SB2018052422 - OpenSUSE Linux update for the Linux Kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018052422

SB2018052422 - OpenSUSE Linux update for the Linux Kernel

Published: May 24, 2018 Updated: May 28, 2018

Security Bulletin ID SB2018052422
Severity
Medium
Patch available
YES
Number of vulnerabilities 11
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 11 secuirty vulnerabilities.


1) Improper input validation (CVE-ID: CVE-2017-18257)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in get_data_block function of the fs/f2fs/data.c library due to improper validation of user-supplied input. A local attacker can run a specially crafted program, designed to send malicious requests to the Linux Kernel and cause the system to stop responding.

2) Error handling (CVE-ID: CVE-2018-1000199)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the modify_user_hw_breakpoint() function due to error handling flaw. A local attacker can cause the service to crash.

3) Improper input validation (CVE-ID: CVE-2018-10087)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the kernel_wait4 function in kernel/exit.c due to improper validation of the INT_MIN parameter. A local attacker can trigger an error condition and cause the service to crash.


4) Improper input validation (CVE-ID: CVE-2018-10124)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the kill_something_info function in kernel/signal.c due to  improper validation of input. A local attacker can run a program designed to send malicious requests and cause the service to crash.


5) Null pointer dereference (CVE-ID: CVE-2018-1065)

The vulnerability allows a local attacker to cause DoS condition no the target system.

The weakness exists due to NULL pointer dereference. A local attacker with the capability to insert iptables/netfilter rules can leverage the CAP_NET_RAW or CAP_NET_ADMIN capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c, ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in net/ipv6/netfilter/ip6_tables.c, trigger a jump to an invalid chain and cause the system to crash.

6) NULL pointer dereference (CVE-ID: CVE-2018-1130)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the dccp_write_xmit() function in the net/dccp/output.c source code file due to improper handling of certain system calls. A local attacker can execute specially crafted system calls, trigger NULL pointer dereference and cause the service to crash.

7) Speculative Store Bypass (CVE-ID: CVE-2018-3639)

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to race conditions in CPU cache processing. A local attacker can conduct a side-channel attack to exploit a flaw in the speculative execution of Load and Store instructions to read privileged memory.

Note: the vulnerability is referred to as "Spectre variant 4".

8) Memory corruption (CVE-ID: CVE-2018-5803)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the _sctp_make_chunk() function due to boundary error. A local attacker can submit a crafted SCTP packet, trigger memory corruption and cause the service to crash.


9) NULL pointer dereference (CVE-ID: CVE-2018-7492)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to a NULL pointer dereference in the net/rds/rdma.c __rds_rdma_map() function. A local attacker can cause the system to crash.


10) Integer overflow (CVE-ID: CVE-2018-8781)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c due to integer overflow. A local attacker can gain full read and write permissions on kernel physical pages and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

11) Privilege escalation (CVE-ID: CVE-2018-8822)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in the ncp_read_kernel function due to incorrect buffer length handling. A local attacker can submit specially crafted data from a malicious NCPFS server, trigger memory corruption and execute arbitrary code with root privileges.

Remediation

Install update from vendor's website.

References