Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2169-1 Final 1 1 2017-08-15T15:08:44Z current 2017-08-15T15:08:44Z 2017-08-15T15:08:44Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The openSUSE Leap 42.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994). The following non-security bugs were fixed: - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - block: do not allow updates through sysfs until registration completes (bsc#1047027). - ibmvnic: Check for transport event on driver resume (bsc#1051556, bsc#1052709). - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223). - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794). - iommu/amd: Fix schedule-while-atomic BUG in initialization code (bsc1052533). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175). - libnvdimm: fix badblock range handling of ARS range (bsc#1023175). - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374). - scsi_devinfo: fixup string compare (bsc#1037404). - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792). - vfs: fix missing inode_get_dev sites (bsc#1052049). - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache() (bsc#1051399). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00046.html E-Mail link for openSUSE-SU-2017:2169-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 kernel-debug-4.4.79-18.26.2 kernel-debug-base-4.4.79-18.26.2 kernel-debug-devel-4.4.79-18.26.2 kernel-default-4.4.79-18.26.2 kernel-default-base-4.4.79-18.26.2 kernel-default-devel-4.4.79-18.26.2 kernel-devel-4.4.79-18.26.1 kernel-docs-4.4.79-18.26.3 kernel-docs-html-4.4.79-18.26.3 kernel-docs-pdf-4.4.79-18.26.3 kernel-macros-4.4.79-18.26.1 kernel-obs-build-4.4.79-18.26.2 kernel-obs-qa-4.4.79-18.26.1 kernel-source-4.4.79-18.26.1 kernel-source-vanilla-4.4.79-18.26.1 kernel-syms-4.4.79-18.26.1 kernel-vanilla-4.4.79-18.26.2 kernel-vanilla-base-4.4.79-18.26.2 kernel-vanilla-devel-4.4.79-18.26.2 kernel-debug-4.4.79-18.26.2 as a component of openSUSE Leap 42.2 kernel-debug-base-4.4.79-18.26.2 as a component of openSUSE Leap 42.2 kernel-debug-devel-4.4.79-18.26.2 as a component of openSUSE Leap 42.2 kernel-default-4.4.79-18.26.2 as a component of openSUSE Leap 42.2 kernel-default-base-4.4.79-18.26.2 as a component of openSUSE Leap 42.2 kernel-default-devel-4.4.79-18.26.2 as a component of openSUSE Leap 42.2 kernel-devel-4.4.79-18.26.1 as a component of openSUSE Leap 42.2 kernel-docs-4.4.79-18.26.3 as a component of openSUSE Leap 42.2 kernel-docs-html-4.4.79-18.26.3 as a component of openSUSE Leap 42.2 kernel-docs-pdf-4.4.79-18.26.3 as a component of openSUSE Leap 42.2 kernel-macros-4.4.79-18.26.1 as a component of openSUSE Leap 42.2 kernel-obs-build-4.4.79-18.26.2 as a component of openSUSE Leap 42.2 kernel-obs-qa-4.4.79-18.26.1 as a component of openSUSE Leap 42.2 kernel-source-4.4.79-18.26.1 as a component of openSUSE Leap 42.2 kernel-source-vanilla-4.4.79-18.26.1 as a component of openSUSE Leap 42.2 kernel-syms-4.4.79-18.26.1 as a component of openSUSE Leap 42.2 kernel-vanilla-4.4.79-18.26.2 as a component of openSUSE Leap 42.2 kernel-vanilla-base-4.4.79-18.26.2 as a component of openSUSE Leap 42.2 kernel-vanilla-devel-4.4.79-18.26.2 as a component of openSUSE Leap 42.2 Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue is analogous to previously disclosed CVE-2016-8655. In both cases, a socket option that changes socket state may race with safety checks in packet_set_ring. Previously with PACKET_VERSION. This time with PACKET_RESERVE. The solution is similar: lock the socket for the update. This issue may be exploitable, we did not investigate further. As this issue affects PF_PACKET sockets, it requires CAP_NET_RAW in the process namespace. But note that with user namespaces enabled, any process can create a namespace in which it has CAP_NET_RAW. CVE-2017-1000111 openSUSE Leap 42.2:kernel-debug-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-debug-base-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-debug-devel-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-default-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-default-base-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-default-devel-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-devel-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-docs-4.4.79-18.26.3 openSUSE Leap 42.2:kernel-docs-html-4.4.79-18.26.3 openSUSE Leap 42.2:kernel-docs-pdf-4.4.79-18.26.3 openSUSE Leap 42.2:kernel-macros-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-obs-build-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-obs-qa-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-source-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-syms-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-vanilla-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-vanilla-base-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.79-18.26.2 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00046.html https://www.suse.com/security/cve/CVE-2017-1000111.html CVE-2017-1000111 https://bugzilla.suse.com/1052365 SUSE Bug 1052365 https://bugzilla.suse.com/1052367 SUSE Bug 1052367 Linux kernel: Exploitable memory corruption due to UFO to non-UFO path switch. When building a UFO packet with MSG_MORE __ip_append_data() calls ip_ufo_append_data() to append. However in between two send() calls, the append path can be switched from UFO to non-UFO one, which leads to a memory corruption. In case UFO packet lengths exceeds MTU, copy = maxfraglen - skb->len becomes negative on the non-UFO path and the branch to allocate new skb is taken. This triggers fragmentation and computation of fraggap = skb_prev->len - maxfraglen. Fraggap can exceed MTU, causing copy = datalen - transhdrlen - fraggap to become negative. Subsequently skb_copy_and_csum_bits() writes out-of-bounds. A similar issue is present in IPv6 code. The bug was introduced in e89e9cf539a2 ("[IPv4/IPv6]: UFO Scatter-gather approach") on Oct 18 2005. CVE-2017-1000112 openSUSE Leap 42.2:kernel-debug-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-debug-base-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-debug-devel-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-default-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-default-base-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-default-devel-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-devel-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-docs-4.4.79-18.26.3 openSUSE Leap 42.2:kernel-docs-html-4.4.79-18.26.3 openSUSE Leap 42.2:kernel-docs-pdf-4.4.79-18.26.3 openSUSE Leap 42.2:kernel-macros-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-obs-build-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-obs-qa-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-source-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-syms-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-vanilla-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-vanilla-base-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.79-18.26.2 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00046.html https://www.suse.com/security/cve/CVE-2017-1000112.html CVE-2017-1000112 https://bugzilla.suse.com/1052311 SUSE Bug 1052311 https://bugzilla.suse.com/1052365 SUSE Bug 1052365 https://bugzilla.suse.com/1052368 SUSE Bug 1052368 The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability. CVE-2017-8831 openSUSE Leap 42.2:kernel-debug-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-debug-base-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-debug-devel-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-default-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-default-base-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-default-devel-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-devel-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-docs-4.4.79-18.26.3 openSUSE Leap 42.2:kernel-docs-html-4.4.79-18.26.3 openSUSE Leap 42.2:kernel-docs-pdf-4.4.79-18.26.3 openSUSE Leap 42.2:kernel-macros-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-obs-build-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-obs-qa-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-source-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-syms-4.4.79-18.26.1 openSUSE Leap 42.2:kernel-vanilla-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-vanilla-base-4.4.79-18.26.2 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.79-18.26.2 moderate 6.6 AV:L/AC:M/Au:S/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-08/msg00046.html https://www.suse.com/security/cve/CVE-2017-8831.html CVE-2017-8831 https://bugzilla.suse.com/1037994 SUSE Bug 1037994 https://bugzilla.suse.com/1053611 SUSE Bug 1053611 https://bugzilla.suse.com/1061936 SUSE Bug 1061936 https://bugzilla.suse.com/1087082 SUSE Bug 1087082