SUSE Linux update for the Linux Kernel
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2017-1000253 CVE-2017-13080 CVE-2017-14489 CVE-2017-15265 CVE-2017-15274 CVE-2017-12192 |
| CWE-ID | CWE-119 CWE-320 CWE-20 CWE-416 CWE-476 |
| Exploitation vector | Local network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Public exploit code for vulnerability #2 is available. Public exploit code for vulnerability #3 is available. |
| Vulnerable software |
Linux kernel Operating systems & Components / Operating system |
| Vendor | Linux Foundation |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Memory corruption
EUVDB-ID: #VU8638
Risk: Low
CVSSv4.0: 8.5 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Clear]
CVE-ID: CVE-2017-1000253
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: Yes
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to an error when loading of Executable and Linkable Format (ELF) executables. A local user can create a specially crafted ELF binary, trigger memory corruption and execute arbitrary code on the vulnerable system with root privileges.
Update the affected packages.
Linux kernel: 3.6 - 3.10.107
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:3.6.11:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.7.10:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.8.13:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.9.11:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:3.10.107:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2017-11/msg00082.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Key management errors
EUVDB-ID: #VU8840
Risk: Medium
CVSSv4.0: 7.4 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2017-13080
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
The vulnerability is dubbed "KRACK" attack.
Update the affected packages.
Linux kernel: 3.18 - 4.13.13
CPE2.3- cpe:2.3:o:linux_foundation:linux_kernel:3.18.72:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.9.62:*:*:*:*:*:*:*
- cpe:2.3:o:linux_foundation:linux_kernel:4.13.13:*:*:*:*:*:*:*
https://lists.opensuse.org/opensuse-security-announce/2017-11/msg00082.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
3) Denial of service
EUVDB-ID: #VU10720
Risk: Low
CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-14489
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the drivers/scsi/scsi_transport_iscsi.c due to leveraging incorrect length validation. A local attacker can cause a denial of service.
Update the affected packages.
Linux kernel: 4.13.1 - 4.13.2
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-11/msg00082.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
4) Use-after-free
EUVDB-ID: #VU8816
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15265
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to use-after-free error in the ALSA sequencer interface (/dev/snd/seq). A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Update the affected packages.
Linux kernel: 4.10 - 4.13.6
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-11/msg00082.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) NULL pointer dereference
EUVDB-ID: #VU10721
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15274
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in he security/keys/keyctl.c due to a NULL pointer dereference. A local attacker can create a specially crafted add_key or keyctl system call and cause a denial of service.
Update the affected packages.
Linux kernel: 4.11.1 - 4.11.4
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-11/msg00082.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) NULL pointer dereference
EUVDB-ID: #VU10711
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12192
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists in the Key Management sub component of the Linux kernel when trying to issue a KEYTCL_READ on a negative key due to a NULL pointer dereference. A local attacker can cause the kernel and service to crash.
Update the affected packages.
Linux kernel: 4.13.1 - 4.13.4
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-11/msg00082.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
