Bug 1077922 - (CVE-2017-18079) VUL-0: CVE-2017-18079: kernel-source: drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackersto cause a denial of service (NULL pointer dereference and system crash) orpossibly have unspecified other impact because
(CVE-2017-18079)
VUL-0: CVE-2017-18079: kernel-source: drivers/input/serio/i8042.c in the Linu...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/199098/
CVSSv3:SUSE:CVE-2017-18079:2.5:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-29 07:51 UTC by Marcus Meissner
Modified: 2019-07-11 05:31 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-01-29 07:51:22 UTC
CVE-2017-18079

drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows attackers
to cause a denial of service (NULL pointer dereference and system crash) or
possibly have unspecified other impact because the port->exists value can change
after it is validated.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18079
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4
https://github.com/torvalds/linux/commit/340d394a789518018f834ff70f7534fc463d3226
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=340d394a789518018f834ff70f7534fc463d3226
Comment 1 Borislav Petkov 2018-02-02 19:16:45 UTC
12SP3: has it
12SP2: ditto
master: ditto
stable: ditto
15: ditto
cve/linux-3.12: pushed
Comment 2 Borislav Petkov 2018-02-02 21:09:25 UTC
cve/linux-3.0: pushed
cve/linux-2.6.32: pushed
cve/linux-2.6.16: pushed

Pushed all the way down to the last century.

Bouncing back.
Comment 3 Swamp Workflow Management 2018-02-13 20:11:30 UTC
SUSE-SU-2018:0437-1: An update that solves 8 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1012382,1047626,1068032,1070623,1073311,1073792,1073874,1075091,1075908,1075994,1076017,1076110,1076154,1076278,1077355,1077560,1077922,893777,893949,902893,951638
CVE References: CVE-2015-1142857,CVE-2017-13215,CVE-2017-17741,CVE-2017-17805,CVE-2017-17806,CVE-2017-18079,CVE-2017-5715,CVE-2018-1000004
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.119.1, kernel-source-3.12.61-52.119.1, kernel-syms-3.12.61-52.119.1, kernel-xen-3.12.61-52.119.1, kgraft-patch-SLE12_Update_31-1-1.7.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.119.1
Comment 4 Swamp Workflow Management 2018-02-22 20:11:38 UTC
SUSE-SU-2018:0525-1: An update that solves 8 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1012382,1047118,1047626,1068032,1070623,1073246,1073311,1073792,1073874,1074709,1075091,1075411,1075908,1075994,1076017,1076110,1076154,1076278,1077182,1077355,1077560,1077922,1081317,893777,893949,902893,951638
CVE References: CVE-2015-1142857,CVE-2017-13215,CVE-2017-17741,CVE-2017-17805,CVE-2017-17806,CVE-2017-18079,CVE-2017-5715,CVE-2018-1000004
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.82.1, kernel-source-3.12.74-60.64.82.1, kernel-syms-3.12.74-60.64.82.1, kernel-xen-3.12.74-60.64.82.1, kgraft-patch-SLE12-SP1_Update_25-1-2.9.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.82.1, kernel-source-3.12.74-60.64.82.1, kernel-syms-3.12.74-60.64.82.1, kernel-xen-3.12.74-60.64.82.1, kgraft-patch-SLE12-SP1_Update_25-1-2.9.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.82.1, kernel-source-3.12.74-60.64.82.1, kernel-syms-3.12.74-60.64.82.1, kernel-xen-3.12.74-60.64.82.1, kgraft-patch-SLE12-SP1_Update_25-1-2.9.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.82.1
Comment 5 Swamp Workflow Management 2018-02-27 20:14:09 UTC
SUSE-SU-2018:0555-1: An update that solves 9 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1012382,1045538,1048585,1050431,1054305,1059174,1060279,1060682,1063544,1064861,1068032,1068984,1069508,1070623,1070781,1073311,1074488,1074621,1074880,1075088,1075091,1075410,1075617,1075621,1075908,1075994,1076017,1076154,1076278,1076437,1076849,1077191,1077355,1077406,1077487,1077560,1077922,1078875,1079917,1080133,1080359,1080363,1080372,1080579,1080685,1080774,1081500,936530,962257
CVE References: CVE-2015-1142857,CVE-2017-13215,CVE-2017-17741,CVE-2017-18017,CVE-2017-18079,CVE-2017-5715,CVE-2018-1000004,CVE-2018-5332,CVE-2018-5333
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.35.1
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.35.1, kernel-default-3.0.101-108.35.1, kernel-ec2-3.0.101-108.35.1, kernel-pae-3.0.101-108.35.1, kernel-ppc64-3.0.101-108.35.1, kernel-source-3.0.101-108.35.1, kernel-syms-3.0.101-108.35.1, kernel-trace-3.0.101-108.35.1, kernel-xen-3.0.101-108.35.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.35.1, kernel-pae-3.0.101-108.35.1, kernel-ppc64-3.0.101-108.35.1, kernel-trace-3.0.101-108.35.1, kernel-xen-3.0.101-108.35.1
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    cluster-network-1.4-2.32.4.6, drbd-kmp-8.4.4-0.27.4.6, gfs2-2-0.24.4.6, ocfs2-1.6-0.28.5.6
SUSE Linux Enterprise High Availability Extension 11-SP4 (src):    cluster-network-1.4-2.32.4.6, drbd-8.4.4-0.27.4.2, drbd-kmp-8.4.4-0.27.4.6, gfs2-2-0.24.4.6, ocfs2-1.6-0.28.5.6
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    drbd-8.4.4-0.27.4.2, kernel-bigmem-3.0.101-108.35.1, kernel-default-3.0.101-108.35.1, kernel-ec2-3.0.101-108.35.1, kernel-pae-3.0.101-108.35.1, kernel-ppc64-3.0.101-108.35.1, kernel-trace-3.0.101-108.35.1, kernel-xen-3.0.101-108.35.1
Comment 6 Swamp Workflow Management 2018-03-12 11:11:53 UTC
SUSE-SU-2018:0660-1: An update that solves 8 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1012382,1054305,1060279,1068032,1068984,1070781,1073311,1074488,1074621,1075091,1075410,1075617,1075621,1075908,1075994,1076017,1076154,1076278,1076849,1077406,1077560,1077922
CVE References: CVE-2017-13215,CVE-2017-17741,CVE-2017-18017,CVE-2017-18079,CVE-2017-5715,CVE-2018-1000004,CVE-2018-5332,CVE-2018-5333
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.19.1, kernel-default-3.0.101-0.47.106.19.1, kernel-ec2-3.0.101-0.47.106.19.1, kernel-pae-3.0.101-0.47.106.19.1, kernel-source-3.0.101-0.47.106.19.1, kernel-syms-3.0.101-0.47.106.19.1, kernel-trace-3.0.101-0.47.106.19.1, kernel-xen-3.0.101-0.47.106.19.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.19.1, kernel-default-3.0.101-0.47.106.19.1, kernel-pae-3.0.101-0.47.106.19.1, kernel-ppc64-3.0.101-0.47.106.19.1, kernel-trace-3.0.101-0.47.106.19.1, kernel-xen-3.0.101-0.47.106.19.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.19.1, kernel-ec2-3.0.101-0.47.106.19.1, kernel-pae-3.0.101-0.47.106.19.1, kernel-source-3.0.101-0.47.106.19.1, kernel-syms-3.0.101-0.47.106.19.1, kernel-trace-3.0.101-0.47.106.19.1, kernel-xen-3.0.101-0.47.106.19.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.19.1, kernel-default-3.0.101-0.47.106.19.1, kernel-ec2-3.0.101-0.47.106.19.1, kernel-pae-3.0.101-0.47.106.19.1, kernel-trace-3.0.101-0.47.106.19.1, kernel-xen-3.0.101-0.47.106.19.1
Comment 7 Swamp Workflow Management 2018-03-29 13:14:53 UTC
SUSE-SU-2018:0841-1: An update that solves 9 vulnerabilities and has 41 fixes is now available.

Category: security (important)
Bug References: 1012382,1045538,1048585,1049128,1050431,1054305,1059174,1060279,1060682,1063544,1064861,1068032,1068984,1069508,1070623,1070781,1073311,1074488,1074621,1074880,1075088,1075091,1075410,1075617,1075621,1075908,1075994,1076017,1076154,1076278,1076437,1076849,1077191,1077355,1077406,1077487,1077560,1077922,1078875,1079917,1080133,1080359,1080363,1080372,1080579,1080685,1080774,1081500,936530,962257
CVE References: CVE-2015-1142857,CVE-2017-13215,CVE-2017-17741,CVE-2017-18017,CVE-2017-18079,CVE-2017-5715,CVE-2018-1000004,CVE-2018-5332,CVE-2018-5333
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.21.1, kernel-rt_trace-3.0.101.rt130-69.21.1, kernel-source-rt-3.0.101.rt130-69.21.1, kernel-syms-rt-3.0.101.rt130-69.21.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.21.1, kernel-rt_debug-3.0.101.rt130-69.21.1, kernel-rt_trace-3.0.101.rt130-69.21.1
Comment 8 Marcus Meissner 2019-07-11 05:31:08 UTC
released