SUSE-SU-2018:2362-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20182362-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:2362-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:2362-1
Related
Published
2018-08-16T07:08:37Z
Modified
2018-08-16T07:08:37Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2018-13053: The alarmtimernsleep function in kernel/time/alarmtimer.c had an integer overflow via a large relative timeout because ktimeaddsafe is not used (bnc#1099924).
  • CVE-2018-13405: The inodeinitowner function in fs/inode.c allowed local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID (bnc#1100416).
  • CVE-2018-13406: An integer overflow in the uvesafbsetcmap function in drivers/video/fbdev/uvesafb.c could result in local attackers being able to crash the kernel or potentially elevate privileges because kmallocarray is not used (bnc#1098016 bnc#1100418).
  • CVE-2018-14734: drivers/infiniband/core/ucma.c allowed ucmaleavemulticast to access a certain data structure after a cleanup step in ucmaprocessjoin, which allowed attackers to cause a denial of service (use-after-free) (bnc#1103119).
  • CVE-2018-3620: Local attackers on baremetal systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data. (bnc#1087081).
  • CVE-2018-3646: Local attackers in virtualized guest systems could use speculative code patterns on hyperthreaded processors to read data present in the L1 Datacache used by other hyperthreads on the same CPU core, potentially leaking sensitive data, even from other virtual machines or the host system. (bnc#1089343).

The following non-security bugs were fixed:

  • bcache: Add _printf annotation to _bchcheckkeys() (bsc#1064232).
  • bcache: Annotate switch fall-through (bsc#1064232).
  • bcache: Fix a compiler warning in bcachedeviceinit() (bsc#1064232).
  • bcache: Fix indentation (bsc#1064232).
  • bcache: Fix kernel-doc warnings (bsc#1064232).
  • bcache: Fix, improve efficiency of closure_sync() (bsc#1064232).
  • bcache: Reduce the number of sparse complaints about lock imbalances (bsc#1064232).
  • bcache: Remove an unused variable (bsc#1064232).
  • bcache: Suppress more warnings about set-but-not-used variables (bsc#1064232).
  • bcache: Use PTRERROR_ZERO() (bsc#1064232).
  • bcache: add CACHESETIODISABLE to struct cacheset flags (bsc#1064232).
  • bcache: add backingrequestendio() for biendio (bsc#1064232).
  • bcache: add iodisable to struct cacheddev (bsc#1064232).
  • bcache: add journal statistic (bsc#1064232).
  • bcache: add stopwhencachesetfailed option to backing device (bsc#1064232).
  • bcache: add waitforkthreadstop() in bchallocator_thread() (bsc#1064232).
  • bcache: closures: move control bits one bit right (bsc#1064232).
  • bcache: correct flash only vols (check all uuids) (bsc#1064232).
  • bcache: count backing device I/O error for writeback I/O (bsc#1064232).
  • bcache: do not attach backing with duplicate UUID (bsc#1064232).
  • bcache: fix cacheddev->count usage for bchcacheseterror() (bsc#1064232).
  • bcache: fix crashes in duplicate cache device register (bsc#1064232).
  • bcache: fix error return value in memory shrink (bsc#1064232).
  • bcache: fix for allocator and register thread race (bsc#1064232).
  • bcache: fix for data collapse after re-attaching an attached device (bsc#1064232).
  • bcache: fix high CPU occupancy during journal (bsc#1064232).
  • bcache: fix incorrect sysfs output value of strip size (bsc#1064232).
  • bcache: fix kcrashes with fio in RAID5 backend dev (bsc#1064232).
  • bcache: fix misleading error message in bchcountio_errors() (bsc#1064232).
  • bcache: fix using of loop variable in memory shrink (bsc#1064232).
  • bcache: fix writeback target calc on large devices (bsc#1064232).
  • bcache: fix wrong return value in bchdebuginit() (bsc#1064232).
  • bcache: mark closuresync() _sched (bsc#1064232).
  • bcache: move closure debug file into debug directory (bsc#1064232).
  • bcache: properly set task state in bchwritebackthread() (bsc#1064232).
  • bcache: quit dc->writebackthread when BCACHEDEV_DETACHING is set (bsc#1064232).
  • bcache: reduce cacheset devices iteration by devicesmax_used (bsc#1064232).
  • bcache: ret IOERR when read meets metadata error (bsc#1064232).
  • bcache: return 0 from bchdebuginit() if CONFIGDEBUGFS=n (bsc#1064232).
  • bcache: return attach error when no cache set exist (bsc#1064232).
  • bcache: segregate flash only volume write streams (bsc#1064232).
  • bcache: set CACHESETIODISABLE in bchcacheddeverror() (bsc#1064232).
  • bcache: set dc->iodisable to true in conditionalstopbcachedevice() (bsc#1064232).
  • bcache: set error_limit correctly (bsc#1064232).
  • bcache: set writebackrateupdate_seconds in range [1, 60] seconds (bsc#1064232).
  • bcache: stop bcache device when backing device is offline (bsc#1064232).
  • bcache: stop dc->writebackrateupdate properly (bsc#1064232).
  • bcache: stop writeback thread after detaching (bsc#1064232).
  • bcache: store disk name in struct cache and struct cached_dev (bsc#1064232).
  • bcache: use prinfo() to inform duplicated CACHESETIODISABLE set (bsc#1064232).
  • cpu/hotplug: Add sysfs state interface (bsc#1089343).
  • cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
  • cpu/hotplug: Provide knobs to control SMT (bsc#1089343).
  • cpu/hotplug: Split docpudown() (bsc#1089343).
  • x86/CPU/AMD: Do not check CPUID max ext level before parsing SMP info (bsc#1089343).
  • x86/CPU/AMD: Move TOPOEXT reenablement before reading smpnumsiblings (bsc#1089343).
  • x86/Xen: disable IBRS around CPU stopper function invocation (none so far).
  • x86/cpu/AMD: Evaluate smpnumsiblings early (bsc#1089343).
  • x86/cpu/AMD: Evaluate smpnumsiblings early (bsc#1089343).
  • x86/cpu/AMD: Remove the pointless detect_ht() call (bsc#1089343).
  • x86/cpu/common: Provide detecthtearly() (bsc#1089343).
  • x86/cpu/intel: Evaluate smpnumsiblings early (bsc#1089343).
  • x86/cpu/topology: Provide detectextendedtopology_early() (bsc#1089343).
  • x86/cpu: Remove the pointless CPU printout (bsc#1089343).
  • x86/cpufeatures: Add X86BUGSPECTRE_V[12] (bnc#1012382).
  • x86/mm: Simplify p[g4um]xen: d_page() macros (bnc#1087081).
  • x86/smp: Provide topologyisprimary_thread() (bsc#1089343).
  • x86/smpboot: Do not use smpnumsiblings in _maxlogical_packages calculation (bsc#1089343).
  • x86/topology: Add topologymaxsmt_threads() (bsc#1089343).
  • x86/topology: Provide topologysmtsupported() (bsc#1089343).
  • xen/x86/cpu/common: Provide detecthtearly() (bsc#1089343).
  • xen/x86/cpu/topology: Provide detectextendedtopology_early() (bsc#1089343).
  • xen/x86/cpu: Remove the pointless CPU printout (bsc#1089343).
  • xen/x86/cpufeatures: Add X86BUGCPU_INSECURE (bnc#1012382).
  • xen/x86/cpufeatures: Make CPU bugs sticky (bnc#1012382).
  • xen/x86/entry: Add a function to overwrite the RSB (bsc#1068032).
  • xen/x86/entry: Stuff RSB for entry to kernel for non-SMEP platform (bsc#1068032).
  • xen/x86/entry: Use IBRS on entry to kernel space (bsc#1068032).
  • xen/x86/mm: Set IBPB upon context switch (bsc#1068032).
  • xen/x86/pti: Rename BUGCPUINSECURE to BUGCPUMELTDOWN (bnc#1012382).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 12 / kernel-ec2

Package

Name
kernel-ec2
Purl
pkg:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.141.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-ec2-extra": "3.12.61-52.141.1",
            "kernel-ec2": "3.12.61-52.141.1",
            "kernel-ec2-devel": "3.12.61-52.141.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-default

Package

Name
kernel-default
Purl
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.141.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.141.1",
            "kernel-default-base": "3.12.61-52.141.1",
            "kernel-default-man": "3.12.61-52.141.1",
            "kernel-default": "3.12.61-52.141.1",
            "kernel-source": "3.12.61-52.141.1",
            "kernel-syms": "3.12.61-52.141.1",
            "kernel-devel": "3.12.61-52.141.1",
            "kernel-xen-devel": "3.12.61-52.141.1",
            "kernel-xen-base": "3.12.61-52.141.1",
            "kgraft-patch-3_12_61-52_141-default": "1-1.5.1",
            "kgraft-patch-3_12_61-52_141-xen": "1-1.5.1",
            "lttng-modules-kmp-default": "2.4.1_k3.12.61_52.141-16.6.1",
            "lttng-modules": "2.4.1-16.6.1",
            "kernel-default-devel": "3.12.61-52.141.1",
            "kernel-xen": "3.12.61-52.141.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-source

Package

Name
kernel-source
Purl
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.141.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.141.1",
            "kernel-default-base": "3.12.61-52.141.1",
            "kernel-default-man": "3.12.61-52.141.1",
            "kernel-default": "3.12.61-52.141.1",
            "kernel-source": "3.12.61-52.141.1",
            "kernel-syms": "3.12.61-52.141.1",
            "kernel-devel": "3.12.61-52.141.1",
            "kernel-xen-devel": "3.12.61-52.141.1",
            "kernel-xen-base": "3.12.61-52.141.1",
            "kgraft-patch-3_12_61-52_141-default": "1-1.5.1",
            "kgraft-patch-3_12_61-52_141-xen": "1-1.5.1",
            "lttng-modules-kmp-default": "2.4.1_k3.12.61_52.141-16.6.1",
            "lttng-modules": "2.4.1-16.6.1",
            "kernel-default-devel": "3.12.61-52.141.1",
            "kernel-xen": "3.12.61-52.141.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.141.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.141.1",
            "kernel-default-base": "3.12.61-52.141.1",
            "kernel-default-man": "3.12.61-52.141.1",
            "kernel-default": "3.12.61-52.141.1",
            "kernel-source": "3.12.61-52.141.1",
            "kernel-syms": "3.12.61-52.141.1",
            "kernel-devel": "3.12.61-52.141.1",
            "kernel-xen-devel": "3.12.61-52.141.1",
            "kernel-xen-base": "3.12.61-52.141.1",
            "kgraft-patch-3_12_61-52_141-default": "1-1.5.1",
            "kgraft-patch-3_12_61-52_141-xen": "1-1.5.1",
            "lttng-modules-kmp-default": "2.4.1_k3.12.61_52.141-16.6.1",
            "lttng-modules": "2.4.1-16.6.1",
            "kernel-default-devel": "3.12.61-52.141.1",
            "kernel-xen": "3.12.61-52.141.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-xen

Package

Name
kernel-xen
Purl
pkg:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.141.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.141.1",
            "kernel-default-base": "3.12.61-52.141.1",
            "kernel-default-man": "3.12.61-52.141.1",
            "kernel-default": "3.12.61-52.141.1",
            "kernel-source": "3.12.61-52.141.1",
            "kernel-syms": "3.12.61-52.141.1",
            "kernel-devel": "3.12.61-52.141.1",
            "kernel-xen-devel": "3.12.61-52.141.1",
            "kernel-xen-base": "3.12.61-52.141.1",
            "kgraft-patch-3_12_61-52_141-default": "1-1.5.1",
            "kgraft-patch-3_12_61-52_141-xen": "1-1.5.1",
            "lttng-modules-kmp-default": "2.4.1_k3.12.61_52.141-16.6.1",
            "lttng-modules": "2.4.1-16.6.1",
            "kernel-default-devel": "3.12.61-52.141.1",
            "kernel-xen": "3.12.61-52.141.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kgraft-patch-SLE12_Update_37

Package

Name
kgraft-patch-SLE12_Update_37
Purl
pkg:rpm/suse/kgraft-patch-SLE12_Update_37&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-1.5.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.141.1",
            "kernel-default-base": "3.12.61-52.141.1",
            "kernel-default-man": "3.12.61-52.141.1",
            "kernel-default": "3.12.61-52.141.1",
            "kernel-source": "3.12.61-52.141.1",
            "kernel-syms": "3.12.61-52.141.1",
            "kernel-devel": "3.12.61-52.141.1",
            "kernel-xen-devel": "3.12.61-52.141.1",
            "kernel-xen-base": "3.12.61-52.141.1",
            "kgraft-patch-3_12_61-52_141-default": "1-1.5.1",
            "kgraft-patch-3_12_61-52_141-xen": "1-1.5.1",
            "lttng-modules-kmp-default": "2.4.1_k3.12.61_52.141-16.6.1",
            "lttng-modules": "2.4.1-16.6.1",
            "kernel-default-devel": "3.12.61-52.141.1",
            "kernel-xen": "3.12.61-52.141.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / lttng-modules

Package

Name
lttng-modules
Purl
pkg:rpm/suse/lttng-modules&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.1-16.6.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.141.1",
            "kernel-default-base": "3.12.61-52.141.1",
            "kernel-default-man": "3.12.61-52.141.1",
            "kernel-default": "3.12.61-52.141.1",
            "kernel-source": "3.12.61-52.141.1",
            "kernel-syms": "3.12.61-52.141.1",
            "kernel-devel": "3.12.61-52.141.1",
            "kernel-xen-devel": "3.12.61-52.141.1",
            "kernel-xen-base": "3.12.61-52.141.1",
            "kgraft-patch-3_12_61-52_141-default": "1-1.5.1",
            "kgraft-patch-3_12_61-52_141-xen": "1-1.5.1",
            "lttng-modules-kmp-default": "2.4.1_k3.12.61_52.141-16.6.1",
            "lttng-modules": "2.4.1-16.6.1",
            "kernel-default-devel": "3.12.61-52.141.1",
            "kernel-xen": "3.12.61-52.141.1"
        }
    ]
}