Bug 1086400 - (CVE-2017-18241) VUL-0: CVE-2017-18241: kernel-source: fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause adenial of service (NULL pointer dereference and panic) by using a noflush_mergeoption that triggers a NULL value for a fl
(CVE-2017-18241)
VUL-0: CVE-2017-18241: kernel-source: fs/f2fs/segment.c in the Linux kernel b...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/202440/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-03-22 06:09 UTC by Marcus Meissner
Modified: 2019-08-28 09:01 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2018-03-22 06:09:53 UTC
CVE-2017-18241

fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a
denial of service (NULL pointer dereference and panic) by using a noflush_merge
option that triggers a NULL value for a flush_cmd_control data structure.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18241
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-18241.html
https://github.com/torvalds/linux/commit/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4fdf8ba0e5808ba9ad6b44337783bd9935e0982
Comment 1 Marcus Meissner 2018-03-22 06:17:21 UTC
This filesystem is not configured in SLES, but only in openSUSE Leap
Comment 3 Nikolay Borisov 2018-06-06 07:36:02 UTC
I've backported the referenced commit to SLE15 branch (will be merged into opensuse 15) and cve/linux-4.4 which will go into SLE12-SP3 and subsequently to opensuse 42.3.
Comment 4 Swamp Workflow Management 2018-06-21 16:14:41 UTC
SUSE-SU-2018:1772-1: An update that solves 6 vulnerabilities and has 47 fixes is now available.

Category: security (important)
Bug References: 1012382,1024718,1031717,1035432,1041740,1045330,1056415,1066223,1068032,1068054,1068951,1070404,1073311,1075428,1076049,1078583,1079152,1080542,1080656,1081500,1081514,1082153,1082504,1082979,1085185,1085308,1086400,1086716,1087036,1087086,1088871,1090435,1090534,1090734,1090955,1091594,1094532,1095042,1095147,1096037,1096140,1096214,1096242,1096281,1096751,1096982,1097234,1097356,1098009,1098012,971975,973378,978907
CVE References: CVE-2017-17741,CVE-2017-18241,CVE-2017-18249,CVE-2018-12233,CVE-2018-3665,CVE-2018-5848
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.138-94.39.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.138-94.39.1, kernel-obs-build-4.4.138-94.39.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.138-94.39.1, kernel-source-4.4.138-94.39.1, kernel-syms-4.4.138-94.39.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_14-1-4.5.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.138-94.39.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.138-94.39.1, kernel-source-4.4.138-94.39.1, kernel-syms-4.4.138-94.39.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.138-94.39.1
Comment 5 Swamp Workflow Management 2018-06-21 16:24:42 UTC
openSUSE-SU-2018:1773-1: An update that solves 11 vulnerabilities and has 66 fixes is now available.

Category: security (important)
Bug References: 1012382,1019695,1019699,1022604,1022607,1022743,1024718,1031492,1031717,1035432,1036215,1041740,1045330,1056415,1066223,1068032,1068054,1068951,1070404,1073311,1075428,1076049,1078583,1079152,1080542,1080656,1081500,1081514,1082153,1082504,1082979,1085308,1086400,1086716,1087007,1087012,1087036,1087082,1087086,1087095,1088871,1090435,1090534,1090734,1090955,1091594,1091815,1092552,1092813,1092903,1093533,1093904,1094177,1094268,1094353,1094356,1094405,1094466,1094532,1094823,1094840,1095042,1095147,1096037,1096140,1096214,1096242,1096281,1096751,1096982,1097234,1097356,1098009,1098012,971975,973378,978907
CVE References: CVE-2017-13305,CVE-2017-17741,CVE-2017-18241,CVE-2017-18249,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-12233,CVE-2018-3639,CVE-2018-3665,CVE-2018-5848
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.138-59.1, kernel-default-4.4.138-59.1, kernel-docs-4.4.138-59.1, kernel-obs-build-4.4.138-59.1, kernel-obs-qa-4.4.138-59.1, kernel-source-4.4.138-59.1, kernel-syms-4.4.138-59.1, kernel-vanilla-4.4.138-59.1
Comment 8 Swamp Workflow Management 2018-06-26 16:18:43 UTC
SUSE-SU-2018:1816-1: An update that solves 17 vulnerabilities and has 109 fixes is now available.

Category: security (important)
Bug References: 1009062,1012382,1019695,1019699,1022604,1022607,1022743,1024718,1031717,1035432,1036215,1041740,1043598,1044596,1045330,1056415,1056427,1060799,1066223,1068032,1068054,1068951,1070404,1073059,1073311,1075087,1075428,1076049,1076263,1076805,1078583,1079152,1080157,1080542,1080656,1081500,1081514,1081599,1082153,1082299,1082485,1082504,1082962,1082979,1083635,1083650,1083900,1084721,1085185,1085308,1086400,1086716,1087007,1087012,1087036,1087082,1087086,1087095,1088810,1088871,1089023,1089115,1089393,1089895,1090225,1090435,1090534,1090643,1090658,1090663,1090708,1090718,1090734,1090953,1090955,1091041,1091325,1091594,1091728,1091960,1092289,1092497,1092552,1092566,1092772,1092813,1092888,1092904,1092975,1093008,1093035,1093144,1093215,1093533,1093904,1093990,1094019,1094033,1094059,1094177,1094268,1094353,1094356,1094405,1094466,1094532,1094823,1094840,1095042,1095147,1096037,1096140,1096214,1096242,1096281,1096751,1096982,1097234,1097356,1098009,1098012,919144,971975,973378,978907,993388
CVE References: CVE-2017-13305,CVE-2017-17741,CVE-2017-18241,CVE-2017-18249,CVE-2018-1000199,CVE-2018-1065,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1130,CVE-2018-12233,CVE-2018-3639,CVE-2018-3665,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.138-3.14.1, kernel-rt_debug-4.4.138-3.14.1, kernel-source-rt-4.4.138-3.14.1, kernel-syms-rt-4.4.138-3.14.1
Comment 9 Swamp Workflow Management 2018-06-29 19:17:19 UTC
SUSE-SU-2018:1855-1: An update that solves 14 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1068032,1079152,1082962,1083650,1083900,1085185,1086400,1087007,1087012,1087036,1087086,1087095,1089895,1090534,1090955,1092497,1092552,1092813,1092904,1094033,1094353,1094823,1095042,1096140,1096242,1096281,1096728,1097356,973378
CVE References: CVE-2017-13305,CVE-2017-18241,CVE-2017-18249,CVE-2018-1000199,CVE-2018-1000204,CVE-2018-1065,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1130,CVE-2018-3665,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.85.1, kernel-source-4.4.121-92.85.1, kernel-syms-4.4.121-92.85.1, kgraft-patch-SLE12-SP2_Update_23-1-3.5.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.85.1, kernel-source-4.4.121-92.85.1, kernel-syms-4.4.121-92.85.1, kgraft-patch-SLE12-SP2_Update_23-1-3.5.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.85.1, kernel-source-4.4.121-92.85.1, kernel-syms-4.4.121-92.85.1, kgraft-patch-SLE12-SP2_Update_23-1-3.5.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.85.1, kernel-source-4.4.121-92.85.1, kernel-syms-4.4.121-92.85.1, kgraft-patch-SLE12-SP2_Update_23-1-3.5.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.85.1
Comment 15 Swamp Workflow Management 2018-07-18 06:09:52 UTC
This is an autogenerated message for OBS integration:
This bug (1086400) was mentioned in
https://build.opensuse.org/request/show/623532 15.0 / kernel-source
Comment 16 Swamp Workflow Management 2018-07-28 13:34:05 UTC
openSUSE-SU-2018:2119-1: An update that solves 23 vulnerabilities and has 283 fixes is now available.

Category: security (important)
Bug References: 1022476,1046303,1046305,1046306,1046307,1046540,1046542,1046543,1048129,1050242,1050252,1050529,1050536,1050538,1050545,1050549,1050662,1051510,1052766,1055117,1055186,1055968,1056427,1056643,1056651,1056653,1056657,1056658,1056662,1056686,1056787,1058115,1058513,1058659,1058717,1059336,1060463,1061024,1061840,1062897,1064802,1065600,1065729,1066110,1066129,1068032,1068054,1068546,1071218,1071995,1072829,1072856,1073513,1073765,1073960,1074562,1074578,1074701,1074741,1074873,1074919,1074984,1075006,1075007,1075262,1075419,1075748,1075876,1076049,1076115,1076372,1076830,1077338,1078248,1078353,1079152,1079747,1080039,1080157,1080542,1081599,1082485,1082504,1082869,1082962,1083647,1083684,1083900,1084001,1084570,1084721,1085308,1085341,1085400,1085539,1085626,1085933,1085936,1085937,1085938,1085939,1085941,1086224,1086282,1086283,1086286,1086288,1086319,1086323,1086400,1086467,1086652,1086739,1087084,1087088,1087092,1087205,1087210,1087213,1087214,1087284,1087405,1087458,1087939,1087978,1088273,1088354,1088374,1088690,1088704,1088713,1088722,1088796,1088804,1088821,1088866,1088872,1089074,1089086,1089115,1089141,1089198,1089268,1089271,1089467,1089608,1089644,1089663,1089664,1089667,1089669,1089752,1089753,1089762,1089878,1089889,1089977,1090098,1090150,1090457,1090522,1090534,1090535,1090605,1090643,1090646,1090658,1090717,1090734,1090818,1090888,1090953,1091101,1091158,1091171,1091264,1091424,1091532,1091543,1091594,1091666,1091678,1091686,1091781,1091782,1091815,1091860,1091960,1092100,1092289,1092472,1092566,1092710,1092772,1092888,1092904,1092975,1093023,1093027,1093035,1093118,1093148,1093158,1093184,1093205,1093273,1093290,1093604,1093641,1093649,1093653,1093655,1093657,1093663,1093721,1093728,1093904,1093990,1094244,1094356,1094420,1094541,1094575,1094751,1094825,1094840,1094978,1095042,1095094,1095104,1095115,1095155,1095265,1095321,1095337,1095467,1095573,1095735,1095893,1096065,1096480,1096529,1096696,1096705,1096728,1096753,1096790,1096793,1097034,1097105,1097234,1097356,1097373,1097439,1097465,1097468,1097470,1097471,1097472,1097551,1097780,1097796,1097800,1097941,1097961,1098016,1098043,1098050,1098174,1098176,1098236,1098401,1098425,1098435,1098599,1098626,1098706,1098983,1098995,1099029,1099041,1099109,1099142,1099183,1099715,1099792,1099918,1099924,1099966,1100132,1100209,1100340,1100362,1100382,1100416,1100418,1100491,1100602,1100633,1100734,1100843,1101296,1101315,1101324,971975,975772
CVE References: CVE-2017-5715,CVE-2017-5753,CVE-2018-1000200,CVE-2018-1000204,CVE-2018-10087,CVE-2018-10124,CVE-2018-10323,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1108,CVE-2018-1118,CVE-2018-1120,CVE-2018-1130,CVE-2018-12233,CVE-2018-13053,CVE-2018-13405,CVE-2018-13406,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492,CVE-2018-8781,CVE-2018-9385
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.7.1, kernel-default-4.12.14-lp150.12.7.1, kernel-docs-4.12.14-lp150.12.7.1, kernel-kvmsmall-4.12.14-lp150.12.7.1, kernel-obs-build-4.12.14-lp150.12.7.1, kernel-obs-qa-4.12.14-lp150.12.7.1, kernel-source-4.12.14-lp150.12.7.1, kernel-syms-4.12.14-lp150.12.7.1, kernel-vanilla-4.12.14-lp150.12.7.1
Comment 17 Marcus Meissner 2018-09-07 12:40:43 UTC
released
Comment 18 Swamp Workflow Management 2018-10-18 16:45:50 UTC
SUSE-SU-2018:1855-2: An update that solves 14 vulnerabilities and has 15 fixes is now available.

Category: security (important)
Bug References: 1068032,1079152,1082962,1083650,1083900,1085185,1086400,1087007,1087012,1087036,1087086,1087095,1089895,1090534,1090955,1092497,1092552,1092813,1092904,1094033,1094353,1094823,1095042,1096140,1096242,1096281,1096728,1097356,973378
CVE References: CVE-2017-13305,CVE-2017-18241,CVE-2017-18249,CVE-2018-1000199,CVE-2018-1000204,CVE-2018-1065,CVE-2018-1092,CVE-2018-1093,CVE-2018-1094,CVE-2018-1130,CVE-2018-3665,CVE-2018-5803,CVE-2018-5848,CVE-2018-7492
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.85.1, kernel-source-4.4.121-92.85.1, kernel-syms-4.4.121-92.85.1, kgraft-patch-SLE12-SP2_Update_23-1-3.5.1