SUSE Linux update for Linux Kernel Live Patch 9 for SLE 12 SP2



Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2017-7533
CVE-2017-7645
CVE-2017-8797
CVE-2017-8890
CVE-2017-9077
CVE-2017-9242
CWE-ID CWE-362
CWE-20
CWE-415
Exploitation vector Network
Public exploit Vulnerability #1 is being exploited in the wild.
Vulnerable software
Subscribe
Linux kernel
Operating systems & Components / Operating system

Vendor Linux Foundation

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Race condition

EUVDB-ID: #VU7694

Risk: Medium

CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2017-7533

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: Yes

Description

The vulnerability allows a local user to execute arbitrary code with escalated privileges.

The vulnerability exists due to a race condition in the fsnotify implementation in the Linux kernel through 4.12.4. A local user can create an application, which leverages simultaneous execution of the inotify_handle_event and vfs_rename functions and trigger memory corruption and denials of service attack or execute arbitrary code on the target system with root privileges.

Successful exploitation of this vulnerability may allow a local user to obtain elevated privileges on the system.

Note: this vulnerability is being active exploited in the wild for 32-bit systems in August 2017.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.12.1 - 4.12.4

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00012.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

2) Denial of service

EUVDB-ID: #VU6659

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-7645

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in the NFSv2/NFSv3 server in the nfsd subsystem. A remote attacker can use a long RPC reply related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.0.1 - 4.10.11

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00012.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Denial of service

EUVDB-ID: #VU7213

Risk: Medium

CVSSv3.1: 7.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-8797

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists in the Linux kernel NFSv4 Server due to insufficient validation of user-supplied input. A remote attacker on a system within the target mount's host address mask rang can send a specially crafted NFSv4 pNFS LAYOUTGET command via UDP, trigger an array deference error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.4.1 - 4.11.5

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00012.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Double free error

EUVDB-ID: #VU7244

Risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-8890

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service attack.

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.10.0 - 4.10.15

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00012.html


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Denial of service

EUVDB-ID: #VU7248

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9077

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c. A local attacker can use specially crafted system calls to cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.0.1 - 4.11.1

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00012.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Denial of service

EUVDB-ID: #VU7250

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-9242

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the __ip6_append_data function when checking whether an overwrite of an skb data structure may occur. A local attacker can use specially crafted system calls and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.0.1 - 4.11.2

CPE2.3 External links

http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00012.html


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###