SB2017051904 - SUSE Linux update for Linux kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017051904

SB2017051904 - SUSE Linux update for Linux kernel

Published: May 19, 2017 Updated: December 8, 2025

Security Bulletin ID SB2017051904
Severity
Low
Patch available
YES
Number of vulnerabilities 28
Exploitation vector Remote access
Highest impact Denial of service

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 28 secuirty vulnerabilities.


1) Denial of service (CVE-ID: CVE-2015-1350)

The vulnerability allows a local attacker to cause DoS conditions on the target system.

The weakness exists due to underspecified removing of extended privilege attributes caused by incomplete set of requirements for setattr operations. A local can invoke chown or system call, trigger an error in notify_change for filesystem xattrs and cause the ping or Wireshark dumpcap program to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Information disclosure (CVE-ID: CVE-2016-2117)

The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error when checking scatter/gather IO by the atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c. A remote attacker can send a specially crafted packet and view arbitrary files from from kernel memory.

Successful exploitation of the vulnerability results in information disclosure.

3) NULL pointer dereference (CVE-ID: CVE-2016-3070)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the trace_writeback_dirty_page implementation in include/trace/events/writeback.h. A local user can perform a denial of service (DoS) attack.


4) Use-after-free error (CVE-ID: CVE-2017-2584)

The vulnerability allows a local attacker to cause DoS condition or obtain potentially sensitive information.

The weakness exists due to use-after-free error in the arch/x86/kvm/emulate.c script. A local attacker  can use a specially crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt and cause the system to crash or read arbitrary file on the system.

Successful exploitation of the vulnerability results in denial of service.

5) Out-of-bounds read (CVE-ID: CVE-2017-5897)

The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information.

The vulnerability exists due to boundary error when processing GRE packets in ip6gre_err() function in net/ipv6/ip6_gre.c. A remote attacker can send specially crafted GRE packets to IPv6 interface, trigger out-of-bounds read and obtain memory contents or cause denial of service.

Successful exploitation of the vulnerability may allow an attacker to gain access to potentially sensitive information, stored in RAM, such as passwords, encryption keys, etc.



6) Assertion failure (CVE-ID: CVE-2017-5986)

The vulnerability allows a local user to cause kernel panic.

The vulnerability exists due to a race condition in the sctp_wait_for_sndbuf() function in net/sctp/socket.c in the Linux kernel before 4.9.11. A local user can use userspace application to trigger a BUG_ON() system call if the socket tx buffer is full and cause kernel panic.

Successful exploitation of this vulnerability may result in denial of service condition.



7) Resource management error (CVE-ID: CVE-2017-6074)

The vulnerability allows a local user to cause kernel panic.

The vulnerability exists due to invalid free in the dccp_rcv_state_process() function in net/dccp/input.c file in the Linux kernel through 4.9.11 when processing DCCP_PKT_REQUEST packet data structures in the LISTEN state. A local user can use userspace application to make an IPV6_RECVPKTINFO setsockopt system call and cause kernel panic.

Successful exploitation of this vulnerability may result in denial of service condition.



8) Heap-out-of-bounds write (CVE-ID: CVE-2017-7308)

The vulnerability allows a local attacker to cause DoS conditions.

The weakness exists due to improper validation of certain block-size data by the packet_set_ring function in net/packet/af_packet.c. A local attacker can provide specific parameters to the PACKET_RX_RING option on an AF_PACKET socket with a TPACKET_V3 ring buffer version enabled, trigger heap-out-of-bounds write and cause denial of service.

Successful exploitation of the vulnerability results in denial of service.


9) Information disclosure (CVE-ID: CVE-2017-7616)

The vulnerability allows a local attacker to obtain potentially sensitive information from system memory

The weakness exists due to an error handling flaw in the set_mempolicy() and mbind compat() system calls in 'mm/mempolicy.c'. A local attacker can trigger a failure of a certain bitmap operation and obtain sensitive information from uninitialized stack data.

Successful exploitation of the vulnerability results in information disclosure.

10) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-10044)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper privilege management within the aio_mount() function in fs/aio.c. A local user can bypass SELinux W^X policy restrictions and execute arbitrary code with elevated privileges.


11) Race condition (CVE-ID: CVE-2016-10200)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.


12) Out-of-bounds read (CVE-ID: CVE-2016-10208)

The vulnerability allows a local attacker to cause DoS condition on the target systsem.

The weakness exists due to memory corruption when validating meta block groups by the ext4_fill_super function. A local attacker can use a specially crafted EXT4 image to trigger an out-of-bounds read and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

13) CVE-2016-5243 (CVE-ID: CVE-2016-5243)


14) CVE-2016-7117 (CVE-ID: CVE-2016-7117)


15) CVE-2016-9588 (CVE-ID: CVE-2016-9588)


16) CVE-2017-2647 (CVE-ID: CVE-2017-2647)


17) CVE-2017-2671 (CVE-ID: CVE-2017-2671)


18) Security restrictions bypass (CVE-ID: CVE-2017-5669)

The vulnerability allows a local attacker to bypass security restriction on the target system.

The weakness exists in the do_shmat function in ipc/shm.c due to improper restriction of the address calculated by a certain rounding operation. A local attacker can map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.

19) Infinite loop (CVE-ID: CVE-2017-6214)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to an error in tcp_splice_read() function in net/ipv4/tcp.c in Linux kernel before 4.9.11. A remote attacker can send a specially crafted TCP packet with the URG flag and trigger infinite loop.

Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack.

20) CVE-2017-6345 (CVE-ID: CVE-2017-6345)


21) Use-after-free error (CVE-ID: CVE-2017-6346)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to race condition in net/packet/af_packet.c. A local attacker can use a multithreaded application, make PACKET_FANOUT setsockopt system calls, trigger use-after-free error and cause the system to crash.

22) CVE-2017-6348 (CVE-ID: CVE-2017-6348)


23) CVE-2017-6353 (CVE-ID: CVE-2017-6353)


24) CVE-2017-7187 (CVE-ID: CVE-2017-7187)


25) CVE-2017-7261 (CVE-ID: CVE-2017-7261)


26) Memory corruption (CVE-ID: CVE-2017-7294)

The vulnerability allows a local attacker to cause DoS condition or gain elevated privileges on the target system.

The weakness exists in the vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c due to missing validation of addition of certain levels data. A local attacker can trigger integer overflow and out-of-bounds write, cause the service to crash or possibly gain root privileges via a crafted ioctl call for a /dev/dri/renderD* device.

27) Denial of service (CVE-ID: CVE-2017-7645)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in the NFSv2/NFSv3 server in the nfsd subsystem. A remote attacker can use a long RPC reply related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

28) CVE-2017-8106 (CVE-ID: CVE-2017-8106)


Remediation

Install update from vendor's website.

References