openSUSE Security Update : the Linux Kernel (openSUSE-2017-890)

High Nessus Plugin ID 102332

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE Leap 42.3 kernel was updated to 4.4.79 to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882).

- CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).

- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bnc#1049483).

- CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645).

The following non-security bugs were fixed :

- ACPI / processor: Avoid reserving IO regions too early (bsc#1051478).

- ALSA: fm801: Initialize chip after IRQ handler is registered (bsc#1031717).

- Added sbitmap patch to blacklist.conf Add a patch 'sbitmap: fix wakeup hang after sbq resize' to the blacklist.conf file because it is not needed in SLE 12 SP2.

- Btrfs: incremental send, fix invalid path for link commands (bsc#1051479).

- Btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479).

- Btrfs: send, fix invalid path after renaming and linking file (bsc#1051479).

- Delete patches.drivers/0004-iommu-amd-reduce-delay-waiting-for- command-buffer-space. Remove the patch because it caused problems for users. See bsc#1048348.

- Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'

- Fix kABI breakage by KVM CVE fix (bsc#1045922).

- IB/rxe: Fix kernel panic from skb destructor (bsc#1049361).

- KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478).

- KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478).

- KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).

- NFS: Cache aggressively when file is open for writing (bsc#1033587).

- NFS: Do not flush caches for a getattr that races with writeback (bsc#1033587).

- NFS: invalidate file size when taking a lock (git-fixes).

- PCI / PM: Fix native PME handling during system suspend/resume (bsc#1051478).

- PCI: Add Mellanox device IDs (bsc#1051478).

- PCI: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478).

- PCI: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).

- PCI: Enable ECRC only if device supports it (bsc#1051478).

- PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478).

- PCI: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478).

- PCI: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478).

- PM / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059).

- RDMA/qedr: Prevent memory overrun in verbs' user responses (bsc#1022604 FATE#321747).

- README.BRANCH: Add Oliver as openSUSE-42.3 branch co-maintainer

- Refresh patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix a stupid bug where the VCPU_REGS_TF shift was used as a mask.

- Revert 'Add 'shutdown' to 'struct class'.' (kabi).

- Revert 'mm/list_lru.c: fix list_lru_count_node() to be race free' (kabi).

- Revert 'powerpc/numa: Fix percpu allocations to be NUMA aware' (bsc#1048914).

- Revert 'powerpc/numa: Fix percpu allocations to be NUMA aware' (bsc#1048914).

- Revert 'tpm: Issue a TPM2_Shutdown for TPM2 devices.' (kabi).

- Update patches.drivers/0011-hpsa-remove-abort-handler.patch (bsc#1022600 fate#321928 bsc#1016119).

- Update patches.fixes/xfs-refactor-log-record-unpack-and-data-pr ocessing.patch (bsc#1043598, bsc#1036215).

- apply mainline tags to some hyperv patches

- arm64: kernel: restrict /dev/mem read() calls to linear region (bsc#1046651).++ kernel-source.spec (revision 3)%define patchversion 4.4.79Version: 4.4.79Release:
<RELEASE>.g4dc78e3

- arm64: mm: remove page_mapping check in
__sync_icache_dcache (bsc#1040347).

- blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb()

- blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)

- blacklist.conf: Blacklist 4e201566402c ('genirq/msi:
Drop artificial PCI dependency') (bsc#1051478) This commit just removes an include and does not fix a real issue.

- blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning.

- blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478).

- blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog:
Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478).

- blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI:
Initialize MSI capability for all architectures') This only fixes machines not supported by our kernels.

- blacklist.conf: Do not need 55d728a40d36, we do it differently in SLE

- blacklist.conf: add inapplicable commits for wifi (bsc#1031717)

- blacklist.conf: blacklist 7b73305160f1, unneeded cleanup

- blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be # FRV not applicable to SLE

- blkfront: add uevent for size change (bnc#1036632).

- block: Fix front merge check (bsc#1051239).

- brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).

- btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).

- btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).

- btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682).

- cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).

- cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778).

- cxgb4: fix a NULL dereference (bsc#1005778).

- cxgb4: fix memory leak in init_one() (bsc#1005778).

- dentry name snapshots (bsc#1049483).

- device-dax: fix sysfs attribute deadlock (bsc#1048919).

- drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).

- drm/vmwgfx: Fix large topology crash (bsc#1048155).

- drm/vmwgfx: Support topology greater than texture size (bsc#1048155).

- efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).

- ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).

- ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).

- ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).

- ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829).

- gcov: add support for gcc version >= 6 (bsc#1051663).

- gcov: support GCC 7.1 (bsc#1051663).

- gfs2: fix flock panic issue (bsc#1012829).

- hv: print extra debug in kvp_on_msg in error paths (bnc#1039153).

- hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421).

- hv_netvsc: Fix the queue index computation in forwarding case (bsc#1048421).

- i2c: designware-baytrail: fix potential NULL pointer dereference on dev (bsc#1011913).

- introduce the walk_process_tree() helper (bnc#1022476).

- iommu/amd: Fix interrupt remapping when disable guest_mode (bsc#1051471).

- iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).

- iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).

- iwlwifi: pcie: fix command completion name debug (bsc#1031717).

- kABI-fix for 'x86/panic: replace smp_send_stop() with kdump friendly version in panic path' (bsc#1051478).

- kABI: protect lwtunnel include in ip6_route.h (kabi).

- kABI: protect struct iscsi_tpg_attrib (kabi).

- kABI: protect struct tpm_chip (kabi).

- kABI: protect struct xfrm_dst (kabi).

- kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).

- libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1048919).

- libnvdimm, region: fix flush hint detection crash (bsc#1048919).

- libnvdimm: fix badblock range handling of ARS range (bsc#1051048).

- lightnvm: fix 'warning: &lsquo;ret&rsquo; may be used uninitialized' (FATE#319466).

- md-cluster: Fix a memleak in an error handling path (bsc#1049289).

- mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).

- mwifiex: do not update MCS set from hostapd (bsc#1031717).

- net/ena: switch to pci_alloc_irq_vectors (bsc#1047121).

- net: ena: add hardware hints capability to the driver (bsc#1047121).

- net: ena: add hardware hints capability to the driver (bsc#1047121).

- net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121).

- net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121).

- net: ena: add missing unmap bars on device removal (bsc#1047121).

- net: ena: add missing unmap bars on device removal (bsc#1047121).

- net: ena: add reset reason for each device FLR (bsc#1047121).

- net: ena: add reset reason for each device FLR (bsc#1047121).

- net: ena: add support for out of order rx buffers refill (bsc#1047121).

- net: ena: add support for out of order rx buffers refill (bsc#1047121).

- net: ena: allow the driver to work with small number of msix vectors (bsc#1047121).

- net: ena: allow the driver to work with small number of msix vectors (bsc#1047121).

- net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).

- net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).

- net: ena: change return value for unsupported features unsupported return value (bsc#1047121).

- net: ena: change return value for unsupported features unsupported return value (bsc#1047121).

- net: ena: change sizeof() argument to be the type pointer (bsc#1047121).

- net: ena: change sizeof() argument to be the type pointer (bsc#1047121).

- net: ena: disable admin msix while working in polling mode (bsc#1047121).

- net: ena: disable admin msix while working in polling mode (bsc#1047121).

- net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121).

- net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121).

- net: ena: fix race condition between submit and completion admin command (bsc#1047121).

- net: ena: fix race condition between submit and completion admin command (bsc#1047121).

- net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).

- net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).

- net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).

- net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).

- net: ena: separate skb allocation to dedicated function (bsc#1047121).

- net: ena: separate skb allocation to dedicated function (bsc#1047121).

- net: ena: update driver's rx drop statistics (bsc#1047121).

- net: ena: update driver's rx drop statistics (bsc#1047121).

- net: ena: update ena driver to version 1.1.7 (bsc#1047121).

- net: ena: update ena driver to version 1.1.7 (bsc#1047121).

- net: ena: update ena driver to version 1.2.0 (bsc#1047121).

- net: ena: update ena driver to version 1.2.0 (bsc#1047121).

- net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121).

- net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121).

- net: ena: use napi_schedule_irqoff when possible (bsc#1047121).

- net: ena: use napi_schedule_irqoff when possible (bsc#1047121).

- net: hns: Bugfix for Tx timeout handling in hns driver (bsc#1048451).

- net: phy: Do not perform software reset for Generic PHY (bsc#1042286).

- nvme: also provide a UUID in the WWID sysfs attribute (bsc#1048146).

- nvme: wwid_show: strip trailing 0-bytes (bsc#1048146).

- nvmet: identify controller: improve standard compliance (bsc#1048146).

- ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).

- ocfs2: Make ocfs2_set_acl() static (bsc#1030552).

- ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).

- perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).

- perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).

- perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).

- platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022).

- platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022).

- platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022).

- powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used (bsc#1049231).

- powerpc: Add POWER9 architected mode to cputable (bsc#1048916, fate#321439).

- powerpc: Support POWER9 in architected mode (bsc#1048916, fate#321439).

- prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476).

- qed: Add missing static/local dcbx info (bsc#1019695).

- qed: Correct print in iscsi error-flow (bsc#1019695).

- reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).

- reorder upstream commit d0c2c9973ecd net: use core MTU range checking in virt drivers

- rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063).

- s390/crash: Remove unused KEXEC_NOTE_BYTES (bsc#1049706).

- s390/kdump: remove code to create ELF notes in the crashed system (bsc#1049706).

- sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476).

- sched/debug: Print the scheduler topology group mask (bnc#1022476).

- sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).

- sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).

- sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476).

- sched/topology: Add sched_group_capacity debugging (bnc#1022476).

- sched/topology: Fix building of overlapping sched-groups (bnc#1022476).

- sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).

- sched/topology: Move comment about asymmetric node setups (bnc#1022476).

- sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476).

- sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).

- sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).

- sched/topology: Small cleanup (bnc#1022476).

- sched/topology: Verify the first group matches the child domain (bnc#1022476).

- scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).

- scsi: aacraid: Do not copy uninitialized stack memory to userspace (bsc#1048912).

- scsi: aacraid: fix leak of data from stack back to userspace (bsc#1048912).

- scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).

- scsi: lpfc: Add MDS Diagnostic support (bsc#1037838).

- scsi: lpfc: Add auto EQ delay logic (bsc#1042257).

- scsi: lpfc: Added recovery logic for running out of NVMET IO context resources (bsc#1037838).

- scsi: lpfc: Adding additional stats counters for nvme (bsc#1037838).

- scsi: lpfc: Cleanup entry_repost settings on SLI4 queues (bsc#1037838).

- scsi: lpfc: Driver responds LS_RJT to Beacon Off ELS - Linux (bsc#1044623).

- scsi: lpfc: Fix NMI watchdog assertions when running nvmet IOPS tests (bsc#1037838).

- scsi: lpfc: Fix NVME I+T not registering NVME as a supported FC4 type (bsc#1037838).

- scsi: lpfc: Fix NVMEI driver not decrementing counter causing bad rport state (bsc#1037838).

- scsi: lpfc: Fix NVMEI's handling of NVMET's PRLI response attributes (bsc#1037838).

- scsi: lpfc: Fix SLI3 drivers attempting NVME ELS commands (bsc#1044623).

- scsi: lpfc: Fix crash after firmware flash when IO is running (bsc#1044623).

- scsi: lpfc: Fix crash doing IO with resets (bsc#1044623).

- scsi: lpfc: Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an abort request (bsc#1044623).

- scsi: lpfc: Fix debugfs root inode 'lpfc' not getting deleted on driver unload (bsc#1037838).

- scsi: lpfc: Fix defects reported by Coverity Scan (bsc#1042257).

- scsi: lpfc: Fix nvme io stoppage after link bounce (bsc#1045404).

- scsi: lpfc: Fix nvmet RQ resource needs for large block writes (bsc#1037838).

- scsi: lpfc: Fix system crash when port is reset (bsc#1037838).

- scsi: lpfc: Fix system panic when express lane enabled (bsc#1044623).

- scsi: lpfc: Fix used-RPI accounting problem (bsc#1037838).

- scsi: lpfc: Reduce time spent in IRQ for received NVME commands (bsc#1044623).

- scsi: lpfc: Separate NVMET RQ buffer posting from IO resources SGL/iocbq/context (bsc#1037838).

- scsi: lpfc: Separate NVMET data buffer pool fir ELS/CT (bsc#1037838).

- scsi: lpfc: Vport creation is failing with 'Link Down' error (bsc#1044623).

- scsi: lpfc: fix refcount error on node list (bsc#1045404).

- scsi: lpfc: update to revision to 11.4.0.1 (bsc#1044623).

- scsi: lpfc: update version to 11.2.0.14 (bsc#1037838).

- scsi: qedf: Fix a return value in case of error in 'qedf_alloc_global_queues' (bsc#1048912).

- scsi: qedi: Remove WARN_ON for untracked cleanup (bsc#1044443).

- scsi: qedi: Remove WARN_ON from clear task context (bsc#1044443).

- sfc: Add ethtool -m support for QSFP modules (bsc#1049619).

- string.h: add memcpy_and_pad() (bsc#1048146).

- timers: Plug locking race vs. timer migration (bnc#1022476).

- udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).

- udf: Fix races with i_size changes during readpage (bsc#1012829).

- x86/LDT: Print the real LDT base address (bsc#1051478).

- x86/mce: Make timer handling more robust (bsc#1042422).

- x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478).

- x86/platform/uv/BAU: Disable BAU on single hub configurations (bsc#1050320).

- x86/platform/uv/BAU: Fix congested_response_us not taking effect (bsc#1050322).

- xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563).

- xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422).

- xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).

- xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598).

- xfs: detect and trim torn writes during log recovery (bsc#1036215).

- xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).

- xfs: refactor and open code log record crc check (bsc#1036215).

- xfs: refactor log record start detection into a new helper (bsc#1036215).

- xfs: return start block of first bad log record during recovery (bsc#1036215).

- xfs: support a crc verification only log record pass (bsc#1036215).

- xgene: Do not fail probe, if there is no clk resource for SGMII interfaces (bsc#1048501).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1005778

https://bugzilla.opensuse.org/show_bug.cgi?id=1011913

https://bugzilla.opensuse.org/show_bug.cgi?id=1012829

https://bugzilla.opensuse.org/show_bug.cgi?id=1013887

https://bugzilla.opensuse.org/show_bug.cgi?id=1016119

https://bugzilla.opensuse.org/show_bug.cgi?id=1019695

https://bugzilla.opensuse.org/show_bug.cgi?id=1022476

https://bugzilla.opensuse.org/show_bug.cgi?id=1022600

https://bugzilla.opensuse.org/show_bug.cgi?id=1022604

https://bugzilla.opensuse.org/show_bug.cgi?id=1028286

https://bugzilla.opensuse.org/show_bug.cgi?id=1030552

https://bugzilla.opensuse.org/show_bug.cgi?id=1031717

https://bugzilla.opensuse.org/show_bug.cgi?id=1033587

https://bugzilla.opensuse.org/show_bug.cgi?id=1036215

https://bugzilla.opensuse.org/show_bug.cgi?id=1036632

https://bugzilla.opensuse.org/show_bug.cgi?id=1037838

https://bugzilla.opensuse.org/show_bug.cgi?id=1039153

https://bugzilla.opensuse.org/show_bug.cgi?id=1040347

https://bugzilla.opensuse.org/show_bug.cgi?id=1042257

https://bugzilla.opensuse.org/show_bug.cgi?id=1042286

https://bugzilla.opensuse.org/show_bug.cgi?id=1042422

https://bugzilla.opensuse.org/show_bug.cgi?id=1043598

https://bugzilla.opensuse.org/show_bug.cgi?id=1044443

https://bugzilla.opensuse.org/show_bug.cgi?id=1044623

https://bugzilla.opensuse.org/show_bug.cgi?id=1045404

https://bugzilla.opensuse.org/show_bug.cgi?id=1045563

https://bugzilla.opensuse.org/show_bug.cgi?id=1045922

https://bugzilla.opensuse.org/show_bug.cgi?id=1046651

https://bugzilla.opensuse.org/show_bug.cgi?id=1046682

https://bugzilla.opensuse.org/show_bug.cgi?id=1047121

https://bugzilla.opensuse.org/show_bug.cgi?id=1048146

https://bugzilla.opensuse.org/show_bug.cgi?id=1048155

https://bugzilla.opensuse.org/show_bug.cgi?id=1048348

https://bugzilla.opensuse.org/show_bug.cgi?id=1048421

https://bugzilla.opensuse.org/show_bug.cgi?id=1048451

https://bugzilla.opensuse.org/show_bug.cgi?id=1048501

https://bugzilla.opensuse.org/show_bug.cgi?id=1048891

https://bugzilla.opensuse.org/show_bug.cgi?id=1048912

https://bugzilla.opensuse.org/show_bug.cgi?id=1048914

https://bugzilla.opensuse.org/show_bug.cgi?id=1048916

https://bugzilla.opensuse.org/show_bug.cgi?id=1048919

https://bugzilla.opensuse.org/show_bug.cgi?id=1049231

https://bugzilla.opensuse.org/show_bug.cgi?id=1049289

https://bugzilla.opensuse.org/show_bug.cgi?id=1049361

https://bugzilla.opensuse.org/show_bug.cgi?id=1049483

https://bugzilla.opensuse.org/show_bug.cgi?id=1049486

https://bugzilla.opensuse.org/show_bug.cgi?id=1049603

https://bugzilla.opensuse.org/show_bug.cgi?id=1049619

https://bugzilla.opensuse.org/show_bug.cgi?id=1049645

https://bugzilla.opensuse.org/show_bug.cgi?id=1049706

https://bugzilla.opensuse.org/show_bug.cgi?id=1049882

https://bugzilla.opensuse.org/show_bug.cgi?id=1050061

https://bugzilla.opensuse.org/show_bug.cgi?id=1050188

https://bugzilla.opensuse.org/show_bug.cgi?id=1050320

https://bugzilla.opensuse.org/show_bug.cgi?id=1050322

https://bugzilla.opensuse.org/show_bug.cgi?id=1051022

https://bugzilla.opensuse.org/show_bug.cgi?id=1051048

https://bugzilla.opensuse.org/show_bug.cgi?id=1051059

https://bugzilla.opensuse.org/show_bug.cgi?id=1051239

https://bugzilla.opensuse.org/show_bug.cgi?id=1051471

https://bugzilla.opensuse.org/show_bug.cgi?id=1051478

https://bugzilla.opensuse.org/show_bug.cgi?id=1051479

https://bugzilla.opensuse.org/show_bug.cgi?id=1051663

https://bugzilla.opensuse.org/show_bug.cgi?id=964063

https://bugzilla.opensuse.org/show_bug.cgi?id=974215

Plugin Details

Severity: High

ID: 102332

File Name: openSUSE-2017-890.nasl

Version: 3.4

Type: local

Agent: unix

Published: 2017/08/10

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/08/09

Reference Information

CVE: CVE-2017-11473, CVE-2017-7533, CVE-2017-7541, CVE-2017-7542