First Last Prev Next    This bug is not in your last search results.
Bug 1103277 - (CVE-2018-15471) VUL-0: CVE-2018-15471: kernel: Linux netback driver OOB access in hash handling (XSA-270)
(CVE-2018-15471)
VUL-0: CVE-2018-15471: kernel: Linux netback driver OOB access in hash handli...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Major
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv3:SUSE:CVE-2018-15471:7.8:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-07-31 15:52 UTC by Johannes Segitz
Modified: 2022-03-04 20:49 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Johannes Segitz 2018-07-31 15:53:19 UTC 
CRD: 2018-08-14 17:00 UTC
Comment 3 Jürgen Groß 2018-08-13 06:39:59 UTC 
patch pushed to users/jgross/SLE15_EMBARGO/for-next
Comment 4 Marcus Meissner 2018-08-14 17:24:19 UTC 
is public now

                    Xen Security Advisory XSA-270
                              version 2

           Linux netback driver OOB access in hash handling

UPDATES IN VERSION 2
====================

Public release.

ISSUE DESCRIPTION
=================

Linux's netback driver allows frontends to control mapping of requests
to request queues.  When processing a request to set or change this
mapping, some input validation was missing or flawed.

IMPACT
======

A malicious or buggy frontend may cause the (usually privileged)
backend to make out of bounds memory accesses, potentially resulting
in one or more of privilege escalation, Denial of Service (DoS), or
information leaks.

VULNERABLE SYSTEMS
==================

Linux kernel versions from 4.7 onwards are affected.

MITIGATION
==========

There is no known mitigation.

CREDITS
=======

This issue was discovered by Felix Wilhelm of Google Project Zero.

RESOLUTION
==========

Applying the attached patch resolves this issue.

xsa270.patch           Linux 4.7 ... 4.17

$ sha256sum xsa270*
392868c37c1fe0d16c36086208fd0fc045c1baf8ab9b207995bce72681cb8c54  xsa270.patch
$
Comment 5 Swamp Workflow Management 2018-08-14 19:03:01 UTC 
This is an autogenerated message for OBS integration:
This bug (1103277) was mentioned in
https://build.opensuse.org/request/show/629278 15.0 / kernel-source
Comment 7 Swamp Workflow Management 2018-08-17 10:43:32 UTC 
openSUSE-SU-2018:2407-1: An update that solves 12 vulnerabilities and has 60 fixes is now available.

Category: security (important)
Bug References: 1065600,1081917,1083647,1086288,1086314,1086315,1086317,1086327,1086331,1086906,1087081,1087092,1089343,1090888,1097104,1097577,1097808,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1100132,1101116,1101828,1101832,1101833,1101837,1101839,1101841,1101843,1101844,1101845,1101847,1101852,1101853,1101867,1101872,1101874,1101875,1101882,1101883,1101885,1101887,1101890,1101891,1101893,1101895,1101896,1101900,1101902,1101903,1102340,1103097,1103269,1103277,1103363,1103445,1103886,1104066,1104211,1104319,1104353,1104365,1104427,1104494,1104495,1104708,1104777
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-3620,CVE-2018-3646,CVE-2018-5391
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.16.1, kernel-default-4.12.14-lp150.12.16.1, kernel-docs-4.12.14-lp150.12.16.1, kernel-kvmsmall-4.12.14-lp150.12.16.1, kernel-obs-build-4.12.14-lp150.12.16.1, kernel-obs-qa-4.12.14-lp150.12.16.1, kernel-source-4.12.14-lp150.12.16.1, kernel-syms-4.12.14-lp150.12.16.1, kernel-vanilla-4.12.14-lp150.12.16.1
Comment 8 Swamp Workflow Management 2018-08-20 13:20:55 UTC 
SUSE-SU-2018:2450-1: An update that solves 12 vulnerabilities and has 88 fixes is now available.

Category: security (important)
Bug References: 1051510,1051979,1065600,1066110,1077761,1081917,1083647,1086274,1086288,1086314,1086315,1086317,1086327,1086331,1086906,1087081,1087092,1089343,1090888,1097104,1097577,1097808,1099811,1099813,1099844,1099845,1099846,1099849,1099858,1099863,1099864,1100132,1101116,1101331,1101669,1101822,1101828,1101832,1101833,1101837,1101839,1101841,1101843,1101844,1101845,1101847,1101852,1101853,1101867,1101872,1101874,1101875,1101882,1101883,1101885,1101887,1101890,1101891,1101893,1101895,1101896,1101900,1101902,1101903,1102633,1102658,1103097,1103269,1103277,1103356,1103363,1103421,1103445,1103517,1103723,1103724,1103725,1103726,1103727,1103728,1103729,1103730,1103886,1103917,1103920,1103948,1103949,1104066,1104111,1104174,1104211,1104319,1104353,1104365,1104427,1104494,1104495,1104708,1104777,1104897
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-3620,CVE-2018-3646,CVE-2018-5391
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.13.1, kernel-source-azure-4.12.14-5.13.1, kernel-syms-azure-4.12.14-5.13.1
Comment 10 Swamp Workflow Management 2018-08-28 16:15:16 UTC 
SUSE-SU-2018:2538-1: An update that solves four vulnerabilities and has 52 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046307,1051510,1065600,1081917,1083647,1086288,1086315,1086317,1086327,1086331,1086906,1087092,1090888,1097104,1097577,1097583,1097584,1097585,1097586,1097587,1097588,1097808,1100132,1101480,1101669,1101822,1102517,1102715,1103269,1103277,1103363,1103445,1103886,1104353,1104365,1104427,1104482,1104494,1104495,1104683,1104708,1104777,1104890,1104897,1105292,1105296,1105322,1105355,1105378,1105396,1105467,1105731,802154,971975
CVE References: CVE-2018-10853,CVE-2018-10902,CVE-2018-15572,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-25.16.1, kernel-livepatch-SLE15_Update_4-1-1.3.1
Comment 11 Swamp Workflow Management 2018-08-28 16:24:21 UTC 
SUSE-SU-2018:2539-1: An update that solves four vulnerabilities and has 52 fixes is now available.

Category: security (important)
Bug References: 1046305,1046306,1046307,1051510,1065600,1081917,1083647,1086288,1086315,1086317,1086327,1086331,1086906,1087092,1090888,1097104,1097577,1097583,1097584,1097585,1097586,1097587,1097588,1097808,1100132,1101480,1101669,1101822,1102517,1102715,1103269,1103277,1103363,1103445,1103886,1104353,1104365,1104427,1104482,1104494,1104495,1104683,1104708,1104777,1104890,1104897,1105292,1105296,1105322,1105355,1105378,1105396,1105467,1105731,802154,971975
CVE References: CVE-2018-10853,CVE-2018-10902,CVE-2018-15572,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-25.16.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-25.16.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-25.16.1, kernel-obs-build-4.12.14-25.16.1, kernel-source-4.12.14-25.16.1, kernel-syms-4.12.14-25.16.1, kernel-vanilla-4.12.14-25.16.1, lttng-modules-2.10.0-5.6.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-25.16.1, kernel-source-4.12.14-25.16.1, kernel-zfcpdump-4.12.14-25.16.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-25.16.1
Comment 12 Marcus Meissner 2018-08-30 07:30:40 UTC 
done
First Last Prev Next    This bug is not in your last search results.