OpenSUSE Linux update for the Linux Kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 4 |
| CVE-ID | CVE-2017-1000252 CVE-2017-12153 CVE-2017-12154 CVE-2017-14489 |
| CWE-ID | CWE-617 CWE-476 CWE-264 CWE-20 |
| Exploitation vector | Local network |
| Public exploit | Public exploit code for vulnerability #4 is available. |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
1) Assertion failure
EUVDB-ID: #VU8695
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-1000252
CWE-ID:
CWE-617 - Reachable Assertion
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS
users to cause a denial of service (assertion failure, and hypervisor
hang or crash) via an out-of bounds guest_irq value, related to
arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.
Update the affected packages.
Linux kernel: 4.4 - 4.13.3
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4.89:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.54:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.13.3:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00018.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer dereference
EUVDB-ID: #VU8694
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12153
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
A security flaw was discovered in the nl80211_set_rekey_data() function
in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This
function does not check whether the required attributes are present in
a Netlink request. This request can be issued by a user with the
CAP_NET_ADMIN capability and may result in a NULL pointer dereference
and system crash.
Update the affected packages.
Linux kernel: 4.4 - 4.13.4
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4.89:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.52:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.13.4:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00018.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Improper privilege management
EUVDB-ID: #VU8696
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12154
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel
through 4.13.3 does not ensure that the "CR8-load exiting" and
"CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits
the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users
to obtain read and write access to the hardware CR8 register.
Update the affected packages.
Linux kernel: 4.4 - 4.13.3
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:4.4.89:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.54:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.13.3:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2017-10/msg00018.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Denial of service
EUVDB-ID: #VU10720
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-14489
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the drivers/scsi/scsi_transport_iscsi.c due to leveraging incorrect length validation. A local attacker can cause a denial of service.
Update the affected packages.
Linux kernel: 4.13.1 - 4.13.2
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-10/msg00018.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
