Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2017:3210-1
Rating:	important
References:	bsc#1047626 bsc#1059465 bsc#1066471 bsc#1066472 bsc#1069496 bsc#860993 bsc#975788
Cross-References:	CVE-2014-0038 CVE-2017-1000405 CVE-2017-12193 CVE-2017-15102 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16649 CVE-2017-16650 CVE-2017-16939
CVSS scores:	CVE-2017-1000405 ( SUSE ): 5.7 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L CVE-2017-1000405 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000405 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-12193 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-12193 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-15102 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-15102 ( NVD ): 6.3 CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16525 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-16525 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16527 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-16527 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16529 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-16529 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16531 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-16531 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16535 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-16535 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16536 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-16536 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16537 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-16537 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16649 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-16649 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16650 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-16650 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16939 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16939 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-16939 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Public Cloud Module 12 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise High Performance Computing 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SP5 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 6

An update that solves 14 vulnerabilities can now be installed.

Description:

The SUSE Linux Enterprise 12 SP1 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

• CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages. (bnc#1069702)
• CVE-2017-1000405: mm, thp: do not dirty huge pages on read fault (bnc#1069496).
• CVE-2017-16649: The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1067085)
• CVE-2014-0038: The compat_sys_recvmmsg function in net/compat.c, when CONFIG_X86_X32 is enabled, allowed local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter (bnc#860993).
• CVE-2017-16650: The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel allowed local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1067086)
• CVE-2017-16535: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066700)
• CVE-2017-15102: The tower_probe function in drivers/usb/misc/legousbtower.c in the Linux kernel allowed local users (who are physically proximate for inserting a crafted USB device) to gain privileges by leveraging a write-what-where condition that occurs after a race condition and a NULL pointer dereference. (bnc#1066705)
• CVE-2017-16531: drivers/usb/core/config.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor. (bnc#1066671)
• CVE-2017-12193: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel mishandled node splitting, which allowed local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations. (bnc#1066192)
• CVE-2017-16529: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066650)
• CVE-2017-16525: The usb_serial_console_disconnect function in drivers/usb/serial/console.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device, related to disconnection and failed setup. (bnc#1066618)
• CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066573)
• CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066606)
• CVE-2017-16527: sound/usb/mixer.c in the Linux kernel allowed local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. (bnc#1066625)

The following non-security bugs were fixed:

• NVMe: No lock while DMA mapping data (bsc#975788).
• bcache: Add bch_keylist_init_single() (bsc#1047626).
• bcache: Add btree_map() functions (bsc#1047626).
• bcache: Add on error panic/unregister setting (bsc#1047626).
• bcache: Convert gc to a kthread (bsc#1047626).
• bcache: Delete some slower inline asm (bsc#1047626).
• bcache: Drop unneeded blk_sync_queue() calls (bsc#1047626).
• bcache: Fix a bug recovering from unclean shutdown (bsc#1047626).
• bcache: Fix a journalling reclaim after recovery bug (bsc#1047626).
• bcache: Fix a null ptr deref in journal replay (bsc#1047626).
• bcache: Fix an infinite loop in journal replay (bsc#1047626).
• bcache: Fix bch_ptr_bad() (bsc#1047626).
• bcache: Fix discard granularity (bsc#1047626).
• bcache: Fix for can_attach_cache() (bsc#1047626).
• bcache: Fix heap_peek() macro (bsc#1047626).
• bcache: Fix moving_pred() (bsc#1047626).
• bcache: Fix to remove the rcu_sched stalls (bsc#1047626).
• bcache: Improve bucket_prio() calculation (bsc#1047626).
• bcache: Improve priority_stats (bsc#1047626).
• bcache: Minor btree cache fix (bsc#1047626).
• bcache: Move keylist out of btree_op (bsc#1047626).
• bcache: New writeback PD controller (bsc#1047626).
• bcache: PRECEDING_KEY() (bsc#1047626).
• bcache: Performance fix for when journal entry is full (bsc#1047626).
• bcache: Remove redundant block_size assignment (bsc#1047626).
• bcache: Remove redundant parameter for cache_alloc() (bsc#1047626).
• bcache: Remove/fix some header dependencies (bsc#1047626).
• bcache: Trivial error handling fix (bsc#1047626).
• bcache: Use ida for bcache block dev minor (bsc#1047626).
• bcache: allows use of register in udev to avoid "device_busy" error (bsc#1047626).
• bcache: bch_allocator_thread() is not freezable (bsc#1047626).
• bcache: bch_gc_thread() is not freezable (bsc#1047626).
• bcache: bugfix - gc thread now gets woken when cache is full (bsc#1047626).
• bcache: bugfix - moving_gc now moves only correct buckets (bsc#1047626).
• bcache: cleaned up error handling around register_cache() (bsc#1047626).
• bcache: clear BCACHE_DEV_UNLINK_DONE flag when attaching a backing device (bsc#1047626).
• bcache: defensively handle format strings (bsc#1047626).
• bcache: fix BUG_ON due to integer overflow with GC_SECTORS_USED (bsc#1047626).
• bcache: fix a livelock when we cause a huge number of cache misses (bsc#1047626).
• bcache: fix crash in bcache_btree_node_alloc_fail tracepoint (bsc#1047626).
• bcache: fix for gc and writeback race (bsc#1047626).
• bcache: fix for gc crashing when no sectors are used (bsc#1047626).
• bcache: kill index() (bsc#1047626).
• bcache: register_bcache(): call blkdev_put() when cache_alloc() fails (bsc#1047626).
• bcache: stop moving_gc marking buckets that can't be moved (bsc#1047626).
• mac80211: do not compare TKIP TX MIC key in reinstall prevention (bsc#1066472).
• mac80211: use constant time comparison with keys (bsc#1066471).
• packet: fix use-after-free in fanout_add()
• scsi: ILLEGAL REQUEST + ASC==27 produces target failure (bsc#1059465).

Special Instructions and Notes:

• Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE OpenStack Cloud 6
  zypper in -t patch SUSE-OpenStack-Cloud-6-2017-1995=1
• Public Cloud Module 12
  zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-1995=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1
  zypper in -t patch SUSE-SLE-SAP-12-SP1-2017-1995=1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1
  zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-1995=1

Package List:

• SUSE OpenStack Cloud 6 (nosrc x86_64)
  • kernel-xen-3.12.74-60.64.66.1
  • kernel-default-3.12.74-60.64.66.1
• SUSE OpenStack Cloud 6 (x86_64)
  • kernel-default-devel-3.12.74-60.64.66.1
  • kernel-default-debuginfo-3.12.74-60.64.66.1
  • kgraft-patch-3_12_74-60_64_66-default-1-2.1
  • kernel-xen-debugsource-3.12.74-60.64.66.1
  • kernel-default-base-3.12.74-60.64.66.1
  • kernel-syms-3.12.74-60.64.66.1
  • kernel-xen-debuginfo-3.12.74-60.64.66.1
  • kernel-default-debugsource-3.12.74-60.64.66.1
  • kernel-default-base-debuginfo-3.12.74-60.64.66.1
  • kgraft-patch-3_12_74-60_64_66-xen-1-2.1
  • kernel-xen-devel-3.12.74-60.64.66.1
  • kernel-xen-base-3.12.74-60.64.66.1
  • kernel-xen-base-debuginfo-3.12.74-60.64.66.1
• SUSE OpenStack Cloud 6 (noarch)
  • kernel-source-3.12.74-60.64.66.1
  • kernel-devel-3.12.74-60.64.66.1
  • kernel-macros-3.12.74-60.64.66.1
• Public Cloud Module 12 (nosrc x86_64)
  • kernel-ec2-3.12.74-60.64.66.1
• Public Cloud Module 12 (x86_64)
  • kernel-ec2-devel-3.12.74-60.64.66.1
  • kernel-ec2-debugsource-3.12.74-60.64.66.1
  • kernel-ec2-debuginfo-3.12.74-60.64.66.1
  • kernel-ec2-extra-debuginfo-3.12.74-60.64.66.1
  • kernel-ec2-extra-3.12.74-60.64.66.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (nosrc ppc64le x86_64)
  • kernel-default-3.12.74-60.64.66.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (ppc64le x86_64)
  • kernel-default-devel-3.12.74-60.64.66.1
  • kernel-default-debuginfo-3.12.74-60.64.66.1
  • kernel-default-base-3.12.74-60.64.66.1
  • kernel-syms-3.12.74-60.64.66.1
  • kernel-default-debugsource-3.12.74-60.64.66.1
  • kernel-default-base-debuginfo-3.12.74-60.64.66.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (noarch)
  • kernel-source-3.12.74-60.64.66.1
  • kernel-devel-3.12.74-60.64.66.1
  • kernel-macros-3.12.74-60.64.66.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (nosrc x86_64)
  • kernel-xen-3.12.74-60.64.66.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP1 (x86_64)
  • kgraft-patch-3_12_74-60_64_66-default-1-2.1
  • kernel-xen-debugsource-3.12.74-60.64.66.1
  • kernel-xen-debuginfo-3.12.74-60.64.66.1
  • kgraft-patch-3_12_74-60_64_66-xen-1-2.1
  • kernel-xen-devel-3.12.74-60.64.66.1
  • kernel-xen-base-3.12.74-60.64.66.1
  • kernel-xen-base-debuginfo-3.12.74-60.64.66.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (nosrc ppc64le s390x x86_64)
  • kernel-default-3.12.74-60.64.66.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (ppc64le s390x x86_64)
  • kernel-default-devel-3.12.74-60.64.66.1
  • kernel-default-debuginfo-3.12.74-60.64.66.1
  • kernel-default-base-3.12.74-60.64.66.1
  • kernel-syms-3.12.74-60.64.66.1
  • kernel-default-debugsource-3.12.74-60.64.66.1
  • kernel-default-base-debuginfo-3.12.74-60.64.66.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (noarch)
  • kernel-source-3.12.74-60.64.66.1
  • kernel-devel-3.12.74-60.64.66.1
  • kernel-macros-3.12.74-60.64.66.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (s390x)
  • kernel-default-man-3.12.74-60.64.66.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (nosrc x86_64)
  • kernel-xen-3.12.74-60.64.66.1
• SUSE Linux Enterprise Server 12 SP1 LTSS 12-SP1 (x86_64)
  • kgraft-patch-3_12_74-60_64_66-default-1-2.1
  • kernel-xen-debugsource-3.12.74-60.64.66.1
  • kernel-xen-debuginfo-3.12.74-60.64.66.1
  • kgraft-patch-3_12_74-60_64_66-xen-1-2.1
  • kernel-xen-devel-3.12.74-60.64.66.1
  • kernel-xen-base-3.12.74-60.64.66.1
  • kernel-xen-base-debuginfo-3.12.74-60.64.66.1

References:

• https://www.suse.com/security/cve/CVE-2014-0038.html
• https://www.suse.com/security/cve/CVE-2017-1000405.html
• https://www.suse.com/security/cve/CVE-2017-12193.html
• https://www.suse.com/security/cve/CVE-2017-15102.html
• https://www.suse.com/security/cve/CVE-2017-16525.html
• https://www.suse.com/security/cve/CVE-2017-16527.html
• https://www.suse.com/security/cve/CVE-2017-16529.html
• https://www.suse.com/security/cve/CVE-2017-16531.html
• https://www.suse.com/security/cve/CVE-2017-16535.html
• https://www.suse.com/security/cve/CVE-2017-16536.html
• https://www.suse.com/security/cve/CVE-2017-16537.html
• https://www.suse.com/security/cve/CVE-2017-16649.html
• https://www.suse.com/security/cve/CVE-2017-16650.html
• https://www.suse.com/security/cve/CVE-2017-16939.html
• https://bugzilla.suse.com/show_bug.cgi?id=1047626
• https://bugzilla.suse.com/show_bug.cgi?id=1059465
• https://bugzilla.suse.com/show_bug.cgi?id=1066471
• https://bugzilla.suse.com/show_bug.cgi?id=1066472
• https://bugzilla.suse.com/show_bug.cgi?id=1069496
• https://bugzilla.suse.com/show_bug.cgi?id=860993
• https://bugzilla.suse.com/show_bug.cgi?id=975788