SB2018022225 - SUSE Linux update for the Linux Kernel

Description

This security bulletin contains information about 8 secuirty vulnerabilities.

1) Improper access control (CVE-ID: CVE-2015-1142857)

The vulnerability allows a remote attacker to cause DoS condition on the target system.
 
The weakness exists due to sending ethernet flow control pause frames via the PF. A remote attacker can trigger network congestion spreading and cause the service to crash.

2) Privilege escalation (CVE-ID: CVE-2017-13215)

The vulnerability allows a remote attacker to gain elevated privileges on the target system.

The weakness exists due to a flaw in the Upstream kernel skcipher. A remote attacker can trick the victim into opening a specially crafted application and execute arbitrary code with elevated privileges.

3) Out-of-bounds read (CVE-ID: CVE-2017-17741)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the KVM implementation in the Linux kernel. A local attacker can trigger write_mmio stack-based out-of-bounds read or possibly have unspecified other impact, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

4) Improper input validation (CVE-ID: CVE-2017-17805)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the Salsa20 encryption algorithm in the Linux kernel does not correctly handle zero-length inputs. A local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) can trigger uninitialized-memory free and cause the kernel to crash or execute a specially crafted sequence of system calls that use the blkcipher_walk API.

Successful exploitation of the vulnerability results in denial of service.

5) Stack-based buffer overflow (CVE-ID: CVE-2017-17806)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the HMAC implementation (crypto/hmac.c) in the Linux kernel does not validate that the underlying cryptographic hash algorithm is unkeyed. A local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) can execute a specially crafted sequence of system calls that encounter a missing SHA-3 initialization, trigger kernel stack buffer overflow and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

6) Null pointer dereference (CVE-ID: CVE-2017-18079)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the drivers/input/serio/i8042.c due to the port->exists value can change after it is validated. A remote attacker can trigger NULL pointer dereference and cause the system to crash.

7) Information disclosure (CVE-ID: CVE-2017-5715)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

8) Race condition (CVE-ID: CVE-2018-1000004)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to race condition in the sound system. A remote attacker can trigger deadlock and cause the system to crash.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00041.html