OpenSUSE Linux update for the Linux Kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 10 |
| CVE-ID | CVE-2018-1120 CVE-2018-16862 CVE-2018-16884 CVE-2018-19407 CVE-2018-19824 CVE-2018-19985 CVE-2018-20169 CVE-2018-9568 CVE-2019-3459 CVE-2019-3460 |
| CWE-ID | CWE-20 CWE-416 CWE-476 CWE-125 CWE-119 CWE-843 CWE-401 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #4 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software |
Opensuse Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 10 vulnerabilities.
1) Improper input validation
EUVDB-ID: #VU12853
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-1120
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to cause DoS condition on the target system.
The weakness exists due to insufficient validation of user-supplied input. A local user can block any read() access to /proc/PID/cmdline by mmap()ing a FUSE file (Filesystem in Userspace) onto this process's command-line arguments, block pgrep, pidof, pkill, ps, and w, either forever (a denial of service), or for some controlled time (a synchronization tool for exploiting other vulnerabilities).
Update the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Security restrictions bypass
EUVDB-ID: #VU16060
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-16862
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The vulnerability exists due to an error when the cleancache subsystem clears an inode after the final file truncation (removal). A local attacker can supply new file created with the same inode that may contain leftover pages from cleancache and bypass security restrictions to conduct further attacks.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free error
EUVDB-ID: #VU16616
Risk: Low
CVSSv4.0: 7.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-16884
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to bc_svc_process() use wrong back-channel id when NFS41+ shares mounted in different network namespaces at the same time. A remote attacker can use a malicious container to trigger use-after-free error and cause a system panic.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Null pointer dereference
EUVDB-ID: #VU16022
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19407
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists in the vcpu_scan_ioapic function, as defined in the arch/x86/kvm/x86.c source code file due to the failure of the I/O Advanced Programmable Interrupt Controller (I/O APIC) to initialize. A local attacker can access the system and execute an application that submits malicious system calls, trigger a NULL pointer dereference, which could result in a DoS condition.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
5) Use-after-free error
EUVDB-ID: #VU16237
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2018-19824
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists in the Advanced Linux Sound Architecture (ALSA) driver due to use-after-free error in the usb_audio_probefunction, as defined in the sound/usb/card.c source code file. A local attacker can supply a malicious USB sound device with no interfaces, trigger memory corruption and execute arbitrary code with elevated privileges.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Out-of-bounds read
EUVDB-ID: #VU20806
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-19985
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when the function "hso_get_config_data" in "drivers/net/usb/hso.c" reads "if_num" from the USB device (as a u8) and uses it to index a small array. An authenticated local user with physical access to the system can use a malicious USB, trigger out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU16628
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-20169
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition or execute arbitrary code on the target system.
The vulnerability exists in the USB subsystem due to improper checks on the minimum and maximum size of data allowed when reading an extra descriptor by the USB subsystem of the affected software, related to the __usb_get_extra_descriptor in the drivers/usb/core/usb.c source code file. A local attacker can insert a USB device designed to submit malicious input, trigger memory corruption and cause the service to crash or execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Type Confusion
EUVDB-ID: #VU21092
Risk: High
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2018-9568
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error in the sk_clone_lock() function in sock.c. A local user can run a specially crafted application to trigger memory corruption and execute arbitrary code on the target system with elevated privileges.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Memory leak
EUVDB-ID: #VU17762
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-3459
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due heap address infoleak in use of l2cap_get_conf_opt. A local attacker can trigger memory leak and access important data.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Memory leak
EUVDB-ID: #VU17763
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-3460
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The vulnerability exists due heap address infoleak in multiple locations including function l2cap_parse_conf_rsp. A local attacker can trigger memory leak and access important data.
MitigationUpdate the affected packages.
Opensuse: 42.3
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2019-02/msg00007.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
