Synopsis:          Important: kernel security, bug fix, and enhancement 
Advisory ID:       SLSA-2018:3083-1
Issue Date:        2018-10-30
CVE Numbers:       CVE-2015-8830
                   CVE-2018-5803
                   CVE-2018-1130
                   CVE-2017-0861
                   CVE-2018-5391
                   CVE-2016-4913
                   CVE-2017-10661
                   CVE-2017-17805
                   CVE-2018-5344
                   CVE-2018-1000026
                   CVE-2017-18208
                   CVE-2018-7740
                   CVE-2018-7757
                   CVE-2017-18232
                   CVE-2018-1092
                   CVE-2018-1094
                   CVE-2018-8781
                   CVE-2018-10322
                   CVE-2018-1118
                   CVE-2018-1120
                   CVE-2018-10940
                   CVE-2018-10902
                   CVE-2018-5848
                   CVE-2018-10878
                   CVE-2018-10879
                   CVE-2018-10881
                   CVE-2018-10883
                   CVE-2018-13405
                   CVE-2017-18344
--

Security Fix(es):

* A flaw named FragmentSmack was found in the way the Linux kernel handled
reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could
use this flaw to trigger time and calculation expensive fragment
reassembly algorithm by sending specially crafted packets which could lead
to a CPU saturation and hence a denial of service on the system.
(CVE-2018-5391)

* kernel: out-of-bounds access in the show_timer function in kernel/time
/posix-timers.c (CVE-2017-18344)

* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute
code in kernel space (CVE-2018-8781)

* kernel: MIDI driver race condition leads to a double-free
(CVE-2018-10902)

* kernel: Missing check in inode_init_owner() does not clear SGID bit on
non-directories for non-members (CVE-2018-13405)

* kernel: AIO write triggers integer overflow in some protocols
(CVE-2015-8830)

* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem
potentially leads to privilege escalation (CVE-2017-0861)

* kernel: Handling of might_cancel queueing is not properly pretected
against race (CVE-2017-10661)

* kernel: Salsa20 encryption algorithm does not correctly handle zero-
length inputs allowing local attackers to cause denial of service
(CVE-2017-17805)

* kernel: Inifinite loop vulnerability in madvise_willneed() function
allows local denial of service (CVE-2017-18208)

* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes
denial of service (CVE-2018-1120)

* kernel: a null pointer dereference in dccp_write_xmit() leads to a
system crash (CVE-2018-1130)

* kernel: drivers/block/loop.c mishandles lo_release serialization
allowing denial of service (CVE-2018-5344)

* kernel: Missing length check of payload in _sctp_make_chunk() function
allows denial of service (CVE-2018-5803)

* kernel: buffer overflow in
drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory
corruption (CVE-2018-5848)

* kernel: out-of-bound write in ext4_init_block_bitmap function with a
crafted ext4 image (CVE-2018-10878)

* kernel: Improper validation in bnx2x network card driver can allow for
denial of service attacks via crafted packet (CVE-2018-1000026)

* kernel: Information leak when handling NM entries containing NUL
(CVE-2016-4913)

* kernel: Mishandling mutex within libsas allowing local Denial of Service
(CVE-2017-18232)

* kernel: NULL pointer dereference in ext4_process_freed_data() when
mounting crafted ext4 image (CVE-2018-1092)

* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash
with crafted ext4 image (CVE-2018-1094)

* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
(CVE-2018-1118)

* kernel: Denial of service in resv_map_release function in mm/hugetlb.c
(CVE-2018-7740)

* kernel: Memory leak in the sas_smp_get_phy_events function in
drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)

* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when
mounting crafted xfs image allowing denial of service (CVE-2018-10322)

* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted
file (CVE-2018-10879)

* kernel: out-of-bound access in ext4_get_group_info() when mounting and
operating a crafted ext4 image (CVE-2018-10881)

* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata
function (CVE-2018-10883)

* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c
(CVE-2018-10940)
--

SL7
  x86_64
    bpftool-3.10.0-957.el7.x86_64.rpm
    kernel-3.10.0-957.el7.x86_64.rpm
    kernel-debug-3.10.0-957.el7.x86_64.rpm
    kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm
    kernel-debug-devel-3.10.0-957.el7.x86_64.rpm
    kernel-debuginfo-3.10.0-957.el7.x86_64.rpm
    kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm
    kernel-devel-3.10.0-957.el7.x86_64.rpm
    kernel-headers-3.10.0-957.el7.x86_64.rpm
    kernel-tools-3.10.0-957.el7.x86_64.rpm
    kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm
    kernel-tools-libs-3.10.0-957.el7.x86_64.rpm
    perf-3.10.0-957.el7.x86_64.rpm
    perf-debuginfo-3.10.0-957.el7.x86_64.rpm
    python-perf-3.10.0-957.el7.x86_64.rpm
    python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm
    kernel-tools-libs-devel-3.10.0-957.el7.x86_64.rpm
  noarch
    kernel-abi-whitelists-3.10.0-957.el7.noarch.rpm
    kernel-doc-3.10.0-957.el7.noarch.rpm

- Scientific Linux Development Team

SciLinux: SLSA-2018-3083-1 Important: kernel on SL7.x x86_64

A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets

Summary

Important: kernel security, bug fix, and enhancement



Security Fixes

* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)
* kernel: out-of-bounds access in the show_timer function in kernel/time /posix-timers.c (CVE-2017-18344)
* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)
* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)
* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)
* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)
* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)
* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)
* kernel: Salsa20 encryption algorithm does not correctly handle zero- length inputs allowing local attackers to cause denial of service (CVE-2017-17805)
* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)
* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)
* kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)
* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)
* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)
* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)
* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)
* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)
* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)
* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)
* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)
* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)
* kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg() (CVE-2018-1118)
* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)
* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)
* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)
* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)
* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)
* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)
* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)
SL7 x86_64 bpftool-3.10.0-957.el7.x86_64.rpm kernel-3.10.0-957.el7.x86_64.rpm kernel-debug-3.10.0-957.el7.x86_64.rpm kernel-debug-debuginfo-3.10.0-957.el7.x86_64.rpm kernel-debug-devel-3.10.0-957.el7.x86_64.rpm kernel-debuginfo-3.10.0-957.el7.x86_64.rpm kernel-debuginfo-common-x86_64-3.10.0-957.el7.x86_64.rpm kernel-devel-3.10.0-957.el7.x86_64.rpm kernel-headers-3.10.0-957.el7.x86_64.rpm kernel-tools-3.10.0-957.el7.x86_64.rpm kernel-tools-debuginfo-3.10.0-957.el7.x86_64.rpm kernel-tools-libs-3.10.0-957.el7.x86_64.rpm perf-3.10.0-957.el7.x86_64.rpm perf-debuginfo-3.10.0-957.el7.x86_64.rpm python-perf-3.10.0-957.el7.x86_64.rpm python-perf-debuginfo-3.10.0-957.el7.x86_64.rpm kernel-tools-libs-devel-3.10.0-957.el7.x86_64.rpm noarch kernel-abi-whitelists-3.10.0-957.el7.noarch.rpm kernel-doc-3.10.0-957.el7.noarch.rpm
- Scientific Linux Development Team

Severity
Advisory ID: SLSA-2018:3083-1
Issued Date: : 2018-10-30
CVE Numbers: CVE-2015-8830
CVE-2018-5803
CVE-2018-1130

Related News

The End of the Road for Linux 6.11: A Call to Upgrade to Kernel 6.12
3 - 5 min read
The Linux kernel community recently issued an EOL announcement regarding the 6.11 kernel series, urging sysadmins to upgrade quickly to 6.12 . This
A Linux Admin
3 - 6 min read
As 2025 approaches, we Linux admins are facing new and often unseen cloud-native security obstacles. While skilled at mitigating known risks,
Leveraging Insights from the Linux Foundation
3 - 5 min read
The Linux Foundation's recent Census III report provides critical insights for Linux administrators, information security professionals, and anyone
Chrome 131 Released: Emergency Security Update Fixes Over a Dozen Significant Vulns
3 - 6 min read
Google recently unveiled a critical security update to their popular web browser, Google Chrome, addressing over a dozen significant security
From Wayland Fixes to Security Boosts: Examining Qt 6.8.1
3 - 6 min read
The recent Qt 6.8.1 release brings significant updates and improvements, strengthening its reputation as a secure and reliable application
Exploring Arch Linux 2024.12.01: Security Implications & Notable Enhancements for Linux Admins
3 - 6 min read
The Arch Linux 2024.12.01 ISO release marks an impressive milestone, offering cutting-edge updates that enhance functionality, streamline
Deck the Halls with Enhanced Security: Linux Kernel 6.13
3 - 5 min read
As Linux admins and infosec professionals prepare for the holiday season, there's much cause for celebration this year! Linus Torvalds recently made
Lessons from Bootkitty: Securing Linux Systems Against UEFI Intrusions
3 - 5 min read
New Linux security threats mark critical junctures that challenge existing policies and test security protocols to their limit. One such milestone

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved