Security update for the Linux Kernel

Announcement ID: SUSE-SU-2017:3410-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2017-1000410 ( SUSE ): 2.4 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2017-1000410 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2017-11600 ( SUSE ): 7.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
  • CVE-2017-11600 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-11600 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-12193 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-12193 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-15115 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-15115 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-15115 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-15265 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-15265 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-15265 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-16528 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-16528 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-16536 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-16536 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-16537 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-16537 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-16645 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-16645 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-16646 ( SUSE ): 4.6 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-16646 ( NVD ): 6.6 CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-16994 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2017-16994 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2017-17448 ( SUSE ): 5.7 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
  • CVE-2017-17448 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-17449 ( SUSE ): 4.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
  • CVE-2017-17449 ( NVD ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2017-17450 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
  • CVE-2017-17450 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7482 ( SUSE ): 6.6 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
  • CVE-2017-7482 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-7482 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
  • CVE-2017-8824 ( SUSE ): 8.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-8824 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2017-8824 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
  • Magnum Orchestration 7
  • SUSE Linux Enterprise Desktop 12 SP2
  • SUSE Linux Enterprise High Availability Extension 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise Live Patching 12
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2
  • SUSE Linux Enterprise Software Development Kit 12 12-SP2
  • SUSE Linux Enterprise Workstation Extension 12 SP2

An update that solves 16 vulnerabilities and has 92 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.103 to receive various security and bugfixes.

This update enables SMB encryption in the CIFS support in the Linux Kernel (fate#324404)

The following security bugs were fixed:

  • CVE-2017-1000410: The Linux kernel was affected by an information leak in the processing of incoming L2CAP commands - ConfigRequest, and ConfigResponse messages. (bnc#1070535).
  • CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux kernel did not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allowed local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message (bnc#1050231).
  • CVE-2017-12193: The assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel mishandled node splitting, which allowed local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations (bnc#1066192).
  • CVE-2017-15115: The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel did not check whether the intended netns is used in a peel-off action, which allowed local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls (bnc#1068671).
  • CVE-2017-15265: Race condition in the ALSA subsystem in the Linux kernel allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted /dev/snd/seq ioctl calls, related to sound/core/seq/seq_clientmgr.c and sound/core/seq/seq_ports.c (bnc#1062520).
  • CVE-2017-16528: sound/core/seq_device.c in the Linux kernel allowed local users to cause a denial of service (snd_rawmidi_dev_seq_free use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066629).
  • CVE-2017-16536: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066606).
  • CVE-2017-16537: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1066573).
  • CVE-2017-16645: The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel allowed local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067132).
  • CVE-2017-16646: drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel allowed local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device (bnc#1067105).
  • CVE-2017-16994: The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel mishandled holes in hugetlb ranges, which allowed local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call (bnc#1069996).
  • CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in the Linux kernel did not require the CAP_NET_ADMIN capability for new, get, and del operations, which allowed local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces (bnc#1071693).
  • CVE-2017-17449: The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, did not restrict observations of Netlink messages to a single net namespace, which allowed local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system (bnc#1071694).
  • CVE-2017-17450: net/netfilter/xt_osf.c in the Linux kernel did not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allowed local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces (bnc#1071695).
  • CVE-2017-7482: Fixed an overflow when decoding a krb5 principal. (bnc#1046107).
  • CVE-2017-8824: The dccp_disconnect function in net/dccp/proto.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state (bnc#1070771).

The following non-security bugs were fixed:

  • adm80211: return an error if adm8211_alloc_rings() fails (bsc#1031717).
  • adv7604: Initialize drive strength to default when using DT (bnc#1012382).
  • af_netlink: ensure that NLMSG_DONE never fails in dumps (bnc#1012382).
  • alsa: au88x0: avoid theoretical uninitialized access (bnc#1012382).
  • alsa: caiaq: Fix stray URB at probe error path (bnc#1012382).
  • alsa: compress: Remove unused variable (bnc#1012382).
  • alsa: hda: Add Raven PCI ID (bnc#1012382).
  • alsa: hda - Apply ALC269_FIXUP_NO_SHUTUP on HDA_FIXUP_ACT_PROBE (bnc#1012382).
  • alsa: hda/ca0132 - Fix memory leak at error path (bsc#1031717).
  • alsa: hda - fix headset mic problem for Dell machines with alc236 (bnc#1012382).
  • alsa: hda - No loopback on ALC299 codec (git-fixes).
  • alsa: hda/realtek: Add headset mic support for Intel NUC Skull Canyon (bsc#1031717).
  • alsa: hda/realtek - Add new codec ID ALC299 (bnc#1012382).
  • alsa: hda/realtek - Add support for ALC236/ALC3204 (bnc#1012382).
  • alsa: hda/realtek - Fix ALC700 family no sound issue (bsc#1031717).
  • alsa: hda: Remove superfluous '-' added by printk conversion (bnc#1012382).
  • alsa: line6: Fix leftover URB at error-path during probe (bnc#1012382).
  • alsa: pcm: update tstamp only if audio_tstamp changed (bsc#1031717).
  • alsa: seq: Avoid invalid lockdep class warning (bsc#1031717).
  • alsa: seq: Enable 'use' locking in all configurations (bnc#1012382).
  • alsa: seq: Fix copy_from_user() call inside lock (bnc#1012382).
  • alsa: seq: Fix nested rwsem annotation for lockdep splat (bnc#1012382).
  • alsa: seq: Fix OSS sysex delivery in OSS emulation (bnc#1012382).
  • alsa: timer: Add missing mutex lock for compat ioctls (bnc#1012382).
  • alsa: timer: Remove kernel warning at compat ioctl error paths (bsc#1031717).
  • alsa: usb-audio: Add native DSD support for Pro-Ject Pre Box S2 Digital (bnc#1012382).
  • alsa: usb-audio: Add sanity checks in v2 clock parsers (bsc#1031717).
  • alsa: usb-audio: Add sanity checks to FE parser (bsc#1031717).
  • alsa: usb-audio: Check out-of-bounds access by corrupted buffer descriptor (bnc#1012382).
  • alsa: usb-audio: Fix potential out-of-bound access at parsing SU (bsc#1031717).
  • alsa: usb-audio: Kill stray URB at exiting (bnc#1012382).
  • alsa: usb-audio: uac1: Invalidate ctl on interrupt (bsc#1031717).
  • alsa: usx2y: Suppress kernel warning at page allocation failures (bnc#1012382).
  • alsa: vx: Do not try to update capture stream before running (bnc#1012382).
  • alsa: vx: Fix possible transfer overflow (bnc#1012382).
  • Apply generic ppc build fixes to vanilla (bsc#1070805)
  • arm64: dts: NS2: reserve memory for Nitro firmware (bnc#1012382).
  • arm64: ensure __dump_instr() checks addr_limit (bnc#1012382).
  • arm64: fix dump_instr when PAN and UAO are in use (bnc#1012382).
  • arm: 8635/1: nommu: allow enabling REMAP_VECTORS_TO_RAM (bnc#1012382).
  • arm: 8715/1: add a private asm/unaligned.h (bnc#1012382).
  • arm: 8720/1: ensure dump_instr() checks addr_limit (bnc#1012382).
  • arm: 8721/1: mm: dump: check hardware RO bit for LPAE (bnc#1012382).
  • arm: 8722/1: mm: make STRICT_KERNEL_RWX effective for LPAE (bnc#1012382).
  • arm: crypto: reduce priority of bit-sliced AES cipher (bnc#1012382).
  • arm: dts: Fix am335x and dm814x scm syscon to probe children (bnc#1012382).
  • arm: dts: Fix compatible for ti81xx uarts for 8250 (bnc#1012382).
  • arm: dts: Fix omap3 off mode pull defines (bnc#1012382).
  • arm: dts: mvebu: pl310-cache disable double-linefill (bnc#1012382).
  • arm: dts: r8a7790: Use R-Car Gen 2 fallback binding for msiof nodes (bnc#1012382).
  • arm: OMAP2+: Fix init for multiple quirks for the same SoC (bnc#1012382).
  • arm: omap2plus_defconfig: Fix probe errors on UARTs 5 and 6 (bnc#1012382).
  • arm: pxa: Do not rely on public mmc header to include leds.h (bnc#1012382).
  • arm: remove duplicate 'const' annotations' (bnc#1012382).
  • asm/sections: add helpers to check for section data (bsc#1063026).
  • asoc: adau17x1: Workaround for noise bug in ADC (bnc#1012382).
  • asoc: cs42l56: Fix reset GPIO name in example DT binding (bsc#1031717).
  • asoc: dapm: fix some pointer error handling (bnc#1012382).
  • asoc: dapm: handle probe deferrals (bnc#1012382).
  • asoc: davinci-mcasp: Fix an error handling path in 'davinci_mcasp_probe()' (bsc#1031717).
  • asoc: rsnd: do not double free kctrl (bnc#1012382).
  • asoc: samsung: Fix possible double iounmap on s3c24xx driver probe failure (bsc#1031717).
  • asoc: wm_adsp: Do not overrun firmware file buffer when reading region data (bnc#1012382).
  • ata: ATA_BMDMA should depend on HAS_DMA (bnc#1012382).
  • ata: fixes kernel crash while tracing ata_eh_link_autopsy event (bnc#1012382).
  • ata: SATA_HIGHBANK should depend on HAS_DMA (bnc#1012382).
  • ata: SATA_MV should depend on HAS_DMA (bnc#1012382).
  • ath10k: convert warning about non-existent OTP board id to debug message (git-fixes).
  • ath10k: fix a warning during channel switch with multiple vaps (bsc#1031717).
  • ath10k: fix board data fetch error message (bsc#1031717).
  • ath10k: fix diag_read to collect data for larger memory (bsc#1031717).
  • ath10k: fix incorrect txpower set by P2P_DEVICE interface (bnc#1012382).
  • ath10k: fix potential memory leak in ath10k_wmi_tlv_op_pull_fw_stats() (bnc#1012382).
  • ath10k: free cached fw bin contents when get board id fails (bsc#1031717).
  • ath10k: ignore configuring the incorrect board_id (bnc#1012382).
  • ath10k: set CTS protection VDEV param only if VDEV is up (bnc#1012382).
  • ath9k_htc: check for underflow in ath9k_htc_rx_msg() (bsc#1031717).
  • ath9k: off by one in ath9k_hw_nvram_read_array() (bsc#1031717).
  • audit: log 32-bit socketcalls (bnc#1012382).
  • autofs: do not fail mount for transient error (bsc#1065180).
  • backlight: adp5520: Fix error handling in adp5520_bl_probe() (bnc#1012382).
  • backlight: lcd: Fix race condition during register (bnc#1012382).
  • bcache: check ca->alloc_thread initialized before wake up it (bnc#1012382).
  • block: Fix a race between blk_clea