Bug 1112372 – VUL-1: CVE-2018-18445: kernel-source: Faulty computation of numberic bounds in the BPF verifier

Bug 1112372 - (CVE-2018-18445) VUL-1: CVE-2018-18445: kernel-source: Faulty computation of numberic bounds in the BPF verifier

(CVE-2018-18445)
Summary:	VUL-1: CVE-2018-18445: kernel-source: Faulty computation of numberic bounds i...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Gary Ching-Pang Lin
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/216953/
Whiteboard:	CVSSv3:SUSE:CVE-2018-18445:3.3:(AV:L/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2018-10-18 12:32 UTC by Karol Babioch
Modified:	2022-03-04 21:00 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karol Babioch 2018-10-18 12:32:55 UTC

A faulty computation of numeric bounds in the BPF verifier permits out-of-bounds memory accesses because adjust_scalar_min_max_vals in kernel/bpf/verifier.c mishandles 32-bit right shifts.

Upstream patch:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1640596
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18445
http://seclists.org/oss-sec/2018/q4/69
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-18445.html
https://bugs.chromium.org/p/project-zero/issues/detail?id=1686
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b799207e1e1816b09e7a5920fbb2d5fcf6edd681

Comment 1 Takashi Iwai 2018-10-18 13:09:06 UTC

Gary, could you take a look?

Comment 2 Gary Ching-Pang Lin 2018-10-19 09:39:06 UTC

The patch was merged into SLE15. Close this bug.

Comment 4 Swamp Workflow Management 2018-10-31 17:21:59 UTC

SUSE-SU-2018:3589-1: An update that solves four vulnerabilities and has 102 fixes is now available.

Category: security (important)
Bug References: 1046540,1050319,1050536,1050540,1051510,1055120,1065600,1066674,1067126,1067906,1076830,1079524,1083647,1084760,1084831,1086283,1086288,1094825,1095805,1099125,1100132,1102881,1103308,1103543,1104731,1105025,1105536,1106105,1106110,1106237,1106240,1106838,1107685,1108241,1108377,1108468,1108828,1108841,1108870,1109151,1109158,1109217,1109330,1109739,1109784,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110096,1110538,1110561,1110921,1111028,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    kernel-default-4.12.14-25.25.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    kernel-default-4.12.14-25.25.1, kernel-docs-4.12.14-25.25.1, kernel-obs-qa-4.12.14-25.25.1
SUSE Linux Enterprise Module for Legacy Software 15 (src):    kernel-default-4.12.14-25.25.1
SUSE Linux Enterprise Module for Development Tools 15 (src):    kernel-docs-4.12.14-25.25.1, kernel-obs-build-4.12.14-25.25.1, kernel-source-4.12.14-25.25.1, kernel-syms-4.12.14-25.25.1, kernel-vanilla-4.12.14-25.25.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    kernel-default-4.12.14-25.25.1, kernel-source-4.12.14-25.25.1, kernel-zfcpdump-4.12.14-25.25.1
SUSE Linux Enterprise High Availability 15 (src):    kernel-default-4.12.14-25.25.1

Comment 5 Swamp Workflow Management 2018-10-31 17:44:47 UTC

SUSE-SU-2018:3593-1: An update that solves four vulnerabilities and has 102 fixes is now available.

Category: security (important)
Bug References: 1046540,1050319,1050536,1050540,1051510,1055120,1065600,1066674,1067126,1067906,1076830,1079524,1083647,1084760,1084831,1086283,1086288,1094825,1095805,1099125,1100132,1102881,1103308,1103543,1104731,1105025,1105536,1106105,1106110,1106237,1106240,1106838,1107685,1108241,1108377,1108468,1108828,1108841,1108870,1109151,1109158,1109217,1109330,1109739,1109784,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110096,1110538,1110561,1110921,1111028,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445
Sources used:
SUSE Linux Enterprise Module for Live Patching 15 (src):    kernel-default-4.12.14-25.25.1, kernel-livepatch-SLE15_Update_7-1-1.3.1

Comment 6 Swamp Workflow Management 2018-11-01 19:44:57 UTC

This is an autogenerated message for OBS integration:
This bug (1112372) was mentioned in
https://build.opensuse.org/request/show/645932 15.0 / kernel-source

Comment 7 Swamp Workflow Management 2018-11-07 20:21:16 UTC

openSUSE-SU-2018:3658-1: An update that solves 5 vulnerabilities and has 86 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1065600,1066674,1067906,1076830,1079524,1083647,1084760,1084831,1091800,1094825,1095805,1100132,1103356,1103543,1104124,1104731,1105025,1105428,1105536,1106110,1106237,1106240,1108377,1109330,1109739,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1111040,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113972
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710
Sources used:
openSUSE Leap 15.0 (src):    kernel-debug-4.12.14-lp150.12.25.1, kernel-default-4.12.14-lp150.12.25.1, kernel-docs-4.12.14-lp150.12.25.1, kernel-kvmsmall-4.12.14-lp150.12.25.1, kernel-obs-build-4.12.14-lp150.12.25.1, kernel-obs-qa-4.12.14-lp150.12.25.1, kernel-source-4.12.14-lp150.12.25.1, kernel-syms-4.12.14-lp150.12.25.1, kernel-vanilla-4.12.14-lp150.12.25.1

Comment 10 Swamp Workflow Management 2018-11-28 14:25:05 UTC

SUSE-SU-2018:3934-1: An update that solves 5 vulnerabilities and has 101 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1061840,1065600,1066674,1067906,1076830,1079524,1083647,1084760,1084831,1086196,1091800,1094825,1095805,1100132,1101138,1103356,1103543,1103925,1104124,1104731,1105025,1105428,1105536,1106110,1106237,1106240,1106287,1106359,1106838,1108377,1108468,1108870,1109330,1109739,1109772,1109784,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1111040,1111076,1111506,1111806,1111811,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113780,1113972,1114279
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710
Sources used:
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-azure-4.12.14-6.3.1, kernel-source-azure-4.12.14-6.3.1, kernel-syms-azure-4.12.14-6.3.1

Comment 11 Swamp Workflow Management 2018-11-30 20:57:09 UTC

SUSE-SU-2018:3961-1: An update that solves 22 vulnerabilities and has 286 fixes is now available.

Category: security (important)
Bug References: 1012382,1031392,1043912,1044189,1046302,1046305,1046306,1046307,1046540,1046543,1050244,1050319,1050536,1050540,1051510,1054914,1055014,1055117,1055120,1058659,1060463,1061840,1065600,1065729,1066674,1067126,1067906,1068032,1069138,1071995,1076830,1077761,1077989,1078720,1079524,1080157,1082519,1082555,1083647,1083663,1084760,1084831,1085030,1085042,1085262,1086282,1086283,1086288,1086327,1089663,1090078,1091800,1092903,1094244,1094825,1095344,1095805,1096748,1097105,1097583,1097584,1097585,1097586,1097587,1097588,1098459,1098782,1098822,1099125,1099922,1099999,1100001,1100132,1101480,1101557,1101669,1102346,1102495,1102517,1102715,1102870,1102875,1102877,1102879,1102881,1102882,1102896,1103269,1103308,1103356,1103363,1103387,1103405,1103421,1103543,1103587,1103636,1103948,1103949,1103961,1104172,1104353,1104482,1104683,1104731,1104824,1104888,1104890,1105025,1105190,1105247,1105292,1105322,1105355,1105378,1105396,1105428,1105467,1105524,1105536,1105597,1105603,1105672,1105731,1105795,1105907,1106007,1106016,1106105,1106110,1106121,1106170,1106178,1106229,1106230,1106231,1106233,1106235,1106236,1106237,1106238,1106240,1106291,1106297,1106333,1106369,1106427,1106464,1106509,1106511,1106594,1106636,1106688,1106697,1106779,1106800,1106838,1106890,1106891,1106892,1106893,1106894,1106896,1106897,1106898,1106899,1106900,1106901,1106902,1106903,1106905,1106906,1106948,1106995,1107008,1107060,1107061,1107065,1107074,1107207,1107319,1107320,1107522,1107535,1107685,1107689,1107735,1107756,1107783,1107829,1107870,1107924,1107928,1107945,1107947,1107966,1108010,1108093,1108096,1108170,1108241,1108243,1108260,1108281,1108323,1108377,1108399,1108468,1108520,1108823,1108841,1108870,1109151,1109158,1109217,1109244,1109269,1109330,1109333,1109336,1109337,1109511,1109603,1109739,1109772,1109784,1109806,1109818,1109907,1109915,1109919,1109951,1109979,1109992,1110006,1110096,1110301,1110363,1110538,1110561,1110639,1110642,1110643,1110644,1110645,1110646,1110647,1110649,1110650,1111028,1111040,1111076,1111506,1111806,1111819,1111830,1111834,1111841,1111870,1111901,1111904,1111921,1111928,1111983,1112170,1112208,1112219,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1113257,1113284,1113295,1113408,1113667,1113722,1113751,1113780,1113972,1114279,971975
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-10902,CVE-2018-10938,CVE-2018-10940,CVE-2018-1128,CVE-2018-1129,CVE-2018-12896,CVE-2018-13093,CVE-2018-13095,CVE-2018-14613,CVE-2018-14617,CVE-2018-14633,CVE-2018-15572,CVE-2018-16658,CVE-2018-17182,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-6554,CVE-2018-6555,CVE-2018-9363
Sources used:
SUSE Linux Enterprise Module for Public Cloud 15 (src):    kernel-azure-4.12.14-5.16.1, kernel-source-azure-4.12.14-5.16.1, kernel-syms-azure-4.12.14-5.16.1

Comment 13 Swamp Workflow Management 2018-12-11 14:21:07 UTC

SUSE-SU-2018:4069-1: An update that solves 7 vulnerabilities and has 184 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1061840,1065600,1065729,1066674,1067906,1068273,1076830,1078248,1079524,1082555,1082653,1083647,1084760,1084831,1085535,1086196,1089350,1091800,1094825,1095805,1097755,1100132,1103356,1103925,1104124,1104731,1104824,1105025,1105428,1106105,1106110,1106237,1106240,1107256,1107385,1107866,1108377,1108468,1109330,1109739,1109772,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110998,1111040,1111062,1111174,1111506,1111696,1111809,1111921,1111983,1112128,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1112963,1113257,1113284,1113295,1113408,1113412,1113501,1113667,1113677,1113722,1113751,1113769,1113780,1113972,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116183,1116692,1116693,1116698,1116699,1116700,1116701,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117168,1117172,1117174,1117181,1117184,1117188,1117189,1117349,1117561,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1118102,1118136,1118137,1118138,1118140,1118152,1118316
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18281,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-19824
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP4 (src):    kernel-default-4.12.14-95.3.1
SUSE Linux Enterprise Software Development Kit 12-SP4 (src):    kernel-docs-4.12.14-95.3.1, kernel-obs-build-4.12.14-95.3.2
SUSE Linux Enterprise Server 12-SP4 (src):    kernel-default-4.12.14-95.3.1, kernel-source-4.12.14-95.3.1, kernel-syms-4.12.14-95.3.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    kernel-default-4.12.14-95.3.1
SUSE Linux Enterprise Desktop 12-SP4 (src):    kernel-default-4.12.14-95.3.1, kernel-source-4.12.14-95.3.1, kernel-syms-4.12.14-95.3.1

Comment 14 Swamp Workflow Management 2018-12-12 08:25:01 UTC

SUSE-SU-2018:4072-1: An update that solves 7 vulnerabilities and has 184 fixes is now available.

Category: security (important)
Bug References: 1051510,1055120,1061840,1065600,1065729,1066674,1067906,1068273,1076830,1078248,1079524,1082555,1082653,1083647,1084760,1084831,1085535,1086196,1089350,1091800,1094825,1095805,1097755,1100132,1103356,1103925,1104124,1104731,1104824,1105025,1105428,1106105,1106110,1106237,1106240,1107256,1107385,1107866,1108377,1108468,1109330,1109739,1109772,1109806,1109818,1109907,1109911,1109915,1109919,1109951,1110006,1110998,1111040,1111062,1111174,1111506,1111696,1111809,1111921,1111983,1112128,1112170,1112173,1112208,1112219,1112221,1112246,1112372,1112514,1112554,1112708,1112710,1112711,1112712,1112713,1112731,1112732,1112733,1112734,1112735,1112736,1112738,1112739,1112740,1112741,1112743,1112745,1112746,1112878,1112894,1112899,1112902,1112903,1112905,1112906,1112907,1112963,1113257,1113284,1113295,1113408,1113412,1113501,1113667,1113677,1113722,1113751,1113769,1113780,1113972,1114015,1114178,1114279,1114385,1114576,1114577,1114578,1114579,1114580,1114581,1114582,1114583,1114584,1114585,1114839,1115074,1115269,1115431,1115433,1115440,1115567,1115709,1115976,1116183,1116692,1116693,1116698,1116699,1116700,1116701,1116862,1116863,1116876,1116877,1116878,1116891,1116895,1116899,1116950,1117168,1117172,1117174,1117181,1117184,1117188,1117189,1117349,1117561,1117788,1117789,1117790,1117791,1117792,1117794,1117795,1117796,1117798,1117799,1117801,1117802,1117803,1117804,1117805,1117806,1117807,1117808,1117815,1117816,1117817,1117818,1117819,1117820,1117821,1117822,1118102,1118136,1118137,1118138,1118140,1118152,1118316
CVE References: CVE-2017-16533,CVE-2017-18224,CVE-2018-18281,CVE-2018-18386,CVE-2018-18445,CVE-2018-18710,CVE-2018-19824
Sources used:
SUSE Linux Enterprise Live Patching 12-SP4 (src):    kgraft-patch-SLE12-SP4_Update_1-1-7.1