Bug 1086162 (CVE-2018-8822)

Summary: VUL-1: CVE-2018-8822: kernel-source: Memory corruption in ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: bpetkov, nfbrown, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/202284/
Whiteboard: CVSSv3:RedHat:CVE-2018-8822:6.4:(AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) CVSSv3:SUSE:CVE-2018-8822:6.4:(AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) CVSSv2:NVD:CVE-2018-8822:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv3:NVD:CVE-2018-8822:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) maint:released:sle10-sp3:64031
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2018-03-21 06:00:25 UTC
Incorrect buffer length handling in the ncp_read_kernel function in
fs/ncpfs/ncplib_kernel.c in the Linux kernel through 4.15.11, and in
drivers/staging/ncpfs/ncplib_kernel.c in the Linux kernel 4.16-rc through
4.16-rc6, could be exploited by malicious NCPFS servers to crash the kernel or
execute code.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1558697
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8822
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-8822.html
http://www.cvedetails.com/cve/CVE-2018-8822/
https://www.mail-archive.com/netdev@vger.kernel.org/msg223373.html
Comment 2 Neil Brown 2018-03-28 00:57:54 UTC
I've submitted the fix to:
cve/linux-2.6.16
cve/linux-2.6.32
cve/linux-3.0
cve/linux-3.12
cvs/linux=4.4
stable
Comment 3 Swamp Workflow Management 2018-04-23 19:15:18 UTC
SUSE-SU-2018:1048-1: An update that solves 5 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1012382,1019695,1019699,1022604,1031717,1046610,1060799,1064206,1068032,1073059,1073069,1075428,1076033,1077560,1083574,1083745,1083836,1084223,1084310,1084328,1084353,1084452,1084610,1084699,1084829,1084889,1084898,1084914,1084918,1084967,1085042,1085058,1085224,1085383,1085402,1085404,1085487,1085507,1085511,1085679,1085981,1086015,1086162,1086194,1086357,1086499,1086518,1086607,1087088,1087211,1087231,1087260,1087274,1087659,1087845,1087906,1087999,1088050,1088087,1088241,1088267,1088313,1088324,1088600,1088684,1088871,802154
CVE References: CVE-2017-18257,CVE-2018-1091,CVE-2018-7740,CVE-2018-8043,CVE-2018-8822
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.126-94.22.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.126-94.22.1, kernel-obs-build-4.4.126-94.22.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.126-94.22.1, kernel-source-4.4.126-94.22.2, kernel-syms-4.4.126-94.22.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_11-1-4.5.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.126-94.22.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.126-94.22.1, kernel-source-4.4.126-94.22.2, kernel-syms-4.4.126-94.22.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.126-94.22.1
Comment 4 Swamp Workflow Management 2018-04-25 19:14:32 UTC
SUSE-SU-2018:1080-1: An update that solves 18 vulnerabilities and has 29 fixes is now available.

Category: security (important)
Bug References: 1010470,1013018,1039348,1052943,1062568,1062840,1063416,1063516,1065600,1065999,1067118,1067912,1068032,1072689,1072865,1075088,1075091,1075994,1078669,1078672,1078673,1078674,1080464,1080757,1080813,1081358,1082091,1082424,1083242,1083275,1083483,1083494,1084536,1085113,1085279,1085331,1085513,1086162,1087092,1087260,1087762,1088147,1088260,1089608,909077,940776,943786
CVE References: CVE-2015-5156,CVE-2016-7915,CVE-2017-0861,CVE-2017-12190,CVE-2017-13166,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18203,CVE-2017-18208,CVE-2017-5715,CVE-2018-10087,CVE-2018-6927,CVE-2018-7566,CVE-2018-7757,CVE-2018-8822
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.38.1
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.38.1, kernel-default-3.0.101-108.38.1, kernel-ec2-3.0.101-108.38.1, kernel-pae-3.0.101-108.38.1, kernel-ppc64-3.0.101-108.38.1, kernel-source-3.0.101-108.38.1, kernel-syms-3.0.101-108.38.1, kernel-trace-3.0.101-108.38.1, kernel-xen-3.0.101-108.38.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.38.1, kernel-pae-3.0.101-108.38.1, kernel-ppc64-3.0.101-108.38.1, kernel-trace-3.0.101-108.38.1, kernel-xen-3.0.101-108.38.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.38.1, kernel-default-3.0.101-108.38.1, kernel-ec2-3.0.101-108.38.1, kernel-pae-3.0.101-108.38.1, kernel-ppc64-3.0.101-108.38.1, kernel-trace-3.0.101-108.38.1, kernel-xen-3.0.101-108.38.1
Comment 5 Swamp Workflow Management 2018-05-08 22:12:52 UTC
SUSE-SU-2018:1172-1: An update that solves 20 vulnerabilities and has 11 fixes is now available.

Category: security (important)
Bug References: 1010470,1039348,1052943,1062568,1062840,1063416,1067118,1072689,1072865,1078669,1078672,1078673,1078674,1080464,1080757,1082424,1083242,1083483,1083494,1084536,1085331,1086162,1087088,1087209,1087260,1087762,1088147,1088260,1089608,1089752,940776
CVE References: CVE-2015-5156,CVE-2016-7915,CVE-2017-0861,CVE-2017-12190,CVE-2017-13166,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18203,CVE-2017-18208,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-6927,CVE-2018-7566,CVE-2018-7757,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.22.1, kernel-default-3.0.101-0.47.106.22.1, kernel-ec2-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-source-3.0.101-0.47.106.22.1, kernel-syms-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.22.1, kernel-default-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-ppc64-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.22.1, kernel-ec2-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-source-3.0.101-0.47.106.22.1, kernel-syms-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.22.1, kernel-default-3.0.101-0.47.106.22.1, kernel-ec2-3.0.101-0.47.106.22.1, kernel-pae-3.0.101-0.47.106.22.1, kernel-trace-3.0.101-0.47.106.22.1, kernel-xen-3.0.101-0.47.106.22.1
Comment 6 Swamp Workflow Management 2018-05-08 22:18:46 UTC
SUSE-SU-2018:1173-1: An update that solves 9 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1012382,1031717,1046610,1057734,1070536,1075428,1076847,1077560,1082153,1082299,1083125,1083745,1083836,1084353,1084610,1084721,1084829,1085042,1085185,1085224,1085402,1085404,1086162,1086194,1087088,1087260,1087845,1088241,1088242,1088600,1088684,1089198,1089608,1089644,1089752,1090643
CVE References: CVE-2017-18257,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7740,CVE-2018-8043,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.73.1
Comment 8 Swamp Workflow Management 2018-05-09 11:42:43 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2018-05-16.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/64030
Comment 9 Swamp Workflow Management 2018-05-11 16:18:06 UTC
SUSE-SU-2018:1217-1: An update that solves 7 vulnerabilities and has 93 fixes is now available.

Category: security (important)
Bug References: 1005778,1005780,1005781,1012382,1015336,1015337,1015340,1015342,1015343,1019695,1019699,1022604,1022743,1024296,1031717,1046610,1060799,1064206,1068032,1073059,1073069,1075091,1075428,1075994,1076033,1077560,1083125,1083574,1083745,1083836,1084223,1084310,1084328,1084353,1084452,1084610,1084699,1084721,1084829,1084889,1084898,1084914,1084918,1084967,1085042,1085058,1085185,1085224,1085383,1085402,1085404,1085487,1085507,1085511,1085679,1085958,1085981,1086015,1086162,1086194,1086357,1086499,1086518,1086607,1087088,1087211,1087231,1087260,1087274,1087659,1087845,1087906,1087999,1088050,1088087,1088242,1088267,1088313,1088324,1088600,1088684,1088865,1088871,1089198,1089608,1089644,1089752,1089925,802154,810912,812592,813453,880131,966170,966172,966186,966191,969476,969477,981348
CVE References: CVE-2017-18257,CVE-2018-10087,CVE-2018-10124,CVE-2018-1091,CVE-2018-7740,CVE-2018-8043,CVE-2018-8822
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.128-3.11.1, kernel-rt_debug-4.4.128-3.11.1, kernel-source-rt-4.4.128-3.11.1, kernel-syms-rt-4.4.128-3.11.1
Comment 10 Swamp Workflow Management 2018-05-11 19:09:21 UTC
SUSE-SU-2018:1220-1: An update that solves 11 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1076537,1082299,1083125,1083242,1083275,1084536,1085279,1085331,1086162,1086194,1087088,1087260,1088147,1088260,1088261,1089608,1089752,1090643
CVE References: CVE-2017-0861,CVE-2017-11089,CVE-2017-13220,CVE-2017-18203,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7757,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.88.1
Comment 11 Swamp Workflow Management 2018-05-11 19:12:03 UTC
SUSE-SU-2018:1221-1: An update that solves 11 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1076537,1082299,1083125,1083242,1084536,1085331,1086162,1087088,1087209,1087260,1088147,1088260,1088261,1089608,1089752,1090643
CVE References: CVE-2017-0861,CVE-2017-11089,CVE-2017-13220,CVE-2017-18203,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7757,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.128.1, kernel-source-3.12.61-52.128.1, kernel-syms-3.12.61-52.128.1, kernel-xen-3.12.61-52.128.1, kgraft-patch-SLE12_Update_34-1-1.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.128.1
Comment 12 Swamp Workflow Management 2018-05-16 19:18:30 UTC
SUSE-SU-2018:1309-1: An update that solves 18 vulnerabilities and has 36 fixes is now available.

Category: security (important)
Bug References: 1010470,1013018,1032084,1039348,1050431,1052943,1062568,1062840,1063416,1063516,1065600,1065999,1067118,1067912,1068032,1072689,1072865,1075088,1075091,1075994,1078669,1078672,1078673,1078674,1080464,1080757,1080813,1081358,1082091,1082424,1083242,1083275,1083483,1083494,1084536,1085113,1085279,1085331,1085513,1086162,1087092,1087209,1087260,1087762,1088147,1088260,1089608,1089665,1089668,1089752,909077,940776,943786,951638
CVE References: CVE-2015-5156,CVE-2016-7915,CVE-2017-0861,CVE-2017-12190,CVE-2017-13166,CVE-2017-16644,CVE-2017-16911,CVE-2017-16912,CVE-2017-16913,CVE-2017-16914,CVE-2017-18203,CVE-2017-18208,CVE-2018-10087,CVE-2018-10124,CVE-2018-6927,CVE-2018-7566,CVE-2018-7757,CVE-2018-8822
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.24.1, kernel-rt_trace-3.0.101.rt130-69.24.1, kernel-source-rt-3.0.101.rt130-69.24.1, kernel-syms-rt-3.0.101.rt130-69.24.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.24.1, kernel-rt_debug-3.0.101.rt130-69.24.1, kernel-rt_trace-3.0.101.rt130-69.24.1
Comment 13 Swamp Workflow Management 2018-05-24 19:17:20 UTC
openSUSE-SU-2018:1418-1: An update that solves 11 vulnerabilities and has 93 fixes is now available.

Category: security (important)
Bug References: 1005778,1005780,1005781,1009062,1012382,1015336,1015337,1015340,1015342,1015343,1022604,1022743,1024296,1031492,1036215,1043598,1044596,1056415,1056427,1060799,1066223,1068032,1070404,1073059,1075087,1075091,1075994,1076263,1076805,1080157,1081599,1082153,1082299,1082485,1082962,1083125,1083635,1083650,1083900,1084610,1084699,1084721,1085058,1085185,1085511,1085679,1085958,1086162,1087082,1087274,1088050,1088242,1088267,1088313,1088600,1088684,1088810,1088865,1088871,1089023,1089115,1089198,1089393,1089608,1089644,1089752,1089895,1089925,1090225,1090643,1090658,1090663,1090708,1090718,1090734,1090953,1091041,1091325,1091728,1091960,1092289,1092497,1092566,1092772,1092888,1092904,1092975,1093008,1093035,1093144,1093215,1093990,1094019,1094033,1094059,802154,966170,966172,966186,966191,969476,969477,981348,993388
CVE References: CVE-2017-18257,CVE-2018-1000199,CVE-2018-10087,CVE-2018-10124,CVE-2018-1065,CVE-2018-1130,CVE-2018-3639,CVE-2018-5803,CVE-2018-7492,CVE-2018-8781,CVE-2018-8822
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.132-53.1, kernel-default-4.4.132-53.1, kernel-docs-4.4.132-53.1, kernel-obs-build-4.4.132-53.1, kernel-obs-qa-4.4.132-53.1, kernel-source-4.4.132-53.1, kernel-syms-4.4.132-53.1, kernel-vanilla-4.4.132-53.1
Comment 18 Marcus Meissner 2018-09-07 12:34:05 UTC
released
Comment 19 Swamp Workflow Management 2018-10-18 17:41:31 UTC
SUSE-SU-2018:1173-2: An update that solves 9 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1012382,1031717,1046610,1057734,1070536,1075428,1076847,1077560,1082153,1082299,1083125,1083745,1083836,1084353,1084610,1084721,1084829,1085042,1085185,1085224,1085402,1085404,1086162,1086194,1087088,1087260,1087845,1088241,1088242,1088600,1088684,1089198,1089608,1089644,1089752,1090643
CVE References: CVE-2017-18257,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7740,CVE-2018-8043,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1