openSUSE Security Update : the Linux Kernel (openSUSE-2018-656) (Spectre)

high Nessus Plugin ID 110658

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE Leap 42.3 was updated to 4.4.138 to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2018-3639: Systems with microprocessors utilizing speculative execution and speculative execution of memory reads before the addresses of all prior memory writes are known may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka Speculative Store Bypass (SSB), Variant 4 (bsc#1085308 bsc#1087082) This update improves the previous Spectre Variant 4 fixes and also mitigates them on the ARM architecture.

- CVE-2018-3665: The FPU state and registers of x86 CPUs were saved and restored in a lazy fashion, which opened its disclosure by speculative side channel attacks. This has been fixed by replacing the lazy save/restore by eager saving and restoring (bnc#1087086)

- CVE-2018-5848: In the function wmi_set_ie(), the length validation code did not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow (bnc#1097356).

- CVE-2017-18249: The add_free_nid function in fs/f2fs/node.c did not properly track an allocated nid, which allowed local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads (bnc#1087036).

- CVE-2017-18241: fs/f2fs/segment.c kernel allowed local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure (bnc#1086400).

- CVE-2017-17741: The KVM implementation allowed attackers to obtain potentially sensitive information from kernel memory, aka a write_mmio stack-based out-of-bounds read, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h (bnc#1073311 1091815).

- CVE-2017-13305: A information disclosure vulnerability in the encrypted-keys. (bnc#1094353).

- CVE-2018-1093: The ext4_valid_block_bitmap function in fs/ext4/balloc.c allowed attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers (bnc#1087095).

- CVE-2018-1094: The ext4_fill_super function in fs/ext4/super.c did not always initialize the crc32c checksum driver, which allowed attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image (bnc#1087007 1092903).

- CVE-2018-1092: The ext4_iget function in fs/ext4/inode.c mishandled the case of a root directory with a zero i_links_count, which allowed attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image (bnc#1087012).

- CVE-2018-12233: In the ea_get function in fs/jfs/xattr.c, a memory corruption bug in JFS could be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr. (bsc#1097234)

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1041740

https://bugzilla.opensuse.org/show_bug.cgi?id=1045330

https://bugzilla.opensuse.org/show_bug.cgi?id=1056415

https://bugzilla.opensuse.org/show_bug.cgi?id=1066223

https://bugzilla.opensuse.org/show_bug.cgi?id=1068032

https://bugzilla.opensuse.org/show_bug.cgi?id=1068054

https://bugzilla.opensuse.org/show_bug.cgi?id=1068951

https://bugzilla.opensuse.org/show_bug.cgi?id=1070404

https://bugzilla.opensuse.org/show_bug.cgi?id=1073311

https://bugzilla.opensuse.org/show_bug.cgi?id=1075428

https://bugzilla.opensuse.org/show_bug.cgi?id=1076049

https://bugzilla.opensuse.org/show_bug.cgi?id=1078583

https://bugzilla.opensuse.org/show_bug.cgi?id=1079152

https://bugzilla.opensuse.org/show_bug.cgi?id=1080542

https://bugzilla.opensuse.org/show_bug.cgi?id=1080656

https://bugzilla.opensuse.org/show_bug.cgi?id=1081500

https://bugzilla.opensuse.org/show_bug.cgi?id=1081514

https://bugzilla.opensuse.org/show_bug.cgi?id=1082153

https://bugzilla.opensuse.org/show_bug.cgi?id=1082504

https://bugzilla.opensuse.org/show_bug.cgi?id=1082979

https://bugzilla.opensuse.org/show_bug.cgi?id=1085308

https://bugzilla.opensuse.org/show_bug.cgi?id=1086400

https://bugzilla.opensuse.org/show_bug.cgi?id=1086716

https://bugzilla.opensuse.org/show_bug.cgi?id=1087007

https://bugzilla.opensuse.org/show_bug.cgi?id=1087012

https://bugzilla.opensuse.org/show_bug.cgi?id=1087036

https://bugzilla.opensuse.org/show_bug.cgi?id=1087082

https://bugzilla.opensuse.org/show_bug.cgi?id=1087086

https://bugzilla.opensuse.org/show_bug.cgi?id=1087095

https://bugzilla.opensuse.org/show_bug.cgi?id=1088871

https://bugzilla.opensuse.org/show_bug.cgi?id=1090435

https://bugzilla.opensuse.org/show_bug.cgi?id=1090534

https://bugzilla.opensuse.org/show_bug.cgi?id=1090734

https://bugzilla.opensuse.org/show_bug.cgi?id=1090955

https://bugzilla.opensuse.org/show_bug.cgi?id=1091594

https://bugzilla.opensuse.org/show_bug.cgi?id=1091815

https://bugzilla.opensuse.org/show_bug.cgi?id=1092552

https://bugzilla.opensuse.org/show_bug.cgi?id=1092813

https://bugzilla.opensuse.org/show_bug.cgi?id=1092903

https://bugzilla.opensuse.org/show_bug.cgi?id=1093533

https://bugzilla.opensuse.org/show_bug.cgi?id=1093904

https://bugzilla.opensuse.org/show_bug.cgi?id=1094177

https://bugzilla.opensuse.org/show_bug.cgi?id=1094268

https://bugzilla.opensuse.org/show_bug.cgi?id=1094353

https://bugzilla.opensuse.org/show_bug.cgi?id=1094356

https://bugzilla.opensuse.org/show_bug.cgi?id=1094405

https://bugzilla.opensuse.org/show_bug.cgi?id=1094466

https://bugzilla.opensuse.org/show_bug.cgi?id=1094532

https://bugzilla.opensuse.org/show_bug.cgi?id=1094823

https://bugzilla.opensuse.org/show_bug.cgi?id=1094840

https://bugzilla.opensuse.org/show_bug.cgi?id=1095042

https://bugzilla.opensuse.org/show_bug.cgi?id=1095147

https://bugzilla.opensuse.org/show_bug.cgi?id=1096037

https://bugzilla.opensuse.org/show_bug.cgi?id=1096140

https://bugzilla.opensuse.org/show_bug.cgi?id=1096214

https://bugzilla.opensuse.org/show_bug.cgi?id=1096242

https://bugzilla.opensuse.org/show_bug.cgi?id=1096281

https://bugzilla.opensuse.org/show_bug.cgi?id=1096751

https://bugzilla.opensuse.org/show_bug.cgi?id=1096982

https://bugzilla.opensuse.org/show_bug.cgi?id=1097234

https://bugzilla.opensuse.org/show_bug.cgi?id=1097356

https://bugzilla.opensuse.org/show_bug.cgi?id=1098009

https://bugzilla.opensuse.org/show_bug.cgi?id=1098012

https://bugzilla.opensuse.org/show_bug.cgi?id=971975

https://bugzilla.opensuse.org/show_bug.cgi?id=973378

https://bugzilla.opensuse.org/show_bug.cgi?id=978907

https://bugzilla.opensuse.org/show_bug.cgi?id=1012382

https://bugzilla.opensuse.org/show_bug.cgi?id=1019695

https://bugzilla.opensuse.org/show_bug.cgi?id=1019699

https://bugzilla.opensuse.org/show_bug.cgi?id=1022604

https://bugzilla.opensuse.org/show_bug.cgi?id=1022607

https://bugzilla.opensuse.org/show_bug.cgi?id=1022743

https://bugzilla.opensuse.org/show_bug.cgi?id=1024718

https://bugzilla.opensuse.org/show_bug.cgi?id=1031492

https://bugzilla.opensuse.org/show_bug.cgi?id=1031717

https://bugzilla.opensuse.org/show_bug.cgi?id=1035432

https://bugzilla.opensuse.org/show_bug.cgi?id=1036215

Plugin Details

Severity: High

ID: 110658

File Name: openSUSE-2018-656.nasl

Version: 1.8

Type: local

Agent: unix

Published: 6/22/2018

Updated: 9/18/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-12233

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2018-5848

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kselftests-kmp-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kselftests-kmp-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kselftests-kmp-debug, cpe:/o:novell:opensuse:42.3, p-cpe:/a:novell:opensuse:kselftests-kmp-default, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kselftests-kmp-vanilla, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-docs-html

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/21/2018

Vulnerability Publication Date: 12/18/2017

Reference Information

CVE: CVE-2017-13305, CVE-2017-17741, CVE-2017-18241, CVE-2017-18249, CVE-2018-1092, CVE-2018-1093, CVE-2018-1094, CVE-2018-12233, CVE-2018-3639, CVE-2018-3665, CVE-2018-5848