Security update for the Linux Kernel

Announcement ID: SUSE-SU-2017:2694-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-1000112 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000251 ( SUSE ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000251 ( NVD ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000251 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-10661 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-10661 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2017-12762 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-12762 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-12762 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-14051 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-14051 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-14140 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2017-14140 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2017-14340 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-14340 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-8831 ( SUSE ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-8831 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise Real Time Extension 11 SP4

An update that solves eight vulnerabilities and has 25 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in remote code execution in kernel space (bnc#1057389).
  • CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524).
  • CVE-2017-14140: The move_pages system call in mm/migrate.c did not check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179).
  • CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).
  • CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152).
  • CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bnc#1053148).
  • CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).
  • CVE-2017-1000112: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access.(bnc#1052311).

The following non-security bugs were fixed:

  • ALSA: Fix Lewisburg audio issue
  • Drop commit 96234ae:kvm_io_bus_unregister_dev() should never fail (bsc#1055680)
  • Fixup build warnings in drivers/scsi/scsi.c (bsc#1031358)
  • NFS: Cache aggressively when file is open for writing (bsc#1053933).
  • NFS: Do drop directory dentry when error clearly requires it (bsc#1051932).
  • NFS: Do not flush caches for a getattr that races with writeback (bsc#1053933).
  • NFS: Optimize fallocate by refreshing mapping when needed (bsc#1053933).
  • NFS: invalidate file size when taking a lock (bsc#1053933).
  • PCI: fix hotplug related issues (bnc#1054247).
  • af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093).
  • avoid deadlock in xenbus (bnc#1047523).
  • blacklist 9754d45e9970 tpm: read burstcount from TPM_STS in one 32-bit transaction
  • blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216).
  • cx231xx-audio: fix NULL-deref at probe (bsc#1050431).
  • cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
  • fuse: do not use iocb after it may have been freed (bsc#1054706).
  • fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706).
  • fuse: fsync() did not return IO errors (bsc#1054076).
  • fuse: fuse_flush must check mapping->flags for errors (bsc#1054706).
  • gspca: konica: add missing endpoint sanity check (bsc#1050431).
  • kabi/severities: Ignore zpci symbol changes (bsc#1054247)
  • lib/mpi: mpi_read_raw_data(): fix nbits calculation
  • media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl (bsc#1050431).
  • net: Fix RCU splat in af_key (bsc#1054093).
  • powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450).
  • powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667).
  • powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667).
  • powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370).
  • powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070).
  • reiserfs: fix race in readdir (bsc#1039803).
  • s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247).
  • s390/pci: fix handling of PEC 306 (bnc#1054247).
  • s390/pci: improve error handling during fmb (de)registration (bnc#1054247).
  • s390/pci: improve error handling during interrupt deregistration (bnc#1054247).
  • s390/pci: improve pci hotplug (bnc#1054247).
  • s390/pci: improve unreg_ioat error handling (bnc#1054247).
  • s390/pci: introduce clp_get_state (bnc#1054247).
  • s390/pci: provide more debug information (bnc#1054247).
  • scsi: avoid system stall due to host_busy race (bsc#1031358).
  • scsi: close race when updating blocked counters (bsc#1031358).
  • ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441).
  • supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802).
  • tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381).
  • uwb: fix device quirk on big-endian hosts (bsc#1036629).
  • xfs: fix inobt inode allocation search optimization (bsc#1013018).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Real Time Extension 11 SP4
    zypper in -t patch slertesp4-linux-kernel-rt-13307=1

Package List:

  • SUSE Linux Enterprise Real Time Extension 11 SP4 (nosrc x86_64)
    • kernel-rt-3.0.101.rt130-69.8.1
    • kernel-rt_trace-3.0.101.rt130-69.8.1
  • SUSE Linux Enterprise Real Time Extension 11 SP4 (x86_64)
    • kernel-source-rt-3.0.101.rt130-69.8.1
    • kernel-rt_trace-base-3.0.101.rt130-69.8.1
    • kernel-syms-rt-3.0.101.rt130-69.8.1
    • kernel-rt_trace-devel-3.0.101.rt130-69.8.1
    • kernel-rt-base-3.0.101.rt130-69.8.1
    • kernel-rt-devel-3.0.101.rt130-69.8.1

References: