SB2018081721 - OpenSUSE Linux update for the Linux Kernel
Published: August 17, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2017-18344)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to out-of-bounds memory read error in the 'sigevent->sigev_notify' field of show_timer() function in the timer subsystem. A local attacker can obtain potentially sensitive information from system memory.
2) Use-after-free (CVE-ID: CVE-2018-10876)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
3) Out-of-bounds read (CVE-ID: CVE-2018-10877)
The vulnerability allows a local privileged user to execute arbitrary code.
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
4) Out-of-bounds write (CVE-ID: CVE-2018-10878)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to out-of-bounds write error in the ext4_init_block_bitmap() function in the fourth extended filesystem (ext4). A local attacker can mount and operate a specially crafted ext4 filesystem image, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Use-after-free (CVE-ID: CVE-2018-10879)
The vulnerability allows a local authenticated user to execute arbitrary code.
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
6) Out-of-bounds write (CVE-ID: CVE-2018-10880)
The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.
Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.
7) Buffer overflow (CVE-ID: CVE-2018-10881)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
8) Out-of-bounds write (CVE-ID: CVE-2018-10882)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to out-of-bounds write error in the fs/jbd2/transaction.csource code in the fourth extended filesystem (ext4). A local attacker can unmount a specially crafted ext4 filesystem image, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
9) Out-of-bounds write (CVE-ID: CVE-2018-10883)
The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
10) Use-after-free error (CVE-ID: CVE-2018-14734)
The vulnerability allows a local attacker to cause DoS condition on the target system.
The vulnerability exists due to the ucma_leave_multicast() function, as defined in the drivers/infiniband/core/ucma.c source code file of the affected software, could allow access to a certain data structure after it has been allocated and freed in the ucma_process_join() function. A local attacker can send a specially request that submits malicious input, trigger use-after-free error and cause the service to crash.
11) Side-channel attack (CVE-ID: CVE-2018-3620)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations . A local attacker can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.
12) Information disclosure (CVE-ID: CVE-2018-3646)
The vulnerability allows an adjacent attacker to obtain potentially sensitive information on the target system.
The weakness exists on the systems with microprocessors utilizing speculative execution and address translations due to an error in Hypervisor. An adjacent attacker can access information residing in the L1 data cache via a terminal page fault and a side-channel analysis.
13) Side-channel attack (CVE-ID: CVE-2018-3646)
The vulnerability allows an adjacent attacker to obtain potentially sensitive information.
The vulnerability exists due to an error in systems with microprocessors utilizing speculative execution and address translations. An adjacent attacker with guest OS privilege can trigger terminal page fault, conduct side-channel attack and gain access to potentially sensitive information residing in the L1 data cache.
14) Resource exhaustion (CVE-ID: CVE-2018-5390)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to the system uses an inefficient TCP reassembly algorithm. A remote attacker can send specially crafted packets within ongoing TCP sessions to consume excessive CPU resources and cause the service to crash.
Note: The issue has been called "SegmentSmack".
15) Improper input validation (CVE-ID: CVE-2018-5391)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to an error when handling reassembly of fragmented IPv4 and IPv6 packets. A remote attacker can send specially crafted packets, trigger time and calculation expensive fragment reassembly algorithms and cause the service to crash.
Remediation
Install update from vendor's website.