Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2017:1786-1
Rating:	important
References:	bsc#1006180 bsc#1011913 bsc#1012382 bsc#1012829 bsc#1013887 bsc#1019151 bsc#1020645 bsc#1020657 bsc#1021424 bsc#1022476 bsc#1022743 bsc#1022967 bsc#1023175 bsc#1024405 bsc#1028173 bsc#1028286 bsc#1029693 bsc#1030552 bsc#1030850 bsc#1031515 bsc#1031717 bsc#1031784 bsc#1033587 bsc#1034048 bsc#1034075 bsc#1034762 bsc#1036303 bsc#1036632 bsc#1037344 bsc#1037404 bsc#1037994 bsc#1038078 bsc#1038583 bsc#1038616 bsc#1038792 bsc#1039915 bsc#1040307 bsc#1040351 bsc#1041958 bsc#1042286 bsc#1042314 bsc#1042422 bsc#1042778 bsc#1043652 bsc#1044112 bsc#1044636 bsc#1045154 bsc#1045563 bsc#1045922 bsc#1046682 bsc#1046821 bsc#1046985 bsc#1047027 bsc#1047048 bsc#1047096 bsc#1047118 bsc#1047121 bsc#1047152 bsc#1047277 bsc#1047343 bsc#1047354 bsc#1047487 bsc#1047651 bsc#1047653 bsc#1047670 bsc#1048155 bsc#1048221 bsc#1048317 bsc#1048891 bsc#1048893 bsc#1048914 bsc#1048934 bsc#1049226 bsc#1049483 bsc#1049486 bsc#1049580 bsc#1049603 bsc#1049645 bsc#1049882 bsc#1050061 bsc#1050188 bsc#1051022 bsc#1051059 bsc#1051239 bsc#1051399 bsc#1051478 bsc#1051479 bsc#1051556 bsc#1051663 bsc#1051790 bsc#1052049 bsc#1052223 bsc#1052533 bsc#1052580 bsc#1052593 bsc#1052709 bsc#1052773 bsc#1052794 bsc#1052888 bsc#1053117 bsc#1053802 bsc#1053915 bsc#1053919 bsc#1054084 bsc#1055013 bsc#1055096 bsc#1055359 bsc#1055493 bsc#1055755 bsc#1055896 bsc#1056261 bsc#1056588 bsc#1056827 bsc#1056982 bsc#1057015 bsc#1058038 bsc#1058116 bsc#1058410 bsc#1058507 bsc#1059051 bsc#1059465 bsc#1060197 bsc#1061017 bsc#1061046 bsc#1061064 bsc#1061067 bsc#1061172 bsc#1061831 bsc#1061872 bsc#1063667 bsc#1064206 bsc#1064388 bsc#964063 bsc#971975 bsc#974215 bsc#981309
Cross-References:	CVE-2017-1000252 CVE-2017-10810 CVE-2017-11472 CVE-2017-11473 CVE-2017-12134 CVE-2017-12153 CVE-2017-12154 CVE-2017-13080 CVE-2017-14051 CVE-2017-14106 CVE-2017-14489 CVE-2017-15649 CVE-2017-7518 CVE-2017-7541 CVE-2017-7542 CVE-2017-8831
CVSS scores:	CVE-2017-1000252 ( SUSE ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-1000252 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-10810 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-10810 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-10810 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11472 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-11472 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2017-11473 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2017-11473 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-11473 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-12134 ( SUSE ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2017-12134 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2017-12153 ( SUSE ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2017-12153 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2017-12154 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2017-12154 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2017-13080 ( SUSE ): 8.1 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2017-13080 ( NVD ): 5.3 CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2017-14051 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2017-14051 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2017-14106 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-14106 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-14489 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-14489 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-15649 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-15649 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7518 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2017-7518 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7541 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-7541 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7541 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7542 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-7542 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-8831 ( SUSE ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2017-8831 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	Magnum Orchestration 7 SUSE Container as a Service Platform 1.0 SUSE Container as a Service Platform 2.0 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise High Availability Extension 12 SP2 SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP1 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2 SUSE Linux Enterprise Software Bootstrap Kit 12 12-SP2 SUSE Linux Enterprise Software Development Kit 12 12-SP2 SUSE Linux Enterprise Workstation Extension 12 SP2

An update that solves 16 vulnerabilities and has 120 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).
CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277).
CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580).
CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).
CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 bnc#1053919).
CVE-2017-12153: A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel This function did not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash (bnc#1058410).
CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain read and write access to the hardware CR8 register (bnc#1058507).
CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed reinstallation of the Group Temporal Key (GTK) during the group key handshake, allowing an attacker within radio range to replay frames from access points to clients (bnc#1063667).
CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588).
CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).
CVE-2017-14489: The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local users to cause a denial of service (panic) by leveraging incorrect length validation (bnc#1059051).
CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346 (bnc#1064388).
CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug exception(#DB) error. It could occur while emulating a syscall instruction and potentially lead to guest privilege escalation. (bsc#1045922).
CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645).
CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882).
CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).

The following non-security bugs were fixed:

acpi / processor: Avoid reserving IO regions too early (bsc#1051478).
acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).
af_key: Add lock to key dump (bsc#1047653).
af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).
alsa: fm801: Initialize chip after IRQ handler is registered (bsc#1031717).
alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657).
alsa: hda - Fix endless loop of codec configure (bsc#1031717).
alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).
alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405).
alsa: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717).
alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).
alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580).
arc: Re-enable MMU upon Machine Check exception (bnc#1012382).
arm64: fault: Route pte translation faults via do_translation_fault (bnc#1012382).
arm64: Make sure SPsel is always set (bnc#1012382).
arm: pxa: add the number of DMA requestor lines (bnc#1012382).
arm: pxa: fix the number of DMA requestor lines (bnc#1012382).
b43: Add missing MODULE_FIRMWARE() (bsc#1037344).
bcache: correct cache_dirty_target in __update_writeback_rate() (bnc#1012382).
bcache: Correct return value for sysfs attach errors (bnc#1012382).
bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).
bcache: fix bch_hprint crash and improve output (bnc#1012382).
bcache: fix