SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2847-1) (KRACK)

high Nessus Plugin ID 104171

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.92 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).

- CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580).

- CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bsc#1053919).

- CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410).

- CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the 'CR8-load exiting' and 'CR8-store exiting' L0 vmcs02 controls exist in cases where L1 omits the 'use TPR shadow' vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507).

- CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1056061 1063479 1063667 1063671).

- CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).

- CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).

- CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051).

- CVE-2017-15265: Use-after-free vulnerability in the Linux kernel before 4.14-rc5 allowed local users to have unspecified impact via vectors related to /dev/snd/seq (bnc#1062520).

- CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP3:zypper in -t patch SUSE-SLE-WE-12-SP3-2017-1770=1

SUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t patch SUSE-SLE-SDK-12-SP3-2017-1770=1

SUSE Linux Enterprise Server 12-SP3:zypper in -t patch SUSE-SLE-SERVER-12-SP3-2017-1770=1

SUSE Linux Enterprise Live Patching 12-SP3:zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2017-1770=1

SUSE Linux Enterprise High Availability 12-SP3:zypper in -t patch SUSE-SLE-HA-12-SP3-2017-1770=1

SUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch SUSE-SLE-DESKTOP-12-SP3-2017-1770=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1004527

https://bugzilla.suse.com/show_bug.cgi?id=1005776

https://bugzilla.suse.com/show_bug.cgi?id=1005778

https://bugzilla.suse.com/show_bug.cgi?id=1005780

https://bugzilla.suse.com/show_bug.cgi?id=1005781

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1012829

https://bugzilla.suse.com/show_bug.cgi?id=1015342

https://bugzilla.suse.com/show_bug.cgi?id=1015343

https://bugzilla.suse.com/show_bug.cgi?id=1019675

https://bugzilla.suse.com/show_bug.cgi?id=1019680

https://bugzilla.suse.com/show_bug.cgi?id=1019695

https://bugzilla.suse.com/show_bug.cgi?id=1019699

https://bugzilla.suse.com/show_bug.cgi?id=1020412

https://bugzilla.suse.com/show_bug.cgi?id=1020645

https://bugzilla.suse.com/show_bug.cgi?id=1020657

https://bugzilla.suse.com/show_bug.cgi?id=1020989

https://bugzilla.suse.com/show_bug.cgi?id=1021424

https://bugzilla.suse.com/show_bug.cgi?id=1022595

https://bugzilla.suse.com/show_bug.cgi?id=1022604

https://bugzilla.suse.com/show_bug.cgi?id=1022743

https://bugzilla.suse.com/show_bug.cgi?id=1022912

https://bugzilla.suse.com/show_bug.cgi?id=1022967

https://bugzilla.suse.com/show_bug.cgi?id=1024346

https://bugzilla.suse.com/show_bug.cgi?id=1024373

https://bugzilla.suse.com/show_bug.cgi?id=1024405

https://bugzilla.suse.com/show_bug.cgi?id=1025461

https://bugzilla.suse.com/show_bug.cgi?id=1030850

https://bugzilla.suse.com/show_bug.cgi?id=1031717

https://bugzilla.suse.com/show_bug.cgi?id=1031784

https://bugzilla.suse.com/show_bug.cgi?id=1032150

https://bugzilla.suse.com/show_bug.cgi?id=1034048

https://bugzilla.suse.com/show_bug.cgi?id=1034075

https://bugzilla.suse.com/show_bug.cgi?id=1035479

https://bugzilla.suse.com/show_bug.cgi?id=1036060

https://bugzilla.suse.com/show_bug.cgi?id=1036215

https://bugzilla.suse.com/show_bug.cgi?id=1036737

https://bugzilla.suse.com/show_bug.cgi?id=1037579

https://bugzilla.suse.com/show_bug.cgi?id=1037838

https://bugzilla.suse.com/show_bug.cgi?id=1037890

https://bugzilla.suse.com/show_bug.cgi?id=1038583

https://bugzilla.suse.com/show_bug.cgi?id=1040813

https://bugzilla.suse.com/show_bug.cgi?id=1042847

https://bugzilla.suse.com/show_bug.cgi?id=1043598

https://bugzilla.suse.com/show_bug.cgi?id=1044503

https://bugzilla.suse.com/show_bug.cgi?id=1046529

https://bugzilla.suse.com/show_bug.cgi?id=1047238

https://bugzilla.suse.com/show_bug.cgi?id=1047487

https://bugzilla.suse.com/show_bug.cgi?id=1047989

https://bugzilla.suse.com/show_bug.cgi?id=1048155

https://bugzilla.suse.com/show_bug.cgi?id=1048228

https://bugzilla.suse.com/show_bug.cgi?id=1048325

https://bugzilla.suse.com/show_bug.cgi?id=1048327

https://bugzilla.suse.com/show_bug.cgi?id=1048356

https://bugzilla.suse.com/show_bug.cgi?id=1048501

https://bugzilla.suse.com/show_bug.cgi?id=1048893

https://bugzilla.suse.com/show_bug.cgi?id=1048912

https://bugzilla.suse.com/show_bug.cgi?id=1048934

https://bugzilla.suse.com/show_bug.cgi?id=1049226

https://bugzilla.suse.com/show_bug.cgi?id=1049272

https://bugzilla.suse.com/show_bug.cgi?id=1049291

https://bugzilla.suse.com/show_bug.cgi?id=1049336

https://bugzilla.suse.com/show_bug.cgi?id=1049361

https://bugzilla.suse.com/show_bug.cgi?id=1049580

https://bugzilla.suse.com/show_bug.cgi?id=1050471

https://bugzilla.suse.com/show_bug.cgi?id=1050742

https://bugzilla.suse.com/show_bug.cgi?id=1051790

https://bugzilla.suse.com/show_bug.cgi?id=1051987

https://bugzilla.suse.com/show_bug.cgi?id=1052093

https://bugzilla.suse.com/show_bug.cgi?id=1052094

https://bugzilla.suse.com/show_bug.cgi?id=1052095

https://bugzilla.suse.com/show_bug.cgi?id=1052360

https://bugzilla.suse.com/show_bug.cgi?id=1052384

https://bugzilla.suse.com/show_bug.cgi?id=1052580

https://bugzilla.suse.com/show_bug.cgi?id=1052593

https://bugzilla.suse.com/show_bug.cgi?id=1052888

https://bugzilla.suse.com/show_bug.cgi?id=1053043

https://bugzilla.suse.com/show_bug.cgi?id=1053309

https://bugzilla.suse.com/show_bug.cgi?id=1053472

https://bugzilla.suse.com/show_bug.cgi?id=1053627

https://bugzilla.suse.com/show_bug.cgi?id=1053629

https://bugzilla.suse.com/show_bug.cgi?id=1053633

https://bugzilla.suse.com/show_bug.cgi?id=1053681

https://bugzilla.suse.com/show_bug.cgi?id=1053685

https://bugzilla.suse.com/show_bug.cgi?id=1053802

https://bugzilla.suse.com/show_bug.cgi?id=1053915

https://bugzilla.suse.com/show_bug.cgi?id=1053919

https://bugzilla.suse.com/show_bug.cgi?id=1054082

https://bugzilla.suse.com/show_bug.cgi?id=1054084

https://bugzilla.suse.com/show_bug.cgi?id=1054654

https://bugzilla.suse.com/show_bug.cgi?id=1055013

https://bugzilla.suse.com/show_bug.cgi?id=1055096

https://bugzilla.suse.com/show_bug.cgi?id=1055272

https://bugzilla.suse.com/show_bug.cgi?id=1055290

https://bugzilla.suse.com/show_bug.cgi?id=1055359

https://bugzilla.suse.com/show_bug.cgi?id=1055493

https://bugzilla.suse.com/show_bug.cgi?id=1055567

https://bugzilla.suse.com/show_bug.cgi?id=1055709

https://bugzilla.suse.com/show_bug.cgi?id=1055755

https://bugzilla.suse.com/show_bug.cgi?id=1055896

https://bugzilla.suse.com/show_bug.cgi?id=1055935

https://bugzilla.suse.com/show_bug.cgi?id=1055963

https://bugzilla.suse.com/show_bug.cgi?id=1056061

https://bugzilla.suse.com/show_bug.cgi?id=1056185

https://bugzilla.suse.com/show_bug.cgi?id=1056230

https://bugzilla.suse.com/show_bug.cgi?id=1056261

https://bugzilla.suse.com/show_bug.cgi?id=1056427

https://bugzilla.suse.com/show_bug.cgi?id=1056587

https://bugzilla.suse.com/show_bug.cgi?id=1056588

https://bugzilla.suse.com/show_bug.cgi?id=1056596

https://bugzilla.suse.com/show_bug.cgi?id=1056686

https://bugzilla.suse.com/show_bug.cgi?id=1056827

https://bugzilla.suse.com/show_bug.cgi?id=1056849

https://bugzilla.suse.com/show_bug.cgi?id=1056982

https://bugzilla.suse.com/show_bug.cgi?id=1057015

https://bugzilla.suse.com/show_bug.cgi?id=1057031

https://bugzilla.suse.com/show_bug.cgi?id=1057035

https://bugzilla.suse.com/show_bug.cgi?id=1057038

https://bugzilla.suse.com/show_bug.cgi?id=1057047

https://bugzilla.suse.com/show_bug.cgi?id=1057067

https://bugzilla.suse.com/show_bug.cgi?id=1057383

https://bugzilla.suse.com/show_bug.cgi?id=1057498

https://bugzilla.suse.com/show_bug.cgi?id=1057849

https://bugzilla.suse.com/show_bug.cgi?id=1058038

https://bugzilla.suse.com/show_bug.cgi?id=1058116

https://bugzilla.suse.com/show_bug.cgi?id=1058135

https://bugzilla.suse.com/show_bug.cgi?id=1058410

https://bugzilla.suse.com/show_bug.cgi?id=1058507

https://bugzilla.suse.com/show_bug.cgi?id=1058512

https://bugzilla.suse.com/show_bug.cgi?id=1058550

https://bugzilla.suse.com/show_bug.cgi?id=1059051

https://bugzilla.suse.com/show_bug.cgi?id=1059465

https://bugzilla.suse.com/show_bug.cgi?id=1059500

https://bugzilla.suse.com/show_bug.cgi?id=1059863

https://bugzilla.suse.com/show_bug.cgi?id=1060197

https://bugzilla.suse.com/show_bug.cgi?id=1060229

https://bugzilla.suse.com/show_bug.cgi?id=1060249

https://bugzilla.suse.com/show_bug.cgi?id=1060400

https://bugzilla.suse.com/show_bug.cgi?id=1060985

https://bugzilla.suse.com/show_bug.cgi?id=1061017

https://bugzilla.suse.com/show_bug.cgi?id=1061046

https://bugzilla.suse.com/show_bug.cgi?id=1061064

https://bugzilla.suse.com/show_bug.cgi?id=1061067

https://bugzilla.suse.com/show_bug.cgi?id=1061172

https://bugzilla.suse.com/show_bug.cgi?id=1061451

https://bugzilla.suse.com/show_bug.cgi?id=1061721

https://bugzilla.suse.com/show_bug.cgi?id=1061775

https://bugzilla.suse.com/show_bug.cgi?id=1061831

https://bugzilla.suse.com/show_bug.cgi?id=1061872

https://bugzilla.suse.com/show_bug.cgi?id=1062279

https://bugzilla.suse.com/show_bug.cgi?id=1062520

https://bugzilla.suse.com/show_bug.cgi?id=1062962

https://bugzilla.suse.com/show_bug.cgi?id=1063102

https://bugzilla.suse.com/show_bug.cgi?id=1063349

https://bugzilla.suse.com/show_bug.cgi?id=1063460

https://bugzilla.suse.com/show_bug.cgi?id=1063475

https://bugzilla.suse.com/show_bug.cgi?id=1063479

https://bugzilla.suse.com/show_bug.cgi?id=1063501

https://bugzilla.suse.com/show_bug.cgi?id=1063509

https://bugzilla.suse.com/show_bug.cgi?id=1063520

https://bugzilla.suse.com/show_bug.cgi?id=1063570

https://bugzilla.suse.com/show_bug.cgi?id=1063667

https://bugzilla.suse.com/show_bug.cgi?id=1063671

https://bugzilla.suse.com/show_bug.cgi?id=1063695

https://bugzilla.suse.com/show_bug.cgi?id=1064064

https://bugzilla.suse.com/show_bug.cgi?id=1064206

https://bugzilla.suse.com/show_bug.cgi?id=1064388

https://bugzilla.suse.com/show_bug.cgi?id=1064436

https://bugzilla.suse.com/show_bug.cgi?id=963575

https://bugzilla.suse.com/show_bug.cgi?id=964944

https://bugzilla.suse.com/show_bug.cgi?id=966170

https://bugzilla.suse.com/show_bug.cgi?id=966172

https://bugzilla.suse.com/show_bug.cgi?id=966186

https://bugzilla.suse.com/show_bug.cgi?id=966191

https://bugzilla.suse.com/show_bug.cgi?id=966316

https://bugzilla.suse.com/show_bug.cgi?id=966318

https://bugzilla.suse.com/show_bug.cgi?id=969476

https://bugzilla.suse.com/show_bug.cgi?id=969477

https://bugzilla.suse.com/show_bug.cgi?id=969756

https://bugzilla.suse.com/show_bug.cgi?id=971975

https://bugzilla.suse.com/show_bug.cgi?id=981309

https://www.suse.com/security/cve/CVE-2017-1000252/

https://www.suse.com/security/cve/CVE-2017-11472/

https://www.suse.com/security/cve/CVE-2017-12134/

https://www.suse.com/security/cve/CVE-2017-12153/

https://www.suse.com/security/cve/CVE-2017-12154/

https://www.suse.com/security/cve/CVE-2017-13080/

https://www.suse.com/security/cve/CVE-2017-14051/

https://www.suse.com/security/cve/CVE-2017-14106/

https://www.suse.com/security/cve/CVE-2017-14489/

https://www.suse.com/security/cve/CVE-2017-15265/

https://www.suse.com/security/cve/CVE-2017-15649/

http://www.nessus.org/u?353e456c

Plugin Details

Severity: High

ID: 104171

File Name: suse_SU-2017-2847-1.nasl

Version: 3.15

Type: local

Agent: unix

Published: 10/26/2017

Updated: 1/6/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/25/2017

Vulnerability Publication Date: 3/1/2017

Reference Information

CVE: CVE-2017-1000252, CVE-2017-11472, CVE-2017-12134, CVE-2017-12153, CVE-2017-12154, CVE-2017-13080, CVE-2017-14051, CVE-2017-14106, CVE-2017-14489, CVE-2017-15265, CVE-2017-15649, CVE-2017-6346

IAVA: 2017-A-0310