Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-11046

kernel update [SLES12 SP3 4.4.131-94.29]

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Severity:
      3
    • Rank (Obsolete):
      9223372036854775807

      Description

      The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.131 to receive various security and bugfixes.

      The following security bugs were fixed:

      • CVE-2018-3639: Information leaks using "Memory Disambiguation" feature
        in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082).

      A new boot commandline option was introduced,
      "spec_store_bypass_disable", which can have following values:

      • auto: Kernel detects whether your CPU model contains an implementation
        of Speculative Store Bypass and picks the most appropriate mitigation.
      • on: disable Speculative Store Bypass
      • off: enable Speculative Store Bypass
      • prctl: Control Speculative Store Bypass per thread via
        prctl. Speculative Store Bypass is enabled for a process by default. The
        state of the control is inherited on fork.
      • seccomp: Same as "prctl" above, but all seccomp threads will disable
        SSB unless they explicitly opt out.

      The default is "seccomp", meaning programs need explicit opt-in into the mitigation.

      Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:

      • "Vulnerable"
      • "Mitigation: Speculative Store Bypass disabled"
      • "Mitigation: Speculative Store Bypass disabled via prctl"
      • "Mitigation: Speculative Store Bypass disabled via prctl and seccomp"
      • CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c
        had an integer-overflow vulnerability allowing local users with access
        to the udldrmfb driver to obtain full read and write permissions on
        kernel physical pages, resulting in a code execution in kernel space
        (bnc#1090643).
      • CVE-2018-10124: The kill_something_info function in kernel/signal.c
        might have allowed local users to cause a denial of service via an
        INT_MIN argument (bnc#1089752).
      • CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might
        have allowed local users to cause a denial of service by triggering an
        attempted use of the -INT_MIN value (bnc#1089608).
      • CVE-2018-1000199: An address corruption flaw was discovered while
        modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an
        unprivileged user/process could use this flaw to crash the system kernel
        resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)
      • CVE-2018-1130: The Linux kernel was vulnerable to a null pointer
        dereference in dccp_write_xmit() function in net/dccp/output.c in that
        allowed a local user to cause a denial of service by a number of certain
        crafted system calls (bnc#1092904).
      • CVE-2018-5803: An error in the _sctp_make_chunk() function when handling
        SCTP, packet length could have been exploited by a malicious local user
        to cause a kernel crash and a DoS. (bnc#1083900).
      • CVE-2018-1065: The netfilter subsystem mishandled the case of
        a rule blob that contains a jump but lacks a user-defined chain,
        which allowed local users to cause a denial of service (NULL
        pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN
        capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c,
        ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in
        net/ipv6/netfilter/ip6_tables.c (bnc#1083650 1091925).
      • CVE-2018-7492: A NULL pointer dereference was found in the
        net/rds/rdma.c __rds_rdma_map() function allowing local attackers to
        cause a system panic and a denial-of-service, related to RDS_GET_MR and
        RDS_GET_MR_FOR_DEST (bnc#1082962).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bogl Bob Glossman (Inactive)
                Reporter:
                bogl Bob Glossman (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: