openSUSE Security Update : the Linux Kernel (openSUSE-2017-1063) (BlueBorne)

High Nessus Plugin ID 103288

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE Leap 42.3 kernel was updated to 4.4.87 to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389).

- CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).

- CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table (bnc#1049580).

The following non-security bugs were fixed :

- acpica: IORT: Update SMMU models for revision C (bsc#1036060).

- acpi/nfit: Fix memory corruption/Unregister mce decoder on failure (bsc#1057047).

- ahci: do not use MSI for devices with the silly Intel NVMe remapping scheme (bsc#1048912).

- ahci: thunderx2: stop engine fix update (bsc#1057031).

- alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405).

- arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT (bsc#1046529).

- arm64: PCI: Fix struct acpi_pci_root_ops allocation failure path (bsc#1056849).

- arm64: Update config files. Enable ARCH_PROC_KCORE_TEXT

- blacklist.conf: gcc7 compiler warning (bsc#1056849)

- bnxt: add a missing rcu synchronization (bnc#1038583).

- bnxt: do not busy-poll when link is down (bnc#1038583).

- bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).

- bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).

- bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).

- bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583).

- bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583).

- bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).

- bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).

- bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).

- bnxt_en: Fix 'uninitialized variable' bug in TPA code path (bnc#1038583).

- bnxt_en: Fix VF virtual link state (bnc#1038583).

- bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).

- bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).

- bnxt_en: Refactor TPA code path (bnc#1038583).

- ceph: fix readpage from fscache (bsc#1057015).

- cifs: add build_path_from_dentry_optional_prefix() (fate#323482).

- cifs: add use_ipc flag to SMB2_ioctl() (fate#323482).

- cifs: Fix sparse warnings (fate#323482).

- cifs: implement get_dfs_refer for SMB2+ (fate#323482).

- cifs: let ses->ipc_tid hold smb2 TreeIds (fate#323482).

- cifs: move DFS response parsing out of SMB1 code (fate#323482).

- cifs: remove any preceding delimiter from prefix_path (fate#323482).

- cifs: set signing flag in SMB2+ TreeConnect if needed (fate#323482).

- cifs: use DFS pathnames in SMB2+ Create requests (fate#323482).

- cpufreq: intel_pstate: Disable energy efficiency optimization (bsc#1054654).

- cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743).

- device-dax: fix cdev leak (bsc#1057047).

- dmaengine: mv_xor_v2: do not use descriptors not acked by async_tx (bsc#1056849).

- dmaengine: mv_xor_v2: enable XOR engine after its configuration (bsc#1056849).

- dmaengine: mv_xor_v2: fix tx_submit() implementation (bsc#1056849).

- dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc() error properly (bsc#1056849).

- dmaengine: mv_xor_v2: properly handle wrapping in the array of HW descriptors (bsc#1056849).

- dmaengine: mv_xor_v2: remove interrupt coalescing (bsc#1056849).

- dmaengine: mv_xor_v2: set DMA mask to 40 bits (bsc#1056849).

- drivers: base: cacheinfo: fix boot error message when acpi is enabled (bsc#1057849).

- edac, thunderx: Fix a warning during l2c debugfs node creation (bsc#1057038).

- edac, thunderx: Fix error handling path in thunderx_lmc_probe() (bsc#1057038).

- fs/proc: kcore: use kcore_list type to check for vmalloc/module address (bsc#1046529).

- gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).

- ib/hns: checking for IS_ERR() instead of NULL (bsc#1056849).

- ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116).

- ib/rxe: Add dst_clone() in prepare_ipv6_hdr() (bsc#1049361).

- ib/rxe: Avoid ICRC errors by copying into the skb first (bsc#1049361).

- ib/rxe: Disable completion upcalls when a CQ is destroyed (bsc#1049361).

- ib/rxe: Fix destination cache for IPv6 (bsc#1049361).

- ib/rxe: Fix up rxe_qp_cleanup() (bsc#1049361).

- ib/rxe: Fix up the responder's find_resources() function (bsc#1049361).

- ib/rxe: Handle NETDEV_CHANGE events (bsc#1049361).

- ib/rxe: Move refcounting earlier in rxe_send() (bsc#1049361).

- ib/rxe: Remove dangling prototype (bsc#1049361).

- ib/rxe: Remove unneeded initialization in prepare6() (bsc#1049361).

- ib/rxe: Set dma_mask and coherent_dma_mask (bsc#1049361).

- iommu/arm-smmu-v3, acpi: Add temporary Cavium SMMU-V3 IORT model number definitions (bsc#1036060).

- iommu/arm-smmu-v3: Increase CMDQ drain timeout value (bsc#1035479). Refresh patch to mainline version

- irqchip/gic-v3-its: Fix command buffer allocation (bsc#1057067).

- iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717).

- kernel/*: switch to memdup_user_nul() (bsc#1048893).

- lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning (FATE#319466).

- md/raid5: fix a race condition in stripe batch (linux-stable).

- mmc: sdhci-xenon: add set_power callback (bsc#1057035).

- mmc: sdhci-xenon: Fix the work flow in xenon_remove() (bsc#1057035).

- mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes).

- mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings (bsc#1046529).

- new helper: memdup_user_nul() (bsc#1048893).

- nfs: flush data when locking a file to ensure cache coherence for mmap (bsc#981309).

- pci: rockchip: Handle regulator_get_current_limit() failure correctly (bsc#1056849).

- pci: rockchip: Use normal register bank for config accessors (bsc#1056849).

- pm / Domains: Fix unsafe iteration over modified list of domains (bsc#1056849).

- rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).

- scsi: hisi_sas: add missing break in switch statement (bsc#1056849).

- sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).

- sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).

- sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).

- sysctl: simplify unsigned int support (bsc#1048893).

- ubifs: Correctly evict xattr inodes (bsc#1012829).

- ubifs: Do not leak kernel memory to the MTD (bsc#1012829).

- xfs: fix inobt inode allocation search optimization (bsc#1012829).

Solution

Update the affected the Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1012829

https://bugzilla.opensuse.org/show_bug.cgi?id=1021424

https://bugzilla.opensuse.org/show_bug.cgi?id=1022743

https://bugzilla.opensuse.org/show_bug.cgi?id=1024405

https://bugzilla.opensuse.org/show_bug.cgi?id=1031717

https://bugzilla.opensuse.org/show_bug.cgi?id=1035479

https://bugzilla.opensuse.org/show_bug.cgi?id=1036060

https://bugzilla.opensuse.org/show_bug.cgi?id=1038583

https://bugzilla.opensuse.org/show_bug.cgi?id=1046529

https://bugzilla.opensuse.org/show_bug.cgi?id=1048893

https://bugzilla.opensuse.org/show_bug.cgi?id=1048912

https://bugzilla.opensuse.org/show_bug.cgi?id=1049361

https://bugzilla.opensuse.org/show_bug.cgi?id=1049580

https://bugzilla.opensuse.org/show_bug.cgi?id=1054654

https://bugzilla.opensuse.org/show_bug.cgi?id=1056261

https://bugzilla.opensuse.org/show_bug.cgi?id=1056849

https://bugzilla.opensuse.org/show_bug.cgi?id=1056982

https://bugzilla.opensuse.org/show_bug.cgi?id=1057015

https://bugzilla.opensuse.org/show_bug.cgi?id=1057031

https://bugzilla.opensuse.org/show_bug.cgi?id=1057035

https://bugzilla.opensuse.org/show_bug.cgi?id=1057038

https://bugzilla.opensuse.org/show_bug.cgi?id=1057047

https://bugzilla.opensuse.org/show_bug.cgi?id=1057067

https://bugzilla.opensuse.org/show_bug.cgi?id=1057389

https://bugzilla.opensuse.org/show_bug.cgi?id=1057849

https://bugzilla.opensuse.org/show_bug.cgi?id=1058116

https://bugzilla.opensuse.org/show_bug.cgi?id=971975

https://bugzilla.opensuse.org/show_bug.cgi?id=981309

Plugin Details

Severity: High

ID: 103288

File Name: openSUSE-2017-1063.nasl

Version: 3.5

Type: local

Agent: unix

Published: 2017/09/18

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 7.4

CVSS v2.0

Base Score: 8.3

Temporal Score: 6.5

Vector: CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/09/15

Reference Information

CVE: CVE-2017-1000251, CVE-2017-11472, CVE-2017-14106