SB2018020918 - SUSE Linux update for the Linux Kernel
Published: February 9, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 9 secuirty vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2017-15129)
The vulnerability allows a local unprivileged attacker to cause DoS condition no the target system.The weakness exists due to the function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr. A local attacker can induce kernel memory corruption, trigger use-after-free and double free error in network namespaces code to cause the system to crash.
2) Race condition (CVE-ID: CVE-2017-17712)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to a race condition in inet->hdrincl in the raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel. A local attacker can trigger uninitialized stack pointer usage and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
3) Denial of service (CVE-ID: CVE-2017-17862)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to kernel/bpf/verifier.c in the Linux kernel improperly explores unreachable code paths, even though it would still be processed by JIT compilers. A local attacker can run a specially crafted application, trigger an improper branch-pruning logic issue and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
4) Memory leak (CVE-ID: CVE-2017-17864)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to kernel/bpf/verifier.c in the Linux kernel mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type. A local attacker can trigger a memory leak and obtain potentially sensitive address information.
5) Use-after-free error (CVE-ID: CVE-2017-18017)
The vulnerability allows a remote attacker to cause DoS condition no the target system.The weakness exists in the tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel due to use-after-free error. A remote attacker can leverage the presence of xt_TCPMSS in an iptables action, trigger memory corruption and cause the system to crash.
6) Information disclosure (CVE-ID: CVE-2017-5715)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
7) Race condition (CVE-ID: CVE-2018-1000004)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to race condition in the sound system. A remote attacker can trigger deadlock and cause the system to crash.
8) Heap out-of-bounds write (CVE-ID: CVE-2018-5332)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the rds_message_alloc_sgs() function due to improper validation of DMA page allocation values. A local attacker can trigger a heap-based out-of-bounds write and cause the system to crash.
9) Null pointer dereference (CVE-ID: CVE-2018-5333)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists in the rds_cmsg_atomic function due to insufficient handling of user-supplied input. A remote attacker can send a specially crafted HTTP request, trigger NULL pointer dereference and cause the system to crash.
Remediation
Install update from vendor's website.