SB2017090722 - OpenSUSE Linux update for the Linux Kernel



SB2017090722 - OpenSUSE Linux update for the Linux Kernel

Published: September 7, 2017

Security Bulletin ID SB2017090722
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Adjecent network
Highest impact Denial of service

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Privilege escalation (CVE-ID: CVE-2017-12134)

The vulnerability allows a local attacker on a Linux-based guest system to gain elevated privileges on the host system.

The weakness exists due to aa flaw in merging adjacent block IO requests. A local attacker on the guest system can incorrectly access memory during block stream processing to obtain potentially sensitive information or gain elevated privileges on the host system.

2) Integer overflow (CVE-ID: CVE-2017-14051)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.ct due to an integer overflow. A local attacker can gain root access and cause the service to crash.

Remediation

Install update from vendor's website.