OpenSUSE Linux update for the Linux Kernel

1) Privilege escalation

EUVDB-ID: #VU10345

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13166

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the V4L2 video driver component of the Google Android kernel due to insufficient validation of user-supplied input. A local attacker can use a specially crafted application and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Update the affected packages.

Vulnerable software versions

Google Android: 5.0 - 8.0

CPE2.3

• cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
• cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00054.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Race condition

EUVDB-ID: #VU9604

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15951

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the KEYS subsystem does not correctly synchronize the actions of updating versus finding a key in the "negative" state. A local attacker can make a specially crafted system calls, trigger race condition and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.4.11 - 4.13.9

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.13.9:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.12.14:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.11.12:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.4.11:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.10.17:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00054.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Error handling

EUVDB-ID: #VU9766

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16644

CWE-ID: CWE-388 - Error Handling

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger improper error handling and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.10.0 - 4.13.10

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.13.10:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.12.14:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.11.12:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.10.17:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00054.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Out-of-bounds read

EUVDB-ID: #VU11311

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16912

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the "get_pipe()" function (drivers/usb/usbip/stub_rx.c) due to out-of-bounds read. A local attacker can supply specially crafted USB over IP packet, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 3.4.9 - 4.14.7

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.14.7:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.9.70:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.4.9:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.4.113:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00054.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Memory corruption

EUVDB-ID: #VU11312

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16913

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) due to boundary error when handling CMD_SUBMIT packets. A local attacker can supply specially crafted USB over IP packet, trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 3.4.9 - 4.14.7

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.14.7:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.9.70:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.4.9:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.4.113:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00054.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free error

EUVDB-ID: #VU11313

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17975

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c due to use-after-free error. A local attacker can trigger failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.14 - 4.14.9

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.14.9:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00054.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Double free error

EUVDB-ID: #VU11138

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18174

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the amd_gpio_remove function due to double free when calling the pinctrl_unregister function. A local attacker can trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 3.10.0 - 4.6.3

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:3.10.38:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.11.9:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.12.17:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.13.8:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.14.11:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.15.6:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.16.7:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.17.8:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.18.20:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.19.8:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.0.6:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.1.5:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.2.6:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.3.6:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.4.111:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.6.3:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.5.4:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00054.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Infinite loop

EUVDB-ID: #VU11181

Risk: Low

CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-18208

CWE-ID: CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the madvise_willneed function due to infinite loop. A local attacker can trigger use of MADVISE_WILLNEED for a DAX mapping and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.11 - 4.14.3

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.11.5:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.12.9:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.13.6:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.14.3:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00054.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU10925

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1000026

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The weakness exists in the bnx2x network card driver due to insufficient validation of user-supplied input. A remote attacker can submit a specially crafted packet to the affected network card and cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.4.96 - 4.15.7

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.15.7:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.14.101:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.13.16:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.12.14:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.11.12:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.10.17:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.4.96:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.8.17:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.9.158:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00054.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Privilege escalation

EUVDB-ID: #VU11145

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1068

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to an error in the implementation of 32 bit syscall interface. A local attacker can gain root privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 3.4.9 - 4.15.10

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.15.10:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.14.27:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.13.16:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.12.14:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.11.12:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.10.16:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.9.87:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.4.9:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.8.17:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.7.10:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.6.7:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.5.7:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.4.122:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.3.6:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.2.8:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.1.50:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.0.9:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00054.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Memory corruption

EUVDB-ID: #VU11137

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-8087

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the hwsim_new_radio_nl function due to memory leak. A local attacker can trigger memory corruption and cause the service the crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.10.0 - 4.15.9

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.10.15:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.11.5:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.12.9:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.13.6:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.14.15:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.15.9:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2018-03/msg00054.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.