SB2017122211 - SUSE Linux update for the Linux Kernel
Published: December 22, 2017 Updated: December 26, 2017
Security Bulletin ID
SB2017122211
Severity
Low
Patch available
YES
Number of vulnerabilities
15
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 15 secuirty vulnerabilities.
1) Information disclosure (CVE-ID: CVE-2017-1000410)
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.The weakness exists due to a flaw when processing the incoming of L2CAP commands, ConfigRequest and ConfigResponse messages. A remote attacker can manipulate the code flows that precede the handling of the configuration messages and read important data.
2) NULL pointer derefenrece (CVE-ID: CVE-2017-12193)
The vulnerability allows a local user to perform a denial of service (DoS) attack.The vulnerability exists in the assoc_array implementation in which a new leaf is added that needs to go into a node that happens to be full. A local user can trigger NULL pointer dereference error and crash the kernel.
3) Use-after-free error (CVE-ID: CVE-2017-15115)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to the sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel does not check whether the intended netns is used in a peel-off action. A local attacker can make specially crafted system calls, trigger use-after-free error and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
4) Use-after-free (CVE-ID: CVE-2017-15265)
The vulnerability allows a local attacker to gain elevated privileges on the target system.
The vulnerability exists due to use-after-free error in the ALSA sequencer interface (/dev/snd/seq). A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
5) Use-after-free error (CVE-ID: CVE-2017-16528)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to use-after-free error in the sound/core/seq_device.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
6) Null pointer dereference (CVE-ID: CVE-2017-16536)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to NULL pointer dereference in the cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
7) Null pointer dereference (CVE-ID: CVE-2017-16537)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to NULL pointer dereference in the imon_probe function in drivers/media/rc/imon.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
8) Out-of-bounds read (CVE-ID: CVE-2017-16645)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to an error in the ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger ims_pcu_parse_cdc_data out-of-bounds read and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
9) Denial of service (CVE-ID: CVE-2017-16646)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to an error in drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel. A local attacker can supply a specially crafted USB device, trigger a BUG and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
10) Information disclosure (CVE-ID: CVE-2017-16994)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to the walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel mishandles holes in hugetlb ranges. A local attacker can make specially crafted mincore() system call and obtain sensitive information from uninitialized kernel memory.
11) Security restrictions bypass (CVE-ID: CVE-2017-17448)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists due to net/netfilter/nfnetlink_cthelper.c in the Linux kernel does not require the CAP_NET_ADMIN capability for new, get, and del operations. A local attacker can bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.
12) Information disclosure (CVE-ID: CVE-2017-17449)
The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.The weakness exists due to the __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace. A local attacker can leverage the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system and read arbitrary files.
13) Security restrictions bypass (CVE-ID: CVE-2017-17450)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists due to net/netfilter/xt_osf.c in the Linux kernel through does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. A local attacker can bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
14) Privilege escalation (CVE-ID: CVE-2017-7482)
The vulnerability allows a local attacker to gain elevated privileges on the target system.The weakness exists due to buffer overflow. A local attacker can load a specially crafted Kerberos 5 ticket into a RxRPC key, trigger memory corruption and execute arbitrary code with root privileges.
Successful exploitation of the vulnerability may result in system compromise.
15) Use-after-free error (CVE-ID: CVE-2017-8824)
The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.The weakness exists due to an error in the dccp_disconnect function in net/dccp/proto.c in the Linux kernel. A local attacker can make specially crafted AF_UNSPEC connect system call during the DCCP_LISTEN state, trigger use-after-free error and gain root privileges or cause the system to crash.
Remediation
Install update from vendor's website.