Security update for the Linux Kernel

Announcement ID: SUSE-SU-2017:2956-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-1000111 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000111 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000112 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000251 ( SUSE ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000251 ( NVD ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000251 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000252 ( SUSE ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-1000252 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-1000365 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
  • CVE-2017-1000365 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000365 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-10810 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-10810 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-10810 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-11472 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2017-11472 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • CVE-2017-11473 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-11473 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-11473 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-12134 ( SUSE ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • CVE-2017-12134 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2017-12154 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2017-12154 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • CVE-2017-14051 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-14051 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-14106 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-14106 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7518 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  • CVE-2017-7518 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7533 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7533 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7533 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7541 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7541 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7541 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7542 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-7542 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-8831 ( SUSE ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-8831 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise Real Time 12 SP2
  • SUSE Linux Enterprise Server 12 SP2

An update that solves 17 vulnerabilities and has 113 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP2 RT kernel was updated to 4.4.88 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation (bnc#1039354)
  • CVE-2017-1000112: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bnc#1052311)
  • CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in remote code execution in kernel space (bnc#1057389)
  • CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588)
  • CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994)
  • CVE-2017-1000252: Wrong gsi values via KVM_IRQFD allowed unprivileged users using KVM to cause DoS on Intel systems (bsc#1058038).
  • CVE-2017-1000111: Prevent in packet_set_ring on PACKET_RESERVE (bsc#1052365).
  • CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277).
  • CVE-2017-11472: The acpi_ns_terminate() function did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table (bnc#1049580).
  • CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).
  • CVE-2017-12134: The xen_biovec_phys_mergeable function might have allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790).
  • CVE-2017-12154: L2 guest could have accessed hardware(L0) CR8 register and crashed the host system (bsc#1058507).
  • CVE-2017-14106: The tcp_disconnect function allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).
  • CVE-2017-7518: Faulty debug exception via syscall emulation allowed non-linux guests to escalate their privileges in the guest (bsc#1045922).
  • CVE-2017-7533: Race condition in the fsnotify implementation allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bsc#1049483).
  • CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bsc#1049645).
  • CVE-2017-7542: The ip6_find_1stfragopt function allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882).

The following non-security bugs were fixed:

  • ACPI / processor: Avoid reserving IO regions too early (bsc#1051478).
  • ACPI / scan: Prefer devices without _HID for _ADR matching.
  • ALSA: fm801: Initialize chip after IRQ handler is registered (bsc#1031717).
  • ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657).
  • ALSA: hda - Fix endless loop of codec configure (bsc#1031717).
  • ALSA: hda - Implement mic-mute LED mode enum (bsc#1055013).
  • ALSA: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717).
  • ALSA: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405).
  • ALSA: ice1712: Add support for STAudio ADCIII (bsc#1048934).
  • ALSA: usb-audio: Apply sample rate q