SUSE Linux update for the Linux Kernel



Published: 2018-01-04
Risk Low
Patch available YES
Number of vulnerabilities 17
CVE-ID CVE-2017-11600
CVE-2017-13167
CVE-2017-14106
CVE-2017-15115
CVE-2017-15868
CVE-2017-16534
CVE-2017-16538
CVE-2017-16939
CVE-2017-17450
CVE-2017-17558
CVE-2017-17805
CVE-2017-17806
CVE-2017-5715
CVE-2017-5753
CVE-2017-5754
CVE-2017-7472
CVE-2017-8824
CWE-ID CWE-125
CWE-20
CWE-369
CWE-416
CWE-264
CWE-284
CWE-787
CWE-121
CWE-200
CWE-400
Exploitation vector Local
Public exploit Public exploit code for vulnerability #8 is available.
Public exploit code for vulnerability #13 is available.
Vulnerability #14 is being exploited in the wild.
Public exploit code for vulnerability #15 is available.
Public exploit code for vulnerability #16 is available.
Public exploit code for vulnerability #17 is available.
Vulnerable software
Subscribe
SUSE Linux
Operating systems & Components / Operating system

Vendor SUSE

Security Bulletin

This security bulletin contains information about 17 vulnerabilities.

1) Out-of-bounds read

EUVDB-ID: #VU8131

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-11600

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in net/xfrm/xfrm_policy.c due to it does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less when CONFIG_XFRM_MIGRATE is enabled. A local attacker can submit a specially crafted XFRM_MSG_MIGRATE xfrm Netlink message and cause the service to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Input validation error

EUVDB-ID: #VU37788

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13167

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Divide by zero

EUVDB-ID: #VU8922

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-14106

CWE-ID: CWE-369 - Divide By Zero

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to divide-by-zero error in the tcp_disconnect() function in net/ipv4/tcp.c. A local attacker can trigger a disconnect within a certain tcp_recvmsg code path and cause kernel panic.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free error

EUVDB-ID: #VU9764

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15115

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel does not check whether the intended netns is used in a peel-off action. A local attacker can make specially crafted system calls, trigger use-after-free error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Privilege escalation

EUVDB-ID: #VU9959

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-15868

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local user to elevate privileges on the system.

The vulnerability exists due to abet check of l2cap socket availability in the bnep_add_connection() function in net/bluetooth/bnep/core.c. A local user can execute arbitrary code with elevated privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Out-of-bounds read

EUVDB-ID: #VU9160

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16534

CWE-ID: CWE-125 - Out-of-bounds read

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the cdc_parse_cdc_header function in drivers/usb/core/message.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Denial of service

EUVDB-ID: #VU9164

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-16538

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the drivers/media/usb/dvb-usb-v2/lmedm04.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free error

EUVDB-ID: #VU9601

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-16939

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel due to use-after-free error. A local attacker can make a specially crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages, trigger memory corruption and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Security restrictions bypass

EUVDB-ID: #VU9770

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17450

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due to net/netfilter/xt_osf.c in the Linux kernel through does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. A local attacker can bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Out-of-bounds write

EUVDB-ID: #VU9771

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17558

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel does not consider the maximum number of configurations and interfaces before attempting to release resources. A local attacker can supply specially crafted USB device, trigger out-of-bounds write access and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU9775

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17805

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the Salsa20 encryption algorithm in the Linux kernel does not correctly handle zero-length inputs. A local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) can trigger uninitialized-memory free and cause the kernel to crash or execute a specially crafted sequence of system calls that use the blkcipher_walk API.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Stack-based buffer overflow

EUVDB-ID: #VU9776

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-17806

CWE-ID: CWE-121 - Stack-based buffer overflow

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to the HMAC implementation (crypto/hmac.c) in the Linux kernel does not validate that the underlying cryptographic hash algorithm is unkeyed. A local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) can execute a specially crafted sequence of system calls that encounter a missing SHA-3 initialization, trigger kernel stack buffer overflow and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Information disclosure

EUVDB-ID: #VU9883

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-5715

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

14) Information disclosure

EUVDB-ID: #VU9884

Risk: Low

CVSSv3.1: 6.2 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:H/RL:O/RC:C]

CVE-ID: CVE-2017-5753

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

15) Information disclosure

EUVDB-ID: #VU9882

Risk: Low

CVSSv3.1: 5 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-5754

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a local attacker to obtain potentially sensitive information.

The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

16) Resource exhaustion

EUVDB-ID: #VU12299

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-7472

CWE-ID: CWE-400 - Resource exhaustion

Exploit availability: Yes

Description

The vulnerability allows a local attacker to cause DoD condition on the target system.

The weakness exists in the KEYS subsystem due to memory consumption. A local attacker can cause the service to crash via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

17) Use-after-free error

EUVDB-ID: #VU9767

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-8824

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.

The weakness exists due to an error in the dccp_disconnect function in net/dccp/proto.c in the Linux kernel. A local attacker can make specially crafted AF_UNSPEC connect system call during the DCCP_LISTEN state, trigger use-after-free error and gain root privileges or cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 11

External links

http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###