openSUSE Security Update : Linux Kernel (openSUSE-2015-302)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Linux kernel was updated to fix bugs and security issues :

Following security issues were fixed: CVE-2015-2830: A flaw was found
in the way the Linux kernels 32-bit emulation implementation handled
forking or closing of a task with an int80 entry. A local user could
have potentially used this flaw to escalate their privileges on the

CVE-2015-2042: A kernel information leak in rds sysctl files was

CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename
function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the
Linux kernel allowed local users to cause a denial of service (buffer
overflow and system crash) or possibly gain privileges via a crafted

CVE-2015-0275: A BUG_ON in ext4 was fixed which could be triggered by
local users.

CVE-2015-2666: A buffer overflow when loading microcode files into the
kernel could be used by the administrator to execute code in the
kernel, bypassing secure boot measures.

- CVE-2015-1421: Use-after-free vulnerability in the
sctp_assoc_update function in net/sctp/associola.c in
the Linux kernel allowed remote attackers to cause a
denial of service (slab corruption and panic) or
possibly have unspecified other impact by triggering an
INIT collision that leads to improper handling of
shared-key data.

- CVE-2015-2150: XSA-120: Guests were permitted to modify
all bits of the PCI command register of passed through
cards, which could lead to Host system crashes.

- CVE-2015-0777: The XEN usb backend could leak
information to the guest system due to copying
uninitialized memory.

- CVE-2015-1593: A integer overflow reduced the
effectiveness of the stack randomization on 64-bit

- CVE-2014-9419: The __switch_to function in
arch/x86/kernel/process_64.c in the Linux kernel did not
ensure that Thread Local Storage (TLS) descriptors are
loaded before proceeding with other steps, which made it
easier for local users to bypass the ASLR protection
mechanism via a crafted application that reads a TLS
base address.

- CVE-2014-9428: The batadv_frag_merge_packets function in
net/batman-adv/fragmentation.c in the B.A.T.M.A.N.
implementation in the Linux kernel used an incorrect
length field during a calculation of an amount of
memory, which allowed remote attackers to cause a denial
of service (mesh-node system crash) via fragmented

- CVE-2014-8160:
net/netfilter/nf_conntrack_proto_generic.c in the Linux
kernel generated incorrect conntrack entries during
handling of certain iptables rule sets for the SCTP,
DCCP, GRE, and UDP-Lite protocols, which allowed remote
attackers to bypass intended access restrictions via
packets with disallowed port numbers.

- CVE-2014-9529: Race condition in the key_gc_unused_keys
function in security/keys/gc.c in the Linux kernel
allowed local users to cause a denial of service (memory
corruption or panic) or possibly have unspecified other
impact via keyctl commands that trigger access to a key
structure member during garbage collection of a key.

- CVE-2014-9420: The rock_continue function in
fs/isofs/rock.c in the Linux kernel did not restrict the
number of Rock Ridge continuation entries, which allowed
local users to cause a denial of service (infinite loop,
and system crash or hang) via a crafted iso9660 image.

- CVE-2014-9584: The parse_rock_ridge_inode_internal
function in fs/isofs/rock.c in the Linux kernel did not
validate a length value in the Extensions Reference (ER)
System Use Field, which allowed local users to obtain
sensitive information from kernel memory via a crafted
iso9660 image.

- CVE-2014-9585: The vdso_addr function in
arch/x86/vdso/vma.c in the Linux kernel did not properly
choose memory locations for the vDSO area, which made it
easier for local users to bypass the ASLR protection
mechanism by guessing a location at the end of a PMD.

- CVE-2014-8559: The d_walk function in fs/dcache.c in the
Linux kernel through did not properly maintain the
semantics of rename_lock, which allowed local users to
cause a denial of service (deadlock and system hang) via
a crafted application.

- CVE-2014-8134: The paravirt_ops_setup function in
arch/x86/kernel/kvm.c in the Linux kernel used an
improper paravirt_enabled setting for KVM guest kernels,
which made it easier for guest OS users to bypass the
ASLR protection mechanism via a crafted application that
reads a 16-bit value.

Following bugs were fixed :

- powerpc/pci: Fix IO space breakage after
of_pci_range_to_resource() change (bnc#922542).

- cifs: fix use-after-free bug in find_writable_file

- usb: Do not allow usb_alloc_streams on unconfigured
devices (bsc#920581).

- fuse: honour max_read and max_write in direct_io mode

- switch iov_iter_get_pages() to passing maximal number of
pages (bnc#918954).

- bcache: fix a livelock in btree lock v2 (bnc#910440)
(bnc#910440). Updated because another version went

- drm/i915: Initialise userptr mmu_notifier serial to 1

- NFS: Don't try to reclaim delegation open state if
recovery failed (boo#909634).

- NFSv4: Ensure that we call FREE_STATEID when NFSv4.x
stateids are revoked (boo#909634).

- NFSv4: Fix races between nfs_remove_bad_delegation() and
delegation return (boo#909634).

- NFSv4: Ensure that we remove NFSv4.0 delegations when
state has expired (boo#909634).

- Fixing lease renewal (boo#909634).

- bcache: Fix a bug when detaching (bsc#908582).

- fix a leak in bch_cached_dev_run() (bnc#910440).

- bcache: unregister reboot notifier when bcache fails to
register a block device (bnc#910440).

- bcache: fix a livelock in btree lock (bnc#910440).

- bcache: [BUG] clear BCACHE_DEV_UNLINK_DONE flag when
attaching a backing device (bnc#910440).

- bcache: Add a cond_resched() call to gc (bnc#910440).

- storvsc: ring buffer failures may result in I/O freeze

- ALSA: seq-dummy: remove deadlock-causing events on close

- ALSA: pcm: Zero-clear reserved fields of PCM status
ioctl in compat mode (boo#916608).

- ALSA: bebob: Uninitialized id returned by
saffirepro_both_clk_src_get (boo#916608).

- ALSA: hda - Fix built-in mic on Compaq Presario CQ60

- ALSA: hda - Fix regression of HD-audio controller
fallback modes (bsc#921313).

- [media] sound: Update au0828 quirks table (boo#916608).

- [media] sound: simplify au0828 quirk table (boo#916608).

- ALSA: usb-audio: Add mic volume fix quirk for Logitech
Webcam C210 (boo#916608).

- ALSA: usb-audio: extend KEF X300A FU 10 tweak to Arcam
rPAC (boo#916608).

- ALSA: usb-audio: Add ctrl message delay quirk for
Marantz/Denon devices (boo#916608).

- ALSA: usb-audio: Fix memory leak in FTU quirk

- ALSA: usb-audio: Fix device_del() sysfs warnings at
disconnect (boo#916608).

- ALSA: hda - Add new GPU codec ID 0x10de0072 to snd-hda

- ALSA: hda - Fix wrong gpio_dir & gpio_mask hint setups
for IDT/STAC codecs (boo#916608).

- ALSA: hda/realtek - New codec support for ALC298

- ALSA: hda/realtek - New codec support for ALC256

- ALSA: hda/realtek - Add new Dell desktop for ALC3234
headset mode (boo#916608).

- ALSA: hda - Add EAPD fixup for ASUS Z99He laptop

- ALSA: hda - Fix built-in mic at resume on Lenovo Ideapad
S210 (boo#916608).

- ALSA: hda/realtek - Add headset Mic support for new Dell
machine (boo#916608).

- ALSA: hda_intel: Add DeviceIDs for Sunrise Point-LP

- ALSA: hda_intel: Add Device IDs for Intel Sunrise Point
PCH (boo#916608).

- ALSA: hda - add codec ID for Braswell display audio
codec (boo#916608).

- ALSA: hda - add PCI IDs for Intel Braswell (boo#916608).

- ALSA: hda - Add dock support for Thinkpad T440
(17aa:2212) (boo#916608).

- ALSA: hda - Set up GPIO for Toshiba Satellite S50D

- rpm/ Fix build if there is no
*.crt file

- mm, vmscan: prevent kswapd livelock due to
pfmemalloc-throttled process being killed (VM
Functionality bnc#910150).

- Input: evdev - fix EVIOCG{type} ioctl (bnc#904899).

- mnt: Implicitly add MNT_NODEV on remount when it was
implicitly added by mount (bsc#907988).

- Btrfs: fix scrub race leading to use-after-free

- Btrfs: fix setup_leaf_for_split() to avoid leaf
corruption (bnc#915454).

- Btrfs: fix fsync log replay for inodes with a mix of
regular refs and extrefs (bnc#915425).

- Btrfs: fix fsync when extend references are added to an
inode (bnc#915425).

- Btrfs: fix directory inconsistency after fsync log
replay (bnc#915425).

- Btrfs: make xattr replace operations atomic

- Btrfs: fix directory recovery from fsync log

- Btrfs: simplify insert_orphan_item (boo#926385).

- Btrfs: set proper message level for skinny metadata.

- Btrfs: make sure we wait on logged extents when fsycning
two subvols.

- Btrfs: fix lost return value due to variable shadowing.

- Btrfs: fix leak of path in btrfs_find_item.

- Btrfs: fix fsync data loss after adding hard link to

- Btrfs: fix fs corruption on transaction abort if device
supports discard.

- Btrfs: fix data loss in the fast fsync path.

- Btrfs: don't delay inode ref updates during log replay.

- Btrfs: do not move em to modified list when unpinning.

- Btrfs:__add_inode_ref: out of bounds memory read when
looking for extended ref.

- Btrfs: fix inode eviction infinite loop after cloning
into it (boo#905088).

- bcache: add mutex lock for bch_is_open (bnc#908612).

- bcache: Correct printing of btree_gc_max_duration_ms

- bcache: fix crash with incomplete cache set

- bcache: fix memory corruption in init error path

- bcache: Fix more early shutdown bugs (bnc#908605).

- bcache: fix use-after-free in btree_gc_coalesce()

- bcache: Fix an infinite loop in journal replay

- bcache: fix typo in bch_bkey_equal_header (bnc#908598).

- bcache: Make sure to pass GFP_WAIT to mempool_alloc()

- bcache: fix crash on shutdown in passthrough mode

- bcache: fix lockdep warnings on shutdown (bnc#908593).

- bcache allocator: send discards with correct size

- bcache: Fix to remove the rcu_sched stalls (bnc#908589).

- bcache: Fix a journal replay bug (bnc#908588).

- Update x86_64 config files: CONFIG_SENSORS_NCT6683=m The
nct6683 driver is already enabled on i386 and history
suggests that it not being enabled on x86_64 is by

- rpm/ Own the modules directory in
the devel package (bnc#910322)

- Revert 'iwlwifi: mvm: treat EAPOLs like mgmt frames wrt
rate' (bnc#900811).

- mm: free compound page with correct order (bnc#913695).

- drm/i915: More cautious with pch fifo underruns

- Refresh patches.arch/arm64-0039-generic-pci.patch (fix
PCI bridge support)

- x86/microcode/intel: Fish out the stashed microcode for
the BSP (bsc#903589).

- x86, microcode: Reload microcode on resume (bsc#903589).

- x86, microcode: Don't initialize microcode code on
paravirt (bsc#903589).

- x86, microcode, intel: Drop unused parameter

- x86, microcode, AMD: Do not use smp_processor_id() in
preemtible context (bsc#903589).

- x86, microcode: Update BSPs microcode on resume

- x86, microcode, AMD: Fix ucode patch stashing on 32-bit

- x86, microcode: Fix accessing dis_ucode_ldr on 32-bit

- x86, microcode, AMD: Fix early ucode loading on 32-bit

- Bluetooth: Add support for Broadcom BCM20702A0 variants
firmware download (bnc#911311).

- drm/radeon: fix sad_count check for dce3 (bnc#911356).

- drm/i915: Don't call intel_prepare_page_flip() multiple
times on gen2-4 (bnc#911835).

- udf: Check component length before reading it.

- udf: Check path length when reading symlink.

- udf: Verify symlink size before loading it.

- udf: Verify i_size when loading inode.

- arm64: Enable DRM

- arm64: Enable generic PHB driver (bnc#912061).

- ACPI / video: Add some Samsung models to
disable_native_backlight list (boo#905681).

- asus-nb-wmi: Add another wapf=4 quirk (boo#911438).

- asus-nb-wmi: Add wapf4 quirk for the X550VB

- asus-nb-wmi: Add wapf4 quirk for the U32U (boo#911438).

- asus-nb-wmi: Add wapf4 quirk for the X550CC

- asus-nb-wmi: Constify asus_quirks DMI table

- asus-nb-wmi: Add wapf4 quirk for the X550CL

- asus-nb-wmi.c: Rename x401u quirk to wapf4 (boo#911438).

- asus-nb-wmi: Add ASUSTeK COMPUTER INC. X200CA


- Input: synaptics - gate forcepad support by DMI check

- ext4: introduce aging to extent status tree

- ext4: cleanup flag definitions for extent status tree

- ext4: limit number of scanned extents in status tree
shrinker (bnc#893428).

- ext4: move handling of list of shrinkable inodes into
extent status code (bnc#893428).

- ext4: change LRU to round-robin in extent status tree
shrinker (bnc#893428).

- ext4: cache extent hole in extent status tree for
ext4_da_map_blocks() (bnc#893428).

- ext4: fix block reservation for bigalloc filesystems

- ext4: track extent status tree shrinker delay statictics

- ext4: improve extents status tree trace point

- rpm/ Provide name-version-release
for kgraft packages (bnc#901925)

- rpm/ Fix including the secure boot
cert in /etc/uefi/certs

- doc/README.SUSE: update Solid Driver team contacts

- rpm/ Do not sign firmware files

- Port module signing changes from SLE11-SP3 (fate#314508)

- doc/README.PATCH-POLICY.SUSE: add patch policy / best
practices document after installation.

- Update config files. (boo#925479) Do not set
CONFIG_SYSTEM_TRUSTED_KEYRING until we need it in future
openSUSE version: e.g. MODULE_SIG, IMA, PKCS7(new),

- Input: xpad - use proper endpoint type (bnc#926397).

- md: don't require sync_min to be a multiple of
chunk_size (bnc#910500).

See also :

Solution :

Update the affected Linux Kernel packages.

Risk factor :

Critical / CVSS Base Score : 10.0

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now