openSUSE Security Update : the Linux Kernel (openSUSE-2017-930)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The openSUSE Leap 42.3 kernel was updated to receive various security
and bugfixes.

The following security bugs were fixed :

- CVE-2017-1000111: Fixed a race condition in net-packet
code that could be exploited to cause out-of-bounds
memory access (bsc#1052365).

- CVE-2017-1000112: Fixed a race condition in net-packet
code that could have been exploited by unprivileged
users to gain root access. (bsc#1052311).

- CVE-2017-8831: The saa7164_bus_get function in
drivers/media/pci/saa7164/saa7164-bus.c in the Linux
kernel allowed local users to cause a denial of service
(out-of-bounds array access) or possibly have
unspecified other impact by changing a certain
sequence-number value, aka a 'double fetch'
vulnerability (bnc#1037994).

The following non-security bugs were fixed :

- acpi/nfit: Add support of NVDIMM memory error
notification in ACPI 6.2 (bsc#1052325).

- acpi/nfit: Issue Start ARS to retrieve existing records
(bsc#1052325).

- bcache: force trigger gc (bsc#1038078).

- bcache: only recovery I/O error for writethrough mode
(bsc#1043652).

- block: do not allow updates through sysfs until
registration completes (bsc#1047027).

- config: disable CONFIG_RT_GROUP_SCHED (bsc#1052204).

- drivers: hv: : As a bandaid, increase HV_UTIL_TIMEOUT
from 30 to 60 seconds (bnc#1039153)

- drivers: hv: Fix a typo (fate#320485).

- drivers: hv: util: Make hv_poll_channel() a little more
efficient (fate#320485).

- drivers: hv: vmbus: Close timing hole that can corrupt
per-cpu page (fate#320485).

- drivers: hv: vmbus: Fix error code returned by
vmbus_post_msg() (fate#320485).

- Fix kABI breakage with CONFIG_RT_GROUP_SCHED=n
(bsc#1052204).

- hv_netvsc: change netvsc device default duplex to FULL
(fate#320485).

- hv_netvsc: Fix the carrier state error when data path is
off (fate#320485).

- hv_netvsc: Remove unnecessary var link_state from struct
netvsc_device_info (fate#320485).

- hyperv: fix warning about missing prototype
(fate#320485).

- hyperv: netvsc: Neaten netvsc_send_pkt by using a
temporary (fate#320485).

- hyperv: remove unnecessary return variable
(fate#320485).

- i40e/i40evf: Fix use after free in Rx cleanup path
(bsc#1051689).

- IB/hfi1: Wait for QSFP modules to initialize
(bsc#1019151).

- ibmvnic: Check for transport event on driver resume
(bsc#1051556, bsc#1052709).

- ibmvnic: Initialize SCRQ's during login renegotiation
(bsc#1052223).

- ibmvnic: Report rx buffer return codes as netdev_dbg
(bsc#1052794).

- iommu/amd: Enable ga_log_intr when enabling guest_mode
(bsc1052533).

- iommu/amd: Fix schedule-while-atomic BUG in
initialization code (bsc1052533).

- KABI protect struct acpi_nfit_desc (bsc#1052325).

- kabi/severities: add drivers/scsi/hisi_sas to kabi
severities

- libnvdimm: fix badblock range handling of ARS range
(bsc#1023175).

- libnvdimm, pmem: fix a NULL pointer BUG in
nd_pmem_notify (bsc#1023175).

- net: add netdev_lockdep_set_classes() helper
(fate#320485).

- net: hyperv: use new api
ethtool_{get|set}_link_ksettings (fate#320485).

- net/mlx4_core: Fixes missing capability bit in flags2
capability dump (bsc#1015337).

- net/mlx4_core: Fix namespace misalignment in QinQ VST
support commit (bsc#1015337).

- net/mlx4_core: Fix sl_to_vl_change bit offset in flags2
dump (bsc#1015337).

- netsvc: Remove upstream commit e14b4db7a567 netvsc: fix
race during initialization will be replaced by following
changes

- netsvc: Revert 'netvsc: optimize calculation of number
of slots' (fate#320485).

- netvsc: add comments about callback's and NAPI
(fate#320485).

- netvsc: Add #include's for csum_* function declarations
(fate#320485).

- netvsc: add rtnl annotations in rndis (fate#320485).

- netvsc: add some rtnl_dereference annotations
(fate#320485).

- netvsc: avoid race with callback (fate#320485).

- netvsc: change logic for change mtu and set_queues
(fate#320485).

- netvsc: change max channel calculation (fate#320485).

- netvsc: change order of steps in setting queues
(fate#320485).

- netvsc: Deal with rescinded channels correctly
(fate#320485).

- netvsc: do not access netdev->num_rx_queues directly
(fate#320485).

- netvsc: do not overload variable in same function
(fate#320485).

- netvsc: do not print pointer value in error message
(fate#320485).

- netvsc: eliminate unnecessary skb == NULL checks
(fate#320485).

- netvsc: enable GRO (fate#320485).

- netvsc: Fix a bug in sub-channel handling (fate#320485).

- netvsc: fix and cleanup rndis_filter_set_packet_filter
(fate#320485).

- netvsc: fix calculation of available send sections
(fate#320485).

- netvsc: fix dereference before null check errors
(fate#320485).

- netvsc: fix error unwind on device setup failure
(fate#320485).

- netvsc: fix hang on netvsc module removal (fate#320485).

- netvsc: fix NAPI performance regression (fate#320485).

- netvsc: fix net poll mode (fate#320485).

- netvsc: fix netvsc_set_channels (fate#320485).

- netvsc: fix ptr_ret.cocci warnings (fate#320485).

- netvsc: fix rcu dereference warning from ethtool
(fate#320485).

- netvsc: fix RCU warning in get_stats (fate#320485).

- netvsc: fix return value for set_channels (fate#320485).

- netvsc: fix rtnl deadlock on unregister of vf
(fate#320485, bsc#1052442).

- netvsc: fix use after free on module removal
(fate#320485).

- netvsc: fix warnings reported by lockdep (fate#320485).

- netvsc: fold in get_outbound_net_device (fate#320485).

- netvsc: force link update after MTU change
(fate#320485).

- netvsc: handle offline mtu and channel change
(fate#320485).

- netvsc: implement NAPI (fate#320485).

- netvsc: include rtnetlink.h (fate#320485).

- netvsc: Initialize all channel related state prior to
opening the channel (fate#320485).

- netvsc: make sure and unregister datapath (fate#320485,
bsc#1052899).

- netvsc: make sure napi enabled before vmbus_open
(fate#320485).

- netvsc: mark error cases as unlikely (fate#320485).

- netvsc: move filter setting to rndis_device
(fate#320485).

- netvsc: need napi scheduled during removal
(fate#320485).

- netvsc: need rcu_derefence when accessing internal
device info (fate#320485).

- netvsc: optimize calculation of number of slots
(fate#320485).

- netvsc: optimize receive completions (fate#320485).

- netvsc: pass net_device to netvsc_init_buf and
netvsc_connect_vsp (fate#320485).

- netvsc: prefetch the first incoming ring element
(fate#320485).

- netvsc: Properly initialize the return value
(fate#320485).

- netvsc: remove bogus rtnl_unlock (fate#320485).

- netvsc: remove no longer used max_num_rss queues
(fate#320485).

- netvsc: Remove redundant use of ipv6_hdr()
(fate#320485).

- netvsc: remove unnecessary indirection of page_buffer
(fate#320485).

- netvsc: remove unnecessary lock on shutdown
(fate#320485).

- netvsc: remove unused #define (fate#320485).

- netvsc: replace netdev_alloc_skb_ip_align with
napi_alloc_skb (fate#320485).

- netvsc: save pointer to parent netvsc_device in channel
table (fate#320485).

- netvsc: signal host if receive ring is emptied
(fate#320485).

- netvsc: transparent VF management (fate#320485,
bsc#1051979).

- netvsc: use ERR_PTR to avoid dereference issues
(fate#320485).

- netvsc: use hv_get_bytes_to_read (fate#320485).

- netvsc: use napi_consume_skb (fate#320485).

- netvsc: use RCU to protect inner device structure
(fate#320485).

- netvsc: uses RCU instead of removal flag (fate#320485).

- netvsc: use typed pointer for internal state
(fate#320485).

- nvme: fabrics commands should use the fctype field for
data direction (bsc#1043805).

- powerpc/perf: Fix SDAR_MODE value for continous sampling
on Power9 (bsc#1053043 (git-fixes)).

- powerpc/tm: Fix saving of TM SPRs in core dump
(fate#318470, git-fixes 08e1c01d6aed).

- qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773,
LTC#157374).

- rdma/bnxt_re: checking for NULL instead of IS_ERR()
(bsc#1052925).

- scsi: aacraid: fix PCI error recovery path
(bsc#1048912).

- scsi_devinfo: fixup string compare (bsc#1037404).

- scsi_dh_alua: suppress errors from unsupported devices
(bsc#1038792).

- scsi: hisi_sas: add pci_dev in hisi_hba struct
(bsc#1049298).

- scsi: hisi_sas: add v2 hw internal abort timeout
workaround (bsc#1049298).

- scsi: hisi_sas: controller reset for multi-bits ECC and
AXI fatal errors (bsc#1049298).

- scsi: hisi_sas: fix NULL deference when TMF timeouts
(bsc#1049298).

- scsi: hisi_sas: fix timeout check in
hisi_sas_internal_task_abort() (bsc#1049298).

- scsi: hisi_sas: optimise DMA slot memory (bsc#1049298).

- scsi: hisi_sas: optimise the usage of hisi_hba.lock
(bsc#1049298).

- scsi: hisi_sas: relocate get_ata_protocol()
(bsc#1049298).

- scsi: hisi_sas: workaround a SoC SATA IO processing bug
(bsc#1049298).

- scsi: hisi_sas: workaround SoC about abort timeout bug
(bsc#1049298).

- scsi: hisi_sas: workaround STP link SoC bug
(bsc#1049298).

- scsi: lpfc: do not double count abort errors
(bsc#1048912).

- scsi: lpfc: fix linking against modular NVMe support
(bsc#1048912).

- scsi: qedi: Fix return code in qedi_ep_connect()
(bsc#1048912).

- scsi: storvsc: Prefer kcalloc over kzalloc with multiply
(fate#320485).

- scsi: storvsc: remove return at end of void function
(fate#320485).

- tools: hv: Add clean up for included files in Ubuntu net
config (fate#320485).

- tools: hv: Add clean up function for Ubuntu config
(fate#320485).

- tools: hv: properly handle long paths (fate#320485).

- tools: hv: set allow-hotplug for VF on Ubuntu
(fate#320485).

- tools: hv: set hotplug for VF on Suse (fate#320485).

- tools: hv: vss: Thaw the filesystem and continue if
freeze call has timed out (fate#320485).

- vfs: fix missing inode_get_dev sites (bsc#1052049).

- vmbus: cleanup header file style (fate#320485).

- vmbus: expose debug info for drivers (fate#320485).

- vmbus: fix spelling errors (fate#320485).

- vmbus: introduce in-place packet iterator (fate#320485).

- vmbus: only reschedule tasklet if time limit exceeded
(fate#320485).

- vmbus: re-enable channel tasklet (fate#320485).

- vmbus: remove unnecessary initialization (fate#320485).

- vmbus: remove useless return's (fate#320485).

- x86/dmi: Switch dmi_remap() from ioremap() to
ioremap_cache() (bsc#1051399).

- x86/hyperv: Check frequency MSRs presence according to
the specification (fate#320485).

- The package release number was increased to be higher
than the Leap 42.2 package (boo#1053531).

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1015337
https://bugzilla.opensuse.org/show_bug.cgi?id=1019151
https://bugzilla.opensuse.org/show_bug.cgi?id=1023175
https://bugzilla.opensuse.org/show_bug.cgi?id=1037404
https://bugzilla.opensuse.org/show_bug.cgi?id=1037994
https://bugzilla.opensuse.org/show_bug.cgi?id=1038078
https://bugzilla.opensuse.org/show_bug.cgi?id=1038792
https://bugzilla.opensuse.org/show_bug.cgi?id=1039153
https://bugzilla.opensuse.org/show_bug.cgi?id=1043652
https://bugzilla.opensuse.org/show_bug.cgi?id=1043805
https://bugzilla.opensuse.org/show_bug.cgi?id=1047027
https://bugzilla.opensuse.org/show_bug.cgi?id=1048912
https://bugzilla.opensuse.org/show_bug.cgi?id=1049298
https://bugzilla.opensuse.org/show_bug.cgi?id=1051399
https://bugzilla.opensuse.org/show_bug.cgi?id=1051556
https://bugzilla.opensuse.org/show_bug.cgi?id=1051689
https://bugzilla.opensuse.org/show_bug.cgi?id=1051979
https://bugzilla.opensuse.org/show_bug.cgi?id=1052049
https://bugzilla.opensuse.org/show_bug.cgi?id=1052204
https://bugzilla.opensuse.org/show_bug.cgi?id=1052223
https://bugzilla.opensuse.org/show_bug.cgi?id=1052311
https://bugzilla.opensuse.org/show_bug.cgi?id=1052325
https://bugzilla.opensuse.org/show_bug.cgi?id=1052365
https://bugzilla.opensuse.org/show_bug.cgi?id=1052442
https://bugzilla.opensuse.org/show_bug.cgi?id=1052533
https://bugzilla.opensuse.org/show_bug.cgi?id=1052709
https://bugzilla.opensuse.org/show_bug.cgi?id=1052773
https://bugzilla.opensuse.org/show_bug.cgi?id=1052794
https://bugzilla.opensuse.org/show_bug.cgi?id=1052899
https://bugzilla.opensuse.org/show_bug.cgi?id=1052925
https://bugzilla.opensuse.org/show_bug.cgi?id=1053043
https://bugzilla.opensuse.org/show_bug.cgi?id=1053531

Solution :

Update the affected the Linux Kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 102510 ()

Bugtraq ID:

CVE ID: CVE-2017-1000111
CVE-2017-1000112
CVE-2017-8831

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now