Bug 1100491 (CVE-2018-9385)

Summary: VUL-0: CVE-2018-9385: kernel-source: amba: Don't read past the end of sysfs "driver_override" buffer
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz, tiwai
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/209775/
Whiteboard: CVSSv3:SUSE:CVE-2018-9385:3.3:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2018-07-07 07:22:44 UTC
CVE-2018-9385

https://patchwork.kernel.org/patch/10175611/

commit d2ffed5185df9d8d9ccd150e4340e3b6f96a8381
Author: Geert Uytterhoeven <geert+renesas@glider.be>
Date:   Tue Apr 10 15:21:45 2018 +0200

    ARM: amba: Don't read past the end of sysfs "driver_override" buffer
    
    When printing the driver_override parameter when it is 4095 and 4094
    bytes long, the printing code would access invalid memory because we
    need count + 1 bytes for printing.
    
    Cfr. commits 4efe874aace57dba ("PCI: Don't read past the end of sysfs
    "driver_override" buffer") and bf563b01c2895a4b ("driver core: platform:
    Don't read past the end of "driver_override" buffer").
    
    Fixes: 3cf385713460eb2b ("ARM: 8256/1: driver coamba: add device binding path 'driver_override'")
    Signed-off-by: Geert Uytterhoeven <geert+renesas@glider.be>
    Reviewed-by: Todd Kjos <tkjos@google.com>
    Cc: stable <stable@vger.kernel.org>
    Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Comment 1 Marcus Meissner 2018-07-07 07:23:23 UTC
3cf385713460eb2b is in 4.4, so sle12 sp3 and sle15 for aarch64
Comment 2 Marcus Meissner 2018-07-07 07:32:56 UTC
the other 2 commits listed above too are needed I think
Comment 3 Takashi Iwai 2018-07-09 08:49:07 UTC
The commit d2ffed5185df9d8d9ccd150e4340e3b6f96a8381:
- SLE12-SP3 already contains it via 4.4.131 stable
- SLE12-SP2-LTSS missing -> cve/linux-4.4
- SLE15 missing

The commit 4efe874aace57dba: included in 4.0

The commit bf563b01c2895a4b:
- both SLE12-SP2-LTSS and SLE12-SP3 contain it via 4.4.92 stable
- SLE15 contains the backport
Comment 4 Takashi Iwai 2018-07-09 09:25:38 UTC
The fixes were pushed to relevant branches.
Comment 6 Swamp Workflow Management 2018-07-18 06:21:59 UTC
This is an autogenerated message for OBS integration:
This bug (1100491) was mentioned in
https://build.opensuse.org/request/show/623531 42.3 / kernel-source
https://build.opensuse.org/request/show/623532 15.0 / kernel-source
Comment 7 Swamp Workflow Management 2018-07-18 06:21:59 UTC
This is an autogenerated message for OBS integration:
This bug (1100491) was mentioned in
https://build.opensuse.org/request/show/623531 42.3 / kernel-source
https://build.opensuse.org/request/show/623532 15.0 / kernel-source
Comment 9 Swamp Workflow Management 2018-07-24 16:17:25 UTC
SUSE-SU-2018:2051-1: An update that solves four vulnerabilities and has 44 fixes is now available.

Category: security (important)
Bug References: 1012382,1064232,1075876,1076110,1085185,1085657,1089525,1090435,1090888,1091171,1092207,1094244,1094248,1094643,1095453,1096790,1097034,1097140,1097492,1097501,1097551,1097808,1097931,1097961,1098016,1098236,1098425,1098435,1098527,1098599,1099042,1099183,1099279,1099713,1099732,1099792,1099810,1099918,1099924,1099966,1099993,1100089,1100340,1100416,1100418,1100491,1100843,1101296
CVE References: CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-9385
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.140-94.42.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.140-94.42.1, kernel-obs-build-4.4.140-94.42.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.140-94.42.1, kernel-source-4.4.140-94.42.1, kernel-syms-4.4.140-94.42.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_15-1-4.3.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.140-94.42.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.140-94.42.1, kernel-source-4.4.140-94.42.1, kernel-syms-4.4.140-94.42.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.140-94.42.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.140-94.42.1
Comment 10 Swamp Workflow Management 2018-07-28 13:17:24 UTC
openSUSE-SU-2018:2118-1: An update that solves four vulnerabilities and has 44 fixes is now available.

Category: security (important)
Bug References: 1012382,1064232,1075876,1076110,1085185,1085657,1089525,1090435,1090888,1091171,1092207,1094244,1094248,1094643,1095453,1096790,1097034,1097140,1097492,1097501,1097551,1097808,1097931,1097961,1098016,1098236,1098425,1098435,1098527,1098599,1099042,1099183,1099279,1099713,1099732,1099792,1099810,1099918,1099924,1099966,1099993,1100089,1100340,1100416,1100418,1100491,1100843,1101296
CVE References: CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-9385
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.140-62.2, kernel-default-4.4.140-62.2, kernel-docs-4.4.140-62.2, kernel-obs-build-4.4.140-62.3, kernel-obs-qa-4.4.140-62.1, kernel-source-4.4.140-62.2, kernel-syms-4.4.140-62.1, kernel-vanilla-4.4.140-62.2
Comment 11 Swamp Workflow Management 2018-07-28 13:58:31 UTC
openSUSE-SU-2018:2119-1: An update that solves 23 vulnerabilities and has 283 fixes is now available.

Category: security (important)
Bug References: 1022476,1046303,1046305,1046306,1046307,1046540,1046542,1046543,1048129,1050242,1050252,1050529,1050536,1050538,1050545,1050549,1050662,1051510,1052766,1055117,1055186,1055968,1056427,1056643,1056651,1056653,1056657,1056658,1056662,1056686,1056787,1058115,1058513,1058659,1058717,1059336,1060463,1061024,1061840,1062897,1064802,1065600,1065729,1066110,1066129,1068032,1068054,1068546,1071218,1071995,1072829,1072856,1073513,1073765,1073960,1074562,1074578,1074701,1074741,1074873,1074919,1074984,1075006,1075007,1075262,1075419,1075748,1075876,1076049,1076115,1076372,1076830,1077338,1078248,1078353,1079152,1079747,1080039,1080157,1080542,1081599,1082485,1082504,1082869,1082962,1083647,1083684,1083900,1084001,1084570,1084721,1085308,1085341,1085400,1085539,1085626,1085933,1085936,1085937,1085938,1085939,1085941,1086224,1086282,1086283,1086286,1086288,1086319,1086323,1086400,1086467,1086652,1086739,1087084,1087088,1087092,1087205,1087210,1087213,1087214,1087284,1087405,1087458,1087939,1087978,1088273,1088354,1088374,1088690,1088704,1088713,1088722,1088796,1088804,1088821,1088866,1088872,1089074,1089086,1089115,1089141,1089198,1089268,1089271,1089467,1089608,1089644,1089663,1089664,1089667,1089669,1089752,1089753,1089762,1089878,1089889,1089977,1090098,1090150,1090457,1090522,1090534,1090535,1090605,1090643,1090646,1090658,1090717,1090734,1090818,1090888,1090953,1091101,1091158,1091171,1091264,1091424,1091532,1091543,1091594,1091666,1091678,1091686,1091781,1091782,1091815,1091860,1091960,1092100,1092289,1092472,1092566,1092710,1092772,1092888,1092904,1092975,1093023,1093027,1093035,1093118,1093148,1093158,1093184,1093205,1093273,1093290,1093604,1093641,1093649,1093653,1093655,1093657,1093663,1093721,1093728,1093904,1093990,1094244,1094356,1094420,1094541,1094575,1094751,1094825,1094840,1094978,1095042,1095094,1095104,1095115,1095155,1095265,1095321,1095337,1095467,1095573,1095735,1095893,1096065,1096480,1096529,1096696,1096705,1096728,1096753,1096790,1096793,1097034,1097105,1097234,1097356,1097373,1097439,1097465,1097468,1097470,1097471,1097472,1097551,1097780,1097796,1097800,1097941,1097961,1098016,1098043,1098050,1098174,1098176,1098236,1098401,1098425,1098435,1098599,1098626,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100416,1100418,1100491,1100602,1100633,1100734,1100843,1101296,1101315,1101324,971975,975772
CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2018-1000200,CVE-2018-1000204,CVE-2018-10087,CVE-2018-10124,CVE-2018-10323,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1108,CVE-2018-1118,CVE-2018-1120,CVE-2018-1130,CVE-2018-12233,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781,CVE-2018-9385
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.7.1, kernel-default-4.12.14-lp150.12.7.1, kernel-docs-4.12.14-lp150.12.7.1, kernel-kvmsmall-4.12.14-lp150.12.7.1, kernel-obs-build-4.12.14-lp150.12.7.1, kernel-obs-qa-4.12.14-lp150.12.7.1, kernel-source-4.12.14-lp150.12.7.1, kernel-syms-4.12.14-lp150.12.7.1, kernel-vanilla-4.12.14-lp150.12.7.1
Comment 12 Swamp Workflow Management 2018-07-31 16:18:45 UTC
SUSE-SU-2018:2150-1: An update that solves 5 vulnerabilities and has 47 fixes is now available.

Category: security (important)
Bug References: 1012382,1068032,1074562,1074578,1074701,1075006,1075419,1075748,1075876,1080039,1085185,1085657,1087084,1087939,1089525,1090435,1090888,1091171,1092207,1094244,1094248,1094643,1095453,1096790,1097034,1097140,1097492,1097501,1097551,1097808,1097931,1097961,1098016,1098236,1098425,1098435,1098527,1099042,1099183,1099279,1099713,1099732,1099810,1099918,1099924,1099966,1099993,1100089,1100340,1100416,1100418,1100491
CVE References: CVE-2017-5753,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-9385
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.139-3.17.1, kernel-rt_debug-4.4.139-3.17.1, kernel-source-rt-4.4.139-3.17.1, kernel-syms-rt-4.4.139-3.17.1
Comment 14 Swamp Workflow Management 2018-08-06 22:27:31 UTC
SUSE-SU-2018:2222-1: An update that solves 8 vulnerabilities and has 132 fixes is now available.

Category: security (important)
Bug References: 1012382,1037697,1046299,1046300,1046302,1046303,1046305,1046306,1046307,1046533,1046543,1048129,1050242,1050529,1050536,1050538,1050540,1050549,1051510,1054245,1056651,1056787,1058115,1058169,1058659,1060463,1066110,1068032,1075087,1075360,1075876,1077338,1077761,1077989,1078248,1085042,1085536,1085539,1086282,1086283,1086286,1086301,1086313,1086314,1086319,1086323,1086324,1086457,1086652,1087092,1087202,1087217,1087233,1087978,1088821,1088866,1090098,1090888,1091041,1091171,1091424,1091860,1092472,1093035,1093118,1093148,1093290,1093666,1094119,1094244,1094978,1095155,1095337,1096330,1096529,1096790,1096793,1097034,1097583,1097584,1097585,1097586,1097587,1097588,1097941,1097961,1098050,1098236,1098401,1098599,1098626,1098633,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099193,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100416,1100418,1100491,1100602,1100633,1100843,1100884,1101143,1101296,1101315,1101324,1101337,1101352,1101564,1101669,1101674,1101789,1101813,1101816,1102088,1102097,1102147,1102340,1102512,1102851,1103216,1103220,1103230,1103421
CVE References: CVE-2017-18344,CVE-2017-5753,CVE-2018-1118,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-5390,CVE-2018-9385
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.8.1, kernel-source-azure-4.12.14-5.8.1, kernel-syms-azure-4.12.14-5.8.1
Comment 19 Swamp Workflow Management 2018-08-16 10:18:01 UTC
SUSE-SU-2018:2344-1: An update that solves 11 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1064232,1076110,1083635,1085042,1086652,1087081,1089343,1090123,1091171,1094248,1096130,1096480,1096978,1097140,1097551,1098016,1098425,1098435,1099924,1100089,1100416,1100418,1100491,1101557,1102340,1102851,1103097,1103119,1103580
CVE References: CVE-2017-18344,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-14734,CVE-2018-3620,CVE-2018-3646,CVE-2018-5390,CVE-2018-5391,CVE-2018-5814,CVE-2018-9385
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.92.1, kernel-source-4.4.121-92.92.1, kernel-syms-4.4.121-92.92.1, kgraft-patch-SLE12-SP2_Update_24-1-3.7.1, lttng-modules-2.7.1-9.4.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.92.1, kernel-source-4.4.121-92.92.1, kernel-syms-4.4.121-92.92.1, kgraft-patch-SLE12-SP2_Update_24-1-3.7.1, lttng-modules-2.7.1-9.4.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.92.1, kernel-source-4.4.121-92.92.1, kernel-syms-4.4.121-92.92.1, kgraft-patch-SLE12-SP2_Update_24-1-3.7.1, lttng-modules-2.7.1-9.4.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.92.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.92.1, kernel-source-4.4.121-92.92.1, kernel-syms-4.4.121-92.92.1, kgraft-patch-SLE12-SP2_Update_24-1-3.7.1, lttng-modules-2.7.1-9.4.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.92.1
Comment 20 Marcus Meissner 2018-08-29 12:20:04 UTC
released
Comment 21 Swamp Workflow Management 2018-10-18 18:13:14 UTC
SUSE-SU-2018:2344-2: An update that solves 11 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1064232,1076110,1083635,1085042,1086652,1087081,1089343,1090123,1091171,1094248,1096130,1096480,1096978,1097140,1097551,1098016,1098425,1098435,1099924,1100089,1100416,1100418,1100491,1101557,1102340,1102851,1103097,1103119,1103580
CVE References: CVE-2017-18344,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-14734,CVE-2018-3620,CVE-2018-3646,CVE-2018-5390,CVE-2018-5391,CVE-2018-5814,CVE-2018-9385
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.92.1, kernel-source-4.4.121-92.92.1, kernel-syms-4.4.121-92.92.1, kgraft-patch-SLE12-SP2_Update_24-1-3.7.1, lttng-modules-2.7.1-9.4.1