SB2018042522 - SUSE Linux update for kvm

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2017-18030)

The vulnerability allows an adjacent attacker to cause DoS condition on the target system.

The weakness exists in the cirrus_invalidate_region function in hw/display/cirrus_vga.c due to out-of-bounds read. A remote attacker can use vectors related to negative pitch, trigger memory error and cause QEMU process to crash.

2) Information disclosure (CVE-ID: CVE-2017-5715)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

3) Out-of-bounds read (CVE-ID: CVE-2018-5683)

The vulnerability allows an adjacent low-privileged attacker to cause DoS condition on the target system.

The weakness exists in the vga_draw_text function due to out-of-bounds read. A remote attacker can leverage improper memory address validation, trigger memory error and cause QEMU process to crash.

4) Memory corruption (CVE-ID: CVE-2018-7550)

The vulnerability allows an adjacent attacker to execute arbitrary code on the target system.

The weakness exists in the load_multiboot function due to out-of-bounds read or write. An adjacent attacker can load a kernel image during the boot process, which may cause the mh_load_end_addr address to be greater than the mh_bss_end_addr address, trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00071.html