Errata ALT-PU-2018-2130-1: Information
Package name: kernel-image-std-def
Version: 4.4.143-alt0.M70C.1
Bulletin updated: Aug. 10, 2018
Task: #211180
Fixes
Published: March 26, 2018
BDU:2018-00715
Уязвимость функции ext4_valid_block_bitmap ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: March 29, 2018
BDU:2018-00716
Уязвимость функции ext4_iget ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.3) Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
Published: July 6, 2018
BDU:2019-00979
Уязвимость файла drivers/usb/misc/yurex.c ядра операционной системы Linux, позволяющая нарушителю вызвать сбой в работе ядра операционной системы или повысить привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 14, 2018
BDU:2019-01054
Уязвимость функции ext4_ext_remove_space() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 14, 2018
BDU:2019-01055
Уязвимость функции ext4_ext_drop_refs() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код
Severity: MEDIUM (6.5) Vector: AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: June 17, 2018
BDU:2019-01059
Уязвимость в файле transaction.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: June 16, 2018
BDU:2019-01060
Уязвимость функции jbd2_journal_dirty_metadata() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.5) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
Published: May 11, 2018
BDU:2020-00368
Уязвимость функции cpia2_remap_buffer ядра операционной системы Linux, позволяющая нарушителю получить доступ на чтение и запись на физических страницах ядра и повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: June 12, 2018
BDU:2023-01296
Уязвимость функции uvesafb_setcmap function (drivers/video/fbdev/uvesafb.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.8) Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
Published: Sept. 11, 2018
Modified: Oct. 3, 2019
Modified: Oct. 3, 2019
CVE-2018-10853
A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest.
Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://www.openwall.com/lists/oss-security/2018/09/02/1
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3c9fa24ca7c9c47605672916491f79e8ccacb9e6
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10853
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- USN-3777-2
- USN-3777-1
- openSUSE-SU-2019:1407
- RHSA-2019:2043
- RHSA-2019:2029
- RHSA-2020:0036
- RHSA-2020:0103
- RHSA-2020:0179
Published: July 26, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10876
A flaw was found in Linux kernel in the ext4 filesystem code. A use-after-free is possible in ext4_ext_remove_space() function when mounting and operating a crafted ext4 image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8844618d8aa7a9973e7b527d038a2a589665002c
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10876
- https://bugzilla.kernel.org/show_bug.cgi?id=199403
- http://patchwork.ozlabs.org/patch/929239/
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-2
- USN-3753-1
- 106503
- USN-3871-1
- USN-3871-4
- USN-3871-3
- USN-3871-5
- RHSA-2019:0525
- 104904
Published: July 18, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10877
Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
Severity: MEDIUM (6.5) Vector: CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Links:
Published: July 26, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10881
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881
- https://bugzilla.kernel.org/show_bug.cgi?id=200015
- http://patchwork.ozlabs.org/patch/929792/
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- 104901
- USN-3754-1
- USN-3753-2
- USN-3753-1
- USN-3752-2
- USN-3752-1
- USN-3752-3
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
Published: July 27, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10882
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound write in in fs/jbd2/transaction.c code, a denial of service, and a system crash by unmounting a crafted ext4 filesystem image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c37e9e013469521d9adb932d17a1795c139b36db
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10882
- https://bugzilla.kernel.org/show_bug.cgi?id=200069
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3753-2
- USN-3753-1
- RHSA-2018:2948
- 106503
- USN-3871-1
- USN-3871-4
- USN-3871-3
- USN-3871-5
Published: July 30, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-10883
A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
- USN-3871-1
- USN-3879-2
- USN-3879-1
- USN-3871-4
- USN-3871-3
- USN-3871-5
- https://support.f5.com/csp/article/K94735334?utm_source=f5support&amp%3Butm_medium=RSS
Published: April 2, 2018
Modified: Feb. 13, 2023
Modified: Feb. 13, 2023
CVE-2018-1092
The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44
- https://bugzilla.redhat.com/show_bug.cgi?id=1560777
- https://bugzilla.kernel.org/show_bug.cgi?id=199179
- http://openwall.com/lists/oss-security/2018/03/29/1
- https://bugzilla.kernel.org/show_bug.cgi?id=199275
- DSA-4188
- DSA-4187
- [debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update
- USN-3678-2
- USN-3678-1
- USN-3677-2
- USN-3677-1
- USN-3676-2
- USN-3676-1
- USN-3678-3
- USN-3678-4
- USN-3754-1
- RHSA-2018:3096
- RHSA-2018:3083
- RHSA-2018:2948
Published: April 2, 2018
Modified: Aug. 29, 2018
Modified: Aug. 29, 2018
CVE-2018-1093
The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Links:
- https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f
- https://bugzilla.redhat.com/show_bug.cgi?id=1560782
- https://bugzilla.kernel.org/show_bug.cgi?id=199181
- http://openwall.com/lists/oss-security/2018/03/29/1
- DSA-4188
- [debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update
- USN-3676-2
- USN-3676-1
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- USN-3754-1
- USN-3752-2
- USN-3752-1
- USN-3752-3
Published: July 6, 2018
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2018-13406
An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/9f645bcc566a1e9f921bdae7528a01ced5bc3713
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713
- 104685
- 1041355
- USN-3754-1
- USN-3753-2
- USN-3753-1
- USN-3752-2
- USN-3752-1
- USN-3752-3
- [debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update
Published: Aug. 31, 2018
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2018-16276
An issue was discovered in yurex_read in drivers/usb/misc/yurex.c in the Linux kernel before 4.17.7. Local attackers could use user access read/writes with incorrect bounds checking in the yurex USB driver to crash the kernel or potentially escalate privileges.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://github.com/torvalds/linux/commit/f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.7
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
- DSA-4308
- USN-3776-2
- USN-3776-1
- [debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update
- https://bugzilla.suse.com/show_bug.cgi?id=1115593
- https://bugzilla.suse.com/show_bug.cgi?id=1106095
- USN-3849-2
- USN-3847-3
- USN-3847-2
- USN-3847-1
- USN-3849-1
Published: June 12, 2018
Modified: May 20, 2019
Modified: May 20, 2019
CVE-2018-5814
In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.
Severity: HIGH (7.0) Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/
- 81540
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e
- https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43
- 1041050
- USN-3696-2
- USN-3696-1
- [debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update
- [debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update
- [debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package
- USN-3752-2
- USN-3752-1
- USN-3752-3
- openSUSE-SU-2019:1407
Published: Jan. 31, 2018
Modified: March 20, 2019
Modified: March 20, 2019
CVE-2018-6412
In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Links:
Published: Nov. 25, 2019
Modified: Feb. 24, 2023
Modified: Feb. 24, 2023
CVE-2019-18675
The Linux kernel through 5.3.13 has a start_offset+size Integer Overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c because cpia2 has its own mmap implementation. This allows local users (with /dev/video0 access) to obtain read and write permissions on kernel physical pages, which can possibly result in a privilege escalation.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Links:
- https://deshal3v.github.io/blog/kernel-research/mmap_exploitation
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/log/drivers/media/usb/cpia2/cpia2_core.c
- https://security.netapp.com/advisory/ntap-20200103-0001/
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=be83bbf806822b1b89e0a0f23cd87cddc409e429