https://source.android.com/security/bulletin/pixel/2017-11-01

USN-3620-1

USN-3620-2

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2018-1087: And an unprivileged KVM guest user could     use this flaw to potentially escalate their privileges     inside a guest. (bsc#1087088)

  - CVE-2018-8897: An unprivileged system user could use     incorrect set up interrupt stacks to crash the Linux     kernel resulting in DoS issue. (bsc#1087088)

  - CVE-2018-8781: The udl_fb_mmap function in     drivers/gpu/drm/udl/udl_fb.c had an integer-overflow     vulnerability allowing local users with access to the     udldrmfb driver to obtain full read and write     permissions on kernel physical pages, resulting in a     code execution in kernel space (bnc#1090643).

  - CVE-2018-10124: The kill_something_info function in     kernel/signal.c might allow local users to cause a     denial of service via an INT_MIN argument (bnc#1089752).

  - CVE-2018-10087: The kernel_wait4 function in     kernel/exit.c might allow local users to cause a denial     of service by triggering an attempted use of the
    -INT_MIN value (bnc#1089608).

  - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events     function in drivers/scsi/libsas/sas_expander.c allowed     local users to cause a denial of service (memory     consumption) via many read accesses to files in the     /sys/class/sas_phy directory, as demonstrated by the     /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file     (bnc#1084536 1087209).

  - CVE-2017-13220: An elevation of privilege vulnerability     in the Upstream kernel bluez was fixed. (bnc#1076537).

  - CVE-2017-11089: A buffer overread was observed in     nl80211_set_station when user space application sends     attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data     of size less than 4 bytes (bnc#1088261).

  - CVE-2017-0861: Use-after-free vulnerability in the     snd_pcm_info function in the ALSA subsystem allowed     attackers to gain privileges via unspecified vectors     (bnc#1088260).

  - CVE-2018-8822: Incorrect buffer length handling in the     ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c     could be exploited by malicious NCPFS servers to crash     the kernel or execute code (bnc#1086162).

  - CVE-2017-18203: The dm_get_from_kobject function in     drivers/md/dm.c allow local users to cause a denial of     service (BUG) by leveraging a race condition with
    __dm_destroy during creation and removal of DM devices     (bnc#1083242).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2018-1087: And an unprivileged KVM guest user could     use this flaw to potentially escalate their privileges     inside a guest. (bsc#1087088)

  - CVE-2018-8897: An unprivileged system user could use     incorrect set up interrupt stacks to crash the Linux     kernel resulting in DoS issue. (bsc#1087088)

  - CVE-2018-8781: The udl_fb_mmap function in     drivers/gpu/drm/udl/udl_fb.c had an integer-overflow     vulnerability allowing local users with access to the     udldrmfb driver to obtain full read and write     permissions on kernel physical pages, resulting in a     code execution in kernel space (bnc#1090643).

  - CVE-2018-10124: The kill_something_info function in     kernel/signal.c might allow local users to cause a     denial of service via an INT_MIN argument (bnc#1089752).

  - CVE-2018-10087: The kernel_wait4 function in     kernel/exit.c in might allow local users to cause a     denial of service by triggering an attempted use of the
    -INT_MIN value (bnc#1089608).

  - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events     function in drivers/scsi/libsas/sas_expander.c allowed     local users to cause a denial of service (memory     consumption) via many read accesses to files in the     /sys/class/sas_phy directory, as demonstrated by the     /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file     (bnc#1084536).

  - CVE-2017-13220: An elevation of privilege vulnerability     in the Upstream kernel bluez was fixed. (bnc#1076537).

  - CVE-2017-11089: A buffer overread is observed in     nl80211_set_station when user space application sends     attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data     of size less than 4 bytes (bnc#1088261).

  - CVE-2017-0861: Use-after-free vulnerability in the     snd_pcm_info function in the ALSA subsystem allowed     attackers to gain privileges via unspecified vectors     (bnc#1088260).

  - CVE-2018-8822: Incorrect buffer length handling in the     ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c     could be exploited by malicious NCPFS servers to crash     the kernel or execute code (bnc#1086162).

  - CVE-2017-18203: The dm_get_from_kobject function in     drivers/md/dm.c allowed local users to cause a denial of     service (BUG) by leveraging a race condition with
    __dm_destroy during creation and removal of DM devices     (bnc#1083242).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11089)

It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's' default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
131845	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)	Nessus	Huawei Local Security Checks	critical
109758	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1221-1)	Nessus	SuSE Local Security Checks	high
109757	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1220-1)	Nessus	SuSE Local Security Checks	high
108843	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3620-1)	Nessus	Ubuntu Local Security Checks	critical

CVE-2017-11089

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins