Lucene search

HistoryMar 12, 2018 - 12:08 p.m.

Security update for the Linux Kernel (important)


0.975 High




The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated to receive
various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-5715: Systems with microprocessors utilizing speculative
    execution and indirect branch prediction may allow unauthorized
    disclosure of information to an attacker with local user access via a
    side-channel analysis (bnc#1068032).

    The previous fix using CPU Microcode has been complemented by building
    the Linux Kernel with return trampolines aka "retpolines".

  • CVE-2018-5332: In the Linux kernel the rds_message_alloc_sgs() function
    did not validate a value that is used during DMA page allocation,
    leading to a heap-based out-of-bounds write (related to the
    rds_rdma_extra_size function in net/rds/rdma.c) (bnc#1075621).

  • CVE-2018-5333: In the Linux kernel the rds_cmsg_atomic function in
    net/rds/rdma.c mishandled cases where page pinning fails or an invalid
    address is supplied, leading to an rds_atomic_free_op NULL pointer
    dereference (bnc#1075617).

  • CVE-2017-18017: The tcpmss_mangle_packet function in
    net/netfilter/xt_TCPMSS.c in the Linux kernel allowed remote attackers
    to cause a denial of service (use-after-free and memory corruption) or
    possibly have unspecified other impact by leveraging the presence of
    xt_TCPMSS in an iptables action (bnc#1074488).

  • CVE-2017-18079: drivers/input/serio/i8042.c in the Linux kernel allowed
    attackers to cause a denial of service (NULL pointer dereference and
    system crash) or possibly have unspecified other impact because the
    port->exists value can change after it is validated (bnc#1077922).

  • CVE-2017-17741: The KVM implementation in the Linux kernel allowed
    attackers to obtain potentially sensitive information from kernel
    memory, aka a write_mmio stack-based out-of-bounds read, related to
    arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311).

  • CVE-2017-13215: A elevation of privilege vulnerability in the Upstream
    kernel skcipher. (bnc#1075908).

  • CVE-2018-1000004: In the Linux kernel a race condition vulnerability
    exists in the sound system, this can lead to a deadlock and denial of
    service condition (bnc#1076017).

The following non-security bugs were fixed:

  • cdc-acm: apply quirk for card reader (bsc#1060279).
  • Enable CPU vulnerabilities reporting via sysfs
  • fork: clear thread stack upon allocation (bsc#1077560).
  • kaiser: Set _PAGE_NX only if supported (bnc#1012382, bnc#1076278).
  • kbuild: modversions for EXPORT_SYMBOL() for asm (bsc#1074621
  • Move kABI fixup for retpolines to proper place.
  • powerpc/vdso64: Use double word compare on pointers (bsc#1070781).
  • s390: add ppa to the idle loop (bnc#1077406, LTC#163910).
  • s390/cpuinfo: show facilities as reported by stfle (bnc#1076849,
  • storvsc: do not assume SG list is continuous when doing bounce buffers
  • sysfs/cpu: Add vulnerability folder (bnc#1012382).
  • sysfs/cpu: Fix typos in vulnerability documentation (bnc#1012382).
  • sysfs: spectre_v2, handle spec_ctrl (bsc#1075994 bsc#1075091).
  • x86/acpi: Handle SCI interrupts above legacy space gracefully
  • x86/acpi: Reduce code duplication in mp_override_legacy_irq()
  • x86/boot: Fix early command-line parsing when matching at end
  • x86/cpu: Factor out application of forced CPU caps (bsc#1075994
  • x86/cpu: Implement CPU vulnerabilites sysfs functions (bnc#1012382).
  • x86/CPU: Sync CPU feature flags late (bsc#1075994 bsc#1075091).
  • x86/kaiser: Populate shadow PGD with NX bit only if supported by
    platform (bsc#1076154 bsc#1076278).
  • x86/kaiser: use trampoline stack for kernel entry.
  • x86/microcode/intel: Disable late loading on model 79 (bsc#1054305).
  • x86/microcode/intel: Extend BDW late-loading further with LLC size check
  • x86/microcode/intel: Extend BDW late-loading with a revision check
  • x86/microcode: Rescan feature flags upon late loading (bsc#1075994
  • x86/retpolines/spec_ctrl: disable IBRS on !SKL if retpolines are active
  • x86/spec_ctrl: handle late setting of X86_FEATURE_SPEC_CTRL properly
    (bsc#1075994 bsc#1075091).
  • x86/spectre_v2: fix ordering in IBRS initialization (bsc#1075994
  • x86/spectre_v2: nospectre_v2 means nospec too (bsc#1075994 bsc#1075091).