Bug 1143187 - (CVE-2017-18379) VUL-0: CVE-2017-18379: kernel-source: out of boundary access happened in drivers/nvme/target/fc.c.
(CVE-2017-18379)
VUL-0: CVE-2017-18379: kernel-source: out of boundary access happened in driv...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/238135/
CVSSv2:NVD:CVE-2017-18379:7.5:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-07-29 07:53 UTC by Alexandros Toptsoglou
Modified: 2020-05-12 18:38 UTC (History)
8 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Takashi Iwai 2019-07-29 08:33:23 UTC
Already backported to SLE15 branch.  Not sure whether older kernels are affected.
Comment 2 Takashi Iwai 2019-08-02 10:14:44 UTC
Please distribute in the storage team.  Thanks.
Comment 3 Hannes Reinecke 2019-08-28 07:48:36 UTC
Missing in SLE12 SP3.
Lee, can you handle it?
Comment 4 Lee Duncan 2019-08-29 15:33:43 UTC
pushed to my SLE12-SP3-LTSS for-next branch: users/lduncan/SLE12-SP3-LTSS/for-next
Comment 5 Lee Duncan 2019-08-29 15:35:40 UTC
Reassigning to security team.
Comment 13 Swamp Workflow Management 2019-11-12 23:21:01 UTC
SUSE-SU-2019:2949-1: An update that solves 49 vulnerabilities and has 18 fixes is now available.

Category: security (important)
Bug References: 1051510,1084878,1117665,1131107,1133140,1135966,1135967,1136261,1137865,1139073,1140671,1141013,1141054,1142458,1143187,1144123,1144903,1145477,1146042,1146163,1146285,1146361,1146378,1146391,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146540,1146543,1146547,1146550,1146584,1146589,1147022,1147122,1148394,1148938,1149083,1149376,1149522,1149527,1149555,1149612,1150025,1150112,1150452,1150457,1150465,1150727,1150942,1151347,1151350,1152685,1152782,1152788,1153158,1153263,1154103,1154372,1155131,1155671
CVE References: CVE-2016-10906,CVE-2017-18379,CVE-2017-18509,CVE-2017-18551,CVE-2017-18595,CVE-2018-12207,CVE-2018-20976,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-13272,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15098,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15505,CVE-2019-15666,CVE-2019-15807,CVE-2019-15902,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-9456,CVE-2019-9506
Sources used:
SUSE OpenStack Cloud Crowbar 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE OpenStack Cloud 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server for SAP 12-SP3 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server 12-SP3-LTSS (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise Server 12-SP3-BCL (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.180-94.107.1
SUSE Enterprise Storage 5 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1
SUSE CaaS Platform 3.0 (src):    kernel-default-4.4.180-94.107.1
HPE Helion Openstack 8 (src):    kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Alexandros Toptsoglou 2020-04-29 12:55:58 UTC
Done