SB2018010438 - SUSE Linux update for the Linux Kernel
Published: January 4, 2018
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 17 secuirty vulnerabilities.
1) Out-of-bounds read (CVE-ID: CVE-2017-11600)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in net/xfrm/xfrm_policy.c due to it does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less when CONFIG_XFRM_MIGRATE is enabled. A local attacker can submit a specially crafted XFRM_MSG_MIGRATE xfrm Netlink message and cause the service to crash.
2) Input validation error (CVE-ID: CVE-2017-13167)
The vulnerability allows a local authenticated user to execute arbitrary code.
An elevation of privilege vulnerability in the kernel sound timer. Product: Android. Versions: Android kernel. Android ID A-37240993.
3) Divide by zero (CVE-ID: CVE-2017-14106)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to divide-by-zero error in the tcp_disconnect() function in net/ipv4/tcp.c. A local attacker can trigger a disconnect within a certain tcp_recvmsg code path and cause kernel panic.
Successful exploitation of the vulnerability results in denial of service.
4) Use-after-free error (CVE-ID: CVE-2017-15115)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to the sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel does not check whether the intended netns is used in a peel-off action. A local attacker can make specially crafted system calls, trigger use-after-free error and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
5) Privilege escalation (CVE-ID: CVE-2017-15868)
The vulnerability allows a local user to elevate privileges on the system.The vulnerability exists due to abet check of l2cap socket availability in the bnep_add_connection() function in net/bluetooth/bnep/core.c. A local user can execute arbitrary code with elevated privileges.
6) Out-of-bounds read (CVE-ID: CVE-2017-16534)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds read in the cdc_parse_cdc_header function in drivers/usb/core/message.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
7) Denial of service (CVE-ID: CVE-2017-16538)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to an error in the drivers/media/usb/dvb-usb-v2/lmedm04.c. A local attacker can use a specially crafted USB device and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
8) Use-after-free error (CVE-ID: CVE-2017-16939)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists in the XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel due to use-after-free error. A local attacker can make a specially crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages, trigger memory corruption and cause the service to crash.
Successful exploitation of the vulnerability results in denial of service.
9) Security restrictions bypass (CVE-ID: CVE-2017-17450)
The vulnerability allows a local attacker to bypass security restrictions on the target system.The weakness exists due to net/netfilter/xt_osf.c in the Linux kernel through does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations. A local attacker can bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
10) Out-of-bounds write (CVE-ID: CVE-2017-17558)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to the usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel does not consider the maximum number of configurations and interfaces before attempting to release resources. A local attacker can supply specially crafted USB device, trigger out-of-bounds write access and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
11) Improper input validation (CVE-ID: CVE-2017-17805)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to the Salsa20 encryption algorithm in the Linux kernel does not correctly handle zero-length inputs. A local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) can trigger uninitialized-memory free and cause the kernel to crash or execute a specially crafted sequence of system calls that use the blkcipher_walk API.
Successful exploitation of the vulnerability results in denial of service.
12) Stack-based buffer overflow (CVE-ID: CVE-2017-17806)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to the HMAC implementation (crypto/hmac.c) in the Linux kernel does not validate that the underlying cryptographic hash algorithm is unkeyed. A local attacker able to use the AF_ALG-based hash interface (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash algorithm (CONFIG_CRYPTO_SHA3) can execute a specially crafted sequence of system calls that encounter a missing SHA-3 initialization, trigger kernel stack buffer overflow and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
13) Information disclosure (CVE-ID: CVE-2017-5715)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can utilize branch target injection, execute arbitrary code, perform a side-channel attack and read sensitive memory information.
14) Information disclosure (CVE-ID: CVE-2017-5753)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to improper implementation of the speculative execution of instructions. A local attacker can perform a bounds check bypass, execute arbitrary code, conduct a side-channel attack and read sensitive memory information.
15) Information disclosure (CVE-ID: CVE-2017-5754)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists in Intel CPU hardware due to side-channel attacks, which are also referred to as Meltdown attacks. A local attacker can execute arbitrary code, perform a side-channel analysis of the data cache and gain access to sensitive information including memory from the CPU cache.
16) Resource exhaustion (CVE-ID: CVE-2017-7472)
The vulnerability allows a local attacker to cause DoD condition on the target system.The weakness exists in the KEYS subsystem due to memory consumption. A local attacker can cause the service to crash via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
17) Use-after-free error (CVE-ID: CVE-2017-8824)
The vulnerability allows a local attacker to gain elevated privileges or cause DoS condition on the target system.The weakness exists due to an error in the dccp_disconnect function in net/dccp/proto.c in the Linux kernel. A local attacker can make specially crafted AF_UNSPEC connect system call during the DCCP_LISTEN state, trigger use-after-free error and gain root privileges or cause the system to crash.
Remediation
Install update from vendor's website.