SUSE Linux update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2017-12153 CVE-2017-13080 CVE-2017-14489 CVE-2017-15265 CVE-2017-15649 CVE-2017-6346 |
| CWE-ID | CWE-476 CWE-320 CWE-20 CWE-416 CWE-362 |
| Exploitation vector | Local network |
| Public exploit |
Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. Public exploit code for vulnerability #5 is available. |
| Vulnerable software Subscribe |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) NULL pointer dereference
EUVDB-ID: #VU8694
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-12153
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
A security flaw was discovered in the nl80211_set_rekey_data() function
in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This
function does not check whether the required attributes are present in
a Netlink request. This request can be issued by a user with the
CAP_NET_ADMIN capability and may result in a NULL pointer dereference
and system crash.
Update the affected packages.
Linux kernel: 4.4 - 4.13.4
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00027.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Key management errors
EUVDB-ID: #VU8840
Risk: Medium
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13080
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
The vulnerability is dubbed "KRACK" attack.
Update the affected packages.
Linux kernel: 3.18 - 4.13.13
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00027.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Denial of service
EUVDB-ID: #VU10720
Risk: Low
CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-14489
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the drivers/scsi/scsi_transport_iscsi.c due to leveraging incorrect length validation. A local attacker can cause a denial of service.
Update the affected packages.
Linux kernel: 4.13.1 - 4.13.2
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00027.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Use-after-free
EUVDB-ID: #VU8816
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-15265
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to use-after-free error in the ALSA sequencer interface (/dev/snd/seq). A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
Linux kernel: 4.10 - 4.13.6
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00027.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Privilege escalation
EUVDB-ID: #VU11119
Risk: Low
CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]
CVE-ID: CVE-2017-15649
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists in net/packet/af_packet.c due to race condition (involving fanout_add and packet_do_bind. A local attacker can supply specially crafted system calls, trigger mishandling of packet_fanout data structures, trigger use-after-free error and gain root privileges.
Update the affected packages.
Linux kernel: 4.13 - 4.13.5
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00027.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
6) Use-after-free error
EUVDB-ID: #VU6653
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-6346
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to race condition in net/packet/af_packet.c. A local attacker can use a multithreaded application, make PACKET_FANOUT setsockopt system calls, trigger use-after-free error and cause the system to crash.
Update the affected packages.
Linux kernel: 3.4.9 - 4.9.12
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-12/msg00027.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
