SB2017071313 - SUSE Linux update for the Linux Kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017071313

SB2017071313 - SUSE Linux update for the Linux Kernel

Published: July 13, 2017

Security Bulletin ID SB2017071313
Severity
Medium
Patch available
YES
Number of vulnerabilities 15
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 13% Low 87%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 15 secuirty vulnerabilities.


1) Security restrictions bypass (CVE-ID: CVE-2017-7482)

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to the failure to take the argument and environment strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size) into account when imposing a size restriction. A local attacker can bypass security limitation and perform unauthorized actions.

Successful exploitation of the vulnerability results in access to the system.

2) Information disclosure (CVE-ID: CVE-2017-1000380)

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in the sound/core/timer.c code due to a race condition that exists in the timing functionality of the ALSA/dev/snd/timer driver when a read and an ioctl system call happens simultaneously. A local attacker can cause uninitialized memory from the kernel heap to be copied to user space and read kernel-space memory.


3) Denial of service (CVE-ID: CVE-2017-7346)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the failure to validate certain levels data. A local attacker can use a specially crafted ioctl call for a /dev/dri/renderD device to cause the system to hang.

Successful exploitation of the vulnerability results in denial of service.

4) Use-after-free error (CVE-ID: CVE-2017-7487)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error the ipxitf_ioctl function in net/ipx/af_ipx.c. A local attacker can use a failed SIOCGIFADDR ioctl call for an IPX interface to trigger memory corruption and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

5) Information disclosure (CVE-ID: CVE-2017-7616)

The vulnerability allows a local attacker to obtain potentially sensitive information from system memory

The weakness exists due to an error handling flaw in the set_mempolicy() and mbind compat() system calls in 'mm/mempolicy.c'. A local attacker can trigger a failure of a certain bitmap operation and obtain sensitive information from uninitialized stack data.

Successful exploitation of the vulnerability results in information disclosure.

6) Denial of service (CVE-ID: CVE-2017-7618)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an API operation calling its own callback flaw in crypto/ahash.c. A local attacker can trigger EBUSY on a full queue and cause an infinite recursion on the system.

Successful exploitation of the vulnerability results in denial of service.

7) Double free error (CVE-ID: CVE-2017-8890)

The vulnerability allows a remote attacker to perform a denial of service attack.

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

8) Integer underflow (CVE-ID: CVE-2017-8924)

The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.

The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.


9) Improper Resource Shutdown or Release (CVE-ID: CVE-2017-8925)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.


10) Out-of-bounds read (CVE-ID: CVE-2017-9074)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the the failure to consider that the nexthdr field may be associated with an invalid option by the IPv6 fragmentation implementation. A local attacker can use a specially-crafted socket or system call to trigger out-of-bounds read and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

11) Denial of service (CVE-ID: CVE-2017-9075)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in sctp_v6_create_accept_sk function in net/sctp/ipv6.c.A local attacker can use specially crafted system calls and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

12) Denial of service (CVE-ID: CVE-2017-9076)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the dccp_v6_request_recv_sock function in net/dccp/ipv6.c.A local attacker can use specially crafted system calls and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

13) Denial of service (CVE-ID: CVE-2017-9077)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c. A local attacker can use specially crafted system calls to cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.


14) Information disclosure (CVE-ID: CVE-2017-9150)

The vulnerability allows a local attacker to obtain sensitive information.

The weakness exists due to the failure to make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function the do_check function in kernel/bpf/verifier.c. A local attacker can use specially-crafted bpf system calls to read arbitrary files on the target system.

Successful exploitation of the vulnerability results in information disclosure.

15) Denial of service (CVE-ID: CVE-2017-9242)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the __ip6_append_data function when checking whether an overwrite of an skb data structure may occur. A local attacker can use specially crafted system calls and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References