SUSE-SU-2017:1247-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:1247-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:1247-1
Related
Published
2017-05-11T14:24:14Z
Modified
2017-05-11T14:24:14Z
Summary
Security update for the Linux Kernel
Details

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2015-1350: The VFS subsystem in the Linux kernel provided an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).
  • CVE-2016-2117: The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in the Linux kernel incorrectly enabled scatter/gather I/O, which allowed remote attackers to obtain sensitive information from kernel memory by reading packet data (bnc#968697).
  • CVE-2016-3070: The tracewritebackdirty_page implementation in include/trace/events/writeback.h in the Linux kernel improperly interacted with mm/migrate.c, which allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by triggering a certain page move (bnc#979215).
  • CVE-2016-5243: The tipcnlcompatlinkdump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212).
  • CVE-2016-7117: Use-after-free vulnerability in the _sysrecvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077).
  • CVE-2016-9588: arch/x86/kvm/vmx.c in the Linux kernel mismanages the #BP and #OF exceptions, which allowed guest OS users to cause a denial of service (guest OS crash) by declining to handle an exception thrown by an L2 guest (bnc#1015703).
  • CVE-2016-10044: The aiomount function in fs/aio.c in the Linux kernel did not properly restrict execute access, which made it easier for local users to bypass intended SELinux W^X policy restrictions, and consequently gain privileges, via an iosetup system call (bnc#1023992).
  • CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCKZAPPED status, related to net/l2tp/l2tpip.c and net/l2tp/l2tp_ip6.c (bnc#1028415).
  • CVE-2016-10208: The ext4fillsuper function in fs/ext4/super.c in the Linux kernel did not properly validate meta block groups, which allowed physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image (bnc#1023377).
  • CVE-2017-2671: The pingunhash function in net/ipv4/ping.c in the Linux kernel is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTOICMP in a socket system call (bnc#1031003).
  • CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914).
  • CVE-2017-5897: The ip6greerr function in net/ipv6/ip6gre.c in the Linux kernel allowed remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access (bnc#1023762).
  • CVE-2017-5970: The ipv4pktinfoprepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bnc#1024938).
  • CVE-2017-5986: Race condition in the sctpwaitfor_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bnc#1025235).
  • CVE-2017-6074: The dccprcvstateprocess function in net/dccp/input.c in the Linux kernel mishandled DCCPPKTREQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6RECVPKTINFO setsockopt system call (bnc#1026024).
  • CVE-2017-6214: The tcpspliceread function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722).
  • CVE-2017-6345: The LLC subsystem in the Linux kernel did not ensure that a certain destructor exists in required circumstances, which allowed local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls (bnc#1027190).
  • CVE-2017-6346: Race condition in net/packet/afpacket.c in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that made PACKETFANOUT setsockopt system calls (bnc#1027189).
  • CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178).
  • CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066).
  • CVE-2017-7187: The sgioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SGNEXTCMDLEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213).
  • CVE-2017-7261: The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZEROSIZEPTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052).
  • CVE-2017-7294: The vmwsurfacedefineioctl function in drivers/gpu/drm/vmwgfx/vmwgfxsurface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440).
  • CVE-2017-7308: The packetsetring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579).
  • CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bnc#1033336).

The following non-security bugs were fixed:

  • ext4: fix fencepost in sfirstmeta_bg validation (bsc#1029986).
  • hwrng: virtio - ensure reads happen after successful probe (bsc#954763 bsc#1032344).
  • kgr/module: make a taint flag module-specific (fate#313296).
  • l2tp: fix address test in _l2tpip6bindlookup() (bsc#1028415).
  • l2tp: fix lookup for sockets not bound to a device in l2tp_ip (bsc#1028415).
  • l2tp: fix racy socket lookup in l2tpip and l2tpip6 bind() (bsc#1028415).
  • l2tp: hold socket before dropping lock in l2tpip{, 6}recv() (bsc#1028415).
  • l2tp: hold tunnel socket when handling control frames in l2tpip and l2tpip6 (bsc#1028415).
  • l2tp: lock socket before checking flags in connect() (bsc#1028415).
  • mm/hugememory.c: respect FOLLFORCE/FOLL_COW for thp (bnc#1030118).
  • module: move addtaintmodule() to a header file (fate#313296).
  • netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149).
  • nfs: flush out dirty data on file fput() (bsc#1021762).
  • powerpc: Blacklist GCC 5.4 6.1 and 6.2 (boo#1028895).
  • powerpc: Reject binutils 2.24 when building little endian (boo#1028895).
  • revert 'procfs: mark thread stack correctly in proc/<pid>/maps' (bnc#1030901).
  • taint/module: Clean up global and module taint flags handling (fate#313296).
  • usb: serial: kl5kusb105: fix line-state error handling (bsc#1021256).
  • xfsdmapi: fix the debug compilation of xfsdmapi (bsc#989056).
  • xfs: fix buffer overflow dmgetdirattrs/dmgetdirattrs2 (bsc#989056).
References

Affected packages

SUSE:Linux Enterprise Module for Public Cloud 12 / kernel-ec2

Package

Name
kernel-ec2
Purl
purl:rpm/suse/kernel-ec2&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.72.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-ec2-extra": "3.12.61-52.72.1",
            "kernel-ec2": "3.12.61-52.72.1",
            "kernel-ec2-devel": "3.12.61-52.72.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.72.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.72.1",
            "kernel-devel": "3.12.61-52.72.1",
            "kernel-default-base": "3.12.61-52.72.1",
            "kernel-xen": "3.12.61-52.72.1",
            "kernel-xen-devel": "3.12.61-52.72.1",
            "kernel-xen-base": "3.12.61-52.72.1",
            "kernel-default": "3.12.61-52.72.1",
            "kernel-source": "3.12.61-52.72.1",
            "kernel-syms": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-xen": "1-2.1",
            "kernel-default-devel": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-default": "1-2.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.72.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.72.1",
            "kernel-devel": "3.12.61-52.72.1",
            "kernel-default-base": "3.12.61-52.72.1",
            "kernel-xen": "3.12.61-52.72.1",
            "kernel-xen-devel": "3.12.61-52.72.1",
            "kernel-xen-base": "3.12.61-52.72.1",
            "kernel-default": "3.12.61-52.72.1",
            "kernel-source": "3.12.61-52.72.1",
            "kernel-syms": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-xen": "1-2.1",
            "kernel-default-devel": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-default": "1-2.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.72.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.72.1",
            "kernel-devel": "3.12.61-52.72.1",
            "kernel-default-base": "3.12.61-52.72.1",
            "kernel-xen": "3.12.61-52.72.1",
            "kernel-xen-devel": "3.12.61-52.72.1",
            "kernel-xen-base": "3.12.61-52.72.1",
            "kernel-default": "3.12.61-52.72.1",
            "kernel-source": "3.12.61-52.72.1",
            "kernel-syms": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-xen": "1-2.1",
            "kernel-default-devel": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-default": "1-2.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.72.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.72.1",
            "kernel-devel": "3.12.61-52.72.1",
            "kernel-default-base": "3.12.61-52.72.1",
            "kernel-xen": "3.12.61-52.72.1",
            "kernel-xen-devel": "3.12.61-52.72.1",
            "kernel-xen-base": "3.12.61-52.72.1",
            "kernel-default": "3.12.61-52.72.1",
            "kernel-source": "3.12.61-52.72.1",
            "kernel-syms": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-xen": "1-2.1",
            "kernel-default-devel": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-default": "1-2.1"
        }
    ]
}

SUSE:Linux Enterprise Server for SAP Applications 12 / kgraft-patch-SLE12_Update_21

Package

Name
kgraft-patch-SLE12_Update_21
Purl
purl:rpm/suse/kgraft-patch-SLE12_Update_21&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-2.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.72.1",
            "kernel-devel": "3.12.61-52.72.1",
            "kernel-default-base": "3.12.61-52.72.1",
            "kernel-xen": "3.12.61-52.72.1",
            "kernel-xen-devel": "3.12.61-52.72.1",
            "kernel-xen-base": "3.12.61-52.72.1",
            "kernel-default": "3.12.61-52.72.1",
            "kernel-source": "3.12.61-52.72.1",
            "kernel-syms": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-xen": "1-2.1",
            "kernel-default-devel": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-default": "1-2.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-default

Package

Name
kernel-default
Purl
purl:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.72.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.72.1",
            "kernel-devel": "3.12.61-52.72.1",
            "kernel-default-base": "3.12.61-52.72.1",
            "kernel-xen": "3.12.61-52.72.1",
            "kernel-default-man": "3.12.61-52.72.1",
            "kernel-xen-devel": "3.12.61-52.72.1",
            "kernel-xen-base": "3.12.61-52.72.1",
            "kernel-default": "3.12.61-52.72.1",
            "kernel-source": "3.12.61-52.72.1",
            "kernel-syms": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-xen": "1-2.1",
            "kernel-default-devel": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-default": "1-2.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-source

Package

Name
kernel-source
Purl
purl:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.72.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.72.1",
            "kernel-devel": "3.12.61-52.72.1",
            "kernel-default-base": "3.12.61-52.72.1",
            "kernel-xen": "3.12.61-52.72.1",
            "kernel-default-man": "3.12.61-52.72.1",
            "kernel-xen-devel": "3.12.61-52.72.1",
            "kernel-xen-base": "3.12.61-52.72.1",
            "kernel-default": "3.12.61-52.72.1",
            "kernel-source": "3.12.61-52.72.1",
            "kernel-syms": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-xen": "1-2.1",
            "kernel-default-devel": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-default": "1-2.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-syms

Package

Name
kernel-syms
Purl
purl:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.72.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.72.1",
            "kernel-devel": "3.12.61-52.72.1",
            "kernel-default-base": "3.12.61-52.72.1",
            "kernel-xen": "3.12.61-52.72.1",
            "kernel-default-man": "3.12.61-52.72.1",
            "kernel-xen-devel": "3.12.61-52.72.1",
            "kernel-xen-base": "3.12.61-52.72.1",
            "kernel-default": "3.12.61-52.72.1",
            "kernel-source": "3.12.61-52.72.1",
            "kernel-syms": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-xen": "1-2.1",
            "kernel-default-devel": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-default": "1-2.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kernel-xen

Package

Name
kernel-xen
Purl
purl:rpm/suse/kernel-xen&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.12.61-52.72.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.72.1",
            "kernel-devel": "3.12.61-52.72.1",
            "kernel-default-base": "3.12.61-52.72.1",
            "kernel-xen": "3.12.61-52.72.1",
            "kernel-default-man": "3.12.61-52.72.1",
            "kernel-xen-devel": "3.12.61-52.72.1",
            "kernel-xen-base": "3.12.61-52.72.1",
            "kernel-default": "3.12.61-52.72.1",
            "kernel-source": "3.12.61-52.72.1",
            "kernel-syms": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-xen": "1-2.1",
            "kernel-default-devel": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-default": "1-2.1"
        }
    ]
}

SUSE:Linux Enterprise Server 12-LTSS / kgraft-patch-SLE12_Update_21

Package

Name
kgraft-patch-SLE12_Update_21
Purl
purl:rpm/suse/kgraft-patch-SLE12_Update_21&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1-2.1

Ecosystem specific

{
    "binaries": [
        {
            "kernel-macros": "3.12.61-52.72.1",
            "kernel-devel": "3.12.61-52.72.1",
            "kernel-default-base": "3.12.61-52.72.1",
            "kernel-xen": "3.12.61-52.72.1",
            "kernel-default-man": "3.12.61-52.72.1",
            "kernel-xen-devel": "3.12.61-52.72.1",
            "kernel-xen-base": "3.12.61-52.72.1",
            "kernel-default": "3.12.61-52.72.1",
            "kernel-source": "3.12.61-52.72.1",
            "kernel-syms": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-xen": "1-2.1",
            "kernel-default-devel": "3.12.61-52.72.1",
            "kgraft-patch-3_12_61-52_72-default": "1-2.1"
        }
    ]
}