openSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)
high Nessus Plugin ID 103287
New! Plugin Severity Now Using CVSS v3
The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Synopsis
The remote openSUSE host is missing a security update.Description
The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various security and bugfixes.The following security bugs were fixed :
- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389).
- CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).
- CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580).
- CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).
- CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 1053919).
The following non-security bugs were fixed :
- acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).
- alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657).
- alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).
- alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405).
- alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).
- alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580).
- Add 'shutdown' to 'struct class' (bsc#1053117).
- bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784).
- bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784).
- btrfs: fix early ENOSPC due to delalloc (bsc#1049226).
- nfs: flush data when locking a file to ensure cache coherence for mmap (bsc#981309).
- Revert '/proc/iomem: only expose physical resource addresses to privileged users' (kabi).
- Revert 'Make file credentials available to the seqfile interfaces' (kabi).
- usb: core: fix device node leak (bsc#1047487).
- Update patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_ trusted.patch (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37).
- bnxt: add a missing rcu synchronization (bnc#1038583).
- bnxt: do not busy-poll when link is down (bnc#1038583).
- bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).
- bnxt_en: Fix 'uninitialized variable' bug in TPA code path (bnc#1038583).
- bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583).
- bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583).
- bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).
- bnxt_en: Fix VF virtual link state (bnc#1038583).
- bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).
- bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).
- bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).
- bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).
- bnxt_en: Refactor TPA code path (bnc#1038583).
- bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).
- bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).
- ceph: fix readpage from fscache (bsc#1057015).
- cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743).
- drivers: net: xgene: Fix wrong logical operation (bsc#1056827).
- drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).
- fuse: initialize the flock flag in fuse_file on allocation (git-fixes).
- gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).
- ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116).
- iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).
- iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717).
- kernel/*: switch to memdup_user_nul() (bsc#1048893).
- lib: test_rhashtable: Fix KASAN warning (bsc#1055359).
- lib: test_rhashtable: fix for large entry counts (bsc#1055359).
- lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning (FATE#319466).
- md/raid5: fix a race condition in stripe batch (linux-stable).
- mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes).
- mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes).
- mptsas: Fixup device hotplug for VMware ESXi (bsc#1030850).
- netfilter: fix IS_ERR_VALUE usage (bsc#1052888).
- netfilter: x_tables: pack percpu counter allocations (bsc#1052888).
- netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888).
- netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888).
- new helper: memdup_user_nul() (bsc#1048893).
- of: fix '/cpus' reference leak in of_numa_parse_cpu_nodes() (bsc#1056827).
- ovl: fix dentry leak for default_permissions (bsc#1054084).
- percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096).
- percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096).
- percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096).
- percpu_ref: restructure operation mode switching (bsc#1055096).
- percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).
- rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).
- s390: export symbols for crash-kmp (bsc#1053915).
- supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802).
- sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).
- sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).
- sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).
- sysctl: simplify unsigned int support (bsc#1048893).
- tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).
- tpm: KABI fix (bsc#1053117).
- tpm: fix: return rc when devm_add_action() fails (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 8e0ee3c9faed).
- tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 27084efee0c3).
- tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723).
- tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723).
- tty: serial: msm: Support more bauds (git-fixes).
- ubifs: Correctly evict xattr inodes (bsc#1012829).
- ubifs: Do not leak kernel memory to the MTD (bsc#1012829).
- xfs: fix inobt inode allocation search optimization (bsc#1012829).
Solution
Update the affected the Linux Kernel packages.See Also
https://bugzilla.opensuse.org/show_bug.cgi?id=1012829
https://bugzilla.opensuse.org/show_bug.cgi?id=1020645
https://bugzilla.opensuse.org/show_bug.cgi?id=1020657
https://bugzilla.opensuse.org/show_bug.cgi?id=1021424
https://bugzilla.opensuse.org/show_bug.cgi?id=1022743
https://bugzilla.opensuse.org/show_bug.cgi?id=1024405
https://bugzilla.opensuse.org/show_bug.cgi?id=1030850
https://bugzilla.opensuse.org/show_bug.cgi?id=1031717
https://bugzilla.opensuse.org/show_bug.cgi?id=1031784
https://bugzilla.opensuse.org/show_bug.cgi?id=1034048
https://bugzilla.opensuse.org/show_bug.cgi?id=1038583
https://bugzilla.opensuse.org/show_bug.cgi?id=1047487
https://bugzilla.opensuse.org/show_bug.cgi?id=1048155
https://bugzilla.opensuse.org/show_bug.cgi?id=1048893
https://bugzilla.opensuse.org/show_bug.cgi?id=1048934
https://bugzilla.opensuse.org/show_bug.cgi?id=1049226
https://bugzilla.opensuse.org/show_bug.cgi?id=1049580
https://bugzilla.opensuse.org/show_bug.cgi?id=1051790
https://bugzilla.opensuse.org/show_bug.cgi?id=1052580
https://bugzilla.opensuse.org/show_bug.cgi?id=1052888
https://bugzilla.opensuse.org/show_bug.cgi?id=1053117
https://bugzilla.opensuse.org/show_bug.cgi?id=1053802
https://bugzilla.opensuse.org/show_bug.cgi?id=1053915
https://bugzilla.opensuse.org/show_bug.cgi?id=1053919
https://bugzilla.opensuse.org/show_bug.cgi?id=1054084
https://bugzilla.opensuse.org/show_bug.cgi?id=1055013
https://bugzilla.opensuse.org/show_bug.cgi?id=1055096
https://bugzilla.opensuse.org/show_bug.cgi?id=1055359
https://bugzilla.opensuse.org/show_bug.cgi?id=1056261
https://bugzilla.opensuse.org/show_bug.cgi?id=1056588
https://bugzilla.opensuse.org/show_bug.cgi?id=1056827
https://bugzilla.opensuse.org/show_bug.cgi?id=1056982
https://bugzilla.opensuse.org/show_bug.cgi?id=1057015
https://bugzilla.opensuse.org/show_bug.cgi?id=1057389
https://bugzilla.opensuse.org/show_bug.cgi?id=1058116
Plugin Details
Severity: High
ID: 103287
File Name: openSUSE-2017-1062.nasl
Version: 3.6
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 9/18/2017
Updated: 1/19/2021
Dependencies: ssh_get_info.nasl
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 8.3
Temporal Score: 6.5
Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C
Temporal Vector: E:POC/RL:OF/RC:C
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.9
Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, cpe:/o:novell:opensuse:42.2
Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/15/2017
Reference Information
CVE: CVE-2017-1000251, CVE-2017-11472, CVE-2017-12134, CVE-2017-14051, CVE-2017-14106