Bugzilla – Bug 1143048
VUL-1: CVE-2018-20856: kernel-source: memory use-after-free issue in __blk_drain_queue()
Last modified: 2021-11-16 08:30:24 UTC
CVE-2018-20856 An issue was discovered in the Linux kernel before 4.18.7. In block/blk-core.c, there is an __blk_drain_queue() use-after-free because a certain error case is mishandled. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-20856 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20856 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54648cf1ec2d7f4b6a71767799c45676a138ca24 https://github.com/torvalds/linux/commit/54648cf1ec2d7f4b6a71767799c45676a138ca24
SLE15 already contains the fix. SLE12-SP3-LTSS blacklists it as it requires other non-stable changes, added by Coly. cve/linux-4.4 and older don't contain the commit.
(In reply to Takashi Iwai from comment #1) > SLE15 already contains the fix. > > SLE12-SP3-LTSS blacklists it as it requires other non-stable changes, added > by Coly. > > cve/linux-4.4 and older don't contain the commit. I didn't realize it was a CVE fix when I added the commit into blacklist. Now I just rebase this patch to SLE12-SP3-LTSS kernel and submit the single rebased patch into users/colyli/cve/linux-4.4/for-next Thanks for the information. Coly Li
Thanks! Could you check and handle for older releases as well?
(In reply to Takashi Iwai from comment #3) > Thanks! Could you check and handle for older releases as well? Sure, let me handle them.
SUSE-SU-2019:2263-1: An update that solves 12 vulnerabilities and has 24 fixes is now available. Category: security (important) Bug References: 1106061,1123161,1125674,1127034,1128977,1130972,1133860,1134399,1135335,1135365,1137584,1139358,1139826,1140652,1140903,1140945,1141181,1141401,1141402,1141452,1141453,1141454,1142023,1142254,1142857,1143045,1143048,1143189,1143191,1143333,1144257,1144273,1144288,1144920,1145920,1145922 CVE References: CVE-2018-20855,CVE-2018-20856,CVE-2019-10207,CVE-2019-1125,CVE-2019-11810,CVE-2019-13631,CVE-2019-13648,CVE-2019-14283,CVE-2019-14284,CVE-2019-15117,CVE-2019-15118,CVE-2019-3819 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1 SUSE OpenStack Cloud 8 (src): kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1 SUSE Linux Enterprise High Availability 12-SP3 (src): kernel-default-4.4.180-94.103.1 SUSE Enterprise Storage 5 (src): kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1 SUSE CaaS Platform 3.0 (src): kernel-default-4.4.180-94.103.1 HPE Helion Openstack 8 (src): kernel-default-4.4.180-94.103.1, kernel-source-4.4.180-94.103.1, kernel-syms-4.4.180-94.103.1, kgraft-patch-SLE12-SP3_Update_28-1-4.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2299-1: An update that solves 12 vulnerabilities and has 19 fixes is now available. Category: security (important) Bug References: 1045640,1076033,1107256,1123161,1130972,1134399,1139358,1140012,1140652,1140903,1140945,1141401,1141402,1141452,1141453,1141454,1141628,1142023,1142098,1142857,1143045,1143048,1143189,1143191,1144257,1144273,1144288,1144920,1145920,1145922,1146163 CVE References: CVE-2017-18551,CVE-2018-20855,CVE-2018-20856,CVE-2019-10207,CVE-2019-1125,CVE-2019-11810,CVE-2019-13631,CVE-2019-14283,CVE-2019-14284,CVE-2019-15117,CVE-2019-15118,CVE-2019-3819 Sources used: SUSE OpenStack Cloud 7 (src): kernel-default-4.4.121-92.120.1, kernel-source-4.4.121-92.120.1, kernel-syms-4.4.121-92.120.1, kgraft-patch-SLE12-SP2_Update_32-1-3.3.1 SUSE Linux Enterprise Server for SAP 12-SP2 (src): kernel-default-4.4.121-92.120.1, kernel-source-4.4.121-92.120.1, kernel-syms-4.4.121-92.120.1, kgraft-patch-SLE12-SP2_Update_32-1-3.3.1 SUSE Linux Enterprise Server 12-SP2-LTSS (src): kernel-default-4.4.121-92.120.1, kernel-source-4.4.121-92.120.1, kernel-syms-4.4.121-92.120.1, kgraft-patch-SLE12-SP2_Update_32-1-3.3.1 SUSE Linux Enterprise Server 12-SP2-BCL (src): kernel-default-4.4.121-92.120.1, kernel-source-4.4.121-92.120.1, kernel-syms-4.4.121-92.120.1 SUSE Linux Enterprise High Availability 12-SP2 (src): kernel-default-4.4.121-92.120.1 SUSE Enterprise Storage 4 (src): kernel-default-4.4.121-92.120.1, kernel-source-4.4.121-92.120.1, kernel-syms-4.4.121-92.120.1, kgraft-patch-SLE12-SP2_Update_32-1-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
The patch is merged, close the report as fixed.
Please reassign security bugs back to sceurity-team. check ozut boris howto
done