SB2018081720 - OpenSUSE Linux update for the Linux Kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018081720

SB2018081720 - OpenSUSE Linux update for the Linux Kernel

Published: August 17, 2018

Security Bulletin ID SB2018081720
Severity
Medium
Patch available
YES
Number of vulnerabilities 13
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 13 secuirty vulnerabilities.


1) Permissions, privileges, and access controls (CVE-ID: CVE-2018-10853)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists in the way Linux kernel KVM hypervisor emulates instructions, such as sgdt/sidt/fxsave/fxrstor. A local unprivileged user on a guest system can gain write access to kernel space on the same guest system.


2) Use-after-free (CVE-ID: CVE-2018-10876)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.


3) Out-of-bounds read (CVE-ID: CVE-2018-10877)

The vulnerability allows a local privileged user to execute arbitrary code.

Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.


4) Out-of-bounds write (CVE-ID: CVE-2018-10878)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to out-of-bounds write error in the ext4_init_block_bitmap() function in the fourth extended filesystem (ext4). A local attacker can mount and operate a specially crafted ext4 filesystem image, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


5) Use-after-free (CVE-ID: CVE-2018-10879)

The vulnerability allows a local authenticated user to execute arbitrary code.

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.


6) Out-of-bounds write (CVE-ID: CVE-2018-10880)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.


7) Buffer overflow (CVE-ID: CVE-2018-10881)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.


8) Out-of-bounds write (CVE-ID: CVE-2018-10882)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to out-of-bounds write error in the fs/jbd2/transaction.csource code in the fourth extended filesystem (ext4). A local attacker can unmount a specially crafted ext4 filesystem image, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


9) Out-of-bounds write (CVE-ID: CVE-2018-10883)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.


10) Side-channel attack (CVE-ID: CVE-2018-3620)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations . A local attacker can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.


11) Information disclosure (CVE-ID: CVE-2018-3646)

The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.

The weakness exists on the systems with microprocessors utilizing speculative execution and address translations due to an error in Hypervisor. An adjacent attacker can access information residing in the L1 data cache via a terminal page fault and a side-channel analysis.


12) Side-channel attack (CVE-ID: CVE-2018-3646)

The vulnerability allows an adjacent attacker to obtain potentially sensitive information.

The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations. An adjacent attacker with guest OS privilege can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.


13) Improper input validation (CVE-ID: CVE-2018-5391)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists due to an error when handling reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can send specially crafted packets, trigger time and calculation expensive fragment reassembly algorithms and cause the service to crash.


Remediation

Install update from vendor's website.

References