SB2017101720 - OpenSUSE Linux update for the Linux Kernel

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Assertion failure (CVE-ID: CVE-2017-1000252)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.

2) NULL pointer dereference (CVE-ID: CVE-2017-12153)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.

3) Improper privilege management (CVE-ID: CVE-2017-12154)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.

4) Denial of service (CVE-ID: CVE-2017-14489)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the drivers/scsi/scsi_transport_iscsi.c due to leveraging incorrect length validation. A local attacker can cause a denial of service.

Remediation

Install update from vendor's website.

References

• https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00019.html