SB2017091521 - OpenSUSE Linux update for the Linux Kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017091521

SB2017091521 - OpenSUSE Linux update for the Linux Kernel

Published: September 15, 2017

Security Bulletin ID SB2017091521
Severity
Low
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Stack-based buffer overflow (CVE-ID: CVE-2017-1000251)

The vulnerability allows an adjacent attacker to execute arbitrary code on the host system.

The weakness exists due to a stack-based buffer overflow in the processing of L2CAP configuration. An adjacent attacker can submit a specially crafted Bluetooth protocol, trigger memory corruption in the Bluetooth stack and execute arbitrary code in kernel space.

Successful exploitation of the vulnerability may result in host system compromise.

2) Improper access control (CVE-ID: CVE-2017-11472)

The vulnerability allows a local attacker to obtain potentially sensitive information and bypass security restrictions on the target system.

The weakness exists in the acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c due to it does not flush the operand cache and causes a kernel stack dump. A local attacker can submit a specially crafted ACPI table, gain access to potentially sensitive information from kernel memory and bypass the KASLR protection mechanism.


3) Privilege escalation (CVE-ID: CVE-2017-12134)

The vulnerability allows a local attacker on a Linux-based guest system to gain elevated privileges on the host system.

The weakness exists due to aa flaw in merging adjacent block IO requests. A local attacker on the guest system can incorrectly access memory during block stream processing to obtain potentially sensitive information or gain elevated privileges on the host system.

4) Integer overflow (CVE-ID: CVE-2017-14051)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.ct due to an integer overflow. A local attacker can gain root access and cause the service to crash.

5) Divide by zero (CVE-ID: CVE-2017-14106)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to divide-by-zero error in the tcp_disconnect() function in net/ipv4/tcp.c. A local attacker can trigger a disconnect within a certain tcp_recvmsg code path and cause kernel panic.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References