http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f

https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6

https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f

USN-3619-1

USN-3619-2

USN-3754-1

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - In the Linux kernel through 4.19, a use-after-free can     occur due to a race condition between fanout_add from     setsockopt and bind on an AF_PACKET socket. This issue     exists because of the     15fe076edea787807a7cdc168df832544b58eba6 incomplete fix     for a race condition. The code mishandles a certain     multithreaded case involving a packet_do_bind     unregister action followed by a packet_notifier     register action. Later, packet_release operates on only     one of the two applicable linked lists. The attacker     can achieve Program Counter control.(CVE-2018-18559i1/4%0

  - The acpi_ns_terminate() function in     drivers/acpi/acpica/nsutils.c in the Linux kernel     before 4.12 does not flush the operand cache and causes     a kernel stack dump. A local users could obtain     sensitive information from kernel memory and bypass the     KASLR protection mechanism (in the kernel through 4.9)     via a crafted ACPI table.(CVE-2017-11472i1/4%0

  - Race condition in net/packet/af_packet.c in the Linux     kernel allows local users to cause a denial of service     (use-after-free) or possibly have unspecified other     impact via a multithreaded application that makes     PACKET_FANOUT setsockopt system calls.(CVE-2017-6346i1/4%0

  - Multiple race conditions in ipc/shm.c in the Linux     kernel before 3.12.2 allow local users to cause a     denial of service (use-after-free and system crash) or     possibly have unspecified other impact via a crafted     application that uses shmctl IPC_RMID operations in     conjunction with other shm system     calls.(CVE-2013-7026i1/4%0

  - An issue was discovered in the Linux kernel. A NULL     pointer dereference and panic in hfsplus_lookup() in     the fs/hfsplus/dir.c function can occur when opening a     file (that is purportedly a hard link) in an hfs+     filesystem that has malformed catalog data, and is     mounted read-only without a metadata     directory.(CVE-2018-14617i1/4%0

  - The treo_attach function in drivers/usb/serial/visor.c     in the Linux kernel before 4.5 allows physically     proximate attackers to cause a denial of service (NULL     pointer dereference and system crash) or possibly have     unspecified other impact by inserting a USB device that     lacks a (1) bulk-in or (2) interrupt-in     endpoint.(CVE-2016-2782i1/4%0

  - An information-exposure flaw was found in the Linux     kernel where the pcpu_embed_first_chunk() function in     mm/percpu.c allows local users to obtain kernel-object     address information by reading the kernel log (dmesg).
    However, this address is not static and cannot be used     to commit a further attack.(CVE-2018-5995i1/4%0

  - Buffer overflow in net/ceph/auth_x.c in Ceph, as used     in the Linux kernel before 3.16.3, allows remote     attackers to cause a denial of service (memory     corruption and panic) or possibly have unspecified     other impact via a long unencrypted auth     ticket.(CVE-2014-6416i1/4%0

  - It was found that the Linux kernel's ptrace subsystem     allowed a traced process' instruction pointer to be set     to a non-canonical memory address without forcing the     non-sysret code path when returning to user space. A     local, unprivileged user could use this flaw to crash     the system or, potentially, escalate their privileges     on the system.Note: The CVE-2014-4699 issue only     affected systems using an Intel CPU.(CVE-2014-4699i1/4%0

  - The snd_compr_tstamp function in     sound/core/compress_offload.c in the Linux kernel     through 4.7, as used in Android before 2016-08-05 on     Nexus 5 and 7 (2013) devices, does not properly     initialize a timestamp data structure, which allows     attackers to obtain sensitive information via a crafted     application, aka Android internal bug 28770164 and     Qualcomm internal bug CR568717.(CVE-2014-9892i1/4%0

  - A flaw was found in the way the Linux kernel's ext4     file system handled the 'page size i1/4z block size'     condition when the fallocate zero range functionality     was used. A local attacker could use this flaw to crash     the system.(CVE-2015-0275i1/4%0

  - An information leak flaw was found in the way the Linux     kernel's ISO9660 file system implementation accessed     data on an ISO9660 image with RockRidge Extension     Reference (ER) records. An attacker with physical     access to the system could use this flaw to disclose up     to 255 bytes of kernel memory.(CVE-2014-9584i1/4%0

  - The pivot_root implementation in fs/namespace.c in the     Linux kernel through 3.17 does not properly interact     with certain locations of a chroot directory, which     allows local users to cause a denial of service     (mount-tree loop) via . (dot) values in both arguments     to the pivot_root system call.(CVE-2014-7970i1/4%0

  - arch/x86/kvm/emulate.c in the Linux kernel before     4.8.12 does not properly initialize Code Segment (CS)     in certain error cases, which allows local users to     obtain sensitive information from kernel stack memory     via a crafted application.(CVE-2016-9756i1/4%0

  - A flaw was found in the Linux kernel where the     swiotlb_print_info() function in lib/swiotlb.c allows     local users to obtain some kernel address information     by reading the kernel log (dmesg). This address is not     useful to commit a further attack.(CVE-2018-5953i1/4%0

  - A flaw was found in the way the Linux kernel's file     system implementation handled rename operations in     which the source was inside and the destination was     outside of a bind mount. A privileged user inside a     container could use this flaw to escape the bind mount     and, potentially, escalate their privileges on the     system.(CVE-2015-2925i1/4%0

  - A use-after-free fault in the Linux kernel's usbtv     driver could allow an attacker to cause a denial of     service (system crash), or have unspecified other     impacts, by triggering failure of audio registration of     USB hardware using the usbtv kernel     module.(CVE-2017-17975i1/4%0

  - The mm subsystem in the Linux kernel through 4.10.10     does not properly enforce the CONFIG_STRICT_DEVMEM     protection mechanism, which allows local users to read     or write to kernel memory locations in the first     megabyte (and bypass slab-allocation access     restrictions) via an application that opens the     /dev/mem file, related to arch/x86/mm/init.c and     drivers/char/mem.c.(CVE-2017-7889i1/4%0

  - A flaw was discovered in the way the kernel allows     stackable filesystems to overlay. A local attacker who     is able to mount filesystems can abuse this flaw to     escalate privileges.(CVE-2014-9922i1/4%0

  - sound/core/timer.c in the Linux kernel before 4.4.1     retains certain linked lists after a close or stop     action, which allows local users to cause a denial of     service (system crash) via a crafted ioctl call,     related to the (1) snd_timer_close and (2)
    _snd_timer_stop functions.(CVE-2016-2548i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208)

It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)

It was discovered that a buffer overflow existed in the ACPI table parsing implementation in the Linux kernel. A local attacker could use this to construct a malicious ACPI table that, when loaded, caused a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-11473)

It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991)

It was discovered that a race condition existed in the packet fanout implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15649)

Andrey Konovalov discovered that the Ultra Wide Band driver in the Linux kernel did not properly check for an error condition. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16526)

Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16527)

Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel did not properly validate USB audio buffer descriptors. A physically proximate attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16529)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB interface association descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16531)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB HID descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16533)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16535)

Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16538)

Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643)

Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16644)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash).
(CVE-2017-16914)

It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device.
A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)

It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255)

It was discovered that the keyring subsystem in the Linux kernel did not properly prevent a user from creating keyrings for other users. A local attacker could use this cause a denial of service or expose sensitive information. (CVE-2017-18270)

Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS.
(CVE-2017-2583)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory).
(CVE-2017-2584)

It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549)

Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)

Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash).
(CVE-2017-6345)

Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348)

Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm.
(CVE-2017-7518)

Tuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)

Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831)

Pengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)

It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service.
(CVE-2018-10087)

It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124)

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323)

Zhong Jiang discovered that a use-after-free vulnerability existed in the NUMA memory policy implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10675)

Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877)

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881)

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations.
An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted.
(CVE-2018-1092)

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations.
An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted.
(CVE-2018-1093)

It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940)

Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-12233)

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash).
(CVE-2018-13094)

It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405)

Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406)

Daniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash).
(CVE-2017-2671)

It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204)

It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of [gnutls, c-ares, nginx, mercurial, linux, mesos, git, binutils, krb5, dnsmasq] packages for PhotonOS has been released.

USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16995)

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash).
(CVE-2017-16914)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).
(CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device.
A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)

It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075)

It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)

Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm.
(CVE-2017-7518)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332)

Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

Fan Long Fei  discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16995)

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash).
(CVE-2017-16914)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).
(CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device.
A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's' default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)

It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075)

It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)

Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm.
(CVE-2017-7518)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332)

Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

Fan Long Fei  discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2017-1000252: The KVM subsystem in the Linux kernel     allowed guest OS users to cause a denial of service     (assertion failure, and hypervisor hang or crash) via an     out-of bounds guest_irq value, related to     arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).

  - CVE-2017-10810: Memory leak in the     virtio_gpu_object_create function in     drivers/gpu/drm/virtio/virtgpu_object.c in the Linux     kernel allowed attackers to cause a denial of service     (memory consumption) by triggering object-initialization     failures (bnc#1047277).

  - CVE-2017-11472: The acpi_ns_terminate() function in     drivers/acpi/acpica/nsutils.c in the Linux kernel did     not flush the operand cache and causes a kernel stack     dump, which allowed local users to obtain sensitive     information from kernel memory and bypass the KASLR     protection mechanism (in the kernel through 4.9) via a     crafted ACPI table (bnc#1049580).

  - CVE-2017-11473: Buffer overflow in the     mp_override_legacy_irq() function in     arch/x86/kernel/acpi/boot.c in the Linux kernel allowed     local users to gain privileges via a crafted ACPI table     (bnc#1049603).

  - CVE-2017-12134: The xen_biovec_phys_mergeable function     in drivers/xen/biomerge.c in Xen might allow local OS     guest users to corrupt block device data streams and     consequently obtain sensitive memory information, cause     a denial of service, or gain host OS privileges by     leveraging incorrect block IO merge-ability calculation     (bnc#1051790 bnc#1053919).

  - CVE-2017-12153: A security flaw was discovered in the     nl80211_set_rekey_data() function in     net/wireless/nl80211.c in the Linux kernel This function     did not check whether the required attributes are     present in a Netlink request. This request can be issued     by a user with the CAP_NET_ADMIN capability and may     result in a NULL pointer dereference and system crash     (bnc#1058410).

  - CVE-2017-12154: The prepare_vmcs02 function in     arch/x86/kvm/vmx.c in the Linux kernel did not ensure     that the 'CR8-load exiting' and 'CR8-store exiting' L0     vmcs02 controls exist in cases where L1 omits the 'use     TPR shadow' vmcs12 control, which allowed KVM L2 guest     OS users to obtain read and write access to the hardware     CR8 register (bnc#1058507).

  - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)     allowed reinstallation of the Group Temporal Key (GTK)     during the group key handshake, allowing an attacker     within radio range to replay frames from access points     to clients (bnc#1063667).

  - CVE-2017-14051: An integer overflow in the     qla2x00_sysfs_write_optrom_ctl function in     drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel     allowed local users to cause a denial of service (memory     corruption and system crash) by leveraging root access     (bnc#1056588).

  - CVE-2017-14106: The tcp_disconnect function in     net/ipv4/tcp.c in the Linux kernel allowed local users     to cause a denial of service (__tcp_select_window     divide-by-zero error and system crash) by triggering a     disconnect within a certain tcp_recvmsg code path     (bnc#1056982).

  - CVE-2017-14489: The iscsi_if_rx function in     drivers/scsi/scsi_transport_iscsi.c in the Linux kernel     allowed local users to cause a denial of service (panic)     by leveraging incorrect length validation (bnc#1059051).

  - CVE-2017-15649: net/packet/af_packet.c in the Linux     kernel allowed local users to gain privileges via     crafted system calls that trigger mishandling of     packet_fanout data structures, because of a race     condition (involving fanout_add and packet_do_bind) that     leads to a use-after-free, a different vulnerability     than CVE-2017-6346 (bnc#1064388).

  - CVE-2017-7518: The Linux kernel was vulnerable to an     incorrect debug exception(#DB) error. It could occur     while emulating a syscall instruction and potentially     lead to guest privilege escalation. (bsc#1045922).

  - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in     drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021     1.c in the Linux kernel allowed local users to cause a     denial of service (buffer overflow and system crash) or     possibly gain privileges via a crafted NL80211_CMD_FRAME     Netlink packet (bnc#1049645).

  - CVE-2017-7542: The ip6_find_1stfragopt function in     net/ipv6/output_core.c in the Linux kernel allowed local     users to cause a denial of service (integer overflow and     infinite loop) by leveraging the ability to open a raw     socket (bnc#1049882).

  - CVE-2017-8831: The saa7164_bus_get function in     drivers/media/pci/saa7164/saa7164-bus.c in the Linux     kernel allowed local users to cause a denial of service     (out-of-bounds array access) or possibly have     unspecified other impact by changing a certain     sequence-number value, aka a 'double fetch'     vulnerability (bnc#1037994).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2017-1000252: The KVM subsystem in the Linux kernel     allowed guest OS users to cause a denial of service     (assertion failure, and hypervisor hang or crash) via an     out-of bounds guest_irq value, related to     arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).

  - CVE-2017-11472: The acpi_ns_terminate() function in     drivers/acpi/acpica/nsutils.c in the Linux kernel did     not flush the operand cache and causes a kernel stack     dump, which allowed local users to obtain sensitive     information from kernel memory and bypass the KASLR     protection mechanism (in the kernel through 4.9) via a     crafted ACPI table (bnc#1049580).

  - CVE-2017-12134: The xen_biovec_phys_mergeable function     in drivers/xen/biomerge.c in Xen might allow local OS     guest users to corrupt block device data streams and     consequently obtain sensitive memory information, cause     a denial of service, or gain host OS privileges by     leveraging incorrect block IO merge-ability calculation     (bnc#1051790 bsc#1053919).

  - CVE-2017-12153: A security flaw was discovered in the     nl80211_set_rekey_data() function in     net/wireless/nl80211.c in the Linux kernel This function     did not check whether the required attributes are     present in a Netlink request. This request can be issued     by a user with the CAP_NET_ADMIN capability and may     result in a NULL pointer dereference and system crash     (bnc#1058410).

  - CVE-2017-12154: The prepare_vmcs02 function in     arch/x86/kvm/vmx.c in the Linux kernel did not ensure     that the 'CR8-load exiting' and 'CR8-store exiting' L0     vmcs02 controls exist in cases where L1 omits the 'use     TPR shadow' vmcs12 control, which allowed KVM L2 guest     OS users to obtain read and write access to the hardware     CR8 register (bnc#1058507).

  - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2)     allowed reinstallation of the Group Temporal Key (GTK)     during the group key handshake, allowing an attacker     within radio range to replay frames from access points     to clients (bnc#1056061 1063479 1063667 1063671).

  - CVE-2017-14051: An integer overflow in the     qla2x00_sysfs_write_optrom_ctl function in     drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel     allowed local users to cause a denial of service (memory     corruption and system crash) by leveraging root access     (bnc#1056588).

  - CVE-2017-14106: The tcp_disconnect function in     net/ipv4/tcp.c in the Linux kernel allowed local users     to cause a denial of service (__tcp_select_window     divide-by-zero error and system crash) by triggering a     disconnect within a certain tcp_recvmsg code path     (bnc#1056982).

  - CVE-2017-14489: The iscsi_if_rx function in     drivers/scsi/scsi_transport_iscsi.c in the Linux kernel     allowed local users to cause a denial of service (panic)     by leveraging incorrect length validation (bnc#1059051).

  - CVE-2017-15265: Use-after-free vulnerability in the     Linux kernel before 4.14-rc5 allowed local users to have     unspecified impact via vectors related to /dev/snd/seq     (bnc#1062520).

  - CVE-2017-15649: net/packet/af_packet.c in the Linux     kernel allowed local users to gain privileges via     crafted system calls that trigger mishandling of     packet_fanout data structures, because of a race     condition (involving fanout_add and packet_do_bind) that     leads to a use-after-free, a different vulnerability     than CVE-2017-6346 (bnc#1064388).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The openSUSE Leap 42.3 kernel was updated to 4.4.87 to receive various security and bugfixes.

The following security bugs were fixed :

  - CVE-2017-1000251: The native Bluetooth stack in the     Linux Kernel (BlueZ) was vulnerable to a stack overflow     vulnerability in the processing of L2CAP configuration     responses resulting in Remote code execution in kernel     space (bnc#1057389).

  - CVE-2017-14106: The tcp_disconnect function in     net/ipv4/tcp.c in the Linux kernel allowed local users     to cause a denial of service (__tcp_select_window     divide-by-zero error and system crash) by triggering a     disconnect within a certain tcp_recvmsg code path     (bnc#1056982).

  - CVE-2017-11472: The acpi_ns_terminate() function in     drivers/acpi/acpica/nsutils.c in the Linux kernel did     not flush the operand cache and causes a kernel stack     dump, which allowed local users to obtain sensitive     information from kernel memory and bypass the KASLR     protection mechanism via a crafted ACPI table     (bnc#1049580).

The following non-security bugs were fixed :

  - acpica: IORT: Update SMMU models for revision C     (bsc#1036060).

  - acpi/nfit: Fix memory corruption/Unregister mce decoder     on failure (bsc#1057047).

  - ahci: do not use MSI for devices with the silly Intel     NVMe remapping scheme (bsc#1048912).

  - ahci: thunderx2: stop engine fix update (bsc#1057031).

  - alsa: hda/realtek - Add support headphone Mic for ALC221     of HP platform (bsc#1024405).

  - arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT     (bsc#1046529).

  - arm64: PCI: Fix struct acpi_pci_root_ops allocation     failure path (bsc#1056849).

  - arm64: Update config files. Enable ARCH_PROC_KCORE_TEXT

  - blacklist.conf: gcc7 compiler warning (bsc#1056849)

  - bnxt: add a missing rcu synchronization (bnc#1038583).

  - bnxt: do not busy-poll when link is down (bnc#1038583).

  - bnxt_en: Enable MRU enables bit when configuring VNIC     MRU (bnc#1038583).

  - bnxt_en: Fix and clarify link_info->advertising     (bnc#1038583).

  - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).

  - bnxt_en: Fix NULL pointer dereference in a failure path     during open (bnc#1038583).

  - bnxt_en: Fix NULL pointer dereference in reopen failure     path (bnc#1038583).

  - bnxt_en: fix pci cleanup in bnxt_init_one() failure path     (bnc#1038583).

  - bnxt_en: Fix ring arithmetic in bnxt_setup_tc()     (bnc#1038583).

  - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).

  - bnxt_en: Fix 'uninitialized variable' bug in TPA code     path (bnc#1038583).

  - bnxt_en: Fix VF virtual link state (bnc#1038583).

  - bnxt_en: initialize rc to zero to avoid returning     garbage (bnc#1038583).

  - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).

  - bnxt_en: Refactor TPA code path (bnc#1038583).

  - ceph: fix readpage from fscache (bsc#1057015).

  - cifs: add build_path_from_dentry_optional_prefix()     (fate#323482).

  - cifs: add use_ipc flag to SMB2_ioctl() (fate#323482).

  - cifs: Fix sparse warnings (fate#323482).

  - cifs: implement get_dfs_refer for SMB2+ (fate#323482).

  - cifs: let ses->ipc_tid hold smb2 TreeIds (fate#323482).

  - cifs: move DFS response parsing out of SMB1 code     (fate#323482).

  - cifs: remove any preceding delimiter from prefix_path     (fate#323482).

  - cifs: set signing flag in SMB2+ TreeConnect if needed     (fate#323482).

  - cifs: use DFS pathnames in SMB2+ Create requests     (fate#323482).

  - cpufreq: intel_pstate: Disable energy efficiency     optimization (bsc#1054654).

  - cxgb4: Fix stack out-of-bounds read due to wrong size to     t4_record_mbox() (bsc#1021424 bsc#1022743).

  - device-dax: fix cdev leak (bsc#1057047).

  - dmaengine: mv_xor_v2: do not use descriptors not acked     by async_tx (bsc#1056849).

  - dmaengine: mv_xor_v2: enable XOR engine after its     configuration (bsc#1056849).

  - dmaengine: mv_xor_v2: fix tx_submit() implementation     (bsc#1056849).

  - dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc()     error properly (bsc#1056849).

  - dmaengine: mv_xor_v2: properly handle wrapping in the     array of HW descriptors (bsc#1056849).

  - dmaengine: mv_xor_v2: remove interrupt coalescing     (bsc#1056849).

  - dmaengine: mv_xor_v2: set DMA mask to 40 bits     (bsc#1056849).

  - drivers: base: cacheinfo: fix boot error message when     acpi is enabled (bsc#1057849).

  - edac, thunderx: Fix a warning during l2c debugfs node     creation (bsc#1057038).

  - edac, thunderx: Fix error handling path in     thunderx_lmc_probe() (bsc#1057038).

  - fs/proc: kcore: use kcore_list type to check for     vmalloc/module address (bsc#1046529).

  - gfs2: Do not clear SGID when inheriting ACLs     (bsc#1012829).

  - ib/hns: checking for IS_ERR() instead of NULL     (bsc#1056849).

  - ibmvnic: Clean up resources on probe failure     (fate#323285, bsc#1058116).

  - ib/rxe: Add dst_clone() in prepare_ipv6_hdr()     (bsc#1049361).

  - ib/rxe: Avoid ICRC errors by copying into the skb first     (bsc#1049361).

  - ib/rxe: Disable completion upcalls when a CQ is     destroyed (bsc#1049361).

  - ib/rxe: Fix destination cache for IPv6 (bsc#1049361).

  - ib/rxe: Fix up rxe_qp_cleanup() (bsc#1049361).

  - ib/rxe: Fix up the responder's find_resources() function     (bsc#1049361).

  - ib/rxe: Handle NETDEV_CHANGE events (bsc#1049361).

  - ib/rxe: Move refcounting earlier in rxe_send()     (bsc#1049361).

  - ib/rxe: Remove dangling prototype (bsc#1049361).

  - ib/rxe: Remove unneeded initialization in prepare6()     (bsc#1049361).

  - ib/rxe: Set dma_mask and coherent_dma_mask     (bsc#1049361).

  - iommu/arm-smmu-v3, acpi: Add temporary Cavium SMMU-V3     IORT model number definitions (bsc#1036060).

  - iommu/arm-smmu-v3: Increase CMDQ drain timeout value     (bsc#1035479). Refresh patch to mainline version

  - irqchip/gic-v3-its: Fix command buffer allocation     (bsc#1057067).

  - iwlwifi: mvm: do not send CTDP commands via debugfs if     not supported (bsc#1031717).

  - kernel/*: switch to memdup_user_nul() (bsc#1048893).

  - lightnvm: remove unused rq parameter of     nvme_nvm_rqtocmd() to kill warning (FATE#319466).

  - md/raid5: fix a race condition in stripe batch     (linux-stable).

  - mmc: sdhci-xenon: add set_power callback (bsc#1057035).

  - mmc: sdhci-xenon: Fix the work flow in xenon_remove()     (bsc#1057035).

  - mm/page_alloc.c: apply gfp_allowed_mask before the first     allocation attempt (bnc#971975 VM -- git fixes).

  - mm/vmalloc.c: huge-vmap: fail gracefully on unexpected     huge vmap mappings (bsc#1046529).

  - new helper: memdup_user_nul() (bsc#1048893).

  - nfs: flush data when locking a file to ensure cache     coherence for mmap (bsc#981309).

  - pci: rockchip: Handle regulator_get_current_limit()     failure correctly (bsc#1056849).

  - pci: rockchip: Use normal register bank for config     accessors (bsc#1056849).

  - pm / Domains: Fix unsafe iteration over modified list of     domains (bsc#1056849).

  - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).

  - scsi: hisi_sas: add missing break in switch statement     (bsc#1056849).

  - sysctl: fix lax sysctl_check_table() sanity check     (bsc#1048893).

  - sysctl: fold sysctl_writes_strict checks into helper     (bsc#1048893).

  - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).

  - sysctl: simplify unsigned int support (bsc#1048893).

  - ubifs: Correctly evict xattr inodes (bsc#1012829).

  - ubifs: Do not leak kernel memory to the MTD     (bsc#1012829).

  - xfs: fix inobt inode allocation search optimization     (bsc#1012829).

The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various security and bugfixes.

The following security bugs were fixed :

  - CVE-2017-1000251: The native Bluetooth stack in the     Linux Kernel (BlueZ) was vulnerable to a stack overflow     vulnerability in the processing of L2CAP configuration     responses resulting in Remote code execution in kernel     space (bnc#1057389).

  - CVE-2017-14106: The tcp_disconnect function in     net/ipv4/tcp.c in the Linux kernel allowed local users     to cause a denial of service (__tcp_select_window     divide-by-zero error and system crash) by triggering a     disconnect within a certain tcp_recvmsg code path     (bnc#1056982).

  - CVE-2017-11472: The acpi_ns_terminate() function in     drivers/acpi/acpica/nsutils.c in the Linux kernel did     not flush the operand cache and causes a kernel stack     dump, which allowed local users to obtain sensitive     information from kernel memory and bypass the KASLR     protection mechanism (in the kernel through 4.9) via a     crafted ACPI table (bnc#1049580).

  - CVE-2017-14051: An integer overflow in the     qla2x00_sysfs_write_optrom_ctl function in     drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel     allowed local users to cause a denial of service (memory     corruption and system crash) by leveraging root access     (bnc#1056588).

  - CVE-2017-12134: The xen_biovec_phys_mergeable function     in drivers/xen/biomerge.c in Xen might allow local OS     guest users to corrupt block device data streams and     consequently obtain sensitive memory information, cause     a denial of service, or gain host OS privileges by     leveraging incorrect block IO merge-ability calculation     (bnc#1051790 1053919).

The following non-security bugs were fixed :

  - acpi / scan: Prefer devices without _HID for _ADR     matching (git-fixes).

  - alsa: hda - Add stereo mic quirk for Lenovo G50-70     (17aa:3978) (bsc#1020657).

  - alsa: hda - Implement mic-mute LED mode enum     (bsc#1055013).

  - alsa: hda/realtek - Add support headphone Mic for ALC221     of HP platform (bsc#1024405).

  - alsa: ice1712: Add support for STAudio ADCIII     (bsc#1048934).

  - alsa: usb-audio: Apply sample rate quirk to Sennheiser     headset (bsc#1052580).

  - Add 'shutdown' to 'struct class' (bsc#1053117).

  - bluetooth: bnep: fix possible might sleep error in     bnep_session (bsc#1031784).

  - bluetooth: cmtp: fix possible might sleep error in     cmtp_session (bsc#1031784).

  - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).

  - nfs: flush data when locking a file to ensure cache     coherence for mmap (bsc#981309).

  - Revert '/proc/iomem: only expose physical resource     addresses to privileged users' (kabi).

  - Revert 'Make file credentials available to the seqfile     interfaces' (kabi).

  - usb: core: fix device node leak (bsc#1047487).

  - Update     patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_     trusted.patch (bsc#1020645, fate#321435, fate#321507,     fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37).

  - bnxt: add a missing rcu synchronization (bnc#1038583).

  - bnxt: do not busy-poll when link is down (bnc#1038583).

  - bnxt_en: Enable MRU enables bit when configuring VNIC     MRU (bnc#1038583).

  - bnxt_en: Fix 'uninitialized variable' bug in TPA code     path (bnc#1038583).

  - bnxt_en: Fix NULL pointer dereference in a failure path     during open (bnc#1038583).

  - bnxt_en: Fix NULL pointer dereference in reopen failure     path (bnc#1038583).

  - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).

  - bnxt_en: Fix VF virtual link state (bnc#1038583).

  - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).

  - bnxt_en: Fix and clarify link_info->advertising     (bnc#1038583).

  - bnxt_en: Fix ring arithmetic in bnxt_setup_tc()     (bnc#1038583).

  - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).

  - bnxt_en: Refactor TPA code path (bnc#1038583).

  - bnxt_en: fix pci cleanup in bnxt_init_one() failure path     (bnc#1038583).

  - bnxt_en: initialize rc to zero to avoid returning     garbage (bnc#1038583).

  - ceph: fix readpage from fscache (bsc#1057015).

  - cxgb4: Fix stack out-of-bounds read due to wrong size to     t4_record_mbox() (bsc#1021424 bsc#1022743).

  - drivers: net: xgene: Fix wrong logical operation     (bsc#1056827).

  - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K     (bsc#1048155).

  - fuse: initialize the flock flag in fuse_file on     allocation (git-fixes).

  - gfs2: Do not clear SGID when inheriting ACLs     (bsc#1012829).

  - ibmvnic: Clean up resources on probe failure     (fate#323285, bsc#1058116).

  - iwlwifi: missing error code in iwl_trans_pcie_alloc()     (bsc#1031717).

  - iwlwifi: mvm: do not send CTDP commands via debugfs if     not supported (bsc#1031717).

  - kernel/*: switch to memdup_user_nul() (bsc#1048893).

  - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).

  - lib: test_rhashtable: fix for large entry counts     (bsc#1055359).

  - lightnvm: remove unused rq parameter of     nvme_nvm_rqtocmd() to kill warning (FATE#319466).

  - md/raid5: fix a race condition in stripe batch     (linux-stable).

  - mm, madvise: ensure poisoned pages are removed from     per-cpu lists (VM hw poison -- git fixes).

  - mm/page_alloc.c: apply gfp_allowed_mask before the first     allocation attempt (bnc#971975 VM -- git fixes).

  - mptsas: Fixup device hotplug for VMware ESXi     (bsc#1030850).

  - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).

  - netfilter: x_tables: pack percpu counter allocations     (bsc#1052888).

  - netfilter: x_tables: pass xt_counters struct instead of     packet counter (bsc#1052888).

  - netfilter: x_tables: pass xt_counters struct to counter     allocator (bsc#1052888).

  - new helper: memdup_user_nul() (bsc#1048893).

  - of: fix '/cpus' reference leak in     of_numa_parse_cpu_nodes() (bsc#1056827).

  - ovl: fix dentry leak for default_permissions     (bsc#1054084).

  - percpu_ref: allow operation mode switching operations to     be called concurrently (bsc#1055096).

  - percpu_ref: remove unnecessary RCU grace period for     staggered atomic switching confirmation (bsc#1055096).

  - percpu_ref: reorganize __percpu_ref_switch_to_atomic()     and relocate percpu_ref_switch_to_atomic()     (bsc#1055096).

  - percpu_ref: restructure operation mode switching     (bsc#1055096).

  - percpu_ref: unify staggered atomic switching wait     behavior (bsc#1055096).

  - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).

  - s390: export symbols for crash-kmp (bsc#1053915).

  - supported.conf: clear mistaken external support flag for     cifs.ko (bsc#1053802).

  - sysctl: fix lax sysctl_check_table() sanity check     (bsc#1048893).

  - sysctl: fold sysctl_writes_strict checks into helper     (bsc#1048893).

  - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).

  - sysctl: simplify unsigned int support (bsc#1048893).

  - tpm: Issue a TPM2_Shutdown for TPM2 devices     (bsc#1053117).

  - tpm: KABI fix (bsc#1053117).

  - tpm: fix: return rc when devm_add_action() fails     (bsc#1020645, fate#321435, fate#321507, fate#321600,     bsc#1034048, git-fixes 8e0ee3c9faed).

  - tpm: read burstcount from TPM_STS in one 32-bit     transaction (bsc#1020645, fate#321435, fate#321507,     fate#321600, bsc#1034048, git-fixes 27084efee0c3).

  - tpm_tis_core: Choose appropriate timeout for reading     burstcount (bsc#1020645, fate#321435, fate#321507,     fate#321600, bsc#1034048, git-fixes aec04cbdf723).

  - tpm_tis_core: convert max timeouts from msec to jiffies     (bsc#1020645, fate#321435, fate#321507, fate#321600,     bsc#1034048, git-fixes aec04cbdf723).

  - tty: serial: msm: Support more bauds (git-fixes).

  - ubifs: Correctly evict xattr inodes (bsc#1012829).

  - ubifs: Do not leak kernel memory to the MTD     (bsc#1012829).

  - xfs: fix inobt inode allocation search optimization     (bsc#1012829).

ID	Name	Product	Family	Severity
124977	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1524)	Nessus	Huawei Local Security Checks	high
112113	Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3754-1)	Nessus	Ubuntu Local Security Checks	high
111887	Photon OS 1.0: Binutils / C / Dnsmasq / Git / Gnutls / Krb5 / Linux / Mercurial / Mesos / Nginx PHSA-2017-0038 (deprecated)	Nessus	PhotonOS Local Security Checks	high
108878	Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2)	Nessus	Ubuntu Local Security Checks	high
108842	Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1)	Nessus	Ubuntu Local Security Checks	high
104253	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)	Nessus	SuSE Local Security Checks	high
104171	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2847-1) (KRACK)	Nessus	SuSE Local Security Checks	high
103288	openSUSE Security Update : the Linux Kernel (openSUSE-2017-1063) (BlueBorne)	Nessus	SuSE Local Security Checks	high
103287	openSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)	Nessus	SuSE Local Security Checks	high

CVE-2017-11472

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins