SUSE Linux update for the Linux Kernel
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 14 |
| CVE-ID | CVE-2017-1000410 CVE-2017-12193 CVE-2017-15115 CVE-2017-16528 CVE-2017-16536 CVE-2017-16537 CVE-2017-16645 CVE-2017-16646 CVE-2017-16994 CVE-2017-17448 CVE-2017-17449 CVE-2017-17450 CVE-2017-7482 CVE-2017-8824 |
| CWE-ID | CWE-200 CWE-476 CWE-416 CWE-125 CWE-20 CWE-264 CWE-120 |
| Exploitation vector | Network |
| Public exploit | Public exploit code for vulnerability #14 is available. |
| Vulnerable software |
SUSE Linux Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 14 vulnerabilities.
1) Information disclosure
EUVDB-ID: #VU9774
Risk: Low
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-1000410
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.
The weakness exists due to a flaw when processing the incoming of L2CAP commands, ConfigRequest and ConfigResponse messages. A remote attacker can manipulate the code flows that precede the handling of the configuration messages and read important data.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) NULL pointer derefenrece
EUVDB-ID: #VU9082
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-12193
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists in the assoc_array implementation in which a new leaf is added that needs to go into a node that happens to be full. A local user can trigger NULL pointer dereference error and crash the kernel.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Use-after-free error
EUVDB-ID: #VU9764
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-15115
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to the sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel does not check whether the intended netns is used in a peel-off action. A local attacker can make specially crafted system calls, trigger use-after-free error and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Use-after-free error
EUVDB-ID: #VU9154
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-16528
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to use-after-free error in the sound/core/seq_device.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Null pointer dereference
EUVDB-ID: #VU9162
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-16536
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to NULL pointer dereference in the cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Null pointer dereference
EUVDB-ID: #VU9163
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-16537
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to NULL pointer dereference in the imon_probe function in drivers/media/rc/imon.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds read
EUVDB-ID: #VU9761
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-16645
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an error in the ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger ims_pcu_parse_cdc_data out-of-bounds read and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Denial of service
EUVDB-ID: #VU9760
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-16646
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to cause DoS condition on the target system.
The weakness exists due to an error in drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger a BUG and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Information disclosure
EUVDB-ID: #VU9765
Risk: Low
CVSSv4.0: 4.3 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-16994
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel mishandles holes in hugetlb ranges. A local attacker can make specially crafted mincore() system call and obtain sensitive information from uninitialized kernel memory.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Security restrictions bypass
EUVDB-ID: #VU9768
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-17448
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to net/netfilter/nfnetlink_cthelper.c in the Linux kernel does not require the CAP_NET_ADMIN capability for new, get, and del operations. A local attacker can bypass intended access
restrictions because the nfnl_cthelper_list data structure is shared
across all net namespaces.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Information disclosure
EUVDB-ID: #VU9769
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-17449
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to obtain potentially sensitive information on the target system.
The weakness exists due to the __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace. A local attacker can leverage the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink
activity on the system and read arbitrary files.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Security restrictions bypass
EUVDB-ID: #VU9770
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-17450
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to bypass security restrictions on the target system.
The weakness exists due to net/netfilter/xt_osf.c in the Linux kernel through does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. A local attacker can bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Privilege escalation
EUVDB-ID: #VU7208
Risk: Low
CVSSv4.0: 5.9 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2017-7482
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain elevated privileges on the target system.
The weakness exists due to buffer overflow. A local attacker can load a specially crafted Kerberos 5 ticket into a RxRPC key, trigger memory corruption and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use-after-free error
EUVDB-ID: #VU9767
Risk: Low
CVSSv4.0: 7.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]
CVE-ID: CVE-2017-8824
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.
The weakness exists due to an error in the dccp_disconnect function in net/dccp/proto.c in the Linux kernel. A local attacker can make specially crafted AF_UNSPEC connect system call during the DCCP_LISTEN state, trigger use-after-free error and gain root privileges or cause the system to crash.
Install update from vendor's website.
Vulnerable software versionsSUSE Linux: 12
CPE2.3 External linkshttps://lists.opensuse.org/opensuse-security-announce/2017-12/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
