Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.131 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2018-3639: Information leaks using "Memory Disambiguation" feature
in modern CPUs were mitigated, aka "Spectre Variant 4" (bnc#1087082).
A new boot commandline option was introduced,
"spec_store_bypass_disable", which can have following values:
- auto: Kernel detects whether your CPU model contains an implementation
of Speculative Store Bypass and picks the most appropriate mitigation.
- on: disable Speculative Store Bypass
- off: enable Speculative Store Bypass
- prctl: Control Speculative Store Bypass per thread via
prctl. Speculative Store Bypass is enabled for a process by default. The
state of the control is inherited on fork.
- seccomp: Same as "prctl" above, but all seccomp threads will disable
SSB unless they explicitly opt out.
The default is "seccomp", meaning programs need explicit opt-in into the mitigation.
Status can be queried via the /sys/devices/system/cpu/vulnerabilities/spec_store_bypass file, containing:
- "Mitigation: Speculative Store Bypass disabled"
- "Mitigation: Speculative Store Bypass disabled via prctl"
- "Mitigation: Speculative Store Bypass disabled via prctl and seccomp"
- CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c
had an integer-overflow vulnerability allowing local users with access
to the udldrmfb driver to obtain full read and write permissions on
kernel physical pages, resulting in a code execution in kernel space
- CVE-2018-10124: The kill_something_info function in kernel/signal.c
might have allowed local users to cause a denial of service via an
INT_MIN argument (bnc#1089752).
- CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might
have allowed local users to cause a denial of service by triggering an
attempted use of the -INT_MIN value (bnc#1089608).
- CVE-2018-1000199: An address corruption flaw was discovered while
modifying a h/w breakpoint via 'modify_user_hw_breakpoint' routine, an
unprivileged user/process could use this flaw to crash the system kernel
resulting in DoS OR to potentially escalate privileges on a the system. (bsc#1089895)
- CVE-2018-1130: The Linux kernel was vulnerable to a null pointer
dereference in dccp_write_xmit() function in net/dccp/output.c in that
allowed a local user to cause a denial of service by a number of certain
crafted system calls (bnc#1092904).
- CVE-2018-5803: An error in the _sctp_make_chunk() function when handling
SCTP, packet length could have been exploited by a malicious local user
to cause a kernel crash and a DoS. (bnc#1083900).
- CVE-2018-1065: The netfilter subsystem mishandled the case of
a rule blob that contains a jump but lacks a user-defined chain,
which allowed local users to cause a denial of service (NULL
pointer dereference) by leveraging the CAP_NET_RAW or CAP_NET_ADMIN
capability, related to arpt_do_table in net/ipv4/netfilter/arp_tables.c,
ipt_do_table in net/ipv4/netfilter/ip_tables.c, and ip6t_do_table in
net/ipv6/netfilter/ip6_tables.c (bnc#1083650 1091925).
- CVE-2018-7492: A NULL pointer dereference was found in the
net/rds/rdma.c __rds_rdma_map() function allowing local attackers to
cause a system panic and a denial-of-service, related to RDS_GET_MR and