Security update for the Linux Kernel (Live Patch 2 for SLE 15) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2018:2678-1 Final 1 1 2018-09-10T14:59:41Z current 2018-09-10T14:59:41Z 2018-09-10T14:59:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 2 for SLE 15) This update for the Linux Kernel 4.12.14-25_6 fixes several issues. The following security issues were fixed: - CVE-2018-15471: An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c. The Linux netback driver allowed frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks (bsc#1105026). - CVE-2018-10853: A KVM guest userspace to guest kernel write was fixed, which could be used by guest users to crash the guest kernel (bsc#1097108). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Live-Patching-15-2018-1869 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2018/suse-su-20182678-1/ Link for SUSE-SU-2018:2678-1 https://lists.suse.com/pipermail/sle-security-updates/2018-September/004545.html E-Mail link for SUSE-SU-2018:2678-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1097108 SUSE Bug 1097108 https://bugzilla.suse.com/1103203 SUSE Bug 1103203 https://bugzilla.suse.com/1105026 SUSE Bug 1105026 https://www.suse.com/security/cve/CVE-2018-10853/ SUSE CVE CVE-2018-10853 page https://www.suse.com/security/cve/CVE-2018-15471/ SUSE CVE CVE-2018-15471 page SUSE Linux Enterprise Live Patching 15 kernel-livepatch-4_12_14-25_6-default-3-2.1 kernel-livepatch-4_12_14-25_6-default-3-2.1 as a component of SUSE Linux Enterprise Live Patching 15 A flaw was found in the way Linux kernel KVM hypervisor before 4.18 emulated instructions such as sgdt/sidt/fxsave/fxrstor. It did not check current privilege(CPL) level while emulating unprivileged instructions. An unprivileged guest user/process could use this flaw to potentially escalate privileges inside guest. CVE-2018-10853 SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_6-default-3-2.1 important 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182678-1/ https://www.suse.com/security/cve/CVE-2018-10853.html CVE-2018-10853 https://bugzilla.suse.com/1097104 SUSE Bug 1097104 https://bugzilla.suse.com/1097108 SUSE Bug 1097108 An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks. CVE-2018-15471 SUSE Linux Enterprise Live Patching 15:kernel-livepatch-4_12_14-25_6-default-3-2.1 moderate 6.8 AV:L/AC:L/Au:S/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2018/suse-su-20182678-1/ https://www.suse.com/security/cve/CVE-2018-15471.html CVE-2018-15471 https://bugzilla.suse.com/1103277 SUSE Bug 1103277 https://bugzilla.suse.com/1104641 SUSE Bug 1104641 https://bugzilla.suse.com/1105026 SUSE Bug 1105026