Security update for the Linux Kernel

Announcement ID: SUSE-SU-2017:2847-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-1000252 ( SUSE ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-1000252 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-11472 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2017-11472 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • CVE-2017-12134 ( SUSE ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
  • CVE-2017-12134 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • CVE-2017-12153 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-12153 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-12154 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H
  • CVE-2017-12154 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  • CVE-2017-13080 ( SUSE ): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • CVE-2017-13080 ( NVD ): 5.3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
  • CVE-2017-14051 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-14051 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-14106 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-14106 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-14489 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-14489 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-15265 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-15265 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-15265 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-15649 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-15649 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise Desktop 12 SP3
  • SUSE Linux Enterprise High Availability Extension 12 SP3
  • SUSE Linux Enterprise High Performance Computing 12 SP3
  • SUSE Linux Enterprise Live Patching 12-SP3
  • SUSE Linux Enterprise Server 12 SP3
  • SUSE Linux Enterprise Server for SAP Applications 12 SP3
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP3
  • SUSE Linux Enterprise Software Development Kit 12 SP3
  • SUSE Linux Enterprise Workstation Extension 12 12-SP3

An update that solves 11 vulnerabilities and has 170 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).
  • CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580).
  • CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bsc#1053919).
  • CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410).
  • CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507).
  • CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1056061 1063479 1063667 1063671).
  • CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).
  • CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).
  • CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051).
  • CVE-2017-15265: Use-after-free vulnerability in the Linux kernel before 4.14-rc5 allowed local users to have unspecified impact via vectors related to /dev/snd/seq (bnc#1062520).
  • CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388).

The following non-security bugs were fixed:

  • acpi: apd: Add clock frequency for Hisilicon Hip07/08 I2C controller (bsc#1049291).
  • acpi: apd: Fix HID for Hisilicon Hip07/08 (bsc#1049291).
  • acpi: apei: Enable APEI multiple GHES source to share a single external IRQ (bsc#1053627).
  • acpica: iort: Update SMMU models for revision C (bsc#1036060).
  • acpi: irq: Fix return code of acpi_gsi_to_irq() (bsc#1053627).
  • acpi/nfit: Fix memory corruption/Unregister mce decoder on failure (bsc#1057047).
  • acpi: pci: fix GIC irq model default PCI IRQ polarity (bsc#1053629).
  • acpi/processor: Check for duplicate processor ids at hotplug time (bnc#1056230).
  • acpi/processor: Implement DEVICE operator for processor enumeration (bnc#1056230).
  • ahci: do not use MSI for devices with the silly Intel NVMe remapping scheme (bsc#1048912).
  • ahci: thunderx2: stop engine fix update (bsc#1057031).
  • alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382).
  • alsa: compress: Remove unused variable (bnc#1012382).
  • alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657).
  • alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).
  • alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405).
  • alsa: hda - Workaround for i915 KBL breakage (bsc#1048356,bsc#1047989,bsc#1055272).
  • alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).
  • alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580).
  • alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382).
  • alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382).
  • arc: Re-enable MMU upon Machine Check exception (bnc#1012382).
  • arm64: add function to get a cpu's MADT GICC table (bsc#1062279).
  • arm64: do not trace atomic operations (bsc#1055290).
  • arm64: dts: Add Broadcom Vulcan PMU in dts (fate#319481).
  • arm64: fault: Route pte translation faults via do_translation_fault (bnc#1012382).
  • arm64: Make sure SPsel is always set (bnc#1012382).
  • arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT (bsc#1046529).
  • arm64: pci: Fix struct acpi_pci_root_ops allocation failure path (bsc#1056849).
  • arm64/perf: Access pmu register using <read/write>_sys_reg (bsc#1062279).
  • arm64/perf: Add Broadcom Vulcan PMU support (fate#319481).
  • arm64/perf: Changed events naming as per the ARM ARM (fate#319481).
  • arm64/perf: Define complete ARMv8 recommended implementation defined events (fate#319481).
  • arm64: perf: do not expose CHAIN event in sysfs (bsc#1062279).
  • arm64: perf: Extend event config for ARMv8.1 (bsc#1062279).
  • arm64/perf: Filter common events based on PMCEIDn_EL0 (fate#319481).
  • arm64: perf: Ignore exclude_hv when kernel is running in HYP (bsc#1062279).
  • arm64: perf: move to common attr_group fields (bsc#1062279).
  • arm64: perf: Use the builtin_platform_driver (bsc#1062279).
  • arm64: pmu: add fallback probe table (bsc#1062279).
  • arm64: pmu: Hoist pmu platform device name (bsc#1062279).
  • arm64: pmu: Probe default hw/cache counters (bsc#1062279).
  • arm64: pmuv3: handle pmuv3+ (bsc#1062279).
  • arm64: pmuv3: handle !PMUv3 when probing (bsc#1062279).
  • arm64: pmuv3: use arm_pmu ACPI framework (bsc#1062279).
  • arm64: pmu: Wire-up Cortex A53 L2 cache events and DTLB refills (bsc#1062279).
  • arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382).
  • arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes (bnc#1012382).
  • arm/perf: Convert to hotplug state machine