SUSE Linux update for the Linux Kernel

Published: 2017-12-14

Risk	Low
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2017-15649 CVE-2017-16939
CWE-ID	CWE-362 CWE-416
Exploitation vector	Local
Public exploit	Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available.
Vulnerable software	SUSE Linux Operating systems & Components / Operating system
Vendor	SUSE

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Privilege escalation

EUVDB-ID: #VU11119

Risk: Low

CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2017-15649

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: Yes

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists in net/packet/af_packet.c due to race condition (involving fanout_add and packet_do_bind. A local attacker can supply specially crafted system calls, trigger mishandling of packet_fanout data structures, trigger use-after-free error and gain root privileges.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 12

CPE2.3

cpe:2.3:o:suse:suse_linux:12:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00052.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

2) Use-after-free error

EUVDB-ID: #VU9601

Risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2017-16939

CWE-ID: CWE-416 - Use After Free

Exploit availability: Yes

Description

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel due to use-after-free error. A local attacker can make a specially crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages, trigger memory corruption and cause the service to crash.

Successful exploitation of the vulnerability results in denial of service.

Mitigation

Update the affected packages.

Vulnerable software versions

SUSE Linux: 12

CPE2.3

cpe:2.3:o:suse:suse_linux:12:*:*:*:*:*:*:*

External links

https://lists.opensuse.org/opensuse-security-announce/2017-12/msg00052.html

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.