Security update for the Linux Kernel

Announcement ID:	SUSE-SU-2017:2956-1
Rating:	important
References:	bsc#1005917 bsc#1006180 bsc#1011913 bsc#1012382 bsc#1012829 bsc#1013887 bsc#1018419 bsc#1019151 bsc#1020645 bsc#1020657 bsc#1020685 bsc#1021424 bsc#1022476 bsc#1022743 bsc#1023175 bsc#1024405 bsc#1028173 bsc#1028286 bsc#1028819 bsc#1029693 bsc#1030552 bsc#1030850 bsc#1031515 bsc#1031717 bsc#1031784 bsc#1033587 bsc#1034048 bsc#1034075 bsc#1034762 bsc#1036303 bsc#1036632 bsc#1037344 bsc#1037404 bsc#1037994 bsc#1038078 bsc#1038583 bsc#1038616 bsc#1038792 bsc#1038846 bsc#1038847 bsc#1039354 bsc#1039915 bsc#1040307 bsc#1040351 bsc#1041958 bsc#1042286 bsc#1042314 bsc#1042422 bsc#1042778 bsc#1043652 bsc#1044112 bsc#1044636 bsc#1045154 bsc#1045563 bsc#1045922 bsc#1046682 bsc#1046821 bsc#1046985 bsc#1047027 bsc#1047048 bsc#1047096 bsc#1047118 bsc#1047121 bsc#1047152 bsc#1047277 bsc#1047343 bsc#1047354 bsc#1047487 bsc#1047651 bsc#1047653 bsc#1047670 bsc#1048155 bsc#1048221 bsc#1048317 bsc#1048891 bsc#1048893 bsc#1048914 bsc#1048934 bsc#1049226 bsc#1049483 bsc#1049486 bsc#1049580 bsc#1049603 bsc#1049645 bsc#1049882 bsc#1050061 bsc#1050188 bsc#1051022 bsc#1051059 bsc#1051239 bsc#1051399 bsc#1051478 bsc#1051479 bsc#1051556 bsc#1051663 bsc#1051790 bsc#1052049 bsc#1052223 bsc#1052311 bsc#1052365 bsc#1052533 bsc#1052580 bsc#1052709 bsc#1052773 bsc#1052794 bsc#1052888 bsc#1053117 bsc#1053802 bsc#1053915 bsc#1054084 bsc#1055013 bsc#1055096 bsc#1055359 bsc#1056261 bsc#1056588 bsc#1056827 bsc#1056982 bsc#1057015 bsc#1057389 bsc#1058038 bsc#1058116 bsc#1058507 bsc#963619 bsc#964063 bsc#964944 bsc#971975 bsc#974215 bsc#981309 bsc#988784 bsc#993890
Cross-References:	CVE-2017-1000111 CVE-2017-1000112 CVE-2017-1000251 CVE-2017-1000252 CVE-2017-1000365 CVE-2017-10810 CVE-2017-11472 CVE-2017-11473 CVE-2017-12134 CVE-2017-12154 CVE-2017-14051 CVE-2017-14106 CVE-2017-7518 CVE-2017-7533 CVE-2017-7541 CVE-2017-7542 CVE-2017-8831
CVSS scores:	CVE-2017-1000111 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000111 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000112 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000112 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000251 ( SUSE ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000251 ( NVD ): 8.0 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000251 ( NVD ): 8.8 CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000252 ( SUSE ): 4.7 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-1000252 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-1000365 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2017-1000365 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-1000365 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-10810 ( SUSE ): 5.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-10810 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-10810 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-11472 ( SUSE ): 2.9 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2017-11472 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2017-11473 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2017-11473 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-11473 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-12134 ( SUSE ): 8.1 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVE-2017-12134 ( NVD ): 8.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVE-2017-12154 ( SUSE ): 5.6 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2017-12154 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2017-14051 ( SUSE ): 6.4 CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2017-14051 ( NVD ): 4.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVE-2017-14106 ( SUSE ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-14106 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-7518 ( SUSE ): 5.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVE-2017-7518 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7533 ( SUSE ): 7.4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2017-7533 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7533 ( NVD ): 7.0 CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7541 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-7541 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7541 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2017-7542 ( SUSE ): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-7542 ( NVD ): 5.5 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2017-8831 ( SUSE ): 6.7 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2017-8831 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP2 SUSE Linux Enterprise Real Time 12 SP2 SUSE Linux Enterprise Server 12 SP2

An update that solves 17 vulnerabilities and has 113 security fixes can now be installed.

Description:

The SUSE Linux Enterprise 12 SP2 RT kernel was updated to 4.4.88 to receive various security and bugfixes.

The following security bugs were fixed:

CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation (bnc#1039354)
CVE-2017-1000112: Prevent race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bnc#1052311)
CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in remote code execution in kernel space (bnc#1057389)
CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588)
CVE-2017-8831: The saa7164_bus_get function allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability (bnc#1037994)
CVE-2017-1000252: Wrong gsi values via KVM_IRQFD allowed unprivileged users using KVM to cause DoS on Intel systems (bsc#1058038).
CVE-2017-1000111: Prevent in packet_set_ring on PACKET_RESERVE (bsc#1052365).
CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277).
CVE-2017-11472: The acpi_ns_terminate() function did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism via a crafted ACPI table (bnc#1049580).
CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function allowed local users to gain privileges via a crafted ACPI table (bnc#1049603).
CVE-2017-12134: The xen_biovec_phys_mergeable function might have allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790).
CVE-2017-12154: L2 guest could have accessed hardware(L0) CR8 register and crashed the host system (bsc#1058507).
CVE-2017-14106: The tcp_disconnect function allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982).
CVE-2017-7518: Faulty debug exception via syscall emulation allowed non-linux guests to escalate their privileges in the guest (bsc#1045922).
CVE-2017-7533: Race condition in the fsnotify implementation allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bsc#1049483).
CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bsc#1049645).
CVE-2017-7542: The ip6_find_1stfragopt function allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882).

The following non-security bugs were fixed:

ACPI / processor: Avoid reserving IO regions too early (bsc#1051478).
ACPI / scan: Prefer devices without _HID for _ADR matching.
ALSA: fm801: Initialize chip after IRQ handler is registered (bsc#1031717).
ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657).
ALSA: hda - Fix endless loop of codec configure (bsc#1031717).
ALSA: hda - Implement mic-mute LED mode enum (bsc#1055013).
ALSA: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717).
ALSA: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405).
ALSA: ice1712: Add support for STAudio ADCIII (bsc#1048934).
ALSA: usb-audio: Apply sample rate q