Main Vulnerability Database SB2018030305

SB2018030305 - SUSE Linux update for the Linux Kernel

Published: March 3, 2018

Security Bulletin ID SB2018030305

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Resource management errors (CVE-ID: CVE-2017-18075)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in crypto/pcrypt.c due to mishandling freeing instances. A local attacker can gain access to the AF_ALG-based AEAD interface (CONFIG_CRYPTO_USER_API_AEAD) and pcrypt (CONFIG_CRYPTO_PCRYPT), execute a crafted sequence of system calls and cause the service to crash (kfree of an incorrect pointer).

Remediation

Install update from vendor's website.

References

https://lists.opensuse.org/opensuse-security-announce/2018-03/msg00018.html