Bugzilla – Bug 1106095
VUL-1: CVE-2018-16276: kernel-source: Buffer overrun in yurex driver
Last modified: 2020-06-13 00:56:35 UTC
The stable series has this fix: commit f1e255d60ae66a9f672ff9a207ee6cd8e33d2679 Author: Jann Horn <jannh@google.com> Date: Fri Jul 6 17:12:56 2018 +0200 USB: yurex: fix out-of-bounds uaccess in read handler In general, accessing userspace memory beyond the length of the supplied buffer in VFS read/write handlers can lead to both kernel memory corruption (via kernel_read()/kernel_write(), which can e.g. be triggered via sys_splice()) and privilege escalation inside userspace. Fix it by using simple_read_from_buffer() instead of custom logic. It looks like kernel memory is accessible in a minor way. Kernels up to SLE12SP4 compile that driver.
down to 2.6.37
cve requested
CVE-2018-16276
SUSE-SU-2018:2908-1: An update that solves 19 vulnerabilities and has 19 fixes is now available. Category: security (important) Bug References: 1012382,1024788,1062604,1064233,1065999,1090534,1090955,1091171,1092903,1096547,1097104,1097108,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1102870,1103445,1104319,1104495,1104818,1104906,1105100,1105322,1105323,1105396,1106095,1106369,1106509,1106511,1107689,1108912 CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555 Sources used: SUSE Linux Enterprise Server 12-SP1-LTSS (src): kernel-default-3.12.74-60.64.104.1, kernel-source-3.12.74-60.64.104.1, kernel-syms-3.12.74-60.64.104.1, kernel-xen-3.12.74-60.64.104.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.74-60.64.104.1
This is an autogenerated message for OBS integration: This bug (1106095) was mentioned in https://build.opensuse.org/request/show/639718 42.3 / kernel-source
SUSE-SU-2018:3003-1: An update that solves 7 vulnerabilities and has 40 fixes is now available. Category: security (important) Bug References: 1012382,1044189,1063026,1066223,1082863,1082979,1084427,1084536,1087209,1088087,1090535,1091815,1094244,1094555,1094562,1095344,1095753,1096547,1099810,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1106095,1106434,1106512,1106594,1106934,1107924,1108096,1108170,1108240,1108399,1108803,1108823,1109333,1109336,1109337,1109441,1110297,1110337 CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-7480,CVE-2018-7757 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP3 (src): kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Software Development Kit 12-SP3 (src): kernel-docs-4.4.156-94.57.1, kernel-obs-build-4.4.156-94.57.1 SUSE Linux Enterprise Server 12-SP3 (src): kernel-default-4.4.156-94.57.1, kernel-source-4.4.156-94.57.1, kernel-syms-4.4.156-94.57.1 SUSE Linux Enterprise High Availability 12-SP3 (src): kernel-default-4.4.156-94.57.1 SUSE Linux Enterprise Desktop 12-SP3 (src): kernel-default-4.4.156-94.57.1, kernel-source-4.4.156-94.57.1, kernel-syms-4.4.156-94.57.1 SUSE CaaS Platform ALL (src): kernel-default-4.4.156-94.57.1 SUSE CaaS Platform 3.0 (src): kernel-default-4.4.156-94.57.1
SUSE-SU-2018:3004-1: An update that solves 7 vulnerabilities and has 40 fixes is now available. Category: security (important) Bug References: 1012382,1044189,1063026,1066223,1082863,1082979,1084427,1084536,1087209,1088087,1090535,1091815,1094244,1094555,1094562,1095344,1095753,1096547,1099810,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1106095,1106434,1106512,1106594,1106934,1107924,1108096,1108170,1108240,1108399,1108803,1108823,1109333,1109336,1109337,1109441,1110297,1110337 CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-7480,CVE-2018-7757 Sources used: SUSE Linux Enterprise Live Patching 12-SP3 (src): kgraft-patch-SLE12-SP3_Update_18-1-4.3.5
SUSE-SU-2018:3083-1: An update that solves 20 vulnerabilities and has 13 fixes is now available. Category: security (important) Bug References: 1012382,1062604,1064232,1065999,1092903,1093215,1096547,1097104,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1100089,1102870,1103445,1104319,1104495,1104906,1105322,1105412,1106095,1106369,1106509,1106511,1107689,1108399,1108912 CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): kernel-default-3.12.61-52.146.1, kernel-source-3.12.61-52.146.1, kernel-syms-3.12.61-52.146.1, kernel-xen-3.12.61-52.146.1, kgraft-patch-SLE12_Update_38-1-1.5.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.61-52.146.1
SUSE-SU-2018:3084-1: An update that solves 28 vulnerabilities and has 28 fixes is now available. Category: security (important) Bug References: 1012382,1042286,1062604,1064232,1065364,1082519,1082863,1084536,1085042,1088810,1089066,1092903,1094466,1095344,1096547,1097104,1099597,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1099993,1099999,1100000,1100001,1100152,1102517,1102715,1102870,1103445,1104319,1104495,1105292,1105296,1105322,1105348,1105396,1105536,1106016,1106095,1106369,1106509,1106511,1106512,1106594,1107689,1107735,1107966,1108239,1108399,1109333 CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-13094,CVE-2018-13095,CVE-2018-14617,CVE-2018-14678,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-17182,CVE-2018-6554,CVE-2018-6555,CVE-2018-7480,CVE-2018-7757,CVE-2018-9363 Sources used: SUSE OpenStack Cloud 7 (src): kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, lttng-modules-2.7.1-9.6.1 SUSE Linux Enterprise High Availability 12-SP2 (src): kernel-default-4.4.121-92.95.1 SUSE Enterprise Storage 4 (src): kernel-default-4.4.121-92.95.1, kernel-source-4.4.121-92.95.1, kernel-syms-4.4.121-92.95.1, kgraft-patch-SLE12-SP2_Update_25-1-3.4.1, lttng-modules-2.7.1-9.6.1 OpenStack Cloud Magnum Orchestration 7 (src): kernel-default-4.4.121-92.95.1
SUSE-SU-2018:3088-1: An update that solves 12 vulnerabilities and has 43 fixes is now available. Category: security (important) Bug References: 1045538,1048185,1050381,1050431,1057199,1060245,1064861,1068032,1080157,1087081,1092772,1092903,1093666,1096547,1098822,1099922,1100132,1100705,1102517,1102870,1103119,1104481,1104684,1104818,1104901,1105100,1105322,1105348,1105536,1105723,1106095,1106105,1106199,1106202,1106206,1106209,1106212,1106369,1106509,1106511,1106609,1106886,1106930,1106995,1107001,1107064,1107071,1107650,1107689,1107735,1107949,1108096,1108170,1108823,1108912 CVE References: CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-14617,CVE-2018-14634,CVE-2018-14734,CVE-2018-15572,CVE-2018-15594,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555 Sources used: SUSE Linux Enterprise Real Time Extension 11-SP4 (src): kernel-rt-3.0.101.rt130-69.36.1, kernel-rt_trace-3.0.101.rt130-69.36.1, kernel-source-rt-3.0.101.rt130-69.36.1, kernel-syms-rt-3.0.101.rt130-69.36.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): kernel-rt-3.0.101.rt130-69.36.1, kernel-rt_debug-3.0.101.rt130-69.36.1, kernel-rt_trace-3.0.101.rt130-69.36.1
This is an autogenerated message for OBS integration: This bug (1106095) was mentioned in https://build.opensuse.org/request/show/641142 42.3 / kernel-source
openSUSE-SU-2018:3202-1: An update that solves 13 vulnerabilities and has 74 fixes is now available. Category: security (important) Bug References: 1012382,1044189,1050549,1063026,1065600,1066223,1082519,1082863,1082979,1084427,1084536,1088087,1089343,1090535,1094244,1094555,1094562,1095344,1095753,1096052,1096547,1099597,1099810,1100056,1100059,1100060,1100061,1100062,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1103308,1103405,1105428,1105795,1106095,1106105,1106240,1106293,1106434,1106512,1106594,1106934,1107318,1107829,1107924,1108096,1108170,1108240,1108315,1108399,1108803,1108823,1109333,1109336,1109337,1109441,1109806,1110006,1110297,1110337,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1110930,1111363 CVE References: CVE-2018-13096,CVE-2018-13097,CVE-2018-13098,CVE-2018-13099,CVE-2018-13100,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-7480,CVE-2018-7757 Sources used: openSUSE Leap 42.3 (src): kernel-debug-4.4.159-73.1, kernel-default-4.4.159-73.1, kernel-docs-4.4.159-73.2, kernel-obs-build-4.4.159-73.1, kernel-obs-qa-4.4.159-73.1, kernel-source-4.4.159-73.1, kernel-syms-4.4.159-73.1, kernel-vanilla-4.4.159-73.1
SUSE-SU-2018:3618-1: An update that solves four vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1099922,1102870,1106095,1107829,1108227,1109967,1110247,1113337,905299 CVE References: CVE-2018-12896,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276 Sources used: SUSE Linux Enterprise Server 11-SP3-LTSS (src): kernel-bigsmp-3.0.101-0.47.106.56.1, kernel-default-3.0.101-0.47.106.56.1, kernel-ec2-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-source-3.0.101-0.47.106.56.1, kernel-syms-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1 SUSE Linux Enterprise Server 11-EXTRA (src): kernel-bigsmp-3.0.101-0.47.106.56.1, kernel-default-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-ppc64-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): kernel-default-3.0.101-0.47.106.56.1, kernel-ec2-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-source-3.0.101-0.47.106.56.1, kernel-syms-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): kernel-bigsmp-3.0.101-0.47.106.56.1, kernel-default-3.0.101-0.47.106.56.1, kernel-ec2-3.0.101-0.47.106.56.1, kernel-pae-3.0.101-0.47.106.56.1, kernel-trace-3.0.101-0.47.106.56.1, kernel-xen-3.0.101-0.47.106.56.1
SUSE-SU-2018:3659-1: An update that solves 10 vulnerabilities and has 104 fixes is now available. Category: security (important) Bug References: 1012382,1042422,1044189,1050431,1050549,1053043,1063026,1065600,1065726,1066223,1067906,1079524,1082519,1082863,1082979,1084427,1084536,1084760,1088087,1089343,1090535,1091158,1094244,1094555,1094562,1094825,1095344,1095753,1095805,1096052,1096547,1099597,1099810,1101555,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1103308,1103405,1105428,1105795,1105931,1106095,1106105,1106110,1106240,1106293,1106359,1106434,1106512,1106594,1106913,1106929,1106934,1107060,1107299,1107318,1107535,1107829,1107924,1108096,1108170,1108240,1108315,1108377,1108399,1108498,1108803,1108823,1109158,1109333,1109336,1109337,1109441,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110297,1110337,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1110930,1111363,1111516,1111870,1112007,1112262,1112263 CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-18386,CVE-2018-7480,CVE-2018-7757,CVE-2018-9516 Sources used: SUSE Linux Enterprise Real Time Extension 12-SP3 (src): kernel-rt-4.4.162-3.26.1, kernel-rt_debug-4.4.162-3.26.1, kernel-source-rt-4.4.162-3.26.1, kernel-syms-rt-4.4.162-3.26.1
*** Bug 1115593 has been marked as a duplicate of this bug. ***
SUSE-SU-2019:0095-1: An update that solves 13 vulnerabilities and has 140 fixes is now available. Category: security (important) Bug References: 1011920,1012382,1012422,1020645,1031392,1035053,1042422,1043591,1044189,1048129,1050431,1050549,1053043,1054239,1057199,1062303,1063026,1065600,1065726,1066223,1067906,1073579,1076393,1078788,1079524,1082519,1082863,1082979,1083215,1083527,1084427,1084536,1084760,1087209,1088087,1089343,1090535,1091158,1093118,1094244,1094555,1094562,1094825,1095344,1095753,1095805,1096052,1096547,1098050,1098996,1099597,1099810,1101555,1102495,1102715,1102870,1102875,1102877,1102879,1102882,1102896,1103156,1103269,1103308,1103405,1104124,1105025,1105428,1105795,1105931,1106095,1106105,1106110,1106240,1106293,1106359,1106434,1106512,1106594,1106913,1106929,1106934,1107060,1107299,1107318,1107535,1107829,1107870,1107924,1108096,1108170,1108240,1108281,1108315,1108377,1108399,1108498,1108803,1108823,1109038,1109158,1109333,1109336,1109337,1109441,1109772,1109784,1109806,1109818,1109907,1109919,1109923,1110006,1110297,1110337,1110363,1110468,1110600,1110601,1110602,1110603,1110604,1110605,1110606,1110611,1110612,1110613,1110614,1110615,1110616,1110618,1110619,1110930,1111363,1111516,1111870,1112007,1112262,1112263,1112894,1112902,1112903,1112905,1113667,1113751,1113766,1113769,1114178,1114229,1114648,1115593,981083,997172 CVE References: CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-16276,CVE-2018-16597,CVE-2018-17182,CVE-2018-18281,CVE-2018-18386,CVE-2018-18690,CVE-2018-18710,CVE-2018-7480,CVE-2018-7757,CVE-2018-9516 Sources used: SUSE Linux Enterprise Server 12-SP3 (src): kernel-azure-4.4.162-4.19.2, kernel-source-azure-4.4.162-4.19.1, kernel-syms-azure-4.4.162-4.19.1
done
SUSE-SU-2018:2908-2: An update that solves 19 vulnerabilities and has 19 fixes is now available. Category: security (important) Bug References: 1012382,1024788,1062604,1064233,1065999,1090534,1090955,1091171,1092903,1096547,1097104,1097108,1099811,1099813,1099844,1099845,1099846,1099849,1099863,1099864,1099922,1100001,1102870,1103445,1104319,1104495,1104818,1104906,1105100,1105322,1105323,1105396,1106095,1106369,1106509,1106511,1107689,1108912 CVE References: CVE-2018-10853,CVE-2018-10876,CVE-2018-10877,CVE-2018-10878,CVE-2018-10879,CVE-2018-10880,CVE-2018-10881,CVE-2018-10882,CVE-2018-10883,CVE-2018-10902,CVE-2018-10940,CVE-2018-12896,CVE-2018-13093,CVE-2018-14617,CVE-2018-14634,CVE-2018-16276,CVE-2018-16658,CVE-2018-6554,CVE-2018-6555 Sources used: SUSE Linux Enterprise Server for SAP 12-SP1 (src): kernel-default-3.12.74-60.64.104.1, kernel-source-3.12.74-60.64.104.1, kernel-syms-3.12.74-60.64.104.1, kernel-xen-3.12.74-60.64.104.1, kgraft-patch-SLE12-SP1_Update_31-1-2.5.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.