Bugzilla – Bug 1143187
VUL-0: CVE-2017-18379: kernel-source: out of boundary access happened in drivers/nvme/target/fc.c.
Last modified: 2020-05-12 18:38:42 UTC
CVE-2017-18379 In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18379 http://www.cvedetails.com/cve/CVE-2017-18379/ https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0c319d3a144d4b8f1ea2047fd614d2149b68f889 https://github.com/torvalds/linux/commit/0c319d3a144d4b8f1ea2047fd614d2149b68f889
Already backported to SLE15 branch. Not sure whether older kernels are affected.
Please distribute in the storage team. Thanks.
Missing in SLE12 SP3. Lee, can you handle it?
pushed to my SLE12-SP3-LTSS for-next branch: users/lduncan/SLE12-SP3-LTSS/for-next
Reassigning to security team.
SUSE-SU-2019:2949-1: An update that solves 49 vulnerabilities and has 18 fixes is now available. Category: security (important) Bug References: 1051510,1084878,1117665,1131107,1133140,1135966,1135967,1136261,1137865,1139073,1140671,1141013,1141054,1142458,1143187,1144123,1144903,1145477,1146042,1146163,1146285,1146361,1146378,1146391,1146413,1146425,1146512,1146514,1146516,1146519,1146524,1146526,1146529,1146540,1146543,1146547,1146550,1146584,1146589,1147022,1147122,1148394,1148938,1149083,1149376,1149522,1149527,1149555,1149612,1150025,1150112,1150452,1150457,1150465,1150727,1150942,1151347,1151350,1152685,1152782,1152788,1153158,1153263,1154103,1154372,1155131,1155671 CVE References: CVE-2016-10906,CVE-2017-18379,CVE-2017-18509,CVE-2017-18551,CVE-2017-18595,CVE-2018-12207,CVE-2018-20976,CVE-2019-0154,CVE-2019-0155,CVE-2019-10220,CVE-2019-11135,CVE-2019-13272,CVE-2019-14814,CVE-2019-14815,CVE-2019-14816,CVE-2019-14821,CVE-2019-14835,CVE-2019-15098,CVE-2019-15211,CVE-2019-15212,CVE-2019-15214,CVE-2019-15215,CVE-2019-15216,CVE-2019-15217,CVE-2019-15218,CVE-2019-15219,CVE-2019-15220,CVE-2019-15221,CVE-2019-15239,CVE-2019-15290,CVE-2019-15291,CVE-2019-15505,CVE-2019-15666,CVE-2019-15807,CVE-2019-15902,CVE-2019-15924,CVE-2019-15926,CVE-2019-15927,CVE-2019-16232,CVE-2019-16233,CVE-2019-16234,CVE-2019-16413,CVE-2019-16995,CVE-2019-17055,CVE-2019-17056,CVE-2019-17133,CVE-2019-17666,CVE-2019-9456,CVE-2019-9506 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1 SUSE OpenStack Cloud 8 (src): kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1 SUSE Linux Enterprise Server for SAP 12-SP3 (src): kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1 SUSE Linux Enterprise Server 12-SP3-LTSS (src): kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1 SUSE Linux Enterprise Server 12-SP3-BCL (src): kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1 SUSE Linux Enterprise High Availability 12-SP3 (src): kernel-default-4.4.180-94.107.1 SUSE Enterprise Storage 5 (src): kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1 SUSE CaaS Platform 3.0 (src): kernel-default-4.4.180-94.107.1 HPE Helion Openstack 8 (src): kernel-default-4.4.180-94.107.1, kernel-source-4.4.180-94.107.1, kernel-syms-4.4.180-94.107.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Done