openSUSE Security Update : Linux Kernel (openSUSE-SU-2014:1678-1)

High Nessus Plugin ID 80153

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 7.4

Synopsis

The remote openSUSE host is missing a security update.

Description

The openSUSE 13.2 kernel was updated to version 3.16.7.

These security issues were fixed :

- CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. (bnc#910251)

- CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. (bnc#907818)

- CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. (bnc#909077)

- CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346, bnc#902349).

- CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that triggered an incorrect uncork within the side-effect interpreter (bnc#902349).

- CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).

- CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013).

- CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100).

These non-security issues were fixed :

- ahci: Check and set 64-bit DMA mask for platform AHCI driver (bnc#902632).

- ahci/xgene: Remove logic to set 64-bit DMA mask (bnc#902632).

- ahci_xgene: Skip the PHY and clock initialization if already configured by the firmware (bnc#902632).

- ALSA: hda - Add mute LED control for Lenovo Ideapad Z560 (bnc#665315).

- ALSA: hda/realtek - Add alc_update_coef*_idx() helper (bnc#905068).

- ALSA: hda/realtek - Change EAPD to verb control (bnc#905068).

- ALSA: hda/realtek - Optimize alc888_coef_init() (bnc#905068).

- ALSA: hda/realtek - Restore default value for ALC668 (bnc#905068).

- ALSA: hda/realtek - Update Initial AMP for EAPD control (bnc#905068).

- ALSA: hda/realtek - Update restore default value for ALC282 (bnc#905068).

- ALSA: hda/realtek - Update restore default value for ALC283 (bnc#905068).

- ALSA: hda/realtek - Use alc_write_coef_idx() in alc269_quanta_automake() (bnc#905068).

- ALSA: hda/realtek - Use tables for batch COEF writes/updtes (bnc#905068).

- ALSA: usb-audio: Do not resubmit pending URBs at MIDI error recovery.

- arm64: Add architectural support for PCI (bnc#902632).

- arm64: adjust el0_sync so that a function can be called (bnc#902632).

- arm64: Do not call enable PCI resources when specify PCI_PROBE_ONLY (bnc#902632).

- arm64: dts: Add X-Gene reboot driver dts node (bnc#902632).

- arm64/efi: efistub: cover entire static mem footprint in PE/COFF .text (bnc#902632).

- arm64/efi: efistub: do not abort if base of DRAM is occupied (bnc#902632).

- arm64: fix bug for reloading FPSIMD state after cpu power off (bnc#902632).

- arm64: fix VTTBR_BADDR_MASK (bnc#902632).

- arm64: fpsimd: fix a typo in fpsimd_save_partial_state ENDPROC (bnc#902632).

- arm64/mustang: Disable sgenet and xgenet (bnc#902632).

- arm64: Select reboot driver for X-Gene platform (bnc#902632).

- arm: Add APM Mustang network driver (bnc#902632).

- arm/arm64: KVM: Fix and refactor unmap_range (bnc#902632).

- arm: Define PCI_IOBASE as the base of virtual PCI IO space (bnc#902632).

- asm-generic/io.h: Fix ioport_map() for !CONFIG_GENERIC_IOMAP (bnc#902632).

- ax88179_178a: fix bonding failure (bsc#908253).

- btrfs: Fix and enhance merge_extent_mapping() to insert best fitted extent map.

- btrfs: fix crash of btrfs_release_extent_buffer_page.

- btrfs: fix invalid leaf slot access in btrfs_lookup_extent().

- btrfs: fix kfree on list_head in btrfs_lookup_csums_range error cleanup.

- btrfs: fix lockups from btrfs_clear_path_blocking.

- btrfs: fix race that makes btrfs_lookup_extent_info miss skinny extent items.

- btrfs: Fix the wrong condition judgment about subset extent map.

- btrfs: fix wrong accounting of raid1 data profile in statfs.

- btrfs: send, do not delay dir move if there is a new parent inode.

- config: armv7hl: Disable CONFIG_USB_MUSB_TUSB6010 (bnc#906914).

- cpufreq: arm_big_little: fix module license spec (bnc#902632).

- Delete patches.rpmify/chipidea-clean-up-dependencies (bnc#903986).

- Disable Exynos cpufreq modules.

- drivers/net/fddi/skfp/h/skfbi.h: Remove useless PCI_BASE_2ND macros (bnc#902632).

- drm/i915: Keep vblank interrupts enabled while enabling/disabling planes (bnc#904097).

- drm: Implement O_NONBLOCK support on /dev/dri/cardN (bnc#904097).

- drm/nv50/disp: fix dpms regression on certain boards (bnc#902728).

- drm/radeon: add locking around atombios scratch space usage (bnc#904932).

- drm/radeon: add missing crtc unlock when setting up the MC (bnc#904932).

- drm/radeon/dpm: disable ulv support on SI (bnc#904932).

- drm/radeon: fix endian swapping in vbios fetch for tdp table (bnc#904932).

- drm/radeon: fix speaker allocation setup (bnc#904932).

- drm/radeon: initialize sadb to NULL in the audio code (bnc#904932).

- drm/radeon: make sure mode init is complete in bandwidth_update (bnc#904932).

- drm/radeon: report disconnected for LVDS/eDP with PX if ddc fails (bnc#904417).

- drm/radeon: set correct CE ram size for CIK (bnc#904932).

- drm/radeon: Use drm_malloc_ab instead of kmalloc_array (bnc#904932).

- drm/radeon: use gart for DMA IB tests (bnc#904932).

- drm/radeon: use gart memory for DMA ring tests (bnc#904932).

- drm/tilcdc: Fix the error path in tilcdc_load() (bko#86071).

- hp_accel: Add support for HP ZBook 15 (bnc#905329).

- ideapad-laptop: Change Lenovo Yoga 2 series rfkill handling (bnc#904289).

- Input: i8042 - also set the firmware id for MUXed ports (bnc#897112).

- Input: psmouse - add psmouse_matches_pnp_id helper function (bnc#897112).

- Input: psmouse - add support for detecting FocalTech PS/2 touchpads (bnc#897112).

- Input: synaptics - add min/max quirk for Lenovo T440s (bnc#903748).

- irqchip: gic: preserve gic V2 bypass bits in cpu ctrl register (bnc#902632).

- iwlwifi: dvm: drop non VO frames when flushing (bnc#900786).

- KEYS: Allow special keys (eg. DNS results) to be invalidated by CAP_SYS_ADMIN (bnc#904717).

- KEYS: Fix stale key registration at error path (bnc#908163).

- KEYS: Fix the size of the key description passed to/from userspace (bnc#904717).

- KEYS: Increase root_maxkeys and root_maxbytes sizes (bnc#904717).

- KEYS: request_key() should reget expired keys rather than give EKEYEXPIRED (bnc#904717).

- KEYS: Simplify KEYRING_SEARCH_(NO,DO)_STATE_CHECK flags (bnc#904717).

- KVM: ARM: Add arm,gic-400 compatible support (bnc#902632).

- KVM: ARM: Hack to enable VGIC mapping on 64k PAGE_SIZE kernels (bnc#902633).

- Limit xgbe a0 driver to arm64

- net/xgbe: Add A0 silicon support (bnc#902632).

- of/pci: Add pci_get_new_domain_nr() and of_get_pci_domain_nr() (bnc#902632).

- of/pci: Add pci_register_io_range() and pci_pio_to_address() (bnc#902632).

- of/pci: Add support for parsing PCI host bridge resources from DT (bnc#902632).

- of/pci: Fix the conversion of IO ranges into IO resources (bnc#902632).

- of/pci: Move of_pci_range_to_resource() to of/address.c (bnc#902632).

- parport: parport_pc, do not remove parent devices early (bnc#856659).

- PCI: Add generic domain handling (bnc#902632).

- PCI: Add pci_remap_iospace() to map bus I/O resources (bnc#902632).

- PCI: xgene: Add APM X-Gene PCIe driver (bnc#902632).

- power: reset: Add generic SYSCON register mapped reset (bnc#902632).

- power: reset: Remove X-Gene reboot driver (bnc#902632).

- quirk for Lenovo Yoga 3: no rfkill switch (bnc#904289).

- reiserfs: destroy allocated commit workqueue.

- rtc: ia64: allow other architectures to use EFI RTC (bnc#902632).

- scripts/tags.sh: Do not specify kind-spec for emacs ctags/etags.

- scripts/tags.sh: fix DEFINE_HASHTABLE in emacs case.

- tags.sh: Fixup regex definition for etags.

- ttusb-dec: buffer overflow in ioctl (bnc#905739).

- usb: Add support for Synopsis H20AHB EHCI host controller (bnc#902632).

- usb: fix hcd h20ahb driver depends (bnc#902632).

- usb: uvc: add a quirk for Dell XPS M1330 webcam (bnc#904539).

- usb: uvc: Fix destruction order in uvc_delete() (bnc#897736).

Solution

Update the affected Linux Kernel packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=665315

https://bugzilla.opensuse.org/show_bug.cgi?id=856659

https://bugzilla.opensuse.org/show_bug.cgi?id=897112

https://bugzilla.opensuse.org/show_bug.cgi?id=897736

https://bugzilla.opensuse.org/show_bug.cgi?id=900786

https://bugzilla.opensuse.org/show_bug.cgi?id=902346

https://bugzilla.opensuse.org/show_bug.cgi?id=902349

https://bugzilla.opensuse.org/show_bug.cgi?id=902351

https://bugzilla.opensuse.org/show_bug.cgi?id=902632

https://bugzilla.opensuse.org/show_bug.cgi?id=902633

https://bugzilla.opensuse.org/show_bug.cgi?id=902728

https://bugzilla.opensuse.org/show_bug.cgi?id=903748

https://bugzilla.opensuse.org/show_bug.cgi?id=903986

https://bugzilla.opensuse.org/show_bug.cgi?id=904013

https://bugzilla.opensuse.org/show_bug.cgi?id=904097

https://bugzilla.opensuse.org/show_bug.cgi?id=904289

https://bugzilla.opensuse.org/show_bug.cgi?id=904417

https://bugzilla.opensuse.org/show_bug.cgi?id=904539

https://bugzilla.opensuse.org/show_bug.cgi?id=904717

https://bugzilla.opensuse.org/show_bug.cgi?id=904932

https://bugzilla.opensuse.org/show_bug.cgi?id=905068

https://bugzilla.opensuse.org/show_bug.cgi?id=905100

https://bugzilla.opensuse.org/show_bug.cgi?id=905329

https://bugzilla.opensuse.org/show_bug.cgi?id=905739

https://bugzilla.opensuse.org/show_bug.cgi?id=906914

https://bugzilla.opensuse.org/show_bug.cgi?id=907818

https://bugzilla.opensuse.org/show_bug.cgi?id=908163

https://bugzilla.opensuse.org/show_bug.cgi?id=908253

https://bugzilla.opensuse.org/show_bug.cgi?id=909077

https://bugzilla.opensuse.org/show_bug.cgi?id=910251

https://lists.opensuse.org/opensuse-updates/2014-12/msg00077.html

Plugin Details

Severity: High

ID: 80153

File Name: openSUSE-2014-794.nasl

Version: 1.4

Type: local

Agent: unix

Published: 2014/12/22

Updated: 2020/06/04

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 7.4

CVSS v2.0

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:kernel-debug, p-cpe:/a:novell:opensuse:kernel-debug-base, p-cpe:/a:novell:opensuse:kernel-debug-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debuginfo, p-cpe:/a:novell:opensuse:kernel-debug-debugsource, p-cpe:/a:novell:opensuse:kernel-debug-devel, p-cpe:/a:novell:opensuse:kernel-debug-devel-debuginfo, p-cpe:/a:novell:opensuse:kernel-default, p-cpe:/a:novell:opensuse:kernel-default-base, p-cpe:/a:novell:opensuse:kernel-default-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debuginfo, p-cpe:/a:novell:opensuse:kernel-default-debugsource, p-cpe:/a:novell:opensuse:kernel-default-devel, p-cpe:/a:novell:opensuse:kernel-desktop, p-cpe:/a:novell:opensuse:kernel-desktop-base, p-cpe:/a:novell:opensuse:kernel-desktop-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debuginfo, p-cpe:/a:novell:opensuse:kernel-desktop-debugsource, p-cpe:/a:novell:opensuse:kernel-desktop-devel, p-cpe:/a:novell:opensuse:kernel-devel, p-cpe:/a:novell:opensuse:kernel-ec2, p-cpe:/a:novell:opensuse:kernel-ec2-base, p-cpe:/a:novell:opensuse:kernel-ec2-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debuginfo, p-cpe:/a:novell:opensuse:kernel-ec2-debugsource, p-cpe:/a:novell:opensuse:kernel-ec2-devel, p-cpe:/a:novell:opensuse:kernel-macros, p-cpe:/a:novell:opensuse:kernel-obs-build, p-cpe:/a:novell:opensuse:kernel-obs-build-debugsource, p-cpe:/a:novell:opensuse:kernel-obs-qa, p-cpe:/a:novell:opensuse:kernel-obs-qa-xen, p-cpe:/a:novell:opensuse:kernel-pae, p-cpe:/a:novell:opensuse:kernel-pae-base, p-cpe:/a:novell:opensuse:kernel-pae-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debuginfo, p-cpe:/a:novell:opensuse:kernel-pae-debugsource, p-cpe:/a:novell:opensuse:kernel-pae-devel, p-cpe:/a:novell:opensuse:kernel-source, p-cpe:/a:novell:opensuse:kernel-source-vanilla, p-cpe:/a:novell:opensuse:kernel-syms, p-cpe:/a:novell:opensuse:kernel-vanilla, p-cpe:/a:novell:opensuse:kernel-vanilla-debuginfo, p-cpe:/a:novell:opensuse:kernel-vanilla-debugsource, p-cpe:/a:novell:opensuse:kernel-vanilla-devel, p-cpe:/a:novell:opensuse:kernel-xen, p-cpe:/a:novell:opensuse:kernel-xen-base, p-cpe:/a:novell:opensuse:kernel-xen-base-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debuginfo, p-cpe:/a:novell:opensuse:kernel-xen-debugsource, p-cpe:/a:novell:opensuse:kernel-xen-devel, cpe:/o:novell:opensuse:13.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2014/12/18

Vulnerability Publication Date: 2014/11/10

Reference Information

CVE: CVE-2014-3673, CVE-2014-3687, CVE-2014-3688, CVE-2014-7826, CVE-2014-7841, CVE-2014-8133, CVE-2014-9090, CVE-2014-9322