OpenSUSE Linux update for the Linux Kernel

1) Memory corruption

EUVDB-ID: #VU10680

Risk: Low

CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-15129

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local unprivileged attacker to cause DoS condition no the target system.

The weakness exists due to the function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr. A local attacker can induce kernel memory corruption, trigger use-after-free and double free error in network namespaces code to cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.10 - 4.14.10

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.14.10:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU9772

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-17712

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a race condition in inet->hdrincl in the raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel. A local attacker can trigger uninitialized stack pointer usage and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.0 - 4.14.5

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.0.9:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.14.5:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.2.8:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.3.6:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.4.89:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.5.7:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.6.7:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.7.10:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.8.17:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.9.52:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Denial of service

EUVDB-ID: #VU9778

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-17862

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to kernel/bpf/verifier.c in the Linux kernel improperly explores unreachable code paths, even though it would still be processed by JIT compilers. A local attacker can run a specially crafted application, trigger an improper branch-pruning logic issue and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.10.0 - 4.14.7

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.14.7:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory leak

EUVDB-ID: #VU9780

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-17864

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to kernel/bpf/verifier.c in the Linux kernel mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type. A local attacker can trigger a memory leak and obtain potentially sensitive address information.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.10.0 - 4.14.7

CPE2.3

External links

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free error

EUVDB-ID: #VU10678

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2017-18017

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition no the target system.

The weakness exists in the tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the Linux kernel due to use-after-free error. A remote attacker can leverage the presence of xt_TCPMSS in an iptables action, trigger memory corruption and cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.9 - 4.10.17

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.9.35:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.10.17:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Information disclosure

EUVDB-ID: #VU9883

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2017-5715

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

Mitigation

Update the affected packages.

Vulnerable software versions

Intel CPU: All versions

CPE2.3

• cpe:2.3:h:intel:intel_cpu:*:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Race condition

EUVDB-ID: #VU10679

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2018-1000004

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to race condition in the sound system. A remote attacker can trigger deadlock and cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 2.6.0 - 4.12

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:2.6.0:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.10:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.12:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Heap out-of-bounds write

EUVDB-ID: #VU10002

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5332

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local attacker to  cause DoS condition on the target system.

The weakness exists in the rds_message_alloc_sgs() function due to improper validation of DMA page allocation values. A local attacker can trigger a heap-based out-of-bounds write and cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.14.1 - 4.14.13

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.14.13:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Null pointer dereference

EUVDB-ID: #VU10001

Risk: Medium

CVSSv4.0: 8.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:A/U:Green]

CVE-ID: CVE-2018-5333

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the rds_cmsg_atomic function due to insufficient handling of user-supplied input. A remote attacker can send a specially crafted HTTP request, trigger NULL pointer dereference and cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.14.1 - 4.14.13

CPE2.3

External links

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00013.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.