SUSE Linux update for the Linux Kernel

1) Key management errors

EUVDB-ID: #VU8840

Risk: Medium

CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]

CVE-ID: CVE-2017-13080

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

The vulnerability is dubbed "KRACK" attack.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 3.18 - 4.13.13

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.13.13:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:4.9.62:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.18.72:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00063.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Privilege escalation

EUVDB-ID: #VU11119

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-15649

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in net/packet/af_packet.c due to race condition (involving fanout_add and packet_do_bind. A local attacker can supply specially crafted system calls, trigger mishandling of packet_fanout data structures, trigger use-after-free error and gain root privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 4.13 - 4.13.5

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.13.5:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00063.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Use-after-free error

EUVDB-ID: #VU6653

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-6346

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to race condition in net/packet/af_packet.c. A local attacker can use a multithreaded application, make PACKET_FANOUT setsockopt system calls, trigger use-after-free error and cause the system to crash.

Mitigation

Update the affected packages.

Vulnerable software versions

Linux kernel: 3.4.9 - 4.9.12

CPE2.3

• cpe:2.3:o:linux_foundation:linux_kernel:4.9.12:*:*:*:*:*:*:*
• cpe:2.3:o:linux_foundation:linux_kernel:3.4.9:*:*:*:*:*:*:*

External links

http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00063.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.