Bug 1106095 (CVE-2018-16276) - VUL-1: CVE-2018-16276: kernel-source: Buffer overrun in yurex driver
Summary: VUL-1: CVE-2018-16276: kernel-source: Buffer overrun in yurex driver
Status: RESOLVED FIXED
: CVE-2018-19270 (view as bug list)
Alias: CVE-2018-16276
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv3:SUSE:CVE-2018-16276:7.3:(AV:L...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-08-27 12:31 UTC by Oliver Neukum
Modified: 2020-06-13 00:56 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Neukum 2018-08-27 12:31:39 UTC
The stable series has this fix:

commit f1e255d60ae66a9f672ff9a207ee6cd8e33d2679
Author: Jann Horn <jannh@google.com>
Date:   Fri Jul 6 17:12:56 2018 +0200

    USB: yurex: fix out-of-bounds uaccess in read handler
    
    In general, accessing userspace memory beyond the length of the supplied
    buffer in VFS read/write handlers can lead to both kernel memory corruption
    (via kernel_read()/kernel_write(), which can e.g. be triggered via
    sys_splice()) and privilege escalation inside userspace.
    
    Fix it by using simple_read_from_buffer() instead of custom logic.

It looks like kernel memory is accessible in a minor way. Kernels up to SLE12SP4 compile that driver.
Comment 1 Marcus Meissner 2018-08-27 14:42:51 UTC
down to 2.6.37
Comment 2 Marcus Meissner 2018-08-31 13:47:40 UTC
cve requested
Comment 3 Marcus Meissner 2018-08-31 14:25:32 UTC
CVE-2018-16276
Comment 12 Swamp Workflow Management 2018-09-27 19:21:22 UTC
SUSE-SU-2018:2908-1: An update that solves 19 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1012382,1024788,1062604,1064233,1065999,1090534,1090955,1091171,1092903,1096547,1097104,1097108,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1102870,1103445,1104319,1104495,1104818,1104906,1105100,1105322,1105323,1105396,1106095,1106369,1106509,1106511,1107689,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.104.1, kernel-source-3.12.74-60.64.104.1, kernel-syms-3.12.74-60.64.104.1, kernel-xen-3.12.74-60.64.104.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.104.1
Comment 17 Swamp Workflow Management 2018-10-03 08:34:30 UTC
This is an autogenerated message for OBS integration:
This bug (1106095) was mentioned in
https://build.opensuse.org/request/show/639718 42.3 / kernel-source
Comment 18 Swamp Workflow Management 2018-10-04 16:14:44 UTC
SUSE-SU-2018:3003-1: An update that solves 7 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1012382,1044189,1063026,1066223,1082863,1082979,1084427,1084536,1087209,1088087,1090535,1091815,1094244,1094555,1094562,1095344,1095753,1096547,1099810,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1106095,1106434,1106512,1106594,1106934,1107924,1108096,1108170,1108240,1108399,1108803,1108823,1109333,1109336,1109337,1109441,1110297,1110337
CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-7480,CVE-2018-7757
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.156-94.57.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.156-94.57.1, kernel-obs-build-4.4.156-94.57.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.156-94.57.1, kernel-source-4.4.156-94.57.1, kernel-syms-4.4.156-94.57.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.156-94.57.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.156-94.57.1, kernel-source-4.4.156-94.57.1, kernel-syms-4.4.156-94.57.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.156-94.57.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.156-94.57.1
Comment 19 Swamp Workflow Management 2018-10-04 16:23:05 UTC
SUSE-SU-2018:3004-1: An update that solves 7 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1012382,1044189,1063026,1066223,1082863,1082979,1084427,1084536,1087209,1088087,1090535,1091815,1094244,1094555,1094562,1095344,1095753,1096547,1099810,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1106095,1106434,1106512,1106594,1106934,1107924,1108096,1108170,1108240,1108399,1108803,1108823,1109333,1109336,1109337,1109441,1110297,1110337
CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-7480,CVE-2018-7757
Sources used:
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_18-1-4.3.5
Comment 20 Swamp Workflow Management 2018-10-09 16:13:37 UTC
SUSE-SU-2018:3083-1: An update that solves 20 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1012382,1062604,1064232,1065999,1092903,1093215,1096547,1097104,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1100089,1102870,1103445,1104319,1104495,1104906,1105322,1105412,1106095,1106369,1106509,1106511,1107689,1108399,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.146.1, kernel-source-3.12.61-52.146.1, kernel-syms-3.12.61-52.146.1, kernel-xen-3.12.61-52.146.1, kgraft-patch-SLE12_Update_38-1-1.5.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.146.1
Comment 21 Swamp Workflow Management 2018-10-09 16:23:17 UTC
SUSE-SU-2018:3084-1: An update that solves 28 vulnerabilities and has 28 fixes is now available.

Category: security (important)
Bug References: 1012382,1042286,1062604,1064232,1065364,1082519,1082863,1084536,1085042,1088810,1089066,1092903,1094466,1095344,1096547,1097104,1099597,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099993,1099999,1100000,1100001,1100152,1102517,1102715,1102870,1103445,1104319,1104495,1105292,1105296,1105322,1105348,1105396,1105536,1106016,1106095,1106369,1106509,1106511,1106512,1106594,1107689,1107735,1107966,1108239,1108399,1109333
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14617,CVE-2018-14678,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555,CVE-2018-7480,CVE-2018-7757,CVE-2018-9363
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, lttng-modules-2.7.1-9.6.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.121-92.95.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.95.1
Comment 22 Swamp Workflow Management 2018-10-09 16:32:35 UTC
SUSE-SU-2018:3088-1: An update that solves 12 vulnerabilities and has 43 fixes is now available.

Category: security (important)
Bug References: 1045538,1048185,1050381,1050431,1057199,1060245,1064861,1068032,1080157,1087081,1092772,1092903,1093666,1096547,1098822,1099922,1100132,1100705,1102517,1102870,1103119,1104481,1104684,1104818,1104901,1105100,1105322,1105348,1105536,1105723,1106095,1106105,1106199,1106202,1106206,1106209,1106212,1106369,1106509,1106511,1106609,1106886,1106930,1106995,1107001,1107064,1107071,1107650,1107689,1107735,1107949,1108096,1108170,1108823,1108912
CVE References: CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-14617,CVE-2018-14634,CVE-2018-14734,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.36.1, kernel-rt_trace-3.0.101.rt130-69.36.1, kernel-source-rt-3.0.101.rt130-69.36.1, kernel-syms-rt-3.0.101.rt130-69.36.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.36.1, kernel-rt_debug-3.0.101.rt130-69.36.1, kernel-rt_trace-3.0.101.rt130-69.36.1
Comment 23 Swamp Workflow Management 2018-10-11 08:45:01 UTC
This is an autogenerated message for OBS integration:
This bug (1106095) was mentioned in
https://build.opensuse.org/request/show/641142 42.3 / kernel-source
Comment 25 Swamp Workflow Management 2018-10-17 19:16:12 UTC
openSUSE-SU-2018:3202-1: An update that solves 13 vulnerabilities and has 74 fixes is now available.

Category: security (important)
Bug References: 1012382,1044189,1050549,1063026,1065600,1066223,1082519,1082863,1082979,1084427,1084536,1088087,1089343,1090535,1094244,1094555,1094562,1095344,1095753,1096052,1096547,1099597,1099810,1100056,1100059,1100060,1100061,1100062,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1103308,1103405,1105428,1105795,1106095,1106105,1106240,1106293,1106434,1106512,1106594,1106934,1107318,1107829,1107924,1108096,1108170,1108240,1108315,1108399,1108803,1108823,1109333,1109336,1109337,1109441,1109806,1110006,1110297,1110337,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1110930,1111363
CVE References: CVE-2018-13096,CVE-2018-13097,CVE-2018-13098,CVE-2018-13099,CVE-2018-13100,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-7480,CVE-2018-7757
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.159-73.1, kernel-default-4.4.159-73.1, kernel-docs-4.4.159-73.2, kernel-obs-build-4.4.159-73.1, kernel-obs-qa-4.4.159-73.1, kernel-source-4.4.159-73.1, kernel-syms-4.4.159-73.1, kernel-vanilla-4.4.159-73.1
Comment 29 Swamp Workflow Management 2018-11-05 17:09:26 UTC
SUSE-SU-2018:3618-1: An update that solves four vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1099922,1102870,1106095,1107829,1108227,1109967,1110247,1113337,905299
CVE References: CVE-2018-12896,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.56.1, kernel-default-3.0.101-0.47.106.56.1, kernel-ec2-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-source-3.0.101-0.47.106.56.1, kernel-syms-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.56.1, kernel-default-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-ppc64-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.56.1, kernel-ec2-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-source-3.0.101-0.47.106.56.1, kernel-syms-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.56.1, kernel-default-3.0.101-0.47.106.56.1, kernel-ec2-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1
Comment 31 Swamp Workflow Management 2018-11-07 20:36:07 UTC
SUSE-SU-2018:3659-1: An update that solves 10 vulnerabilities and has 104 fixes is now available.

Category: security (important)
Bug References: 1012382,1042422,1044189,1050431,1050549,1053043,1063026,1065600,1065726,1066223,1067906,1079524,1082519,1082863,1082979,1084427,1084536,1084760,1088087,1089343,1090535,1091158,1094244,1094555,1094562,1094825,1095344,1095753,1095805,1096052,1096547,1099597,1099810,1101555,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1103308,1103405,1105428,1105795,1105931,1106095,1106105,1106110,1106240,1106293,1106359,1106434,1106512,1106594,1106913,1106929,1106934,1107060,1107299,1107318,1107535,1107829,1107924,1108096,1108170,1108240,1108315,1108377,1108399,1108498,1108803,1108823,1109158,1109333,1109336,1109337,1109441,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110297,1110337,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1110930,1111363,1111516,1111870,1112007,1112262,1112263
CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-18386,CVE-2018-7480,CVE-2018-7757,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.162-3.26.1, kernel-rt_debug-4.4.162-3.26.1, kernel-source-rt-4.4.162-3.26.1, kernel-syms-rt-4.4.162-3.26.1
Comment 32 Marcus Meissner 2018-11-14 14:10:37 UTC
*** Bug 1115593 has been marked as a duplicate of this bug. ***
Comment 35 Swamp Workflow Management 2019-01-16 07:26:19 UTC
SUSE-SU-2019:0095-1: An update that solves 13 vulnerabilities and has 140 fixes is now available.

Category: security (important)
Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1044189,1048129,1050431,1050549,1053043,1054239,1057199,1062303,1063026,1065600,1065726,1066223,1067906,1073579,1076393,1078788,1079524,1082519,1082863,1082979,1083215,1083527,1084427,1084536,1084760,1087209,1088087,1089343,1090535,1091158,1093118,1094244,1094555,1094562,1094825,1095344,1095753,1095805,1096052,1096547,1098050,1098996,1099597,1099810,1101555,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1103308,1103405,1104124,1105025,1105428,1105795,1105931,1106095,1106105,1106110,1106240,1106293,1106359,1106434,1106512,1106594,1106913,1106929,1106934,1107060,1107299,1107318,1107535,1107829,1107870,1107924,1108096,1108170,1108240,1108281,1108315,1108377,1108399,1108498,1108803,1108823,1109038,1109158,1109333,1109336,1109337,1109441,1109772,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110297,1110337,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1110930,1111363,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113766,1113769,1114178,1114229,1114648,1115593,981083,997172
CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-7480,CVE-2018-7757,CVE-2018-9516
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-azure-4.4.162-4.19.2, kernel-source-azure-4.4.162-4.19.1, kernel-syms-azure-4.4.162-4.19.1
Comment 36 Marcus Meissner 2019-03-18 15:39:27 UTC
done
Comment 37 Swamp Workflow Management 2019-04-27 22:24:04 UTC
SUSE-SU-2018:2908-2: An update that solves 19 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1012382,1024788,1062604,1064233,1065999,1090534,1090955,1091171,1092903,1096547,1097104,1097108,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1102870,1103445,1104319,1104495,1104818,1104906,1105100,1105322,1105323,1105396,1106095,1106369,1106509,1106511,1107689,1108912
CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555
Sources used:
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.104.1, kernel-source-3.12.74-60.64.104.1, kernel-syms-3.12.74-60.64.104.1, kernel-xen-3.12.74-60.64.104.1, kgraft-patch-SLE12-SP1_Update_31-1-2.5.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.