Security update for the Linux Kernel

Announcement ID: SUSE-SU-2017:2286-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-1000111 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000111 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000112 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-10810 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-10810 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-10810 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-11473 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-11473 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-11473 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7533 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7533 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7533 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7541 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7541 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7541 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7542 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7542 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-8831 ( SUSE ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-8831 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise Desktop 12 SP3
  • SUSE Linux Enterprise High Availability Extension 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Live Patching 12-SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP3
  • SUSE Linux Enterprise Software Development Kit 12 SP3
  • SUSE Linux Enterprise Workstation Extension 12 12-SP3

An update that solves eight vulnerabilities and has 150 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.82 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365).
  • CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).
  • CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).
  • CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882).
  • CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).
  • CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bnc#1049483 bnc#1050677).
  • CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645).
  • CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277).

The following non-security bugs were fixed:

  • acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2 (bsc#1052325).
  • acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325).
  • acpi / processor: Avoid reserving IO regions too early (bsc#1051478).
  • acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).
  • Add "shutdown" to "struct class" (bsc#1053117).
  • af_key: Add lock to key dump (bsc#1047653).
  • af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
  • alsa: fm801: Initialize chip after IRQ handler is registered (bsc#1031717).
  • alsa: hda - add more ML register definitions (bsc#1048356).
  • alsa: hda - add sanity check to force the separate stream tags (bsc#1048356).
  • alsa: hda: Add support for parsing new HDA capabilities (bsc#1048356).
  • alsa: hdac: Add support for hda DMA Resume capability (bsc#1048356).
  • alsa: hdac_regmap - fix the register access for runtime PM (bsc#1048356).
  • alsa: hda: Fix cpu lockup when stopping the cmd dmas (bsc#1048356).
  • alsa: hda - Fix endless loop of codec configure (bsc#1031717).
  • alsa: hda: fix to wait for RIRB & CORB DMA to set (bsc#1048356).
  • alsa: hda - Loop interrupt handling until really cleared (bsc#1048356).
  • alsa: hda - move bus_parse_capabilities to core (bsc#1048356).
  • alsa: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717).
  • alsa: hda - set intel audio clock to a proper value (bsc#1048356).
  • arm64: kernel: restrict /dev/mem read() calls to linear region (bsc#1046651).
  • arm64: mm: remove page_mapping check in __sync_icache_dcache (bsc#1040347).
  • arm64: Update config files. Disable DEVKMEM
  • b43: Add missing MODULE_FIRMWARE() (bsc#1037344).
  • bcache: force trigger gc (bsc#1038078).
  • bcache: only recovery I/O error for writethrough mode (bsc#1043652).
  • bcache: only recovery I/O error for writethrough mode (bsc#1043652).
  • bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).
  • blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)
  • blacklist.conf: add inapplicable commits for wifi (bsc#1031717)
  • blacklist.conf: add non-applicable fixes for iwlwifi (FATE#323335)
  • blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).
  • blacklist.conf: add unapplicable drm fixes (bsc#1031717).
  • blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning.
  • blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478).
  • blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478).
  • blkfront: add uevent for size change (bnc#1036632).
  • blk-mq: map all HWQ also in hyperthreaded system (bsc#1045866).
  • block: add kblock_mod_delayed_work_on() (bsc#1050211).
  • block: Allow bdi re-registration (bsc#1040307).
  • block: do not allow updates through sysfs until registration completes (bsc#1047027).
  • block: Fix front merge check (bsc#1051239).
  • block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet time (bsc#1050211).
  • block: Make del_gendisk() safer for disks without queues (bsc#1040307).
  • block: Move bdi_unregister() to del_gendisk() (bsc#1040307).
  • block: provide bio_uninit() free freeing integrity/task associations (bsc#1050211).
  • bluetooth: hidp: fix possible might sleep error in hidp_session_thread (bsc#1031784).
  • brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).
  • btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).
  • btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).
  • btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
  • btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682).
  • btrfs: incremental send, fix invalid path for link commands (bsc#1051479).
  • btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479).
  • btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912).
  • btrfs: resume qgroup rescan on rw remount (bsc#1047152).
  • btrfs: Round down values which are written for total_bytes_size (bsc#1043912).
  • btrfs: send, fix invalid path after renaming and linking file (bsc#1051479).
  • cifs: Fix some return values in case of error in 'crypt_message' (bnc#1047802).
  • clocksource/drivers/arm_arch_timer: Fix read and iounmap of incorrect variable (bsc#1045937).
  • cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).
  • crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).
  • cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).
  • cxgb4: fix a NULL dereference (bsc#1005778).
  • cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778).
  • cxgb4: fix memory leak in init_one() (bsc#1005778).
  • cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).
  • dentry name snapshots (bsc#1049483).
  • device-dax: fix sysfs attribute deadlock (bsc#1048919).
  • dm: fix second blk_delay_queue() parameter to be in msec units not (bsc#1047670).
  • dm: make flush bios explicitly sync (bsc#1050211).
  • dm raid1: fixes two crash cases if mirror leg failed (bsc#1043520)
  • drivers/char: kmem: disable on arm64 (bsc#1046655).
  • drivers: hv: As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60 seconds (bnc#1039153)
  • drivers: hv: Fix a typo (fate#320485).
  • drivers: hv: Fix the bug in generating the guest ID (fate#320485).
  • drivers: hv: util: Fix a typo (fate#320485).
  • drivers: hv: util: Make hv_poll_channel() a little more efficient (fate#320485).
  • drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page (fate#320485).
  • drivers: hv: vmbus: Fix error code returned by vmbus_post_msg() (fate#320485).
  • drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112).
  • drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
  • drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112).
  • drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112).
  • drivers: hv: vmbus: Move the code to signal end of message (fate#320485).
  • drivers: hv: vmbus: Move the definition of generate_guest_id() (fate#320485).
  • drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents (fate#320485).
  • drivers: hv: vmbus: Restructure the clockevents code (fate#320485).
  • drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions (bsc#1031717).
  • drm/bochs: Implement nomodeset (bsc#1047096).
  • drm/i915/fbdev: Stop repeating tile configuration on stagnation (bsc#1031717).
  • drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).
  • drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821).
  • drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).
  • drm/vmwgfx: Fix large topology crash (bsc#1048155).
  • drm/vmwgfx: Support topology greater than texture size (bsc#1048155).
  • Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'
  • efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).
  • ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).
  • ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).
  • ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).
  • ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829).
  • Fix kABI breakage by HD-audio bus caps extensions (bsc#1048356).
  • Fix kABI breakage by KVM CVE fix (bsc#1045922).
  • fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).
  • fs: pass on flags in compat_writev (bsc#1050211).
  • fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
  • gcov: add support for gcc version >= 6 (bsc#1051663).
  • gcov: support GCC 7.1 (bsc#1051663).
  • gfs2: fix flock panic issue (bsc#1012829).
  • hpsa: limit transfer length to 1MB (bsc#1025461).
  • hrtimer: Catch invalid clockids again (bsc#1047651).
  • hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).
  • hv_netvsc: change netvsc device default duplex to FULL (fate#320485).
  • hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421).
  • hv_netvsc: Fix the carrier state error when data path is off (fate#320485).
  • hv_netvsc: Fix the queue index computation in forwarding case (bsc#1048421).
  • hv_netvsc: Remove unnecessary var link_state from struct netvsc_device_info (fate#320485).
  • hv: print extra debug in kvp_on_msg in error paths (bnc#1039153).
  • hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112).
  • hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
  • hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112).
  • hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).
  • hv_util: switch to using timespec64 (fate#320485).
  • hwpoison, memcg: forcibly uncharge LRU pages (bnc#1046105).
  • hyperv: fix warning about missing prototype (fate#320485).
  • hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary (fate#320485).
  • hyperv: remove unnecessary return variable (fate#320485).
  • i2c: designware-baytrail: fix potential null pointer dereference on dev (bsc#1011913).
  • i40e: add hw struct local variable (bsc#1039915).
  • i40e: add private flag to control source pruning (bsc#1034075).
  • i40e: add VSI info to macaddr messages (bsc#1039915).
  • i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).
  • i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).
  • i40e: delete filter after adding its replacement when converting (bsc#1039915).
  • i40e: do not add broadcast filter for VFs (bsc#1039915).
  • i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (bsc#1039915).
  • i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter (bsc#1039915).
  • i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter (bsc#1039915).
  • i40e: factor out addition/deletion of VLAN per each MAC address (bsc#1039915).
  • i40e: fix ethtool to get EEPROM data from X722 interface (bsc#104741