Security update for the Linux Kernel

Announcement ID: SUSE-SU-2017:2694-1
Rating: important
CVSS scores:
  • CVE-2017-1000112 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000251 ( SUSE ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000251 ( NVD ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-1000251 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-10661 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-10661 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2017-12762 ( SUSE ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-12762 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-12762 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-14051 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-14051 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-14140 ( SUSE ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2017-14140 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2017-14340 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-14340 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-8831 ( SUSE ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-8831 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • SUSE Linux Enterprise Real Time Extension 11 SP4

An update that solves eight vulnerabilities and has 25 security fixes can now be installed.


The SUSE Linux Enterprise 11 SP4 RT kernel was updated to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in remote code execution in kernel space (bnc#1057389).
  • CVE-2017-14340: The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h did not verify that a filesystem has a realtime device, which allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory (bnc#1058524).
  • CVE-2017-14140: The move_pages system call in mm/migrate.c did not check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR (bnc#1057179).
  • CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).
  • CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152).
  • CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c a user-controlled buffer was copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow (bnc#1053148).
  • CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).
  • CVE-2017-1000112: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access.(bnc#1052311).

The following non-security bugs were fixed:

  • ALSA: Fix Lewisburg audio issue
  • Drop commit 96234ae:kvm_io_bus_unregister_dev() should never fail (bsc#1055680)
  • Fixup build warnings in drivers/scsi/scsi.c (bsc#1031358)
  • NFS: Cache aggressively when file is open for writing (bsc#1053933).
  • NFS: Do drop directory dentry when error clearly requires it (bsc#1051932).
  • NFS: Do not flush caches for a getattr that races with writeback (bsc#1053933).
  • NFS: Optimize fallocate by refreshing mapping when needed (bsc#1053933).
  • NFS: invalidate file size when taking a lock (bsc#1053933).
  • PCI: fix hotplug related issues (bnc#1054247).
  • af_key: do not use GFP_KERNEL in atomic contexts (bsc#1054093).
  • avoid deadlock in xenbus (bnc#1047523).
  • blacklist 9754d45e9970 tpm: read burstcount from TPM_STS in one 32-bit transaction
  • blkback/blktap: do not leak stack data via response ring (bsc#1042863 XSA-216).
  • cx231xx-audio: fix NULL-deref at probe (bsc#1050431).
  • cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc#1045154).
  • fuse: do not use iocb after it may have been freed (bsc#1054706).
  • fuse: fix fuse_write_end() if zero bytes were copied (bsc#1054706).
  • fuse: fsync() did not return IO errors (bsc#1054076).
  • fuse: fuse_flush must check mapping->flags for errors (bsc#1054706).
  • gspca: konica: add missing endpoint sanity check (bsc#1050431).
  • kabi/severities: Ignore zpci symbol changes (bsc#1054247)
  • lib/mpi: mpi_read_raw_data(): fix nbits calculation
  • media: platform: davinci: return -EINVAL for VPFE_CMD_S_CCDC_RAW_PARAMS ioctl (bsc#1050431).
  • net: Fix RCU splat in af_key (bsc#1054093).
  • powerpc/fadump: add reschedule point while releasing memory (bsc#1040609 bsc#1024450).
  • powerpc/fadump: avoid duplicates in crash memory ranges (bsc#1037669 bsc#1037667).
  • powerpc/fadump: provide a helpful error message (bsc#1037669 bsc#1037667).
  • powerpc/prom: Increase minimum RMA size to 512MB (bsc#984530, bsc#1052370).
  • powerpc/slb: Force a full SLB flush when we insert for a bad EA (bsc#1054070).
  • reiserfs: fix race in readdir (bsc#1039803).
  • s390/pci: do not cleanup in arch_setup_msi_irqs (bnc#1054247).
  • s390/pci: fix handling of PEC 306 (bnc#1054247).
  • s390/pci: improve error handling during fmb (de)registration (bnc#1054247).
  • s390/pci: improve error handling during interrupt deregistration (bnc#1054247).
  • s390/pci: improve pci hotplug (bnc#1054247).
  • s390/pci: improve unreg_ioat error handling (bnc#1054247).
  • s390/pci: introduce clp_get_state (bnc#1054247).
  • s390/pci: provide more debug information (bnc#1054247).
  • scsi: avoid system stall due to host_busy race (bsc#1031358).
  • scsi: close race when updating blocked counters (bsc#1031358).
  • ser_gigaset: return -ENOMEM on error instead of success (bsc#1037441).
  • supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802).
  • tpm: fix a kernel memory leak in tpm-sysfs.c (bsc#1050381).
  • uwb: fix device quirk on big-endian hosts (bsc#1036629).
  • xfs: fix inobt inode allocation search optimization (bsc#1013018).

Special Instructions and Notes:

  • Please reboot the system after installing this update.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Real Time Extension 11 SP4
    zypper in -t patch slertesp4-linux-kernel-rt-13307=1

Package List:

  • SUSE Linux Enterprise Real Time Extension 11 SP4 (nosrc x86_64)
    • kernel-rt-3.0.101.rt130-69.8.1
    • kernel-rt_trace-3.0.101.rt130-69.8.1
  • SUSE Linux Enterprise Real Time Extension 11 SP4 (x86_64)
    • kernel-source-rt-3.0.101.rt130-69.8.1
    • kernel-rt_trace-base-3.0.101.rt130-69.8.1
    • kernel-syms-rt-3.0.101.rt130-69.8.1
    • kernel-rt_trace-devel-3.0.101.rt130-69.8.1
    • kernel-rt-base-3.0.101.rt130-69.8.1
    • kernel-rt-devel-3.0.101.rt130-69.8.1