SB2017102504 - SUSE Linux update for the Linux Kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017102504

SB2017102504 - SUSE Linux update for the Linux Kernel

Published: October 25, 2017

Security Bulletin ID SB2017102504
Severity
Medium
Patch available
YES
Number of vulnerabilities 12
Exploitation vector Adjecent network
Highest impact Code execution

Breakdown by Severity

Medium 8% Low 92%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 12 secuirty vulnerabilities.


1) Assertion failure (CVE-ID: CVE-2017-1000252)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.

2) Improper access control (CVE-ID: CVE-2017-11472)

The vulnerability allows a local attacker to obtain potentially sensitive information and bypass security restrictions on the target system.

The weakness exists in the acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c due to it does not flush the operand cache and causes a kernel stack dump. A local attacker can submit a specially crafted ACPI table, gain access to potentially sensitive information from kernel memory and bypass the KASLR protection mechanism.


3) Privilege escalation (CVE-ID: CVE-2017-12134)

The vulnerability allows a local attacker on a Linux-based guest system to gain elevated privileges on the host system.

The weakness exists due to aa flaw in merging adjacent block IO requests. A local attacker on the guest system can incorrectly access memory during block stream processing to obtain potentially sensitive information or gain elevated privileges on the host system.

4) NULL pointer dereference (CVE-ID: CVE-2017-12153)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.

5) Improper privilege management (CVE-ID: CVE-2017-12154)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.

6) Key management errors (CVE-ID: CVE-2017-13080)

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

The vulnerability is dubbed "KRACK" attack.

7) Integer overflow (CVE-ID: CVE-2017-14051)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.ct due to an integer overflow. A local attacker can gain root access and cause the service to crash.

8) Divide by zero (CVE-ID: CVE-2017-14106)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to divide-by-zero error in the tcp_disconnect() function in net/ipv4/tcp.c. A local attacker can trigger a disconnect within a certain tcp_recvmsg code path and cause kernel panic.

Successful exploitation of the vulnerability results in denial of service.

9) Denial of service (CVE-ID: CVE-2017-14489)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the drivers/scsi/scsi_transport_iscsi.c due to leveraging incorrect length validation. A local attacker can cause a denial of service.

10) Use-after-free (CVE-ID: CVE-2017-15265)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to use-after-free error in the ALSA sequencer interface (/dev/snd/seq). A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability may result in system compromise.


11) Privilege escalation (CVE-ID: CVE-2017-15649)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in net/packet/af_packet.c due to race condition (involving fanout_add and packet_do_bind. A local attacker can supply specially crafted system calls, trigger mishandling of packet_fanout data structures, trigger use-after-free error and gain root privileges.

12) Use-after-free error (CVE-ID: CVE-2017-6346)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to race condition in net/packet/af_packet.c. A local attacker can use a multithreaded application, make PACKET_FANOUT setsockopt system calls, trigger use-after-free error and cause the system to crash.

Remediation

Install update from vendor's website.

References