SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2869-1) (KRACK)

High Nessus Plugin ID 104253

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).

- CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277).

- CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580).

- CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).

- CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919).

- CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410).

- CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the 'CR8-load exiting' and 'CR8-store exiting' L0 vmcs02 controls exist in cases where L1 omits the 'use TPR shadow' vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507).

- CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667).

- CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).

- CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).

- CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051).

- CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388).

- CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug exception(#DB) error. It could occur while emulating a syscall instruction and potentially lead to guest privilege escalation. (bsc#1045922).

- CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645).

- CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882).

- CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP2:zypper in -t patch SUSE-SLE-WE-12-SP2-2017-1786=1

SUSE Linux Enterprise Software Development Kit 12-SP2:zypper in -t patch SUSE-SLE-SDK-12-SP2-2017-1786=1

SUSE Linux Enterprise Server for Raspberry Pi 12-SP2:zypper in -t patch SUSE-SLE-RPI-12-SP2-2017-1786=1

SUSE Linux Enterprise Server 12-SP2:zypper in -t patch SUSE-SLE-SERVER-12-SP2-2017-1786=1

SUSE Linux Enterprise Live Patching 12:zypper in -t patch SUSE-SLE-Live-Patching-12-2017-1786=1

SUSE Linux Enterprise High Availability 12-SP2:zypper in -t patch SUSE-SLE-HA-12-SP2-2017-1786=1

SUSE Linux Enterprise Desktop 12-SP2:zypper in -t patch SUSE-SLE-DESKTOP-12-SP2-2017-1786=1

SUSE Container as a Service Platform ALL:zypper in -t patch SUSE-CAASP-ALL-2017-1786=1

OpenStack Cloud Magnum Orchestration 7:zypper in -t patch SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1786=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1006180

https://bugzilla.suse.com/show_bug.cgi?id=1011913

https://bugzilla.suse.com/show_bug.cgi?id=1012382

https://bugzilla.suse.com/show_bug.cgi?id=1012829

https://bugzilla.suse.com/show_bug.cgi?id=1013887

https://bugzilla.suse.com/show_bug.cgi?id=1019151

https://bugzilla.suse.com/show_bug.cgi?id=1020645

https://bugzilla.suse.com/show_bug.cgi?id=1020657

https://bugzilla.suse.com/show_bug.cgi?id=1021424

https://bugzilla.suse.com/show_bug.cgi?id=1022476

https://bugzilla.suse.com/show_bug.cgi?id=1022743

https://bugzilla.suse.com/show_bug.cgi?id=1022967

https://bugzilla.suse.com/show_bug.cgi?id=1023175

https://bugzilla.suse.com/show_bug.cgi?id=1024405

https://bugzilla.suse.com/show_bug.cgi?id=1028173

https://bugzilla.suse.com/show_bug.cgi?id=1028286

https://bugzilla.suse.com/show_bug.cgi?id=1029693

https://bugzilla.suse.com/show_bug.cgi?id=1030552

https://bugzilla.suse.com/show_bug.cgi?id=1030850

https://bugzilla.suse.com/show_bug.cgi?id=1031515

https://bugzilla.suse.com/show_bug.cgi?id=1031717

https://bugzilla.suse.com/show_bug.cgi?id=1031784

https://bugzilla.suse.com/show_bug.cgi?id=1033587

https://bugzilla.suse.com/show_bug.cgi?id=1034048

https://bugzilla.suse.com/show_bug.cgi?id=1034075

https://bugzilla.suse.com/show_bug.cgi?id=1034762

https://bugzilla.suse.com/show_bug.cgi?id=1036303

https://bugzilla.suse.com/show_bug.cgi?id=1036632

https://bugzilla.suse.com/show_bug.cgi?id=1037344

https://bugzilla.suse.com/show_bug.cgi?id=1037404

https://bugzilla.suse.com/show_bug.cgi?id=1037994

https://bugzilla.suse.com/show_bug.cgi?id=1038078

https://bugzilla.suse.com/show_bug.cgi?id=1038583

https://bugzilla.suse.com/show_bug.cgi?id=1038616

https://bugzilla.suse.com/show_bug.cgi?id=1038792

https://bugzilla.suse.com/show_bug.cgi?id=1039915

https://bugzilla.suse.com/show_bug.cgi?id=1040307

https://bugzilla.suse.com/show_bug.cgi?id=1040351

https://bugzilla.suse.com/show_bug.cgi?id=1041958

https://bugzilla.suse.com/show_bug.cgi?id=1042286

https://bugzilla.suse.com/show_bug.cgi?id=1042314

https://bugzilla.suse.com/show_bug.cgi?id=1042422

https://bugzilla.suse.com/show_bug.cgi?id=1042778

https://bugzilla.suse.com/show_bug.cgi?id=1043652

https://bugzilla.suse.com/show_bug.cgi?id=1044112

https://bugzilla.suse.com/show_bug.cgi?id=1044636

https://bugzilla.suse.com/show_bug.cgi?id=1045154

https://bugzilla.suse.com/show_bug.cgi?id=1045563

https://bugzilla.suse.com/show_bug.cgi?id=1045922

https://bugzilla.suse.com/show_bug.cgi?id=1046682

https://bugzilla.suse.com/show_bug.cgi?id=1046821

https://bugzilla.suse.com/show_bug.cgi?id=1046985

https://bugzilla.suse.com/show_bug.cgi?id=1047027

https://bugzilla.suse.com/show_bug.cgi?id=1047048

https://bugzilla.suse.com/show_bug.cgi?id=1047096

https://bugzilla.suse.com/show_bug.cgi?id=1047118

https://bugzilla.suse.com/show_bug.cgi?id=1047121

https://bugzilla.suse.com/show_bug.cgi?id=1047152

https://bugzilla.suse.com/show_bug.cgi?id=1047277

https://bugzilla.suse.com/show_bug.cgi?id=1047343

https://bugzilla.suse.com/show_bug.cgi?id=1047354

https://bugzilla.suse.com/show_bug.cgi?id=1047487

https://bugzilla.suse.com/show_bug.cgi?id=1047651

https://bugzilla.suse.com/show_bug.cgi?id=1047653

https://bugzilla.suse.com/show_bug.cgi?id=1047670

https://bugzilla.suse.com/show_bug.cgi?id=1048155

https://bugzilla.suse.com/show_bug.cgi?id=1048221

https://bugzilla.suse.com/show_bug.cgi?id=1048317

https://bugzilla.suse.com/show_bug.cgi?id=1048891

https://bugzilla.suse.com/show_bug.cgi?id=1048893

https://bugzilla.suse.com/show_bug.cgi?id=1048914

https://bugzilla.suse.com/show_bug.cgi?id=1048934

https://bugzilla.suse.com/show_bug.cgi?id=1049226

https://bugzilla.suse.com/show_bug.cgi?id=1049483

https://bugzilla.suse.com/show_bug.cgi?id=1049486

https://bugzilla.suse.com/show_bug.cgi?id=1049580

https://bugzilla.suse.com/show_bug.cgi?id=1049603

https://bugzilla.suse.com/show_bug.cgi?id=1049645

https://bugzilla.suse.com/show_bug.cgi?id=1049882

https://bugzilla.suse.com/show_bug.cgi?id=1050061

https://bugzilla.suse.com/show_bug.cgi?id=1050188

https://bugzilla.suse.com/show_bug.cgi?id=1051022

https://bugzilla.suse.com/show_bug.cgi?id=1051059

https://bugzilla.suse.com/show_bug.cgi?id=1051239

https://bugzilla.suse.com/show_bug.cgi?id=1051399

https://bugzilla.suse.com/show_bug.cgi?id=1051478

https://bugzilla.suse.com/show_bug.cgi?id=1051479

https://bugzilla.suse.com/show_bug.cgi?id=1051556

https://bugzilla.suse.com/show_bug.cgi?id=1051663

https://bugzilla.suse.com/show_bug.cgi?id=1051790

https://bugzilla.suse.com/show_bug.cgi?id=1052049

https://bugzilla.suse.com/show_bug.cgi?id=1052223

https://bugzilla.suse.com/show_bug.cgi?id=1052533

https://bugzilla.suse.com/show_bug.cgi?id=1052580

https://bugzilla.suse.com/show_bug.cgi?id=1052593

https://bugzilla.suse.com/show_bug.cgi?id=1052709

https://bugzilla.suse.com/show_bug.cgi?id=1052773

https://bugzilla.suse.com/show_bug.cgi?id=1052794

https://bugzilla.suse.com/show_bug.cgi?id=1052888

https://bugzilla.suse.com/show_bug.cgi?id=1053117

https://bugzilla.suse.com/show_bug.cgi?id=1053802

https://bugzilla.suse.com/show_bug.cgi?id=1053915

https://bugzilla.suse.com/show_bug.cgi?id=1053919

https://bugzilla.suse.com/show_bug.cgi?id=1054084

https://bugzilla.suse.com/show_bug.cgi?id=1055013

https://bugzilla.suse.com/show_bug.cgi?id=1055096

https://bugzilla.suse.com/show_bug.cgi?id=1055359

https://bugzilla.suse.com/show_bug.cgi?id=1055493

https://bugzilla.suse.com/show_bug.cgi?id=1055755

https://bugzilla.suse.com/show_bug.cgi?id=1055896

https://bugzilla.suse.com/show_bug.cgi?id=1056261

https://bugzilla.suse.com/show_bug.cgi?id=1056588

https://bugzilla.suse.com/show_bug.cgi?id=1056827

https://bugzilla.suse.com/show_bug.cgi?id=1056982

https://bugzilla.suse.com/show_bug.cgi?id=1057015

https://bugzilla.suse.com/show_bug.cgi?id=1058038

https://bugzilla.suse.com/show_bug.cgi?id=1058116

https://bugzilla.suse.com/show_bug.cgi?id=1058410

https://bugzilla.suse.com/show_bug.cgi?id=1058507

https://bugzilla.suse.com/show_bug.cgi?id=1059051

https://bugzilla.suse.com/show_bug.cgi?id=1059465

https://bugzilla.suse.com/show_bug.cgi?id=1060197

https://bugzilla.suse.com/show_bug.cgi?id=1061017

https://bugzilla.suse.com/show_bug.cgi?id=1061046

https://bugzilla.suse.com/show_bug.cgi?id=1061064

https://bugzilla.suse.com/show_bug.cgi?id=1061067

https://bugzilla.suse.com/show_bug.cgi?id=1061172

https://bugzilla.suse.com/show_bug.cgi?id=1061831

https://bugzilla.suse.com/show_bug.cgi?id=1061872

https://bugzilla.suse.com/show_bug.cgi?id=1063667

https://bugzilla.suse.com/show_bug.cgi?id=1064206

https://bugzilla.suse.com/show_bug.cgi?id=1064388

https://bugzilla.suse.com/show_bug.cgi?id=964063

https://bugzilla.suse.com/show_bug.cgi?id=971975

https://bugzilla.suse.com/show_bug.cgi?id=974215

https://bugzilla.suse.com/show_bug.cgi?id=981309

https://www.suse.com/security/cve/CVE-2017-1000252/

https://www.suse.com/security/cve/CVE-2017-10810/

https://www.suse.com/security/cve/CVE-2017-11472/

https://www.suse.com/security/cve/CVE-2017-11473/

https://www.suse.com/security/cve/CVE-2017-12134/

https://www.suse.com/security/cve/CVE-2017-12153/

https://www.suse.com/security/cve/CVE-2017-12154/

https://www.suse.com/security/cve/CVE-2017-13080/

https://www.suse.com/security/cve/CVE-2017-14051/

https://www.suse.com/security/cve/CVE-2017-14106/

https://www.suse.com/security/cve/CVE-2017-14489/

https://www.suse.com/security/cve/CVE-2017-15649/

https://www.suse.com/security/cve/CVE-2017-7518/

https://www.suse.com/security/cve/CVE-2017-7541/

https://www.suse.com/security/cve/CVE-2017-7542/

https://www.suse.com/security/cve/CVE-2017-8831/

http://www.nessus.org/u?baed955d

Plugin Details

Severity: High

ID: 104253

File Name: suse_SU-2017-2869-1.nasl

Version: 3.13

Type: local

Agent: unix

Published: 2017/10/30

Updated: 2018/11/30

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/10/27

Reference Information

CVE: CVE-2017-1000252, CVE-2017-10810, CVE-2017-11472, CVE-2017-11473, CVE-2017-12134, CVE-2017-12153, CVE-2017-12154, CVE-2017-13080, CVE-2017-14051, CVE-2017-14106, CVE-2017-14489, CVE-2017-15649, CVE-2017-6346, CVE-2017-7518, CVE-2017-7541, CVE-2017-7542, CVE-2017-8831

IAVA: 2017-A-0310