SUSE Linux update for the Linux Kernel
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2014-0038 CVE-2017-1000405 CVE-2017-12193 CVE-2017-15102 CVE-2017-16525 CVE-2017-16527 CVE-2017-16529 CVE-2017-16531 CVE-2017-16535 CVE-2017-16536 CVE-2017-16537 CVE-2017-16649 CVE-2017-16650 CVE-2017-16939 |
| CWE-ID | CWE-20 CWE-362 CWE-476 CWE-416 CWE-125 CWE-369 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #14 is available. |
| Vulnerable software Subscribe |
SUSE Linux Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU42054
Risk: High
CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2014-0038
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.
MitigationUpdate the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
2) Race condition
EUVDB-ID: #VU9520
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-1000405
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a race condition within touch_pmd() function in mmhugemem.c file when handling THPs. A local user can read read-only huge pages using the get_user_pages() function and overwrite arbitrary huge pages and files mapped via THP.
Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.
This vulnerability is a result of patch against a another privilege escalation vulnerability in Linux kernel known as Dirty Cow (CVE-2016-5195).
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) NULL pointer derefenrece
EUVDB-ID: #VU9082
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12193
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists in the assoc_array implementation in which a new leaf is added that needs to go into a node that happens to be full. A local user can trigger NULL pointer dereference error and crash the kernel.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) NULL pointer dereference
EUVDB-ID: #VU9515
Risk: Low
CVSSv3.1: 5.8 [CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15102
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges.
The vulnerability exists due to a race condition and a NULL pointer dereference within tower_probe() function in drivers/usb/misc/legousbtower.c in Linux kernel before 4.8.1. A local user with physical access to the computer and ability to insert USB flash drive can execute arbitrary code with escalated privileges. The USB device would have to delay the control message in tower_probe and accept the control urb in tower_open whilst guest code initiated a write to the device file as tower_delete is called from the error in tower_probe.
According to vendor this security issue exists since 2003.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Use-after-free error
EUVDB-ID: #VU9151
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16525
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to use-after-free error in usb_serial_console_disconnect function in drivers/usb/serial/console.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free error
EUVDB-ID: #VU9153
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16527
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to use-after-free error in sound/usb/mixer.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU9155
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16529
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to out-of-bounds read in the snd_usb_create_streams function in sound/usb/card.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds read
EUVDB-ID: #VU9157
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16531
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to out-of-bounds read in the drivers/usb/core/config.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Out-of-bounds read
EUVDB-ID: #VU9161
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16535
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to out-of-bounds read in the usb_get_bos_descriptor function in drivers/usb/core/config.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Null pointer dereference
EUVDB-ID: #VU9162
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16536
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to NULL pointer dereference in the cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Null pointer dereference
EUVDB-ID: #VU9163
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16537
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to NULL pointer dereference in the imon_probe function in drivers/media/rc/imon.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Divide by zero
EUVDB-ID: #VU9763
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16649
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an error in the qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger divide-by-zero error and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Divide by zero
EUVDB-ID: #VU9762
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-16650
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an error in the qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger divide-by-zero error and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free error
EUVDB-ID: #VU9601
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-16939
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel due to use-after-free error. A local attacker can make a specially crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages, trigger memory corruption and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
Update the affected packages.
SUSE Linux: 12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00023.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
