SB2017120408 - SUSE Linux update for the Linux Kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017120408

SB2017120408 - SUSE Linux update for the Linux Kernel

Published: December 4, 2017

Security Bulletin ID SB2017120408
Severity
High
Patch available
YES
Number of vulnerabilities 14
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 7% Low 93%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 14 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2014-0038)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users to gain privileges via a recvmmsg system call with a crafted timeout pointer parameter.


2) Race condition (CVE-ID: CVE-2017-1000405)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within touch_pmd() function in mmhugemem.c file when handling THPs. A local user can read read-only huge pages using the get_user_pages() function and overwrite arbitrary huge pages and files mapped via THP.

Successful exploitation of the vulnerability may allow an attacker to perform a denial of service (DoS) attack.

This vulnerability is a result of patch against a another privilege escalation vulnerability in Linux kernel known as Dirty Cow (CVE-2016-5195).


3) NULL pointer derefenrece (CVE-ID: CVE-2017-12193)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists in the assoc_array implementation in which a new leaf is added that needs to go into a node that happens to be full. A local user can trigger NULL pointer dereference error and crash the kernel.

4) NULL pointer dereference (CVE-ID: CVE-2017-15102)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to a race condition and a NULL pointer dereference within tower_probe() function in drivers/usb/misc/legousbtower.c in Linux kernel before  4.8.1. A local user with physical access to the computer and ability to insert USB flash drive can execute arbitrary code with escalated privileges. The USB device would have to delay the control message in tower_probe and accept the control urb in tower_open whilst guest code initiated a write to the device file as tower_delete is called from the error in tower_probe.

According to vendor this security issue exists since 2003.

5) Use-after-free error (CVE-ID: CVE-2017-16525)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error in usb_serial_console_disconnect function in drivers/usb/serial/console.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

6) Use-after-free error (CVE-ID: CVE-2017-16527)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to use-after-free error in sound/usb/mixer.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

7) Out-of-bounds read (CVE-ID: CVE-2017-16529)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the snd_usb_create_streams function in sound/usb/card.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

8) Out-of-bounds read (CVE-ID: CVE-2017-16531)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the drivers/usb/core/config.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

9) Out-of-bounds read (CVE-ID: CVE-2017-16535)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to out-of-bounds read in the usb_get_bos_descriptor function in drivers/usb/core/config.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

10) Null pointer dereference (CVE-ID: CVE-2017-16536)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in the cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

11) Null pointer dereference (CVE-ID: CVE-2017-16537)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in the imon_probe function in drivers/media/rc/imon.c. A local attacker can use a specially crafted USB device and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

12) Divide by zero (CVE-ID: CVE-2017-16649)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger divide-by-zero error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

13) Divide by zero (CVE-ID: CVE-2017-16650)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger divide-by-zero error and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

14) Use-after-free error (CVE-ID: CVE-2017-16939)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel due to use-after-free error. A local attacker can make a specially crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages, trigger memory corruption and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Remediation

Install update from vendor's website.

References