SUSE Linux update for Linux Kernel

Published: 2017-12-15 21:09:05 | Updated: 2017-12-19 15:31:08
Severity Low
Patch available YES
Number of vulnerabilities 2
CVE ID CVE-2017-10661
CVE-2017-16939
CVSSv3 7.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
5.7 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CWE ID CWE-362
CWE-416
Exploitation vector Local
Public exploit Not available
Vulnerable software SUSE Linux
Vulnerable software versions SUSE Linux 12
Vendor URL SuSE

Security Advisory

1) Race condition

Description

The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.

The weakness exists due to race condition in fs/timerfd.c in the Linux kernel. A local attacker can use simultaneous file-descriptor operations, leverage improper might_cancel queueing, trigger list corruption or use-after-free and cause the service to crash or execute arbitrary code with root privileges.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00071.html

2) Use-after-free error

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel due to use-after-free error. A local attacker can make a specially crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages, trigger memory corruption and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00071.html

Back to List