SB2018041907 - SUSE Linux update for the Linux Kernel
Published: April 19, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 19 secuirty vulnerabilities.
1) Privilege escalation (CVE-ID: CVE-2017-13166)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists in the V4L2 video driver component of the Google Android kernel due to insufficient validation of user-supplied input. A local attacker can use a specially crafted application and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
2) Memory corruption (CVE-ID: CVE-2017-15129)
The vulnerability allows a local unprivileged attacker to cause DoS condition no the target system.The weakness exists due to the function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr. A local attacker can induce kernel memory corruption, trigger use-after-free and double free error in network namespaces code to cause the system to crash.
3) Race condition (CVE-ID: CVE-2017-15951)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to the KEYS subsystem does not correctly synchronize the actions of updating versus finding a key in the "negative" state. A local attacker can make a specially crafted system calls, trigger race condition and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
4) Error handling (CVE-ID: CVE-2017-16644)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to an error in the hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger improper error handling and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
5) Out-of-bounds read (CVE-ID: CVE-2017-16912)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the "get_pipe()" function (drivers/usb/usbip/stub_rx.c) due to out-of-bounds read. A local attacker can supply specially crafted USB over IP packet, trigger memory corruption and cause the service to crash.
6) Memory corruption (CVE-ID: CVE-2017-16913)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) due to boundary error when handling CMD_SUBMIT packets. A local attacker can supply specially crafted USB over IP packet, trigger memory corruption and cause the service to crash.
7) Race condition (CVE-ID: CVE-2017-17712)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to a race condition in inet->hdrincl in the raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel. A local attacker can trigger uninitialized stack pointer usage and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
8) Denial of service (CVE-ID: CVE-2017-17862)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to kernel/bpf/verifier.c in the Linux kernel improperly explores unreachable code paths, even though it would still be processed by JIT compilers. A local attacker can run a specially crafted application, trigger an improper branch-pruning logic issue and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
9) Memory leak (CVE-ID: CVE-2017-17864)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to kernel/bpf/verifier.c in the Linux kernel mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type. A local attacker can trigger a memory leak and obtain potentially sensitive address information.
10) Use-after-free error (CVE-ID: CVE-2017-17975)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c due to use-after-free error. A local attacker can trigger failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.
11) Use-after-free error (CVE-ID: CVE-2017-18017)
The vulnerability allows a remote attacker to cause DoS condition no the target system.The weakness exists in the tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel due to use-after-free error. A remote attacker can leverage the presence of xt_TCPMSS in an iptables action, trigger memory corruption and cause the system to crash.
12) Double free error (CVE-ID: CVE-2017-18174)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the amd_gpio_remove function due to double free when calling the pinctrl_unregister function. A local attacker can trigger memory corruption and cause the service to crash.
13) Infinite loop (CVE-ID: CVE-2017-18208)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the madvise_willneed function due to infinite loop. A local attacker can trigger use of MADVISE_WILLNEED for a DAX mapping and cause the service to crash.
14) Information disclosure (CVE-ID: CVE-2017-5715)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
15) Race condition (CVE-ID: CVE-2018-1000004)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to race condition in the sound system. A remote attacker can trigger deadlock and cause the system to crash.
16) Improper input validation (CVE-ID: CVE-2018-1000026)
The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.The weakness exists in the bnx2x network card driver due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted packet to the affected network card and cause the system to crash.
17) Heap out-of-bounds write (CVE-ID: CVE-2018-5332)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the rds_message_alloc_sgs() function due to improper validation of DMA page allocation values. A local attacker can trigger a heap-based out-of-bounds write and cause the system to crash.
18) Null pointer dereference (CVE-ID: CVE-2018-5333)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the rds_cmsg_atomic function due to insufficient handling of user-supplied input. A remote attacker can send a specially crafted HTTP request, trigger NULL pointer dereference and cause the system to crash.
19) Memory corruption (CVE-ID: CVE-2018-8087)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the hwsim_new_radio_nl function due to memory leak. A local attacker can trigger memory corruption and cause the service the crash.
Remediation
Install update from vendor's website.