openSUSE Security Update : the Linux Kernel (openSUSE-2017-891)

High Nessus Plugin ID 102333

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 6.7

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE Leap 42.2 kernel was updated to 4.4.79 to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882).

- CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).

- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bnc#1049483).

- CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645).

- CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277).

The following non-security bugs were fixed :

- acpi / processor: Avoid reserving IO regions too early (bsc#1051478).

- af_key: Add lock to key dump (bsc#1047653).

- af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).

- alsa: fm801: Initialize chip after IRQ handler is registered (bsc#1031717).

- alsa: hda - Fix endless loop of codec configure (bsc#1031717).

- alsa: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717).

- b43: Add missing MODULE_FIRMWARE() (bsc#1037344).

- bcache: force trigger gc (bsc#1038078).

- bcache: only recovery I/O error for writethrough mode (bsc#1043652).

- bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).

- blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb()

- blacklist.conf :

- blacklist.conf: 1151f838cb62 is high-risk and we're not aware of any systems that might need it in SP2.

- blacklist.conf: 8b8642af15ed not a supported driver

- blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)

- blacklist.conf: add inapplicable commits for wifi (bsc#1031717)

- blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).

- blacklist.conf: add unapplicable drm fixes (bsc#1031717).

- blacklist.conf: Blacklist 4e201566402c ('genirq/msi:
Drop artificial PCI dependency') (bsc#1051478) This commit just removes an include and does not fix a real issue.

- blacklist.conf: blacklist 7b73305160f1, unneeded cleanup

- blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning.

- blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478).

- blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog:
Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478).

- blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI:
Initialize MSI capability for all architectures') This only fixes machines not supported by our kernels.

- blacklist.conf: build time cleanup our kernel compiles.
No need to shut up warnings nobody looks at

- blacklist.conf: cleanup, no bugs fixed

- blacklist.conf: cxgb4 commit does not fit for SP2

- blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be # FRV not applicable to SLE

- blacklist.conf: Do not need 55d728a40d36, we do it differently in SLE

- blacklist.conf: kABI breakage This touches struct device.

- blacklist.conf: lp8788 is not compiled

- blacklist.conf: unneeded Fixing debug statements on BE systems for IrDA

- blkfront: add uevent for size change (bnc#1036632).

- block: Allow bdi re-registration (bsc#1040307).

- block: Fix front merge check (bsc#1051239).

- block: Make del_gendisk() safer for disks without queues (bsc#1040307).

- block: Move bdi_unregister() to del_gendisk() (bsc#1040307).

- brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).

- btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).

- btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).

- btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).

- btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682).

- btrfs: incremental send, fix invalid path for link commands (bsc#1051479).

- btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479).

- btrfs: resume qgroup rescan on rw remount (bsc#1047152).

- btrfs: send, fix invalid path after renaming and linking file (bsc#1051479).

- cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).

- crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).

- cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).

- cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).

- dentry name snapshots (bsc#1049483).

- dm: fix second blk_delay_queue() parameter to be in msec units not (bsc#1047670).

- drivers: hv: Fix the bug in generating the guest ID (fate#320485).

- drivers: hv: util: Fix a typo (fate#320485).

- drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).

- drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112).

- drivers: hv: vmbus: Move the code to signal end of message (fate#320485).

- drivers: hv: vmbus: Move the definition of generate_guest_id() (fate#320485).

- drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents (fate#320485).

- drivers: hv: vmbus: Restructure the clockevents code (fate#320485).

- drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions (bsc#1031717).

- drm/bochs: Implement nomodeset (bsc#1047096).

- drm/i915/fbdev: Stop repeating tile configuration on stagnation (bsc#1031717).

- drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).

- drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).

- drm/vmwgfx: Fix large topology crash (bsc#1048155).

- drm/vmwgfx: Support topology greater than texture size (bsc#1048155).

- drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'

- efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).

- ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).

- ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).

- ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).

- ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829).

- Fix kABI breakage by KVM CVE fix (bsc#1045922).

- fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).

- gcov: add support for gcc version >= 6 (bsc#1051663).

- gcov: support GCC 7.1 (bsc#1051663).

- gfs2: fix flock panic issue (bsc#1012829).

- hrtimer: Catch invalid clockids again (bsc#1047651).

- hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).

- hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).

- hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).

- hv_util: switch to using timespec64 (fate#320485).

- i2c: designware-baytrail: fix potential NULL pointer dereference on dev (bsc#1011913).

- i40e: add hw struct local variable (bsc#1039915).

- i40e: add private flag to control source pruning (bsc#1034075).

- i40e: add VSI info to macaddr messages (bsc#1039915).

- i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).

- i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).

- i40e: delete filter after adding its replacement when converting (bsc#1039915).

- i40e: do not add broadcast filter for VFs (bsc#1039915).

- i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (bsc#1039915).

- i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter (bsc#1039915).

- i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter (bsc#1039915).

- i40e: factor out addition/deletion of VLAN per each MAC address (bsc#1039915).

- i40e: fix MAC filters when removing VLANs (bsc#1039915).

- i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (bsc#1039915).

- i40e: implement __i40e_del_filter and use where applicable (bsc#1039915).

- i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915).

- i40e: move all updates for VLAN mode into i40e_sync_vsi_filters (bsc#1039915).

- i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).

- i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (bsc#1039915).

- i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters (bsc#1039915).

- i40e: recalculate vsi->active_filters from hash contents (bsc#1039915).

- i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan (bsc#1039915).

- i40e: refactor i40e_update_filter_state to avoid passing aq_err (bsc#1039915).

- i40e: refactor Rx filter handling (bsc#1039915).

- i40e: Removal of workaround for simple MAC address filter deletion (bsc#1039915).

- i40e: remove code to handle dev_addr specially (bsc#1039915).

- i40e: removed unreachable code (bsc#1039915).

- i40e: remove duplicate add/delete adminq command code for filters (bsc#1039915).

- i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid (bsc#1039915).

- i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).

- i40e: restore workaround for removing default MAC filter (bsc#1039915).

- i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915).

- i40e: store MAC/VLAN filters in a hash with the MAC Address as key (bsc#1039915).

- i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID (bsc#1039915).

- i40e: when adding or removing MAC filters, correctly handle VLANs (bsc#1039915).

- i40e: When searching all MAC/VLAN filters, ignore removed filters (bsc#1039915).

- i40e: write HENA for VFs (bsc#1039915).

- iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value (bsc#1031717).

- Input: gpio-keys - fix check for disabling unsupported keys (bsc#1031717).

- introduce the walk_process_tree() helper (bnc#1022476).

- ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (bsc#1041958).

- ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (bsc#1041958).

- iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335).

- iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).

- iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353, FATE#323335).

- iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).

- iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353, FATE#323335).

- iwlwifi: pcie: fix command completion name debug (bsc#1031717).

- kABI-fix for 'x86/panic: replace smp_send_stop() with kdump friendly version in panic path' (bsc#1051478).

- kABI: protect lwtunnel include in ip6_route.h (kabi).

- kABI: protect struct iscsi_tpg_attrib (kabi).

- kABI: protect struct tpm_chip (kabi).

- kABI: protect struct xfrm_dst (kabi).

- kABI: protect struct xfrm_dst (kabi).

- kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478).

- kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).

- kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478).

- kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).

- mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651).

- md: fix sleep in atomic (bsc#1040351).

- mm: adaptive hash table scaling (bnc#1036303).

- mm-adaptive-hash-table-scaling-v5 (bnc#1036303).

- mm: call page_ext_init() after all struct pages are initialized (VM Debugging Functionality, bsc#1047048).

- mm: drop HASH_ADAPT (bnc#1036303).

- mm: fix classzone_idx underflow in shrink_zones() (VM Functionality, bsc#1042314).

- mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).

- More Git-commit header fixups No functional change intended.

- mwifiex: do not update MCS set from hostapd (bsc#1031717).

- net: account for current skb length when deciding about UFO (bsc#1041958).

- net: ena: add hardware hints capability to the driver (bsc#1047121).

- net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121).

- net: ena: add missing unmap bars on device removal (bsc#1047121).

- net: ena: add reset reason for each device FLR (bsc#1047121).

- net: ena: add support for out of order rx buffers refill (bsc#1047121).

- net: ena: allow the driver to work with small number of msix vectors (bsc#1047121).

- net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).

- net: ena: change return value for unsupported features unsupported return value (bsc#1047121).

- net: ena: change sizeof() argument to be the type pointer (bsc#1047121).

- net: ena: disable admin msix while working in polling mode (bsc#1047121).

- net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121).

- net: ena: fix race condition between submit and completion admin command (bsc#1047121).

- net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).

- net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).

- net: ena: separate skb allocation to dedicated function (bsc#1047121).

- net: ena: update driver's rx drop statistics (bsc#1047121).

- net: ena: update ena driver to version 1.1.7 (bsc#1047121).

- net: ena: update ena driver to version 1.2.0 (bsc#1047121).

- net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121).

- net: ena: use napi_schedule_irqoff when possible (bsc#1047121).

- net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() (bsc#1042286).

- net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes).

- net: phy: Do not perform software reset for Generic PHY (bsc#1042286).

- nfs: Cache aggressively when file is open for writing (bsc#1033587).

- nfs: Do not flush caches for a getattr that races with writeback (bsc#1033587).

- nfs: invalidate file size when taking a lock (git-fixes).

- nfs: only invalidate dentrys that are clearly invalid (bsc#1047118).

- ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).

- ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).

- ocfs2: Make ocfs2_set_acl() static (bsc#1030552).

- pci: Add Mellanox device IDs (bsc#1051478).

- pci: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478).

- pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).

- pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478).

- pci: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478).

- pci: Enable ECRC only if device supports it (bsc#1051478).

- PCI / PM: Fix native PME handling during system suspend/resume (bsc#1051478).

- pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478).

- perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).

- perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).

- perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).

- platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022).

- platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022).

- platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022).

- platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022).

- Pm / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059).

- prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476).

- README.BRANCH: Add Oliver as openSUSE-42.2 branch co-maintainer

- Refresh patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix a stupid bug where the VCPU_REGS_TF shift was used as a mask.

- reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).

- Revert 'ACPI / video: Add force_native quirk for HP Pavilion dv6' (bsc#1031717).

- Revert 'Add 'shutdown' to 'struct class'.' (kabi).

- Revert 'kvm: x86: fix emulation of RSM and IRET instructions' (kabi).

- Revert 'mm/list_lru.c: fix list_lru_count_node() to be race free' (kabi).

- Revert 'powerpc/numa: Fix percpu allocations to be NUMA aware' (bsc#1048914).

- Revert 'tpm: Issue a TPM2_Shutdown for TPM2 devices.' (kabi).

- rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063).

- sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476).

- sched/debug: Print the scheduler topology group mask (bnc#1022476).

- sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).

- sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).

- sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476).

- sched/topology: Add sched_group_capacity debugging (bnc#1022476).

- sched/topology: Fix building of overlapping sched-groups (bnc#1022476).

- sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).

- sched/topology: Move comment about asymmetric node setups (bnc#1022476).

- sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476).

- sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).

- sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).

- sched/topology: Small cleanup (bnc#1022476).

- sched/topology: Verify the first group matches the child domain (bnc#1022476).

- scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).

- scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).

- scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).

- scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485, bnc#1044636).

- smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).

- sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154).

- sysctl: do not print negative flag for proc_douintvec (bnc#1046985).

- timers: Plug locking race vs. timer migration (bnc#1022476).

- udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).

- udf: Fix races with i_size changes during readpage (bsc#1012829).

- x86/LDT: Print the real LDT base address (bsc#1051478).

- x86/mce: Make timer handling more robust (bsc#1042422).

- x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478).

- xen: allocate page for shared info page from low memory (bnc#1038616).

- xen/balloon: do not online new memory initially (bnc#1028173).

- xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422).

- xen-netfront: Rework the fix for Rx stall during OOM and network stress (git-fixes).

- xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563).

- xfrm: NULL dereference on allocation failure (bsc#1047343).

- xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).

- xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).

- xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1006180

https://bugzilla.opensuse.org/show_bug.cgi?id=1011913

https://bugzilla.opensuse.org/show_bug.cgi?id=1012829

https://bugzilla.opensuse.org/show_bug.cgi?id=1013887

https://bugzilla.opensuse.org/show_bug.cgi?id=1022476

https://bugzilla.opensuse.org/show_bug.cgi?id=1028173

https://bugzilla.opensuse.org/show_bug.cgi?id=1028286

https://bugzilla.opensuse.org/show_bug.cgi?id=1029693

https://bugzilla.opensuse.org/show_bug.cgi?id=1030552

https://bugzilla.opensuse.org/show_bug.cgi?id=1031515

https://bugzilla.opensuse.org/show_bug.cgi?id=1031717

https://bugzilla.opensuse.org/show_bug.cgi?id=1033587

https://bugzilla.opensuse.org/show_bug.cgi?id=1034075

https://bugzilla.opensuse.org/show_bug.cgi?id=1034762

https://bugzilla.opensuse.org/show_bug.cgi?id=1036303

https://bugzilla.opensuse.org/show_bug.cgi?id=1036632

https://bugzilla.opensuse.org/show_bug.cgi?id=1037344

https://bugzilla.opensuse.org/show_bug.cgi?id=1038078

https://bugzilla.opensuse.org/show_bug.cgi?id=1038616

https://bugzilla.opensuse.org/show_bug.cgi?id=1039915

https://bugzilla.opensuse.org/show_bug.cgi?id=1040307

https://bugzilla.opensuse.org/show_bug.cgi?id=1040351

https://bugzilla.opensuse.org/show_bug.cgi?id=1041958

https://bugzilla.opensuse.org/show_bug.cgi?id=1042286

https://bugzilla.opensuse.org/show_bug.cgi?id=1042314

https://bugzilla.opensuse.org/show_bug.cgi?id=1042422

https://bugzilla.opensuse.org/show_bug.cgi?id=1042778

https://bugzilla.opensuse.org/show_bug.cgi?id=1043652

https://bugzilla.opensuse.org/show_bug.cgi?id=1044112

https://bugzilla.opensuse.org/show_bug.cgi?id=1044636

https://bugzilla.opensuse.org/show_bug.cgi?id=1045154

https://bugzilla.opensuse.org/show_bug.cgi?id=1045563

https://bugzilla.opensuse.org/show_bug.cgi?id=1045922

https://bugzilla.opensuse.org/show_bug.cgi?id=1046682

https://bugzilla.opensuse.org/show_bug.cgi?id=1046985

https://bugzilla.opensuse.org/show_bug.cgi?id=1047048

https://bugzilla.opensuse.org/show_bug.cgi?id=1047096

https://bugzilla.opensuse.org/show_bug.cgi?id=1047118

https://bugzilla.opensuse.org/show_bug.cgi?id=1047121

https://bugzilla.opensuse.org/show_bug.cgi?id=1047152

https://bugzilla.opensuse.org/show_bug.cgi?id=1047277

https://bugzilla.opensuse.org/show_bug.cgi?id=1047343

https://bugzilla.opensuse.org/show_bug.cgi?id=1047354

https://bugzilla.opensuse.org/show_bug.cgi?id=1047651

https://bugzilla.opensuse.org/show_bug.cgi?id=1047653

https://bugzilla.opensuse.org/show_bug.cgi?id=1047670

https://bugzilla.opensuse.org/show_bug.cgi?id=1048155

https://bugzilla.opensuse.org/show_bug.cgi?id=1048221

https://bugzilla.opensuse.org/show_bug.cgi?id=1048317

https://bugzilla.opensuse.org/show_bug.cgi?id=1048891

https://bugzilla.opensuse.org/show_bug.cgi?id=1048914

https://bugzilla.opensuse.org/show_bug.cgi?id=1049483

https://bugzilla.opensuse.org/show_bug.cgi?id=1049486

https://bugzilla.opensuse.org/show_bug.cgi?id=1049603

https://bugzilla.opensuse.org/show_bug.cgi?id=1049645

https://bugzilla.opensuse.org/show_bug.cgi?id=1049882

https://bugzilla.opensuse.org/show_bug.cgi?id=1050061

https://bugzilla.opensuse.org/show_bug.cgi?id=1050188

https://bugzilla.opensuse.org/show_bug.cgi?id=1051022

https://bugzilla.opensuse.org/show_bug.cgi?id=1051059

https://bugzilla.opensuse.org/show_bug.cgi?id=1051239

https://bugzilla.opensuse.org/show_bug.cgi?id=1051478

https://bugzilla.opensuse.org/show_bug.cgi?id=1051479

https://bugzilla.opensuse.org/show_bug.cgi?id=1051663

https://bugzilla.opensuse.org/show_bug.cgi?id=964063

https://bugzilla.opensuse.org/show_bug.cgi?id=974215

Plugin Details

Severity: High

ID: 102333

File Name: openSUSE-2017-891.nasl

Version: 3.4

Type: local

Agent: unix

Published: 2017/08/10

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 6.7

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, cpe:/o:novell:opensuse:42.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/08/09

Reference Information

CVE: CVE-2017-10810, CVE-2017-11473, CVE-2017-7533, CVE-2017-7541, CVE-2017-7542