openSUSE Security Update : the Linux Kernel (openSUSE-2017-1062) (BlueBorne)

high Nessus Plugin ID 103287
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote openSUSE host is missing a security update.


The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389).

- CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).

- CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580).

- CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).

- CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 1053919).

The following non-security bugs were fixed :

- acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).

- alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657).

- alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).

- alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405).

- alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).

- alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580).

- Add 'shutdown' to 'struct class' (bsc#1053117).

- bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784).

- bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784).

- btrfs: fix early ENOSPC due to delalloc (bsc#1049226).

- nfs: flush data when locking a file to ensure cache coherence for mmap (bsc#981309).

- Revert '/proc/iomem: only expose physical resource addresses to privileged users' (kabi).

- Revert 'Make file credentials available to the seqfile interfaces' (kabi).

- usb: core: fix device node leak (bsc#1047487).

- Update patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_ trusted.patch (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37).

- bnxt: add a missing rcu synchronization (bnc#1038583).

- bnxt: do not busy-poll when link is down (bnc#1038583).

- bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).

- bnxt_en: Fix 'uninitialized variable' bug in TPA code path (bnc#1038583).

- bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583).

- bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583).

- bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).

- bnxt_en: Fix VF virtual link state (bnc#1038583).

- bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).

- bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).

- bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).

- bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).

- bnxt_en: Refactor TPA code path (bnc#1038583).

- bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).

- bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).

- ceph: fix readpage from fscache (bsc#1057015).

- cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743).

- drivers: net: xgene: Fix wrong logical operation (bsc#1056827).

- drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).

- fuse: initialize the flock flag in fuse_file on allocation (git-fixes).

- gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).

- ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116).

- iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).

- iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717).

- kernel/*: switch to memdup_user_nul() (bsc#1048893).

- lib: test_rhashtable: Fix KASAN warning (bsc#1055359).

- lib: test_rhashtable: fix for large entry counts (bsc#1055359).

- lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning (FATE#319466).

- md/raid5: fix a race condition in stripe batch (linux-stable).

- mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes).

- mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes).

- mptsas: Fixup device hotplug for VMware ESXi (bsc#1030850).

- netfilter: fix IS_ERR_VALUE usage (bsc#1052888).

- netfilter: x_tables: pack percpu counter allocations (bsc#1052888).

- netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888).

- netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888).

- new helper: memdup_user_nul() (bsc#1048893).

- of: fix '/cpus' reference leak in of_numa_parse_cpu_nodes() (bsc#1056827).

- ovl: fix dentry leak for default_permissions (bsc#1054084).

- percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096).

- percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096).

- percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096).

- percpu_ref: restructure operation mode switching (bsc#1055096).

- percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).

- rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).

- s390: export symbols for crash-kmp (bsc#1053915).

- supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802).

- sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).

- sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).

- sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).

- sysctl: simplify unsigned int support (bsc#1048893).

- tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).

- tpm: KABI fix (bsc#1053117).

- tpm: fix: return rc when devm_add_action() fails (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 8e0ee3c9faed).

- tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 27084efee0c3).

- tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723).

- tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723).

- tty: serial: msm: Support more bauds (git-fixes).

- ubifs: Correctly evict xattr inodes (bsc#1012829).

- ubifs: Do not leak kernel memory to the MTD (bsc#1012829).

- xfs: fix inobt inode allocation search optimization (bsc#1012829).


Update the affected the Linux Kernel packages.

See Also

Plugin Details

Severity: High

ID: 103287

File Name: openSUSE-2017-1062.nasl

Version: 3.6

Type: local

Agent: unix

Published: 9/18/2017

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: High

Base Score: 8.3

Temporal Score: 6.5

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, cpe:/o:novell:opensuse:42.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/15/2017

Reference Information

CVE: CVE-2017-1000251, CVE-2017-11472, CVE-2017-12134, CVE-2017-14051, CVE-2017-14106