openSUSE Security Update : the Linux Kernel (openSUSE-2017-930)

high Nessus Plugin ID 102510

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE Leap 42.3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365).

- CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).

- CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994).

The following non-security bugs were fixed :

- acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2 (bsc#1052325).

- acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325).

- bcache: force trigger gc (bsc#1038078).

- bcache: only recovery I/O error for writethrough mode (bsc#1043652).

- block: do not allow updates through sysfs until registration completes (bsc#1047027).

- config: disable CONFIG_RT_GROUP_SCHED (bsc#1052204).

- drivers: hv: : As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60 seconds (bnc#1039153)

- drivers: hv: Fix a typo (fate#320485).

- drivers: hv: util: Make hv_poll_channel() a little more efficient (fate#320485).

- drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page (fate#320485).

- drivers: hv: vmbus: Fix error code returned by vmbus_post_msg() (fate#320485).

- Fix kABI breakage with CONFIG_RT_GROUP_SCHED=n (bsc#1052204).

- hv_netvsc: change netvsc device default duplex to FULL (fate#320485).

- hv_netvsc: Fix the carrier state error when data path is off (fate#320485).

- hv_netvsc: Remove unnecessary var link_state from struct netvsc_device_info (fate#320485).

- hyperv: fix warning about missing prototype (fate#320485).

- hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary (fate#320485).

- hyperv: remove unnecessary return variable (fate#320485).

- i40e/i40evf: Fix use after free in Rx cleanup path (bsc#1051689).

- IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).

- ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709).

- ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).

- ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).

- iommu/amd: Enable ga_log_intr when enabling guest_mode (bsc1052533).

- iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533).

- KABI protect struct acpi_nfit_desc (bsc#1052325).

- kabi/severities: add drivers/scsi/hisi_sas to kabi severities

- libnvdimm: fix badblock range handling of ARS range (bsc#1023175).

- libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).

- net: add netdev_lockdep_set_classes() helper (fate#320485).

- net: hyperv: use new api ethtool_(get|set)_link_ksettings (fate#320485).

- net/mlx4_core: Fixes missing capability bit in flags2 capability dump (bsc#1015337).

- net/mlx4_core: Fix namespace misalignment in QinQ VST support commit (bsc#1015337).

- net/mlx4_core: Fix sl_to_vl_change bit offset in flags2 dump (bsc#1015337).

- netsvc: Remove upstream commit e14b4db7a567 netvsc: fix race during initialization will be replaced by following changes

- netsvc: Revert 'netvsc: optimize calculation of number of slots' (fate#320485).

- netvsc: add comments about callback's and NAPI (fate#320485).

- netvsc: Add #include's for csum_* function declarations (fate#320485).

- netvsc: add rtnl annotations in rndis (fate#320485).

- netvsc: add some rtnl_dereference annotations (fate#320485).

- netvsc: avoid race with callback (fate#320485).

- netvsc: change logic for change mtu and set_queues (fate#320485).

- netvsc: change max channel calculation (fate#320485).

- netvsc: change order of steps in setting queues (fate#320485).

- netvsc: Deal with rescinded channels correctly (fate#320485).

- netvsc: do not access netdev->num_rx_queues directly (fate#320485).

- netvsc: do not overload variable in same function (fate#320485).

- netvsc: do not print pointer value in error message (fate#320485).

- netvsc: eliminate unnecessary skb == NULL checks (fate#320485).

- netvsc: enable GRO (fate#320485).

- netvsc: Fix a bug in sub-channel handling (fate#320485).

- netvsc: fix and cleanup rndis_filter_set_packet_filter (fate#320485).

- netvsc: fix calculation of available send sections (fate#320485).

- netvsc: fix dereference before null check errors (fate#320485).

- netvsc: fix error unwind on device setup failure (fate#320485).

- netvsc: fix hang on netvsc module removal (fate#320485).

- netvsc: fix NAPI performance regression (fate#320485).

- netvsc: fix net poll mode (fate#320485).

- netvsc: fix netvsc_set_channels (fate#320485).

- netvsc: fix ptr_ret.cocci warnings (fate#320485).

- netvsc: fix rcu dereference warning from ethtool (fate#320485).

- netvsc: fix RCU warning in get_stats (fate#320485).

- netvsc: fix return value for set_channels (fate#320485).

- netvsc: fix rtnl deadlock on unregister of vf (fate#320485, bsc#1052442).

- netvsc: fix use after free on module removal (fate#320485).

- netvsc: fix warnings reported by lockdep (fate#320485).

- netvsc: fold in get_outbound_net_device (fate#320485).

- netvsc: force link update after MTU change (fate#320485).

- netvsc: handle offline mtu and channel change (fate#320485).

- netvsc: implement NAPI (fate#320485).

- netvsc: include rtnetlink.h (fate#320485).

- netvsc: Initialize all channel related state prior to opening the channel (fate#320485).

- netvsc: make sure and unregister datapath (fate#320485, bsc#1052899).

- netvsc: make sure napi enabled before vmbus_open (fate#320485).

- netvsc: mark error cases as unlikely (fate#320485).

- netvsc: move filter setting to rndis_device (fate#320485).

- netvsc: need napi scheduled during removal (fate#320485).

- netvsc: need rcu_derefence when accessing internal device info (fate#320485).

- netvsc: optimize calculation of number of slots (fate#320485).

- netvsc: optimize receive completions (fate#320485).

- netvsc: pass net_device to netvsc_init_buf and netvsc_connect_vsp (fate#320485).

- netvsc: prefetch the first incoming ring element (fate#320485).

- netvsc: Properly initialize the return value (fate#320485).

- netvsc: remove bogus rtnl_unlock (fate#320485).

- netvsc: remove no longer used max_num_rss queues (fate#320485).

- netvsc: Remove redundant use of ipv6_hdr() (fate#320485).

- netvsc: remove unnecessary indirection of page_buffer (fate#320485).

- netvsc: remove unnecessary lock on shutdown (fate#320485).

- netvsc: remove unused #define (fate#320485).

- netvsc: replace netdev_alloc_skb_ip_align with napi_alloc_skb (fate#320485).

- netvsc: save pointer to parent netvsc_device in channel table (fate#320485).

- netvsc: signal host if receive ring is emptied (fate#320485).

- netvsc: transparent VF management (fate#320485, bsc#1051979).

- netvsc: use ERR_PTR to avoid dereference issues (fate#320485).

- netvsc: use hv_get_bytes_to_read (fate#320485).

- netvsc: use napi_consume_skb (fate#320485).

- netvsc: use RCU to protect inner device structure (fate#320485).

- netvsc: uses RCU instead of removal flag (fate#320485).

- netvsc: use typed pointer for internal state (fate#320485).

- nvme: fabrics commands should use the fctype field for data direction (bsc#1043805).

- powerpc/perf: Fix SDAR_MODE value for continous sampling on Power9 (bsc#1053043 (git-fixes)).

- powerpc/tm: Fix saving of TM SPRs in core dump (fate#318470, git-fixes 08e1c01d6aed).

- qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).

- rdma/bnxt_re: checking for NULL instead of IS_ERR() (bsc#1052925).

- scsi: aacraid: fix PCI error recovery path (bsc#1048912).

- scsi_devinfo: fixup string compare (bsc#1037404).

- scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).

- scsi: hisi_sas: add pci_dev in hisi_hba struct (bsc#1049298).

- scsi: hisi_sas: add v2 hw internal abort timeout workaround (bsc#1049298).

- scsi: hisi_sas: controller reset for multi-bits ECC and AXI fatal errors (bsc#1049298).

- scsi: hisi_sas: fix NULL deference when TMF timeouts (bsc#1049298).

- scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort() (bsc#1049298).

- scsi: hisi_sas: optimise DMA slot memory (bsc#1049298).

- scsi: hisi_sas: optimise the usage of hisi_hba.lock (bsc#1049298).

- scsi: hisi_sas: relocate get_ata_protocol() (bsc#1049298).

- scsi: hisi_sas: workaround a SoC SATA IO processing bug (bsc#1049298).

- scsi: hisi_sas: workaround SoC about abort timeout bug (bsc#1049298).

- scsi: hisi_sas: workaround STP link SoC bug (bsc#1049298).

- scsi: lpfc: do not double count abort errors (bsc#1048912).

- scsi: lpfc: fix linking against modular NVMe support (bsc#1048912).

- scsi: qedi: Fix return code in qedi_ep_connect() (bsc#1048912).

- scsi: storvsc: Prefer kcalloc over kzalloc with multiply (fate#320485).

- scsi: storvsc: remove return at end of void function (fate#320485).

- tools: hv: Add clean up for included files in Ubuntu net config (fate#320485).

- tools: hv: Add clean up function for Ubuntu config (fate#320485).

- tools: hv: properly handle long paths (fate#320485).

- tools: hv: set allow-hotplug for VF on Ubuntu (fate#320485).

- tools: hv: set hotplug for VF on Suse (fate#320485).

- tools: hv: vss: Thaw the filesystem and continue if freeze call has timed out (fate#320485).

- vfs: fix missing inode_get_dev sites (bsc#1052049).

- vmbus: cleanup header file style (fate#320485).

- vmbus: expose debug info for drivers (fate#320485).

- vmbus: fix spelling errors (fate#320485).

- vmbus: introduce in-place packet iterator (fate#320485).

- vmbus: only reschedule tasklet if time limit exceeded (fate#320485).

- vmbus: re-enable channel tasklet (fate#320485).

- vmbus: remove unnecessary initialization (fate#320485).

- vmbus: remove useless return's (fate#320485).

- x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399).

- x86/hyperv: Check frequency MSRs presence according to the specification (fate#320485).

- The package release number was increased to be higher than the Leap 42.2 package (boo#1053531).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1015337

https://bugzilla.opensuse.org/show_bug.cgi?id=1019151

https://bugzilla.opensuse.org/show_bug.cgi?id=1023175

https://bugzilla.opensuse.org/show_bug.cgi?id=1037404

https://bugzilla.opensuse.org/show_bug.cgi?id=1037994

https://bugzilla.opensuse.org/show_bug.cgi?id=1038078

https://bugzilla.opensuse.org/show_bug.cgi?id=1038792

https://bugzilla.opensuse.org/show_bug.cgi?id=1039153

https://bugzilla.opensuse.org/show_bug.cgi?id=1043652

https://bugzilla.opensuse.org/show_bug.cgi?id=1043805

https://bugzilla.opensuse.org/show_bug.cgi?id=1047027

https://bugzilla.opensuse.org/show_bug.cgi?id=1048912

https://bugzilla.opensuse.org/show_bug.cgi?id=1049298

https://bugzilla.opensuse.org/show_bug.cgi?id=1051399

https://bugzilla.opensuse.org/show_bug.cgi?id=1051556

https://bugzilla.opensuse.org/show_bug.cgi?id=1051689

https://bugzilla.opensuse.org/show_bug.cgi?id=1051979

https://bugzilla.opensuse.org/show_bug.cgi?id=1052049

https://bugzilla.opensuse.org/show_bug.cgi?id=1052204

https://bugzilla.opensuse.org/show_bug.cgi?id=1052223

https://bugzilla.opensuse.org/show_bug.cgi?id=1052311

https://bugzilla.opensuse.org/show_bug.cgi?id=1052325

https://bugzilla.opensuse.org/show_bug.cgi?id=1052365

https://bugzilla.opensuse.org/show_bug.cgi?id=1052442

https://bugzilla.opensuse.org/show_bug.cgi?id=1052533

https://bugzilla.opensuse.org/show_bug.cgi?id=1052709

https://bugzilla.opensuse.org/show_bug.cgi?id=1052773

https://bugzilla.opensuse.org/show_bug.cgi?id=1052794

https://bugzilla.opensuse.org/show_bug.cgi?id=1052899

https://bugzilla.opensuse.org/show_bug.cgi?id=1052925

https://bugzilla.opensuse.org/show_bug.cgi?id=1053043

https://bugzilla.opensuse.org/show_bug.cgi?id=1053531

Plugin Details

Severity: High

ID: 102510

File Name: openSUSE-2017-930.nasl

Version: 3.8

Type: local

Agent: unix

Published: 8/16/2017

Updated: 1/19/2021

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug, cpe:/o:novell:opensuse:42.3, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-docs-html

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/15/2017

Vulnerability Publication Date: 5/8/2017

Exploitable With

Core Impact

Metasploit (Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation)

Reference Information

CVE: CVE-2017-1000111, CVE-2017-1000112, CVE-2017-8831