{"affected":[{"ecosystem_specific":{"binaries":[{"kernel-ec2":"3.12.61-52.125.1","kernel-ec2-devel":"3.12.61-52.125.1","kernel-ec2-extra":"3.12.61-52.125.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Public Cloud 12","name":"kernel-ec2","purl":"pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.125.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.125.1","kernel-default-base":"3.12.61-52.125.1","kernel-default-devel":"3.12.61-52.125.1","kernel-default-man":"3.12.61-52.125.1","kernel-devel":"3.12.61-52.125.1","kernel-macros":"3.12.61-52.125.1","kernel-source":"3.12.61-52.125.1","kernel-syms":"3.12.61-52.125.1","kernel-xen":"3.12.61-52.125.1","kernel-xen-base":"3.12.61-52.125.1","kernel-xen-devel":"3.12.61-52.125.1","kgraft-patch-3_12_61-52_125-default":"1-1.3.1","kgraft-patch-3_12_61-52_125-xen":"1-1.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-default","purl":"pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.125.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.125.1","kernel-default-base":"3.12.61-52.125.1","kernel-default-devel":"3.12.61-52.125.1","kernel-default-man":"3.12.61-52.125.1","kernel-devel":"3.12.61-52.125.1","kernel-macros":"3.12.61-52.125.1","kernel-source":"3.12.61-52.125.1","kernel-syms":"3.12.61-52.125.1","kernel-xen":"3.12.61-52.125.1","kernel-xen-base":"3.12.61-52.125.1","kernel-xen-devel":"3.12.61-52.125.1","kgraft-patch-3_12_61-52_125-default":"1-1.3.1","kgraft-patch-3_12_61-52_125-xen":"1-1.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-source","purl":"pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.125.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.125.1","kernel-default-base":"3.12.61-52.125.1","kernel-default-devel":"3.12.61-52.125.1","kernel-default-man":"3.12.61-52.125.1","kernel-devel":"3.12.61-52.125.1","kernel-macros":"3.12.61-52.125.1","kernel-source":"3.12.61-52.125.1","kernel-syms":"3.12.61-52.125.1","kernel-xen":"3.12.61-52.125.1","kernel-xen-base":"3.12.61-52.125.1","kernel-xen-devel":"3.12.61-52.125.1","kgraft-patch-3_12_61-52_125-default":"1-1.3.1","kgraft-patch-3_12_61-52_125-xen":"1-1.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-syms","purl":"pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.125.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.125.1","kernel-default-base":"3.12.61-52.125.1","kernel-default-devel":"3.12.61-52.125.1","kernel-default-man":"3.12.61-52.125.1","kernel-devel":"3.12.61-52.125.1","kernel-macros":"3.12.61-52.125.1","kernel-source":"3.12.61-52.125.1","kernel-syms":"3.12.61-52.125.1","kernel-xen":"3.12.61-52.125.1","kernel-xen-base":"3.12.61-52.125.1","kernel-xen-devel":"3.12.61-52.125.1","kgraft-patch-3_12_61-52_125-default":"1-1.3.1","kgraft-patch-3_12_61-52_125-xen":"1-1.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kernel-xen","purl":"pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.12.61-52.125.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"kernel-default":"3.12.61-52.125.1","kernel-default-base":"3.12.61-52.125.1","kernel-default-devel":"3.12.61-52.125.1","kernel-default-man":"3.12.61-52.125.1","kernel-devel":"3.12.61-52.125.1","kernel-macros":"3.12.61-52.125.1","kernel-source":"3.12.61-52.125.1","kernel-syms":"3.12.61-52.125.1","kernel-xen":"3.12.61-52.125.1","kernel-xen-base":"3.12.61-52.125.1","kernel-xen-devel":"3.12.61-52.125.1","kgraft-patch-3_12_61-52_125-default":"1-1.3.1","kgraft-patch-3_12_61-52_125-xen":"1-1.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 12-LTSS","name":"kgraft-patch-SLE12_Update_33","purl":"pkg:rpm/suse/kgraft-patch-SLE12_Update_33&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1-1.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThe SUSE Linux Enterprise 12 kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2018-1068: Fixed flaw in the implementation of 32-bit syscall interface\n  for bridging. This allowed a privileged user to arbitrarily write to a limited\n  range of kernel memory (bnc#1085107).\n- CVE-2017-18221: The __munlock_pagevec function allowed local users to cause a\n  denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall\n  and munlockall system calls (bnc#1084323).\n- CVE-2018-1066: Prevent NULL pointer dereference in\n  fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allowed an attacker controlling a\n  CIFS server to kernel panic a client that has this server mounted, because an\n  empty TargetInfo field in an NTLMSSP setup negotiation response was mishandled\n  during session recovery (bnc#1083640).\n- CVE-2017-13166: Prevent elevation of privilege vulnerability in the kernel\n  v4l2 video driver (bnc#1072865).\n- CVE-2017-16911: The vhci_hcd driver allowed local attackers to disclose\n  kernel memory addresses. Successful exploitation required that a USB device was\n  attached over IP (bnc#1078674).\n- CVE-2017-15299: The KEYS subsystem mishandled use of add_key for a key that\n  already exists but is uninstantiated, which allowed local users to cause a\n  denial of service (NULL pointer dereference and system crash) or possibly have\n  unspecified other impact via a crafted system call (bnc#1063416).\n- CVE-2017-18208: The madvise_willneed function kernel allowed local users to\n  cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED\n  for a DAX mapping (bnc#1083494).\n- CVE-2018-7566: The ALSA sequencer core initializes the event pool on demand\n  by invoking snd_seq_pool_init() when the first write happens and the pool is\n  empty. A user could have reset the pool size manually via ioctl concurrently,\n  which may have lead UAF or out-of-bound access (bsc#1083483).\n- CVE-2017-18204: The ocfs2_setattr function allowed local users to cause a\n  denial of service (deadlock) via DIO requests (bnc#1083244).\n- CVE-2017-16644: The hdpvr_probe function allowed local users to cause a\n  denial of service (improper error handling and system crash) or possibly have\n  unspecified other impact via a crafted USB device (bnc#1067118).\n- CVE-2018-6927: The futex_requeue function allowed attackers to cause a denial\n  of service (integer overflow) or possibly have unspecified other impact by\n  triggering a negative wake or requeue value (bnc#1080757).\n- CVE-2017-16914: The 'stub_send_ret_submit()' function allowed attackers to\n  cause a denial of service (NULL pointer dereference) via a specially crafted\n  USB over IP packet (bnc#1078669).\n- CVE-2016-7915: The hid_input_field function allowed physically proximate\n  attackers to obtain sensitive information from kernel memory or cause a denial\n  of service (out-of-bounds read) by connecting a device (bnc#1010470).\n- CVE-2017-12190: The bio_map_user_iov and bio_unmap_user functions did\n  unbalanced refcounting when a SCSI I/O vector had small consecutive buffers\n  belonging to the same page. The bio_add_pc_page function merged them into one,\n  but the page reference was never dropped. This caused a memory leak and\n  possible system lockup (exploitable against the host OS by a guest OS user, if\n  a SCSI disk is passed through to a virtual machine) due to an out-of-memory\n  condition (bnc#1062568).\n- CVE-2017-16912: The 'get_pipe()' function allowed attackers to cause a denial\n  of service (out-of-bounds read) via a specially crafted USB over IP packet\n  (bnc#1078673).\n- CVE-2017-16913: The 'stub_recv_cmd_submit()' function when handling\n  CMD_SUBMIT packets allowed attackers to cause a denial of service (arbitrary\n  memory allocation) via a specially crafted USB over IP packet (bnc#1078672).\n- CVE-2018-5332: The rds_message_alloc_sgs() function did not validate a value\n  that is used during DMA page allocation, leading to a heap-based out-of-bounds\n  write (related to the rds_rdma_extra_size function in net/rds/rdma.c)\n  (bnc#1075621).\n- CVE-2018-5333: The rds_cmsg_atomic function in net/rds/rdma.c mishandled\n  cases where page pinning fails or an invalid address is supplied, leading to an\n  rds_atomic_free_op NULL pointer dereference (bnc#1075617).\n- CVE-2017-18017: The tcpmss_mangle_packet function allowed remote attackers to\n  cause a denial of service (use-after-free and memory corruption) or possibly\n  have unspecified other impact by leveraging the presence of xt_TCPMSS in an\n  iptables action (bnc#1074488).\n\nThe following non-security bugs were fixed:\n\n- Fix build on arm64 by defining empty gmb() (bnc#1068032).\n- KEYS: do not let add_key() update an uninstantiated key (bnc#1063416).\n- KEYS: fix writing past end of user-supplied buffer in keyring_read() (bsc#1066001).\n- KEYS: return full count in keyring_read() if buffer is too small (bsc#1066001).\n- include/stddef.h: Move offsetofend() from vfio.h to a generic kernel header (bsc#1077560).\n- ipc/msg: introduce msgctl(MSG_STAT_ANY) (bsc#1072689).\n- ipc/sem: introduce semctl(SEM_STAT_ANY) (bsc#1072689).\n- ipc/shm: introduce shmctl(SHM_STAT_ANY) (bsc#1072689).\n- x86/kaiser: use trampoline stack for kernel entry (bsc#1077560)\n- leds: do not overflow sysfs buffer in led_trigger_show (bsc#1080464).\n- livepatch: __kgr_shadow_get_or_alloc() is local to shadow.c. Shadow variables support (bsc#1082299).\n- livepatch: introduce shadow variable API. Shadow variables support (bsc#1082299)\n- media: v4l2-compat-ioctl32.c: add missing VIDIOC_PREPARE_BUF (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: avoid sizeof(type) (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: copy clip list in put_v4l2_window32 (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: copy m.userptr in put_v4l2_plane32 (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: do not copy back the result for certain errors (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: drop pr_info for unknown buffer type (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: fix the indentation (bnc#1012382).\n- media: v4l2-compat-ioctl32.c: move 'helper' functions to __get/put_v4l2_format32 (bnc#1012382).\n- media: v4l2-compat-ioctl32: Copy v4l2_window->global_alpha (bnc#1012382).\n- media: v4l2-ioctl.c: do not copy back the result for -ENOTTY (bnc#1012382).\n- netfilter: ebtables: CONFIG_COMPAT: do not trust userland offsets (bsc#1085107).\n- netfilter: ebtables: fix erroneous reject of last rule (bsc#1085107).\n- packet: only call dev_add_pack() on freshly allocated fanout instances\n- pipe: cap initial pipe capacity according to pipe-max-size limit (bsc#1045330).\n- x86/espfix: Fix return stack in do_double_fault() (bsc#1085279).\n","id":"SUSE-SU-2018:0834-1","modified":"2018-03-28T14:17:49Z","published":"2018-03-28T14:17:49Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20180834-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1010470"},{"type":"REPORT","url":"https://bugzilla.suse.com/1012382"},{"type":"REPORT","url":"https://bugzilla.suse.com/1045330"},{"type":"REPORT","url":"https://bugzilla.suse.com/1062568"},{"type":"REPORT","url":"https://bugzilla.suse.com/1063416"},{"type":"REPORT","url":"https://bugzilla.suse.com/1066001"},{"type":"REPORT","url":"https://bugzilla.suse.com/1067118"},{"type":"REPORT","url":"https://bugzilla.suse.com/1068032"},{"type":"REPORT","url":"https://bugzilla.suse.com/1072689"},{"type":"REPORT","url":"https://bugzilla.suse.com/1072865"},{"type":"REPORT","url":"https://bugzilla.suse.com/1074488"},{"type":"REPORT","url":"https://bugzilla.suse.com/1075617"},{"type":"REPORT","url":"https://bugzilla.suse.com/1075621"},{"type":"REPORT","url":"https://bugzilla.suse.com/1077560"},{"type":"REPORT","url":"https://bugzilla.suse.com/1078669"},{"type":"REPORT","url":"https://bugzilla.suse.com/1078672"},{"type":"REPORT","url":"https://bugzilla.suse.com/1078673"},{"type":"REPORT","url":"https://bugzilla.suse.com/1078674"},{"type":"REPORT","url":"https://bugzilla.suse.com/1080255"},{"type":"REPORT","url":"https://bugzilla.suse.com/1080464"},{"type":"REPORT","url":"https://bugzilla.suse.com/1080757"},{"type":"REPORT","url":"https://bugzilla.suse.com/1082299"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083244"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083483"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083494"},{"type":"REPORT","url":"https://bugzilla.suse.com/1083640"},{"type":"REPORT","url":"https://bugzilla.suse.com/1084323"},{"type":"REPORT","url":"https://bugzilla.suse.com/1085107"},{"type":"REPORT","url":"https://bugzilla.suse.com/1085114"},{"type":"REPORT","url":"https://bugzilla.suse.com/1085279"},{"type":"REPORT","url":"https://bugzilla.suse.com/1085447"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2016-7915"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-12190"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-13166"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15299"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-16644"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-16911"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-16912"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-16913"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-16914"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-18017"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-18204"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-18208"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-18221"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1066"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-1068"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5332"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-5333"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-6927"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-7566"}],"related":["CVE-2016-7915","CVE-2017-12190","CVE-2017-13166","CVE-2017-15299","CVE-2017-16644","CVE-2017-16911","CVE-2017-16912","CVE-2017-16913","CVE-2017-16914","CVE-2017-18017","CVE-2017-18204","CVE-2017-18208","CVE-2017-18221","CVE-2018-1066","CVE-2018-1068","CVE-2018-5332","CVE-2018-5333","CVE-2018-6927","CVE-2018-7566"],"summary":"Security update for the Linux Kernel","upstream":["CVE-2016-7915","CVE-2017-12190","CVE-2017-13166","CVE-2017-15299","CVE-2017-16644","CVE-2017-16911","CVE-2017-16912","CVE-2017-16913","CVE-2017-16914","CVE-2017-18017","CVE-2017-18204","CVE-2017-18208","CVE-2017-18221","CVE-2018-1066","CVE-2018-1068","CVE-2018-5332","CVE-2018-5333","CVE-2018-6927","CVE-2018-7566"]}