SUSE Linux update for the Linux Kernel



Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2017-17741
CVE-2017-18241
CVE-2017-18249
CVE-2018-12233
CVE-2018-3665
CVE-2018-5848
CWE-ID CWE-125
CWE-476
CWE-362
CWE-119
CWE-200
CWE-190
Exploitation vector Local
Public exploit Public exploit code for vulnerability #4 is available.
Vulnerable software
 SUSE Linux
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU9773

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-17741

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the KVM implementation in the Linux kernel. A local attacker can trigger write_mmio stack-based out-of-bounds read or possibly have unspecified other impact, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 12

CPE2.3 External links

https://lists.suse.com/pipermail/sle-security-updates/2018-June/004205.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU11264

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-18241

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the fs/f2fs/segment.c source code file due to the use of the noflush_merge option, which could trigger a NULL value for a flush_cmd_control data structure. A local attacker can trigger NULL pointer dereference and kernel panic and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 12

CPE2.3 External links

https://lists.suse.com/pipermail/sle-security-updates/2018-June/004205.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Race condition

EUVDB-ID: #VU11297

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2017-18249

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the add_free_nid function due to race condition. A local attacker can trigger memory corruption and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 12

CPE2.3 External links

https://lists.suse.com/pipermail/sle-security-updates/2018-June/004205.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Memory corruption

EUVDB-ID: #VU13338

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2018-12233

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the ea_get function due to boundary error when calling setxattr twice with two different extended attribute names on the same file, as defined in the fs/jfs/xattr.c source code file. A local attacker can create a file or execute a program that submits malicious input, trigger a slab-out-of-bounds condition and cause the system crash or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 12

CPE2.3 External links

https://lists.suse.com/pipermail/sle-security-updates/2018-June/004205.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Side-channel attack

EUVDB-ID: #VU13337

Risk: Low

CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-3665

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to utilizing the Lazy FP state restore technique for floating point state when context switching between application processes. A local attacker can conduct cache side-channel attacks and determine register values of other processes.

Note: This vulnerability is known as LazyFP.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 12

CPE2.3 External links

https://lists.suse.com/pipermail/sle-security-updates/2018-June/004205.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Integer overflow

EUVDB-ID: #VU13563

Risk: Low

CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-5848

CWE-ID: CWE-190 - Integer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists In the function wmi_set_ie() due to the length validation code does not handle unsigned integer overflow properly. A local attacker can supply a large value of the 'ie_len' argument, trigger memory corruption and gain root privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 12

CPE2.3 External links

https://lists.suse.com/pipermail/sle-security-updates/2018-June/004205.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###