openSUSE Security Update : the Linux Kernel (openSUSE-2017-891)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE Leap 42.2 kernel was updated to 4.4.79 to receive various
security and bugfixes.

The following security bugs were fixed :

- CVE-2017-7542: The ip6_find_1stfragopt function in
net/ipv6/output_core.c in the Linux kernel allowed local
users to cause a denial of service (integer overflow and
infinite loop) by leveraging the ability to open a raw
socket (bnc#1049882).

- CVE-2017-11473: Buffer overflow in the
mp_override_legacy_irq() function in
arch/x86/kernel/acpi/boot.c in the Linux kernel allowed
local users to gain privileges via a crafted ACPI table

- CVE-2017-7533: A bug in inotify code allowed local users
to escalate privilege (bnc#1049483).

- CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in
1.c in the Linux kernel allowed local users to cause a
denial of service (buffer overflow and system crash) or
possibly gain privileges via a crafted NL80211_CMD_FRAME
Netlink packet (bnc#1049645).

- CVE-2017-10810: Memory leak in the
virtio_gpu_object_create function in
drivers/gpu/drm/virtio/virtgpu_object.c in the Linux
kernel allowed attackers to cause a denial of service
(memory consumption) by triggering object-initialization
failures (bnc#1047277).

The following non-security bugs were fixed :

- acpi / processor: Avoid reserving IO regions too early

- af_key: Add lock to key dump (bsc#1047653).

- af_key: Fix slab-out-of-bounds in pfkey_compile_policy

- alsa: fm801: Initialize chip after IRQ handler is
registered (bsc#1031717).

- alsa: hda - Fix endless loop of codec configure

- alsa: hda - set input_path bitmap to zero after moving
it to new place (bsc#1031717).

- b43: Add missing MODULE_FIRMWARE() (bsc#1037344).

- bcache: force trigger gc (bsc#1038078).

- bcache: only recovery I/O error for writethrough mode

- bdi: Fix use-after-free in wb_congested_put()

- blacklist 2400fd822f46 powerpc/asm: Mark cr0 as
clobbered in mftb()

- blacklist.conf :

- blacklist.conf: 1151f838cb62 is high-risk and we're not
aware of any systems that might need it in SP2.

- blacklist.conf: 8b8642af15ed not a supported driver

- blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)

- blacklist.conf: add inapplicable commits for wifi

- blacklist.conf: add unapplicable/cosmetic iwlwifi fixes

- blacklist.conf: add unapplicable drm fixes

- blacklist.conf: Blacklist 4e201566402c ('genirq/msi:
Drop artificial PCI dependency') (bsc#1051478) This
commit just removes an include and does not fix a real

- blacklist.conf: blacklist 7b73305160f1, unneeded cleanup

- blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix
access_ok() argument type') (bsc#1051478) Fixes only a

- blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix
timeout test in test_nmi_ipi()') It only fixes a
self-test (bsc#1051478).

- blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog:
Fix Kconfig help text file path reference to lockup
watchdog documentation') Updates only kconfig help-text

- blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI:
Initialize MSI capability for all architectures') This
only fixes machines not supported by our kernels.

- blacklist.conf: build time cleanup our kernel compiles.
No need to shut up warnings nobody looks at

- blacklist.conf: cleanup, no bugs fixed

- blacklist.conf: cxgb4 commit does not fit for SP2

- blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be
# FRV not applicable to SLE

- blacklist.conf: Do not need 55d728a40d36, we do it
differently in SLE

- blacklist.conf: kABI breakage This touches struct

- blacklist.conf: lp8788 is not compiled

- blacklist.conf: unneeded Fixing debug statements on BE
systems for IrDA

- blkfront: add uevent for size change (bnc#1036632).

- block: Allow bdi re-registration (bsc#1040307).

- block: Fix front merge check (bsc#1051239).

- block: Make del_gendisk() safer for disks without queues

- block: Move bdi_unregister() to del_gendisk()

- brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain

- btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items

- btrfs: Add WARN_ON for qgroup reserved underflow

- btrfs: Do not clear SGID when inheriting ACLs

- btrfs: fix lockup in find_free_extent with read-only
block groups (bsc#1046682).

- btrfs: incremental send, fix invalid path for link
commands (bsc#1051479).

- btrfs: incremental send, fix invalid path for unlink
commands (bsc#1051479).

- btrfs: resume qgroup rescan on rw remount (bsc#1047152).

- btrfs: send, fix invalid path after renaming and linking
file (bsc#1051479).

- cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).

- crypto: s5p-sss - fix incorrect usage of scatterlists
api (bsc#1048317).

- cx82310_eth: use skb_cow_head() to deal with cloned skbs
(bsc# 1045154).

- cxl: Unlock on error in probe (bsc#1034762, Pending SUSE
Kernel Fixes).

- dentry name snapshots (bsc#1049483).

- dm: fix second blk_delay_queue() parameter to be in msec
units not (bsc#1047670).

- drivers: hv: Fix the bug in generating the guest ID

- drivers: hv: util: Fix a typo (fate#320485).

- drivers: hv: vmbus: Get the current time from the
current clocksource (fate#320485, bnc#1044112,
bnc#1042778, bnc#1029693).

- drivers: hv: vmbus: Increase the time between retries in
vmbus_post_msg() (fate#320485, bnc#1044112).

- drivers: hv: vmbus: Move the code to signal end of
message (fate#320485).

- drivers: hv: vmbus: Move the definition of
generate_guest_id() (fate#320485).

- drivers: hv: vmbus: Move the definition of
hv_x64_msr_hypercall_contents (fate#320485).

- drivers: hv: vmbus: Restructure the clockevents code

- drm/amdgpu: Fix overflow of watermark calcs at > 4k
resolutions (bsc#1031717).

- drm/bochs: Implement nomodeset (bsc#1047096).

- drm/i915/fbdev: Stop repeating tile configuration on
stagnation (bsc#1031717).

- drm/i915: Fix scaler init during CRTC HW state readout

- drm/virtio: do not leak bo on drm_gem_object_init
failure (bsc#1047277).

- drm/vmwgfx: Fix large topology crash (bsc#1048155).

- drm/vmwgfx: Support topology greater than texture size

- drop patches; obsoleted by 'scsi: Add

- efi/libstub: Skip GOP with PIXEL_BLT_ONLY format

- ext2: Do not clear SGID when inheriting ACLs

- ext4: avoid unnecessary stalls in ext4_evict_inode()

- ext4: Do not clear SGID when inheriting ACLs

- ext4: handle the rest of ext4_mb_load_buddy() ENOMEM
errors (bsc#1012829).

- Fix kABI breakage by KVM CVE fix (bsc#1045922).

- fs/fcntl: f_setown, avoid undefined behaviour

- gcov: add support for gcc version >= 6 (bsc#1051663).

- gcov: support GCC 7.1 (bsc#1051663).

- gfs2: fix flock panic issue (bsc#1012829).

- hrtimer: Catch invalid clockids again (bsc#1047651).

- hrtimer: Revert CLOCK_MONOTONIC_RAW support

- hv_utils: drop .getcrosststamp() support from PTP driver
(fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).

- hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts
(fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).

- hv_util: switch to using timespec64 (fate#320485).

- i2c: designware-baytrail: fix potential NULL pointer
dereference on dev (bsc#1011913).

- i40e: add hw struct local variable (bsc#1039915).

- i40e: add private flag to control source pruning

- i40e: add VSI info to macaddr messages (bsc#1039915).

- i40e: avoid looping to check whether we're in VLAN mode

- i40e: avoid O(n^2) loop when deleting all filters

- i40e: delete filter after adding its replacement when
converting (bsc#1039915).

- i40e: do not add broadcast filter for VFs (bsc#1039915).

- i40e: do not allow i40e_vsi_(add|kill)_vlan to operate
when VID<1 (bsc#1039915).

- i40e: drop is_vf and is_netdev fields in struct
i40e_mac_filter (bsc#1039915).

- i40e: enable VSI broadcast promiscuous mode instead of
adding broadcast filter (bsc#1039915).

- i40e: factor out addition/deletion of VLAN per each MAC
address (bsc#1039915).

- i40e: fix MAC filters when removing VLANs (bsc#1039915).

- i40e: fold the i40e_is_vsi_in_vlan check into
i40e_put_mac_in_vlan (bsc#1039915).

- i40e: implement __i40e_del_filter and use where
applicable (bsc#1039915).

- i40e: make use of __dev_uc_sync and __dev_mc_sync

- i40e: move all updates for VLAN mode into
i40e_sync_vsi_filters (bsc#1039915).

- i40e: move i40e_put_mac_in_vlan and
i40e_del_mac_all_vlan (bsc#1039915).

- i40e: no need to check is_vsi_in_vlan before calling
i40e_del_mac_all_vlan (bsc#1039915).

- i40e: properly cleanup on allocation failure in
i40e_sync_vsi_filters (bsc#1039915).

- i40e: recalculate vsi->active_filters from hash contents

- i40e: refactor i40e_put_mac_in_vlan to avoid changing
f->vlan (bsc#1039915).

- i40e: refactor i40e_update_filter_state to avoid passing
aq_err (bsc#1039915).

- i40e: refactor Rx filter handling (bsc#1039915).

- i40e: Removal of workaround for simple MAC address
filter deletion (bsc#1039915).

- i40e: remove code to handle dev_addr specially

- i40e: removed unreachable code (bsc#1039915).

- i40e: remove duplicate add/delete adminq command code
for filters (bsc#1039915).

- i40e: remove second check of VLAN_N_VID in
i40e_vlan_rx_add_vid (bsc#1039915).

- i40e: rename i40e_put_mac_in_vlan and
i40e_del_mac_all_vlan (bsc#1039915).

- i40e: restore workaround for removing default MAC filter

- i40e: set broadcast promiscuous mode for each active
VLAN (bsc#1039915).

- i40e: store MAC/VLAN filters in a hash with the MAC
Address as key (bsc#1039915).

- i40e: use (add|rm)_vlan_all_mac helper functions when
changing PVID (bsc#1039915).

- i40e: when adding or removing MAC filters, correctly
handle VLANs (bsc#1039915).

- i40e: When searching all MAC/VLAN filters, ignore
removed filters (bsc#1039915).

- i40e: write HENA for VFs (bsc#1039915).

- iio: hid-sensor: fix return of -EINVAL on invalid values
in ret or value (bsc#1031717).

- Input: gpio-keys - fix check for disabling unsupported
keys (bsc#1031717).

- introduce the walk_process_tree() helper (bnc#1022476).

- ipv4: Should use consistent conditional judgement for ip
fragment in __ip_append_data and ip_finish_output

- ipv6: Should use consistent conditional judgement for
ip6 fragment between __ip6_append_data and
ip6_finish_output (bsc#1041958).

- iwlwifi: mvm: compare full command ID (FATE#321353,

- iwlwifi: mvm: reset the fw_dump_desc pointer after
ASSERT (bsc#1031717).

- iwlwifi: mvm: synchronize firmware DMA paging memory
(FATE#321353, FATE#323335).

- iwlwifi: mvm: unconditionally stop device after init

- iwlwifi: mvm: unmap the paging memory before freeing it
(FATE#321353, FATE#323335).

- iwlwifi: pcie: fix command completion name debug

- kABI-fix for 'x86/panic: replace smp_send_stop() with
kdump friendly version in panic path' (bsc#1051478).

- kABI: protect lwtunnel include in ip6_route.h (kabi).

- kABI: protect struct iscsi_tpg_attrib (kabi).

- kABI: protect struct tpm_chip (kabi).

- kABI: protect struct xfrm_dst (kabi).

- kABI: protect struct xfrm_dst (kabi).

- kvm: nVMX: fix msr bitmaps to prevent L2 from accessing
L0 x2APIC (bsc#1051478).

- kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls

- kvm: nVMX: Fix nested VPID vmx exec control

- kvm: x86: avoid simultaneous queueing of both IRQ and
SMI (bsc#1051478).

- mac80211_hwsim: Replace bogus hrtimer clockid

- md: fix sleep in atomic (bsc#1040351).

- mm: adaptive hash table scaling (bnc#1036303).

- mm-adaptive-hash-table-scaling-v5 (bnc#1036303).

- mm: call page_ext_init() after all struct pages are
initialized (VM Debugging Functionality, bsc#1047048).

- mm: drop HASH_ADAPT (bnc#1036303).

- mm: fix classzone_idx underflow in shrink_zones() (VM
Functionality, bsc#1042314).

- mm: make PR_SET_THP_DISABLE immediately active

- More Git-commit header fixups No functional change

- mwifiex: do not update MCS set from hostapd

- net: account for current skb length when deciding about
UFO (bsc#1041958).

- net: ena: add hardware hints capability to the driver

- net: ena: add missing return when
ena_com_get_io_handlers() fails (bsc#1047121).

- net: ena: add missing unmap bars on device removal

- net: ena: add reset reason for each device FLR

- net: ena: add support for out of order rx buffers refill

- net: ena: allow the driver to work with small number of
msix vectors (bsc#1047121).

- net: ena: bug fix in lost tx packets detection mechanism

- net: ena: change return value for unsupported features
unsupported return value (bsc#1047121).

- net: ena: change sizeof() argument to be the type
pointer (bsc#1047121).

- net: ena: disable admin msix while working in polling
mode (bsc#1047121).

- net: ena: fix bug that might cause hang after
consecutive open/close interface (bsc#1047121).

- net: ena: fix race condition between submit and
completion admin command (bsc#1047121).

- net: ena: fix rare uncompleted admin command false alarm

- net: ena: fix theoretical Rx hang on low memory systems

- net: ena: separate skb allocation to dedicated function

- net: ena: update driver's rx drop statistics

- net: ena: update ena driver to version 1.1.7

- net: ena: update ena driver to version 1.2.0

- net: ena: use lower_32_bits()/upper_32_bits() to split
dma address (bsc#1047121).

- net: ena: use napi_schedule_irqoff when possible

- net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in
napi_frags_finish() (bsc#1042286).

- net/mlx5: Fix driver load error flow when firmware is
stuck (git-fixes).

- net: phy: Do not perform software reset for Generic PHY

- nfs: Cache aggressively when file is open for writing

- nfs: Do not flush caches for a getattr that races with
writeback (bsc#1033587).

- nfs: invalidate file size when taking a lock

- nfs: only invalidate dentrys that are clearly invalid

- ocfs2: Do not clear SGID when inheriting ACLs

- ocfs2: fix deadlock caused by recursive locking in xattr

- ocfs2: Make ocfs2_set_acl() static (bsc#1030552).

- pci: Add Mellanox device IDs (bsc#1051478).

- pci: Convert Mellanox broken INTx quirks to be for
listed devices only (bsc#1051478).

- pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).

- pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and
IRQSTATUS_MAIN (bsc#1051478).

- pci: dwc: Fix uninitialized variable in
dw_handle_msi_irq() (bsc#1051478).

- pci: Enable ECRC only if device supports it

- PCI / PM: Fix native PME handling during system
suspend/resume (bsc#1051478).

- pci: Support INTx masking on ConnectX-4 with firmware
x.14.1100+ (bsc#1051478).

- perf/x86: Fix spurious NMI with PEBS Load Latency event

- perf/x86/intel: Cure bogus unwind from PEBS entries

- perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).

- platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to
no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to
no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to
no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB
to no_hw_rfkill dmi list (bsc#1051022).

- platform/x86: ideapad-laptop: Add several models to
no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add Y520-15IKBN to
no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add Y700 15-ACZ to
no_hw_rfkill DMI list (bsc#1051022).

- platform/x86: ideapad-laptop: Add Y720-15IKBN to
no_hw_rfkill (bsc#1051022).

- Pm / Hibernate: Fix scheduling while atomic during
hibernation (bsc#1051059).

- prctl: propagate has_child_subreaper flag to every
descendant (bnc#1022476).

- README.BRANCH: Add Oliver as openSUSE-42.2 branch

- Refresh
patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix
a stupid bug where the VCPU_REGS_TF shift was used as a

- reiserfs: Do not clear SGID when inheriting ACLs

- Revert 'ACPI / video: Add force_native quirk for HP
Pavilion dv6' (bsc#1031717).

- Revert 'Add 'shutdown' to 'struct class'.' (kabi).

- Revert 'kvm: x86: fix emulation of RSM and IRET
instructions' (kabi).

- Revert 'mm/list_lru.c: fix list_lru_count_node() to be
race free' (kabi).

- Revert 'powerpc/numa: Fix percpu allocations to be NUMA
aware' (bsc#1048914).

- Revert 'tpm: Issue a TPM2_Shutdown for TPM2 devices.'

- rpm/ should not
touch build-id This needs rpm-4.14+ (bsc#964063).

- sched/core: Allow __sched_setscheduler() in interrupts
when PI is not used (bnc#1022476).

- sched/debug: Print the scheduler topology group mask

- sched/fair, cpumask: Export for_each_cpu_wrap()

- sched/fair: Fix O(nr_cgroups) in load balance path

- sched/fair: Use task_groups instead of leaf_cfs_rq_list
to walk all cfs_rqs (bnc#1022476).

- sched/topology: Add sched_group_capacity debugging

- sched/topology: Fix building of overlapping sched-groups

- sched/topology: Fix overlapping sched_group_capacity

- sched/topology: Move comment about asymmetric node
setups (bnc#1022476).

- sched/topology: Refactor function
build_overlap_sched_groups() (bnc#1022476).

- sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).

- sched/topology: Simplify build_overlap_sched_groups()

- sched/topology: Small cleanup (bnc#1022476).

- sched/topology: Verify the first group matches the child
domain (bnc#1022476).

- scsi: Add STARGET_CREATE_REMOVE state to
scsi_target_state (bsc#1013887).

- scsi: bnx2i: missing error code in bnx2i_ep_connect()

- scsi: kABI fix for new state STARGET_CREATED_REMOVE

- scsi: storvsc: Workaround for virtual DVD SCSI version
(fate#320485, bnc#1044636).

- smsc75xx: use skb_cow_head() to deal with cloned skbs

- sr9700: use skb_cow_head() to deal with cloned skbs

- sysctl: do not print negative flag for proc_douintvec

- timers: Plug locking race vs. timer migration

- udf: Fix deadlock between writeback and udf_setsize()

- udf: Fix races with i_size changes during readpage

- x86/LDT: Print the real LDT base address (bsc#1051478).

- x86/mce: Make timer handling more robust (bsc#1042422).

- x86/panic: replace smp_send_stop() with kdump friendly
version in panic path (bsc#1051478).

- xen: allocate page for shared info page from low memory

- xen/balloon: do not online new memory initially

- xen: hold lock_device_hotplug throughout vcpu hotplug
operations (bsc#1042422).

- xen-netfront: Rework the fix for Rx stall during OOM and
network stress (git-fixes).

- xen/pvh*: Support > 32 VCPUs at domain restore

- xfrm: NULL dereference on allocation failure

- xfrm: Oops on error in pfkey_msg2xfrm_state()

- xfs: do not BUG() on mixed direct and mapped I/O

- xfs: Do not clear SGID when inheriting ACLs

See also :

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

High / CVSS Base Score : 7.8

Family: SuSE Local Security Checks

Nessus Plugin ID: 102333 ()

Bugtraq ID:

CVE ID: CVE-2017-10810

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now