Security update for drm

Announcement ID: SUSE-SU-2018:0509-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2017-10810 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-10810 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-10810 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise Desktop 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Workstation Extension 12 12-SP3

An update that solves one vulnerability and has eight security fixes can now be installed.

Description:

This update for drm provides the following fixes:

This security issue was fixed:

  • CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277)

These non-security issues were fixed:

  • Backport upstream 4.9.x stable fixes up to 4.9.81 (bsc#1041744).
  • Fixed crash at suspend/resume on old Intel chipsets (bsc#1047729, bsc#1050256)
  • Fixed large topology support for vmwgfx (bsc#1048155)
  • Workaround for BXT aperture vs GTT chip bug (bsc#1046821)
  • Limit the supplements for the default hardware support to only Intel Skylake / Kabylake and AMDGPU (bsc#1077885) 4.9.x i915 seems more buggy than expected for old chipsets.
  • Conditionally build aarch64 as well (bsc#1066175)
  • Build host1x module (taken from the kernel-source) as well for avoiding the unneeded dependency on kernel-default-extra on ARM64 (bsc#1066175)
  • Enable AMDGPU CIK and SI (bsc#1066175):
  • Add missing hisilicon hibmc driver (bsc#1066175):
  • Add si_support and cik_support options to radeon and amdgpu (bsc#1066175):
  • Update Module.supported and apply it properly; following SLE12-SP3 kernel status
  • Backport the upstream DP-MST fixes, addressing a hang at S3 resume (bsc#1055493):

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Desktop 12 SP3
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2018-337=1
  • SUSE Linux Enterprise Workstation Extension 12 12-SP3
    zypper in -t patch SUSE-SLE-WE-12-SP3-2018-337=1

Package List:

  • SUSE Linux Enterprise Desktop 12 SP3 (x86_64)
    • drm-kmp-default-4.9.33_k4.4.114_94.11-4.11.1
    • drm-kmp-default-debuginfo-4.9.33_k4.4.114_94.11-4.11.1
  • SUSE Linux Enterprise Workstation Extension 12 12-SP3 (x86_64)
    • drm-kmp-default-4.9.33_k4.4.114_94.11-4.11.1
    • drm-kmp-default-debuginfo-4.9.33_k4.4.114_94.11-4.11.1

References: