Security update for the Linux Kernel

Announcement ID: SUSE-SU-2017:0181-1
Rating: important
References:
Cross-References:
CVSS scores:
  • CVE-2015-1350 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2015-1350 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2015-8964 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
  • CVE-2016-7039 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-7039 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-7042 ( NVD ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-7425 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-7425 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-7913 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2016-7913 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2016-7913 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
  • CVE-2016-7917 ( NVD ): 5.0 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
  • CVE-2016-8645 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-8666 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-8666 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-9083 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-9083 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-9084 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-9793 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-9793 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • CVE-2016-9919 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2016-9919 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:
  • SUSE Linux Enterprise Desktop 12 SP2
  • SUSE Linux Enterprise High Availability Extension 12 SP2
  • SUSE Linux Enterprise High Performance Computing 12 SP2
  • SUSE Linux Enterprise Live Patching 12
  • SUSE Linux Enterprise Server 12
  • SUSE Linux Enterprise Server 12 SP1
  • SUSE Linux Enterprise Server 12 SP2
  • SUSE Linux Enterprise Server for SAP Applications 12
  • SUSE Linux Enterprise Server for SAP Applications 12 SP1
  • SUSE Linux Enterprise Server for SAP Applications 12 SP2
  • SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
  • SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2
  • SUSE Linux Enterprise Software Development Kit 12 12-SP2
  • SUSE Linux Enterprise Workstation Extension 12 SP2

An update that solves 13 vulnerabilities and has 127 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.38 to receive various security and bugfixes.

The following security bugs were fixed:

  • CVE-2015-1350: The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr operations that underspecifies removing extended privilege attributes, which allowed local users to cause a denial of service (capability stripping) via a failed invocation of a system call, as demonstrated by using chown to remove a capability from the ping or Wireshark dumpcap program (bnc#914939).
  • CVE-2015-8964: The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory by reading a tty data structure (bnc#1010507).
  • CVE-2016-7039: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for large crafted packets, as demonstrated by packets that contain only VLAN headers, a related issue to CVE-2016-8666 (bnc#1001486).
  • CVE-2016-7042: The proc_keys_show function in security/keys/proc.c in the Linux kernel through 4.8.2, when the GNU Compiler Collection (gcc) stack protector is enabled, uses an incorrect buffer size for certain timeout data, which allowed local users to cause a denial of service (stack memory corruption and panic) by reading the /proc/keys file (bnc#1004517).
  • CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932).
  • CVE-2016-7913: The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via vectors involving omission of the firmware name from a certain data structure (bnc#1010478).
  • CVE-2016-7917: The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the Linux kernel did not check whether a batch message's length field is large enough, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (infinite loop or out-of-bounds read) by leveraging the CAP_NET_ADMIN capability (bnc#1010444).
  • CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) via a crafted application that made sendto system calls, related to net/ipv4/tcp_ipv4.c and net/ipv6/tcp_ipv6.c (bnc#1009969).
  • CVE-2016-8666: The IP stack in the Linux kernel allowed remote attackers to cause a denial of service (stack consumption and panic) or possibly have unspecified other impact by triggering use of the GRO path for packets with tunnel stacking, as demonstrated by interleaved IPv4 headers and GRE headers, a related issue to CVE-2016-7039 (bnc#1003964).
  • CVE-2016-9083: drivers/vfio/pci/vfio_pci.c in the Linux kernel allowed local users to bypass integer overflow checks, and cause a denial of service (memory corruption) or have unspecified other impact, by leveraging access to a vfio PCI device file for a VFIO_DEVICE_SET_IRQS ioctl call, aka a "state machine confusion bug (bnc#1007197).
  • CVE-2016-9084: drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel misuses the kzalloc function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact by leveraging access to a vfio PCI device file (bnc#1007197).
  • CVE-2016-9793: A bug in SO_{SND|RCV}BUFFORCE setsockopt() implementation was fixed, which allowed CAP_NET_ADMIN users to cause memory corruption. (bsc#1013531).
  • CVE-2016-9919: The icmp6_send function in net/ipv6/icmp.c in the Linux kernel omits a certain check of the dst data structure, which allowed remote attackers to cause a denial of service (panic) via a fragmented IPv6 packet (bnc#1014701).

The following non-security bugs were fixed:

  • 8250_pci: Fix potential use-after-free in error path (bsc#1013001).
  • acpi / PAD: do not register acpi_pad driver if running as Xen dom0 (bnc#995278).
  • Add mainline tags to various hyperv patches
  • alsa: fm801: detect FM-only card earlier (bsc#1005917).
  • alsa: fm801: explicitly free IRQ line (bsc#1005917).
  • alsa: fm801: propagate TUNER_ONLY bit when autodetected (bsc#1005917).
  • alsa: hda - Bind with i915 only when Intel graphics is present (bsc#1012767).
  • alsa: hda - Clear the leftover component assignment at snd_hdac_i915_exit() (bsc#1012767).
  • alsa: hda - Degrade i915 binding failure message (bsc#1012767).
  • alsa: hda - Fix yet another i915 pointer leftover in error path (bsc#1012767).
  • alsa: hda - Gate the mic jack on HP Z1 Gen3 AiO (bsc#1004365).
  • alsa: hda - Turn off loopback mixing as default (bsc#1001462).
  • apparmor: add missing id bounds check on dfa verification (bsc#1000304).
  • apparmor: check that xindex is in trans_table bounds (bsc#1000304).
  • apparmor: do not check for vmalloc_addr if kvzalloc() failed (bsc#1000304).
  • apparmor: do not expose kernel stack (bsc#1000304).
  • apparmor: ensure the target profile name is always audited (bsc#1000304).
  • apparmor: exec should not be returning ENOENT when it denies (bsc#1000304).
  • apparmor: fix audit full profile hname on successful load (bsc#1000304).
  • apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287).
  • apparmor: fix disconnected bind mnts reconnection (bsc#1000304).
  • apparmor: fix log failures for all profiles in a set (bsc#1000304).
  • apparmor: fix module parameters can be changed after policy is locked (bsc#1000304).
  • apparmor: fix oops in profile_unpack() when policy_db is not present (bsc#1000304).
  • apparmor: fix put() parent ref after updating the active ref (bsc#1000304).
  • apparmor: fix refcount bug in profile replacement (bsc#1000304).
  • apparmor: fix refcount race when finding a child profile (bsc#1000304).
  • apparmor: fix replacement bug that adds new child to old parent (bsc#1000304).
  • apparmor: fix uninitialized lsm_audit member (bsc#1000304).
  • apparmor: fix update the mtime of the profile file on replacement (bsc#1000304).
  • apparmor: internal paths should be treated as disconnected (bsc#1000304).
  • apparmor: use list_next_entry instead of list_entry_next (bsc#1000304).
  • arm64: Call numa_store_cpu_info() earlier.
  • arm64/efi: Enable runtime call flag checking (bsc#1005745).
  • arm64/efi: Move to generic {__,}efi_call_virt() (bsc#1005745).
  • arm64: Refuse to install 4k kernel on 64k system
  • arm64: Update config files. Disable CONFIG_IPMI_SI_PROBE_DEFAULTS (bsc#1006576)
  • arm: bcm2835: add CPU node for ARM core (boo#1012094).
  • arm: bcm2835: Split the DT for peripherals from the DT for the CPU (boo#1012094).
  • asoc: cht_bsw_rt5645: Enable jack detection (bsc#1010690).
  • asoc: cht_bsw_rt5645: Fix writing to string literal (bsc#1010690).
  • asoc: cht_bsw_rt5672: Use HID translation unit (bsc#1010690).
  • asoc: fsl_ssi: mark SACNT register volatile (bsc#1005917).
  • asoc: imx-spdif: Fix crash on suspend (bsc#1005917).
  • asoc: intel: add function stub when ACPI is not enabled (bsc#1010690).
  • asoc: Intel: add fw name to common dsp context (bsc#1010690).
  • asoc: Intel: Add missing 10EC5672 ACPI ID matching for Cherry Trail (bsc#1010690).
  • asoc: Intel: Add module tags for common match module (bsc#1010690).
  • asoc: Intel: add NULL test (bsc#1010690).
  • AsoC: Intel: Add quirks for MinnowBoard MAX (bsc#1010690).
  • asoc: Intel: Add surface3 entry in CHT-RT5645 machine (bsc#1010690).
  • asoc: Intel: Atom: add 24-bit support for media playback and capture (bsc#1010690).
  • ASoc: Intel: Atom: add deep buffer definitions for atom platforms (bsc#1010690).
  • asoc: Intel: Atom: add definitions for modem/SSP0 interface (bsc#1010690).
  • asoc: Intel: Atom: Add quirk for Surface 3 (bsc#1010690).
  • asoc: Intel: Atom: add support for CHT w/ RT5640 (bsc#1010690).
  • asoc: Intel: Atom: Add support for HP ElitePad 1000 G2 (bsc#1010690).
  • asoc: Intel: Atom: add support for RT5642 (bsc#1010690).
  • asoc: Intel: Atom: add terminate entry for dmi_system_id tables (bsc#1010690).
  • asoc: Intel: Atom: auto-detection of Baytrail-CR (bsc#1010690).
  • asoc: Intel: Atom: clean-up compressed DAI definition (bsc#1010690).
  • asoc: Intel: atom: enable configuration of SSP0 (bsc#1010690).
  • asoc: Intel: atom: fix 0-day warnings (bsc#1010690).
  • asoc: Intel: Atom: fix boot warning (bsc#1010690).
  • asoc: Intel: Atom: Fix message handling during drop stream (bsc#1010690).
  • asoc: Intel: atom: fix missing breaks that would cause the wrong operation to execute (bsc#1010690).
  • asoc: Intel: Atom: fix regression on compress DAI (bsc#1010690).
  • asoc: Intel: Atom: flip logic for gain Switch (bsc#1010690).
  • asoc: Intel: atom: Make some messages to debug level (bsc#1010690).
  • asoc: Intel: Atom: move atom driver to common acpi match (bsc#1010690).
  • asoc: Intel: atom: statify cht_quirk (bsc#1010690).
  • asoc: Intel: boards: add DEEP_BUFFER support for BYT/CHT/BSW (bsc#1010690).
  • asoc: Intel: boards: align pin names between byt-rt5640 drivers (bsc#1010690).
  • asoc: Intel: boards: merge DMI-based quirks in bytcr-rt5640 driver (bsc#1010690).
  • asoc: Intel: boards: start merging byt-rt5640 drivers (bsc#1010690).
  • asoc: Intel: bytcr_rt56040: additional routing quirks (bsc#1010690).
  • asoc: Intel: bytcr-rt5640: add Asus T100TAF quirks (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: add IN3 map (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: add MCLK support (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: Add quirk for Teclast X98 Air 3G tablet (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: add SSP2_AIF2 routing (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: change quirk position (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: default routing and quirks on Baytrail-CR (bsc#1010690).
  • asoc: Intel: bytcr-rt5640: enable ASRC (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: enable differential mic quirk (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: fallback mechanism if MCLK is not enabled (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: fix dai/clock setup for SSP0 routing (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: fixup DAI codec_name with HID (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: log quirks (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: quirk for Acer Aspire SWS-012 (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: quirk for mono speaker (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: set SSP to I2S mode 2ch (bsc#1010690).
  • asoc: Intel: bytcr_rt5640: use HID translation util (bsc#1010690).
  • asoc: Intel: cht: fix uninit variable warning (bsc#1010690).
  • asoc: Intel: common: add translation from HID to codec-name (bsc#1010690).
  • asoc: Intel: common: filter ACPI devices with _STA return value (bsc#1010690).
  • asoc: Intel: common: increase the loglevel of "FW Poll Status" (bsc#1010690).
  • asoc: Intel: Create independent acpi match module (bsc#1010690).
  • asoc: intel: Fix sst-dsp dependency on dw stuff (bsc#1010690).
  • asoc: Intel: Keep building old baytrail machine drivers (bsc#1010690).
  • asoc: Intel: Load the atom DPCM driver only (bsc#1010690).
  • asoc: intel: make function stub static (bsc#1010690).
  • asoc: Intel: Move apci find machine routines (bsc#1010690).
  • asoc: Intel: pass correct parameter in sst_alloc_stream_mrfld() (bsc#1005917).
  • asoc: intel: Replace kthread with work (bsc#1010690).
  • asoc: Intel: Skylake: Always acquire runtime pm ref on unload (bsc#1005917).
  • asoc: Intel: sst: fix sst_memcpy32 wrong with non-4x bytes issue (bsc#1010690).
  • asoc: rt5640: add ASRC support (bsc#1010690).
  • asoc: rt5640: add internal clock source support (bsc#1010690).
  • asoc: rt5640: add master clock handling for rt5640 (bsc#1010690).
  • asoc: rt5640: add supplys for dac power (bsc#1010690).
  • asoc: rt5640: remove unused variable (bsc#1010690).
  • asoc: rt5640: Set PLL src according to source (bsc#1010690).
  • asoc: rt5645: add DAC1 soft volume func control (bsc#1010690).
  • asoc: rt5645: Add dmi_system_id "Google Setzer" (bsc#1010690).
  • asoc: rt5645: extend delay time for headphone pop noise (bsc#1010690).
  • asoc: rt5645: fix reg-2f default value (bsc#1010690).
  • asoc: rt5645: improve headphone pop when system resumes from S3 (bsc#1010690).
  • asoc: rt5645: improve IRQ reaction time for HS button (bsc#1010690).
  • asoc: rt5645: merge DMI tables of google projects (bsc#1010690).
  • asoc: rt5645: patch reg-0x8a (bsc#1010690).
  • asoc: rt5645: polling jd status in all conditions (bsc#1010690).
  • asoc: rt5645: Separate regmap for rt5645 and rt5650 (bsc#1010690).
  • asoc: rt5645: set RT5645_PRIV_INDEX as volatile (bsc#1010690).
  • asoc: rt5645: use polling to support HS button (bsc#1010690).
  • asoc: rt5645: Use the mod_delayed_work instead of the queue_delayed_work and cancel_delayed_work_sync (bsc#1010690).
  • asoc: rt5670: Add missing 10EC5072 ACPI ID (bsc#1010690).
  • asoc: rt5670: Enable Braswell platform workaround for Dell Wyse 3040 (bsc#1010690).
  • asoc: rt5670: fix HP Playback Volume control (bsc#1010690).
  • asoc: rt5670: patch reg-0x8a (bsc#1010690).
  • asoc: simple-card: do not fail if sysclk setting is not supported (bsc#1005917).
  • asoc: tegra_alc5632: check return value (bsc#1005917).
  • asoc: wm8960: Fix WM8960_SYSCLK_PLL mode (bsc#1005917).
  • autofs: fix multiple races (bsc#997639).
  • autofs: use dentry flags to block walks during expire (bsc#997639).
  • blacklist.conf: Add dup / unapplicable commits (bsc#1005545).
  • blacklist.conf: Add i915 stable commits that can be ignored (bsc#1015367)
  • blacklist.conf: add inapplicable / duped commits (bsc#1005917)
  • blacklist.conf: ignore commit bfe6c8a89e03 ("arm64: Fix NUMA build error when !CONFIG_ACPI")
  • blacklist.conf: Remove intel_pstate potential patch that SLE 12 SP2 The code layout upstream that motivated this patch is completely different to what is in SLE 12 SP2 as schedutil was not backported.
  • block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557).
  • bna: Add synchronization for tx ring (bsc#993739).
  • btrfs: allocate root item at snapshot ioctl time (bsc#1012452).
  • btrfs: better packing of btrfs_delayed_extent_op (bsc#1012452).
  • btrfs: Check metadata redundancy on balance (bsc#1012452).
  • btrfs: clean up an error code in btrfs_init_space_info() (bsc#1012452).
  • btrfs: cleanup, stop casting for extent_map->lookup everywhere (bsc#1012452).
  • btrfs: cleanup, use enum values for btrfs_path r