SB2018101723 - OpenSUSE Linux update for the Linux Kernel

Description

This security bulletin contains information about 13 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2018-13096)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the build_sit_info() function in the Flash-Friendly File System (F2FS) component, as defined in the source code file fs/f2fs/super.c due to boundary error when mounting F2FS filesystems. A local attacker can access the system and mount an F2FS filesystem that submits malicious input in an abnormal bitmap size, trigger out-of-bounds memory read and cause the affected software to terminate abnormally.

2) Divide by zero (CVE-ID: CVE-2018-13097)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the user_block_count() function in the Flash-Friendly File System (F2FS) component, as defined in the source code file fs/f2fs/super.c due to boundary error when mounting F2FS filesystems. A local attacker can access the system and mount an F2FS filesystem that submits malicious input, trigger divide-by-zero memory error and cause the affected software to terminate abnormally.

3) Buffer over-read (CVE-ID: CVE-2018-13098)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds read in fs/f2fs/inode.c file that occurs for a modified f2fs filesystem image in which FI_EXTRA_ATTR is set in an inode.

4) Buffer over-read (CVE-ID: CVE-2018-13099)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to an out-of-bounds read in fs/f2fs/inline.c file that occurs for a modified f2fs filesystem image in which an inline inode contains an invalid reserved blkaddr.

5) Divide-by-zero (CVE-ID: CVE-2018-13100)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to improper validation of secs_per_zone information in a corrupted Flash-Friendly File System (F2FS) image. A local attacker can mount a specially crafted F2FS image, trigger a divide-by-zero condition in the reset_curseg() function, as defined in the fs/f2fs/super.c source code file and cause the system to crash.

6) Null pointer dereference (CVE-ID: CVE-2018-14613)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists in the check_leaf_item() function, as defined in the source code file fs/btrfs/tree-checker.c, due to the affected software improperly validates block group items. A local attacker can mount and operate a specially crafted Btrfs filesystem that submits malicious input, trigger an invalid pointer dereference error in the io_ctl_map_page() function and cause the affected software to terminate abnormally.

7) Null pointer dereference (CVE-ID: CVE-2018-14617)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to NULL pointer dereference when the hfsplus_lookup() function, as defined in the fs/hfsplus/dir.c source code file of the affected software, opens a file in a read-only Hierarchical File System Plus (HFS+) filesystem without a metadata directory and with malformed catalog data. A local attacker can mount a malicious HFS+ filesystem image, open a file in the image and cause kernel panic.

8) Stack-based buffer overflow (CVE-ID: CVE-2018-14633)

9) Memory corruption (CVE-ID: CVE-2018-16276)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to an out-of-bounds access condition in the yurex_read function, as defined in the drivers/usb/misc/yurex.c source code file. A remote unauthenticated attacker can execute a specially crafted program that submits malicious, trigger memory corruption and gain elevated privileges or cause the service to crash.

10) Authorization bypass (CVE-ID: CVE-2018-16597)

The vulnerability allows a local authenticated user to manipulate data.

An issue was discovered in the Linux kernel before 4.8. Incorrect access checking in overlayfs mounts could be used by local attackers to modify or truncate files in the underlying filesystem.

11) Use-after-free (CVE-ID: CVE-2018-17182)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in vmacache_flush_all() function in mm/vmacache.c file. A local user can trigger the use-after-free error via certain thread creation, map, unmap, invalidation, and dereference operations and execute arbitrary code on the system with elevated privileges.

12) Double-free error (CVE-ID: CVE-2018-7480)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the block/blk-cgroup.c source code in the blkcg_init_queue function due to double free. A remote attacker can trigger memory corruption and cause the service to crash.

13) Memory leak (CVE-ID: CVE-2018-7757)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the drivers/scsi/libsas/sas_expander.c source code in the sas_smp_get_phy_events function due to memory leak. A local attacker can trigger memory corruption and cause the system to crash.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html