openSUSE Security Update : the Linux Kernel (openSUSE-2017-1063) (BlueBorne)

high Nessus Plugin ID 103288
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The remote openSUSE host is missing a security update.


The openSUSE Leap 42.3 kernel was updated to 4.4.87 to receive various security and bugfixes.

The following security bugs were fixed :

- CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389).

- CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).

- CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table (bnc#1049580).

The following non-security bugs were fixed :

- acpica: IORT: Update SMMU models for revision C (bsc#1036060).

- acpi/nfit: Fix memory corruption/Unregister mce decoder on failure (bsc#1057047).

- ahci: do not use MSI for devices with the silly Intel NVMe remapping scheme (bsc#1048912).

- ahci: thunderx2: stop engine fix update (bsc#1057031).

- alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405).

- arm64: mm: select CONFIG_ARCH_PROC_KCORE_TEXT (bsc#1046529).

- arm64: PCI: Fix struct acpi_pci_root_ops allocation failure path (bsc#1056849).

- arm64: Update config files. Enable ARCH_PROC_KCORE_TEXT

- blacklist.conf: gcc7 compiler warning (bsc#1056849)

- bnxt: add a missing rcu synchronization (bnc#1038583).

- bnxt: do not busy-poll when link is down (bnc#1038583).

- bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).

- bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).

- bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).

- bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583).

- bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583).

- bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).

- bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).

- bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).

- bnxt_en: Fix 'uninitialized variable' bug in TPA code path (bnc#1038583).

- bnxt_en: Fix VF virtual link state (bnc#1038583).

- bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).

- bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).

- bnxt_en: Refactor TPA code path (bnc#1038583).

- ceph: fix readpage from fscache (bsc#1057015).

- cifs: add build_path_from_dentry_optional_prefix() (fate#323482).

- cifs: add use_ipc flag to SMB2_ioctl() (fate#323482).

- cifs: Fix sparse warnings (fate#323482).

- cifs: implement get_dfs_refer for SMB2+ (fate#323482).

- cifs: let ses->ipc_tid hold smb2 TreeIds (fate#323482).

- cifs: move DFS response parsing out of SMB1 code (fate#323482).

- cifs: remove any preceding delimiter from prefix_path (fate#323482).

- cifs: set signing flag in SMB2+ TreeConnect if needed (fate#323482).

- cifs: use DFS pathnames in SMB2+ Create requests (fate#323482).

- cpufreq: intel_pstate: Disable energy efficiency optimization (bsc#1054654).

- cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743).

- device-dax: fix cdev leak (bsc#1057047).

- dmaengine: mv_xor_v2: do not use descriptors not acked by async_tx (bsc#1056849).

- dmaengine: mv_xor_v2: enable XOR engine after its configuration (bsc#1056849).

- dmaengine: mv_xor_v2: fix tx_submit() implementation (bsc#1056849).

- dmaengine: mv_xor_v2: handle mv_xor_v2_prep_sw_desc() error properly (bsc#1056849).

- dmaengine: mv_xor_v2: properly handle wrapping in the array of HW descriptors (bsc#1056849).

- dmaengine: mv_xor_v2: remove interrupt coalescing (bsc#1056849).

- dmaengine: mv_xor_v2: set DMA mask to 40 bits (bsc#1056849).

- drivers: base: cacheinfo: fix boot error message when acpi is enabled (bsc#1057849).

- edac, thunderx: Fix a warning during l2c debugfs node creation (bsc#1057038).

- edac, thunderx: Fix error handling path in thunderx_lmc_probe() (bsc#1057038).

- fs/proc: kcore: use kcore_list type to check for vmalloc/module address (bsc#1046529).

- gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).

- ib/hns: checking for IS_ERR() instead of NULL (bsc#1056849).

- ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116).

- ib/rxe: Add dst_clone() in prepare_ipv6_hdr() (bsc#1049361).

- ib/rxe: Avoid ICRC errors by copying into the skb first (bsc#1049361).

- ib/rxe: Disable completion upcalls when a CQ is destroyed (bsc#1049361).

- ib/rxe: Fix destination cache for IPv6 (bsc#1049361).

- ib/rxe: Fix up rxe_qp_cleanup() (bsc#1049361).

- ib/rxe: Fix up the responder's find_resources() function (bsc#1049361).

- ib/rxe: Handle NETDEV_CHANGE events (bsc#1049361).

- ib/rxe: Move refcounting earlier in rxe_send() (bsc#1049361).

- ib/rxe: Remove dangling prototype (bsc#1049361).

- ib/rxe: Remove unneeded initialization in prepare6() (bsc#1049361).

- ib/rxe: Set dma_mask and coherent_dma_mask (bsc#1049361).

- iommu/arm-smmu-v3, acpi: Add temporary Cavium SMMU-V3 IORT model number definitions (bsc#1036060).

- iommu/arm-smmu-v3: Increase CMDQ drain timeout value (bsc#1035479). Refresh patch to mainline version

- irqchip/gic-v3-its: Fix command buffer allocation (bsc#1057067).

- iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717).

- kernel/*: switch to memdup_user_nul() (bsc#1048893).

- lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning (FATE#319466).

- md/raid5: fix a race condition in stripe batch (linux-stable).

- mmc: sdhci-xenon: add set_power callback (bsc#1057035).

- mmc: sdhci-xenon: Fix the work flow in xenon_remove() (bsc#1057035).

- mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes).

- mm/vmalloc.c: huge-vmap: fail gracefully on unexpected huge vmap mappings (bsc#1046529).

- new helper: memdup_user_nul() (bsc#1048893).

- nfs: flush data when locking a file to ensure cache coherence for mmap (bsc#981309).

- pci: rockchip: Handle regulator_get_current_limit() failure correctly (bsc#1056849).

- pci: rockchip: Use normal register bank for config accessors (bsc#1056849).

- pm / Domains: Fix unsafe iteration over modified list of domains (bsc#1056849).

- rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).

- scsi: hisi_sas: add missing break in switch statement (bsc#1056849).

- sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).

- sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).

- sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).

- sysctl: simplify unsigned int support (bsc#1048893).

- ubifs: Correctly evict xattr inodes (bsc#1012829).

- ubifs: Do not leak kernel memory to the MTD (bsc#1012829).

- xfs: fix inobt inode allocation search optimization (bsc#1012829).


Update the affected the Linux Kernel packages.

See Also

Plugin Details

Severity: High

ID: 103288

File Name: openSUSE-2017-1063.nasl

Version: 3.6

Type: local

Agent: unix

Published: 9/18/2017

Updated: 1/19/2021

Dependencies: ssh_get_info.nasl

Risk Information


Risk Factor: High

Score: 7.4


Risk Factor: High

Base Score: 8.3

Temporal Score: 6.5

Vector: AV:A/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C


Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-docs-html, p-cpe:/a:novell:opensuse:kernel-docs-pdf, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-base, p-cpe:/a:novell:opensuse:kernel-vanilla-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, cpe:/o:novell:opensuse:42.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/15/2017

Reference Information

CVE: CVE-2017-1000251, CVE-2017-11472, CVE-2017-14106