vulnerability exists due to insufficient initialization of the "mlx5_ib_create_qp_resp" function in the "create_qp_common" function in the "drivers/infiniband/hw/mlx5/qp.c" file. A local authenticated attacker can access the system, execute an application that submits malicious input, leak stack memory and access sensitive information on a targeted system.

2) NULL pointer dereference (CVE-ID: CVE-2019-10207)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A flaw was found in the Linux kernel's Bluetooth implementation of UART, all versions kernel 3.x.x before 4.18.0 and kernel 5.x.x. An attacker with local access and write permissions to the Bluetooth hardware could use this flaw to issue a specially crafted ioctl function call and cause the system to crash.

3) Information disclosure (CVE-ID: CVE-2019-1125)

The vulnerability allows a local user to gain access to potentially sensitive information and elevate privileges on the system.

The vulnerability exists when certain central processing units (CPU) speculatively access memory. A local user can gain unauthorized access to sensitive information and elevate privileges on the system.

This issue is a variant of the Spectre Variant 1 speculative execution side channel vulnerability that leverages SWAPGS instructions to bypass KPTI/KVA mitigations.

4) NULL pointer dereference (CVE-ID: CVE-2019-11810)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when megasas_create_frame_pool() fails in megasas_alloc_cmds() in drivers/scsi/megaraid/megaraid_sas_base.c. A local user can perform a denial of service (DoS) attack.

5) Out-of-bounds write (CVE-ID: CVE-2019-13631)

6) Resource management error (CVE-ID: CVE-2019-13648)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists in the "arch/powerpc/kernel/signal_32.c" and "arch/powerpc/kernel/signal_64.c" files on the PowerPC platform, when hardware transactional memory is disabled. A local authenticated attacker can make a "sigreturn()" system call that sends a signal frame that sends a signal frame that submits malicious input to the targeted system and cause a denial of service condition.

7) Integer overflow (CVE-ID: CVE-2019-14283)

The vulnerability allows a local attacker to execute arbitrary code or cause a denial of service (DoS) condition on a targeted system.

The vulnerability exists due to the "set_geometry" function in the "drivers/block/floppy.c" file does not properly validate the sect and head fields. A local authenticated attacker can insert a floppy disk that submits malicious input to the targeted system, trigger integer overflow, which could cause an out-of-bounds write condition and execute arbitrary code on the target system or cause a DoS condition.

8) Resource exhaustion (CVE-ID: CVE-2019-14284)

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a divide-by-zero condition in the "drivers/block/floppy.c" file. A local authenticated attacker can insert a floppy disk that submits malicious input to the targeted system, trigger resource exhaustion and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2019-08/msg00056.html