SB2018110803 - OpenSUSE Linux update for the Linux Kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018110803

SB2018110803 - OpenSUSE Linux update for the Linux Kernel

Published: November 8, 2018

Security Bulletin ID SB2018110803
Severity
Low
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2017-16533)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the usbhid_parse function in drivers/hid/usbhid/hid-core.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Race condition (CVE-ID: CVE-2017-18224)

The vulnerability allow a local attacker to cause DoS condition on the target system.

The weakness exists in the fs/ocfs2/aops.c source code due to race condition. A local attacker can trigger memory corruption and cause the service to crash.

3) Type confusion (CVE-ID: CVE-2018-18386)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to a type confusion condition in the drivers/tty/n_tty.csource code file. A local attacker can deny use of any other pseudoterminal devices on a targeted system when the EXTPROC and ICANON flags become confused in the TIOCINQ command.


4) Memory corruption (CVE-ID: CVE-2018-18445)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists in the adjust_scalar_min_max_vals function, as defined in the kernel/bpf/verifier.c source code file due to boundary error in the BPF verifier. A local attacker can trigger the BPF verifier to mishandle 32-bit right shifts and cause an out-of-bounds memory access condition to access sensitive information, escalate privileges, or cause a DoS condition on the targeted system.


5) Information disclosure (CVE-ID: CVE-2018-18710)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in the cdrom_ioctl_select_disc function, as defined in the drivers/cdrom/cdrom.c source code file due to boundary error when processing of user-supplied input. A local attacker can access the system, execute an application that submits malicious input to read arbitrary kernel memory on the system, which could be used to conduct additional attacks.


6) Information disclosure (CVE-ID: CVE-2018-10940)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in the cdrom_ioctl_media_changed function due to incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED IOCTL. A local attacker can execute a file or program that submits malicious input to the targeted system, trigger memory corruption and access sensitive kernel information, which could be used to conduct further attacks.


7) Buffer over-read (CVE-ID: CVE-2018-16658)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in cdrom_ioctl_drive_status() function in drivers/cdrom/cdrom.c. A local unprivileged user can create a specially crafted application, trigger out-of-bounds read error and read contents of kernel memory.


Remediation

Install update from vendor's website.

References