SB2017102011 - SUSE Linux update for Linux Kernel Live Patch 21 for SLE 12 SP1

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Privilege escalation (CVE-ID: CVE-2017-1000112)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to race condition in the UDP Fragmentation Offload (UFO) code. A local attacker can send specially crafted UFO packets, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

2) NULL pointer dereference (CVE-ID: CVE-2017-15274)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in he security/keys/keyctl.c due to a NULL pointer dereference. A local attacker can create a specially crafted add_key or keyctl system call and cause a denial of service.

3) Double free error (CVE-ID: CVE-2017-8890)

The vulnerability allows a remote attacker to perform a denial of service attack.

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

4) Denial of service (CVE-ID: CVE-2017-9242)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the __ip6_append_data function when checking whether an overwrite of an skb data structure may occur. A local attacker can use specially crafted system calls and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00047.html