SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:0464-1)

High Nessus Plugin ID 97189

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.69 to receive various security and bugfixes. The following security bugs were fixed :

- CVE-2015-8962: Double free vulnerability in the sg_common_write function in drivers/scsi/sg.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) by detaching a device during an SG_IO ioctl call (bnc#1010501).

- CVE-2015-8963: Race condition in kernel/events/core.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by leveraging incorrect handling of an swevent data structure during a CPU unplug operation (bnc#1010502).

- CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).

- CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bnc#1017710).

- CVE-2016-7910: Use-after-free vulnerability in the disk_seqf_stop function in block/genhd.c in the Linux kernel allowed local users to gain privileges by leveraging the execution of a certain stop operation even if the corresponding start operation had failed (bnc#1010716).

- CVE-2016-7911: Race condition in the get_task_ioprio function in block/ioprio.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted ioprio_get system call (bnc#1010711).

- CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).

- CVE-2016-7914: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) via an application that uses associative-array data structures, as demonstrated by the keyutils test suite (bnc#1010475).

- CVE-2016-8399: An elevation of privilege vulnerability in the kernel networking subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process and current compiler optimizations restrict access to the vulnerable code. Product:
Android. Versions: Kernel-3.10, Kernel-3.18. Android ID:
A-31349935 (bnc#1014746).

- CVE-2016-8633: drivers/firewire/net.c in the Linux kernel, in certain unusual hardware configurations, allowed remote attackers to execute arbitrary code via crafted fragmented packets (bnc#1008833).

- CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).

- CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a 'state machine confusion bug' (bnc#1007197).

- CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).

- CVE-2016-9756: arch/x86/kvm/emulate.c in the Linux kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory via a crafted application (bnc#1013038).

- CVE-2016-9793: The sock_setsockopt function in net/core/sock.c in the Linux kernel mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option (bnc#1013531 1013542).

- CVE-2016-9806: Race condition in the netlink_dump function in net/netlink/af_netlink.c in the Linux kernel allowed local users to cause a denial of service (double free) or possibly have unspecified other impact via a crafted application that made sendmsg system calls, leading to a free operation associated with a new dump that started earlier than anticipated (bnc#1013540 1017589).

- CVE-2017-2584: arch/x86/kvm/emulate.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt (bsc#1019851).

- CVE-2017-2583: Fixed broken emulation of 'MOV SS, null selector' (bsc#1020602).

- CVE-2017-5551: Clear SGID bit when setting file permissions on tmpfs (bsc#1021258).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Workstation Extension 12-SP1:zypper in -t patch SUSE-SLE-WE-12-SP1-2017-238=1

SUSE Linux Enterprise Software Development Kit 12-SP1:zypper in -t patch SUSE-SLE-SDK-12-SP1-2017-238=1

SUSE Linux Enterprise Server 12-SP1:zypper in -t patch SUSE-SLE-SERVER-12-SP1-2017-238=1

SUSE Linux Enterprise Module for Public Cloud 12:zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2017-238=1

SUSE Linux Enterprise Live Patching 12:zypper in -t patch SUSE-SLE-Live-Patching-12-2017-238=1

SUSE Linux Enterprise Desktop 12-SP1:zypper in -t patch SUSE-SLE-DESKTOP-12-SP1-2017-238=1

To bring your system up-to-date, use 'zypper patch'.

See Also

https://bugzilla.suse.com/show_bug.cgi?id=1003813

https://bugzilla.suse.com/show_bug.cgi?id=1005666

https://bugzilla.suse.com/show_bug.cgi?id=1007197

https://bugzilla.suse.com/show_bug.cgi?id=1008557

https://bugzilla.suse.com/show_bug.cgi?id=1008567

https://bugzilla.suse.com/show_bug.cgi?id=1008833

https://bugzilla.suse.com/show_bug.cgi?id=1008876

https://bugzilla.suse.com/show_bug.cgi?id=1008979

https://bugzilla.suse.com/show_bug.cgi?id=1009062

https://bugzilla.suse.com/show_bug.cgi?id=1009969

https://bugzilla.suse.com/show_bug.cgi?id=1010040

https://bugzilla.suse.com/show_bug.cgi?id=1010213

https://bugzilla.suse.com/show_bug.cgi?id=1010294

https://bugzilla.suse.com/show_bug.cgi?id=1010475

https://bugzilla.suse.com/show_bug.cgi?id=1010478

https://bugzilla.suse.com/show_bug.cgi?id=1010501

https://bugzilla.suse.com/show_bug.cgi?id=1010502

https://bugzilla.suse.com/show_bug.cgi?id=1010507

https://bugzilla.suse.com/show_bug.cgi?id=1010612

https://bugzilla.suse.com/show_bug.cgi?id=1010711

https://bugzilla.suse.com/show_bug.cgi?id=1010716

https://bugzilla.suse.com/show_bug.cgi?id=1012060

https://bugzilla.suse.com/show_bug.cgi?id=1012422

https://bugzilla.suse.com/show_bug.cgi?id=1012917

https://bugzilla.suse.com/show_bug.cgi?id=1012985

https://bugzilla.suse.com/show_bug.cgi?id=1013001

https://bugzilla.suse.com/show_bug.cgi?id=1013038

https://bugzilla.suse.com/show_bug.cgi?id=1013479

https://bugzilla.suse.com/show_bug.cgi?id=1013531

https://bugzilla.suse.com/show_bug.cgi?id=1013540

https://bugzilla.suse.com/show_bug.cgi?id=1013542

https://bugzilla.suse.com/show_bug.cgi?id=1014410

https://bugzilla.suse.com/show_bug.cgi?id=1014746

https://bugzilla.suse.com/show_bug.cgi?id=1016713

https://bugzilla.suse.com/show_bug.cgi?id=1016725

https://bugzilla.suse.com/show_bug.cgi?id=1016961

https://bugzilla.suse.com/show_bug.cgi?id=1017164

https://bugzilla.suse.com/show_bug.cgi?id=1017170

https://bugzilla.suse.com/show_bug.cgi?id=1017410

https://bugzilla.suse.com/show_bug.cgi?id=1017589

https://bugzilla.suse.com/show_bug.cgi?id=1017710

https://bugzilla.suse.com/show_bug.cgi?id=1018100

https://bugzilla.suse.com/show_bug.cgi?id=1019032

https://bugzilla.suse.com/show_bug.cgi?id=1019148

https://bugzilla.suse.com/show_bug.cgi?id=1019260

https://bugzilla.suse.com/show_bug.cgi?id=1019300

https://bugzilla.suse.com/show_bug.cgi?id=1019783

https://bugzilla.suse.com/show_bug.cgi?id=1019851

https://bugzilla.suse.com/show_bug.cgi?id=1020214

https://bugzilla.suse.com/show_bug.cgi?id=1020602

https://bugzilla.suse.com/show_bug.cgi?id=1021258

https://bugzilla.suse.com/show_bug.cgi?id=856380

https://bugzilla.suse.com/show_bug.cgi?id=857394

https://bugzilla.suse.com/show_bug.cgi?id=858727

https://bugzilla.suse.com/show_bug.cgi?id=921338

https://bugzilla.suse.com/show_bug.cgi?id=921778

https://bugzilla.suse.com/show_bug.cgi?id=922052

https://bugzilla.suse.com/show_bug.cgi?id=922056

https://bugzilla.suse.com/show_bug.cgi?id=923036

https://bugzilla.suse.com/show_bug.cgi?id=923037

https://bugzilla.suse.com/show_bug.cgi?id=924381

https://bugzilla.suse.com/show_bug.cgi?id=938963

https://bugzilla.suse.com/show_bug.cgi?id=972993

https://bugzilla.suse.com/show_bug.cgi?id=980560

https://bugzilla.suse.com/show_bug.cgi?id=981709

https://bugzilla.suse.com/show_bug.cgi?id=983087

https://bugzilla.suse.com/show_bug.cgi?id=983348

https://bugzilla.suse.com/show_bug.cgi?id=984194

https://bugzilla.suse.com/show_bug.cgi?id=984419

https://bugzilla.suse.com/show_bug.cgi?id=985850

https://bugzilla.suse.com/show_bug.cgi?id=987192

https://bugzilla.suse.com/show_bug.cgi?id=987576

https://bugzilla.suse.com/show_bug.cgi?id=990384

https://bugzilla.suse.com/show_bug.cgi?id=991273

https://bugzilla.suse.com/show_bug.cgi?id=993739

https://bugzilla.suse.com/show_bug.cgi?id=997807

https://bugzilla.suse.com/show_bug.cgi?id=999101

https://www.suse.com/security/cve/CVE-2015-8962/

https://www.suse.com/security/cve/CVE-2015-8963/

https://www.suse.com/security/cve/CVE-2015-8964/

https://www.suse.com/security/cve/CVE-2016-10088/

https://www.suse.com/security/cve/CVE-2016-7910/

https://www.suse.com/security/cve/CVE-2016-7911/

https://www.suse.com/security/cve/CVE-2016-7913/

https://www.suse.com/security/cve/CVE-2016-7914/

https://www.suse.com/security/cve/CVE-2016-8399/

https://www.suse.com/security/cve/CVE-2016-8633/

https://www.suse.com/security/cve/CVE-2016-8645/

https://www.suse.com/security/cve/CVE-2016-9083/

https://www.suse.com/security/cve/CVE-2016-9084/

https://www.suse.com/security/cve/CVE-2016-9756/

https://www.suse.com/security/cve/CVE-2016-9793/

https://www.suse.com/security/cve/CVE-2016-9806/

https://www.suse.com/security/cve/CVE-2017-2583/

https://www.suse.com/security/cve/CVE-2017-2584/

https://www.suse.com/security/cve/CVE-2017-5551/

http://www.nessus.org/u?a768a9e4

Plugin Details

Severity: High

ID: 97189

File Name: suse_SU-2017-0464-1.nasl

Version: 3.7

Type: local

Agent: unix

Published: 2017/02/15

Updated: 2018/11/30

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 8.4

Temporal Score: 7.7

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:kernel-default, p-cpe:/a:novell:suse_linux:kernel-default-base, p-cpe:/a:novell:suse_linux:kernel-default-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-debugsource, p-cpe:/a:novell:suse_linux:kernel-default-devel, p-cpe:/a:novell:suse_linux:kernel-default-extra, p-cpe:/a:novell:suse_linux:kernel-default-extra-debuginfo, p-cpe:/a:novell:suse_linux:kernel-default-man, p-cpe:/a:novell:suse_linux:kernel-syms, p-cpe:/a:novell:suse_linux:kernel-xen, p-cpe:/a:novell:suse_linux:kernel-xen-base, p-cpe:/a:novell:suse_linux:kernel-xen-base-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debuginfo, p-cpe:/a:novell:suse_linux:kernel-xen-debugsource, p-cpe:/a:novell:suse_linux:kernel-xen-devel, cpe:/o:novell:suse_linux:12

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2017/02/14

Exploitable With

Core Impact

Reference Information

CVE: CVE-2015-8962, CVE-2015-8963, CVE-2015-8964, CVE-2016-10088, CVE-2016-7910, CVE-2016-7911, CVE-2016-7913, CVE-2016-7914, CVE-2016-8399, CVE-2016-8633, CVE-2016-8645, CVE-2016-9083, CVE-2016-9084, CVE-2016-9576, CVE-2016-9756, CVE-2016-9793, CVE-2016-9806, CVE-2017-2583, CVE-2017-2584, CVE-2017-5551