SB2018112105 - OpenSUSE Linux update for the Linux Kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2018112105

SB2018112105 - OpenSUSE Linux update for the Linux Kernel

Published: November 21, 2018

Security Bulletin ID SB2018112105
Severity
Low
Patch available
YES
Number of vulnerabilities 7
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 7 secuirty vulnerabilities.


1) Improper access control (CVE-ID: CVE-2018-18281)

The vulnerability allows a local user to bypass certain security restrictions.

The vulnerability exists due to improper access restrictions to memory when performing TLB flushes after dropping pagetable locks with mremap() syscall, A local user can access a physical page of a stale TLB entry after ftruncate() syscall is called to remove entries from the pagetables of a task that is in the middle of mremap() syscall.

Successful exploitation of the vulnerability may allow an attacker to gain access to sensitive information, stored in process memory.


2) Type confusion (CVE-ID: CVE-2018-18386)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to a type confusion condition in the drivers/tty/n_tty.csource code file. A local attacker can deny use of any other pseudoterminal devices on a targeted system when the EXTPROC and ICANON flags become confused in the TIOCINQ command.


3) Improper input validation (CVE-ID: CVE-2018-18690)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The vulnerability exists due to improper handling of ATTR_REPLACE operations by the xfs_attr_shortform_addname function, as defined in the fs/xfs/libxfs/xfs_attr.c source code file. A local attacker can access the system and execute an application that submits malicious input, trigger corruption of the Extended File System (XFS) and cause the service to crash.


4) Information disclosure (CVE-ID: CVE-2018-18710)

The vulnerability allows a remote attacker to obtain potentially sensitive information.

The vulnerability exists in the cdrom_ioctl_select_disc function, as defined in the drivers/cdrom/cdrom.c source code file due to boundary error when processing of user-supplied input. A local attacker can access the system, execute an application that submits malicious input to read arbitrary kernel memory on the system, which could be used to conduct additional attacks.


5) Out-of-bounds write (CVE-ID: CVE-2018-9516)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to out-of-bounds write in hid_debug_events_read of drivers/hid/hid-debug.c when a missing bounds check. A local attacker can trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


6) Information disclosure (CVE-ID: CVE-2018-10940)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in the cdrom_ioctl_media_changed function due to incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED IOCTL. A local attacker can execute a file or program that submits malicious input to the targeted system, trigger memory corruption and access sensitive kernel information, which could be used to conduct further attacks.


7) Buffer over-read (CVE-ID: CVE-2018-16658)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in cdrom_ioctl_drive_status() function in drivers/cdrom/cdrom.c. A local unprivileged user can create a specially crafted application, trigger out-of-bounds read error and read contents of kernel memory.


Remediation

Install update from vendor's website.

References