openSUSE Security Update : the Linux Kernel (openSUSE-2017-930)

high Nessus Plugin ID 102510
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE Leap 42.3 kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365).

- CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311).

- CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994).

The following non-security bugs were fixed :

- acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2 (bsc#1052325).

- acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325).

- bcache: force trigger gc (bsc#1038078).

- bcache: only recovery I/O error for writethrough mode (bsc#1043652).

- block: do not allow updates through sysfs until registration completes (bsc#1047027).

- config: disable CONFIG_RT_GROUP_SCHED (bsc#1052204).

- drivers: hv: : As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60 seconds (bnc#1039153)

- drivers: hv: Fix a typo (fate#320485).

- drivers: hv: util: Make hv_poll_channel() a little more efficient (fate#320485).

- drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page (fate#320485).

- drivers: hv: vmbus: Fix error code returned by vmbus_post_msg() (fate#320485).

- Fix kABI breakage with CONFIG_RT_GROUP_SCHED=n (bsc#1052204).

- hv_netvsc: change netvsc device default duplex to FULL (fate#320485).

- hv_netvsc: Fix the carrier state error when data path is off (fate#320485).

- hv_netvsc: Remove unnecessary var link_state from struct netvsc_device_info (fate#320485).

- hyperv: fix warning about missing prototype (fate#320485).

- hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary (fate#320485).

- hyperv: remove unnecessary return variable (fate#320485).

- i40e/i40evf: Fix use after free in Rx cleanup path (bsc#1051689).

- IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).

- ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709).

- ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).

- ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).

- iommu/amd: Enable ga_log_intr when enabling guest_mode (bsc1052533).

- iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533).

- KABI protect struct acpi_nfit_desc (bsc#1052325).

- kabi/severities: add drivers/scsi/hisi_sas to kabi severities

- libnvdimm: fix badblock range handling of ARS range (bsc#1023175).

- libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).

- net: add netdev_lockdep_set_classes() helper (fate#320485).

- net: hyperv: use new api ethtool_(get|set)_link_ksettings (fate#320485).

- net/mlx4_core: Fixes missing capability bit in flags2 capability dump (bsc#1015337).

- net/mlx4_core: Fix namespace misalignment in QinQ VST support commit (bsc#1015337).

- net/mlx4_core: Fix sl_to_vl_change bit offset in flags2 dump (bsc#1015337).

- netsvc: Remove upstream commit e14b4db7a567 netvsc: fix race during initialization will be replaced by following changes

- netsvc: Revert 'netvsc: optimize calculation of number of slots' (fate#320485).

- netvsc: add comments about callback's and NAPI (fate#320485).

- netvsc: Add #include's for csum_* function declarations (fate#320485).

- netvsc: add rtnl annotations in rndis (fate#320485).

- netvsc: add some rtnl_dereference annotations (fate#320485).

- netvsc: avoid race with callback (fate#320485).

- netvsc: change logic for change mtu and set_queues (fate#320485).

- netvsc: change max channel calculation (fate#320485).

- netvsc: change order of steps in setting queues (fate#320485).

- netvsc: Deal with rescinded channels correctly (fate#320485).

- netvsc: do not access netdev->num_rx_queues directly (fate#320485).

- netvsc: do not overload variable in same function (fate#320485).

- netvsc: do not print pointer value in error message (fate#320485).

- netvsc: eliminate unnecessary skb == NULL checks (fate#320485).

- netvsc: enable GRO (fate#320485).

- netvsc: Fix a bug in sub-channel handling (fate#320485).

- netvsc: fix and cleanup rndis_filter_set_packet_filter (fate#320485).

- netvsc: fix calculation of available send sections (fate#320485).

- netvsc: fix dereference before null check errors (fate#320485).

- netvsc: fix error unwind on device setup failure (fate#320485).

- netvsc: fix hang on netvsc module removal (fate#320485).

- netvsc: fix NAPI performance regression (fate#320485).

- netvsc: fix net poll mode (fate#320485).

- netvsc: fix netvsc_set_channels (fate#320485).

- netvsc: fix ptr_ret.cocci warnings (fate#320485).

- netvsc: fix rcu dereference warning from ethtool (fate#320485).

- netvsc: fix RCU warning in get_stats (fate#320485).

- netvsc: fix return value for set_channels (fate#320485).

- netvsc: fix rtnl deadlock on unregister of vf (fate#320485, bsc#1052442).

- netvsc: fix use after free on module removal (fate#320485).

- netvsc: fix warnings reported by lockdep (fate#320485).

- netvsc: fold in get_outbound_net_device (fate#320485).

- netvsc: force link update after MTU change (fate#320485).

- netvsc: handle offline mtu and channel change (fate#320485).

- netvsc: implement NAPI (fate#320485).

- netvsc: include rtnetlink.h (fate#320485).

- netvsc: Initialize all channel related state prior to opening the channel (fate#320485).

- netvsc: make sure and unregister datapath (fate#320485, bsc#1052899).

- netvsc: make sure napi enabled before vmbus_open (fate#320485).

- netvsc: mark error cases as unlikely (fate#320485).

- netvsc: move filter setting to rndis_device (fate#320485).

- netvsc: need napi scheduled during removal (fate#320485).

- netvsc: need rcu_derefence when accessing internal device info (fate#320485).

- netvsc: optimize calculation of number of slots (fate#320485).

- netvsc: optimize receive completions (fate#320485).

- netvsc: pass net_device to netvsc_init_buf and netvsc_connect_vsp (fate#320485).

- netvsc: prefetch the first incoming ring element (fate#320485).

- netvsc: Properly initialize the return value (fate#320485).

- netvsc: remove bogus rtnl_unlock (fate#320485).

- netvsc: remove no longer used max_num_rss queues (fate#320485).

- netvsc: Remove redundant use of ipv6_hdr() (fate#320485).

- netvsc: remove unnecessary indirection of page_buffer (fate#320485).

- netvsc: remove unnecessary lock on shutdown (fate#320485).

- netvsc: remove unused #define (fate#320485).

- netvsc: replace netdev_alloc_skb_ip_align with napi_alloc_skb (fate#320485).

- netvsc: save pointer to parent netvsc_device in channel table (fate#320485).

- netvsc: signal host if receive ring is emptied (fate#320485).

- netvsc: transparent VF management (fate#320485, bsc#1051979).

- netvsc: use ERR_PTR to avoid dereference issues (fate#320485).

- netvsc: use hv_get_bytes_to_read (fate#320485).

- netvsc: use napi_consume_skb (fate#320485).

- netvsc: use RCU to protect inner device structure (fate#320485).

- netvsc: uses RCU instead of removal flag (fate#320485).

- netvsc: use typed pointer for internal state (fate#320485).

- nvme: fabrics commands should use the fctype field for data direction (bsc#1043805).

- powerpc/perf: Fix SDAR_MODE value for continous sampling on Power9 (bsc#1053043 (git-fixes)).

- powerpc/tm: Fix saving of TM SPRs in core dump (fate#318470, git-fixes 08e1c01d6aed).

- qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).

- rdma/bnxt_re: checking for NULL instead of IS_ERR() (bsc#1052925).

- scsi: aacraid: fix PCI error recovery path (bsc#1048912).

- scsi_devinfo: fixup string compare (bsc#1037404).

- scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).

- scsi: hisi_sas: add pci_dev in hisi_hba struct (bsc#1049298).

- scsi: hisi_sas: add v2 hw internal abort timeout workaround (bsc#1049298).

- scsi: hisi_sas: controller reset for multi-bits ECC and AXI fatal errors (bsc#1049298).

- scsi: hisi_sas: fix NULL deference when TMF timeouts (bsc#1049298).

- scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort() (bsc#1049298).

- scsi: hisi_sas: optimise DMA slot memory (bsc#1049298).

- scsi: hisi_sas: optimise the usage of hisi_hba.lock (bsc#1049298).

- scsi: hisi_sas: relocate get_ata_protocol() (bsc#1049298).

- scsi: hisi_sas: workaround a SoC SATA IO processing bug (bsc#1049298).

- scsi: hisi_sas: workaround SoC about abort timeout bug (bsc#1049298).

- scsi: hisi_sas: workaround STP link SoC bug (bsc#1049298).

- scsi: lpfc: do not double count abort errors (bsc#1048912).

- scsi: lpfc: fix linking against modular NVMe support (bsc#1048912).

- scsi: qedi: Fix return code in qedi_ep_connect() (bsc#1048912).

- scsi: storvsc: Prefer kcalloc over kzalloc with multiply (fate#320485).

- scsi: storvsc: remove return at end of void function (fate#320485).

- tools: hv: Add clean up for included files in Ubuntu net config (fate#320485).

- tools: hv: Add clean up function for Ubuntu config (fate#320485).

- tools: hv: properly handle long paths (fate#320485).

- tools: hv: set allow-hotplug for VF on Ubuntu (fate#320485).

- tools: hv: set hotplug for VF on Suse (fate#320485).

- tools: hv: vss: Thaw the filesystem and continue if freeze call has timed out (fate#320485).

- vfs: fix missing inode_get_dev sites (bsc#1052049).

- vmbus: cleanup header file style (fate#320485).

- vmbus: expose debug info for drivers (fate#320485).

- vmbus: fix spelling errors (fate#320485).

- vmbus: introduce in-place packet iterator (fate#320485).

- vmbus: only reschedule tasklet if time limit exceeded (fate#320485).

- vmbus: re-enable channel tasklet (fate#320485).

- vmbus: remove unnecessary initialization (fate#320485).

- vmbus: remove useless return's (fate#320485).

- x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399).

- x86/hyperv: Check frequency MSRs presence according to the specification (fate#320485).

- The package release number was increased to be higher than the Leap 42.2 package (boo#1053531).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1015337

https://bugzilla.opensuse.org/show_bug.cgi?id=1019151

https://bugzilla.opensuse.org/show_bug.cgi?id=1023175

https://bugzilla.opensuse.org/show_bug.cgi?id=1037404

https://bugzilla.opensuse.org/show_bug.cgi?id=1037994

https://bugzilla.opensuse.org/show_bug.cgi?id=1038078

https://bugzilla.opensuse.org/show_bug.cgi?id=1038792

https://bugzilla.opensuse.org/show_bug.cgi?id=1039153

https://bugzilla.opensuse.org/show_bug.cgi?id=1043652

https://bugzilla.opensuse.org/show_bug.cgi?id=1043805

https://bugzilla.opensuse.org/show_bug.cgi?id=1047027

https://bugzilla.opensuse.org/show_bug.cgi?id=1048912

https://bugzilla.opensuse.org/show_bug.cgi?id=1049298

https://bugzilla.opensuse.org/show_bug.cgi?id=1051399

https://bugzilla.opensuse.org/show_bug.cgi?id=1051556

https://bugzilla.opensuse.org/show_bug.cgi?id=1051689

https://bugzilla.opensuse.org/show_bug.cgi?id=1051979

https://bugzilla.opensuse.org/show_bug.cgi?id=1052049

https://bugzilla.opensuse.org/show_bug.cgi?id=1052204

https://bugzilla.opensuse.org/show_bug.cgi?id=1052223

https://bugzilla.opensuse.org/show_bug.cgi?id=1052311

https://bugzilla.opensuse.org/show_bug.cgi?id=1052325

https://bugzilla.opensuse.org/show_bug.cgi?id=1052365

https://bugzilla.opensuse.org/show_bug.cgi?id=1052442

https://bugzilla.opensuse.org/show_bug.cgi?id=1052533

https://bugzilla.opensuse.org/show_bug.cgi?id=1052709

https://bugzilla.opensuse.org/show_bug.cgi?id=1052773

https://bugzilla.opensuse.org/show_bug.cgi?id=1052794

https://bugzilla.opensuse.org/show_bug.cgi?id=1052899

https://bugzilla.opensuse.org/show_bug.cgi?id=1052925

https://bugzilla.opensuse.org/show_bug.cgi?id=1053043

https://bugzilla.opensuse.org/show_bug.cgi?id=1053531

Plugin Details

Severity: High

ID: 102510

File Name: openSUSE-2017-930.nasl

Version: 3.8

Type: local

Agent: unix

Published: 8/16/2017

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 6

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/15/2017

Vulnerability Publication Date: 5/8/2017

Exploitable With

Core Impact

Metasploit (Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation)

Reference Information

CVE: CVE-2017-1000111, CVE-2017-1000112, CVE-2017-8831