Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2495-1 Final 1 1 2017-09-15T07:48:37Z current 2017-09-15T07:48:37Z 2017-09-15T07:48:37Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The openSUSE Leap 42.2 kernel was updated to 4.4.87 to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-1000251: The native Bluetooth stack in the Linux Kernel (BlueZ) was vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space (bnc#1057389). - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel allowed local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path (bnc#1056982). - CVE-2017-11472: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the operand cache and causes a kernel stack dump, which allowed local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table (bnc#1049580). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-12134: The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation (bnc#1051790 1053919). The following non-security bugs were fixed: - acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes). - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978) (bsc#1020657). - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013). - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform (bsc#1024405). - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934). - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset (bsc#1052580). - Add 'shutdown' to 'struct class' (bsc#1053117). - bluetooth: bnep: fix possible might sleep error in bnep_session (bsc#1031784). - bluetooth: cmtp: fix possible might sleep error in cmtp_session (bsc#1031784). - btrfs: fix early ENOSPC due to delalloc (bsc#1049226). - nfs: flush data when locking a file to ensure cache coherence for mmap (bsc#981309). - Revert '/proc/iomem: only expose physical resource addresses to privileged users' (kabi). - Revert 'Make file credentials available to the seqfile interfaces' (kabi). - usb: core: fix device node leak (bsc#1047487). - Update patches.drivers/tpm-141-fix-RC-value-check-in-tpm2_seal_trusted.patch (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 5ca4c20cfd37). - bnxt: add a missing rcu synchronization (bnc#1038583). - bnxt: do not busy-poll when link is down (bnc#1038583). - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583). - bnxt_en: Fix 'uninitialized variable' bug in TPA code path (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in a failure path during open (bnc#1038583). - bnxt_en: Fix NULL pointer dereference in reopen failure path (bnc#1038583). - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583). - bnxt_en: Fix VF virtual link state (bnc#1038583). - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583). - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583). - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583). - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583). - bnxt_en: Refactor TPA code path (bnc#1038583). - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583). - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583). - ceph: fix readpage from fscache (bsc#1057015). - cxgb4: Fix stack out-of-bounds read due to wrong size to t4_record_mbox() (bsc#1021424 bsc#1022743). - drivers: net: xgene: Fix wrong logical operation (bsc#1056827). - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155). - fuse: initialize the flock flag in fuse_file on allocation (git-fixes). - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829). - ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116). - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717). - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported (bsc#1031717). - kernel/*: switch to memdup_user_nul() (bsc#1048893). - lib: test_rhashtable: Fix KASAN warning (bsc#1055359). - lib: test_rhashtable: fix for large entry counts (bsc#1055359). - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill warning (FATE#319466). - md/raid5: fix a race condition in stripe batch (linux-stable). - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw poison -- git fixes). - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation attempt (bnc#971975 VM -- git fixes). - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850). - netfilter: fix IS_ERR_VALUE usage (bsc#1052888). - netfilter: x_tables: pack percpu counter allocations (bsc#1052888). - netfilter: x_tables: pass xt_counters struct instead of packet counter (bsc#1052888). - netfilter: x_tables: pass xt_counters struct to counter allocator (bsc#1052888). - new helper: memdup_user_nul() (bsc#1048893). - of: fix '/cpus' reference leak in of_numa_parse_cpu_nodes() (bsc#1056827). - ovl: fix dentry leak for default_permissions (bsc#1054084). - percpu_ref: allow operation mode switching operations to be called concurrently (bsc#1055096). - percpu_ref: remove unnecessary RCU grace period for staggered atomic switching confirmation (bsc#1055096). - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate percpu_ref_switch_to_atomic() (bsc#1055096). - percpu_ref: restructure operation mode switching (bsc#1055096). - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096). - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261). - s390: export symbols for crash-kmp (bsc#1053915). - supported.conf: clear mistaken external support flag for cifs.ko (bsc#1053802). - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893). - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893). - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893). - sysctl: simplify unsigned int support (bsc#1048893). - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117). - tpm: KABI fix (bsc#1053117). - tpm: fix: return rc when devm_add_action() fails (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 8e0ee3c9faed). - tpm: read burstcount from TPM_STS in one 32-bit transaction (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes 27084efee0c3). - tpm_tis_core: Choose appropriate timeout for reading burstcount (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes aec04cbdf723). - tty: serial: msm: Support more bauds (git-fixes). - ubifs: Correctly evict xattr inodes (bsc#1012829). - ubifs: Do not leak kernel memory to the MTD (bsc#1012829). - xfs: fix inobt inode allocation search optimization (bsc#1012829). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2017-09/msg00057.html E-Mail link for openSUSE-SU-2017:2495-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 kernel-debug-4.4.87-18.29.1 kernel-debug-base-4.4.87-18.29.1 kernel-debug-devel-4.4.87-18.29.1 kernel-default-4.4.87-18.29.1 kernel-default-base-4.4.87-18.29.1 kernel-default-devel-4.4.87-18.29.1 kernel-devel-4.4.87-18.29.1 kernel-docs-4.4.87-18.29.2 kernel-docs-html-4.4.87-18.29.2 kernel-docs-pdf-4.4.87-18.29.2 kernel-macros-4.4.87-18.29.1 kernel-obs-build-4.4.87-18.29.1 kernel-obs-qa-4.4.87-18.29.1 kernel-source-4.4.87-18.29.1 kernel-source-vanilla-4.4.87-18.29.1 kernel-syms-4.4.87-18.29.1 kernel-vanilla-4.4.87-18.29.1 kernel-vanilla-base-4.4.87-18.29.1 kernel-vanilla-devel-4.4.87-18.29.1 kernel-debug-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-debug-base-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-debug-devel-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-default-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-default-base-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-default-devel-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-devel-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-docs-4.4.87-18.29.2 as a component of openSUSE Leap 42.2 kernel-docs-html-4.4.87-18.29.2 as a component of openSUSE Leap 42.2 kernel-docs-pdf-4.4.87-18.29.2 as a component of openSUSE Leap 42.2 kernel-macros-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-obs-build-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-obs-qa-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-source-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-source-vanilla-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-syms-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-vanilla-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-vanilla-base-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 kernel-vanilla-devel-4.4.87-18.29.1 as a component of openSUSE Leap 42.2 The native Bluetooth stack in the Linux Kernel (BlueZ), starting at the Linux kernel version 2.6.32 and up to and including 4.13.1, are vulnerable to a stack overflow vulnerability in the processing of L2CAP configuration responses resulting in Remote code execution in kernel space. CVE-2017-1000251 openSUSE Leap 42.2:kernel-debug-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-debug-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-docs-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-docs-html-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-macros-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-obs-build-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-source-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-syms-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.87-18.29.1 important 7.9 AV:A/AC:M/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-09/msg00057.html https://www.suse.com/security/cve/CVE-2017-1000251.html CVE-2017-1000251 https://bugzilla.suse.com/1057389 SUSE Bug 1057389 https://bugzilla.suse.com/1057950 SUSE Bug 1057950 https://bugzilla.suse.com/1070535 SUSE Bug 1070535 https://bugzilla.suse.com/1120758 SUSE Bug 1120758 The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table. CVE-2017-11472 openSUSE Leap 42.2:kernel-debug-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-debug-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-docs-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-docs-html-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-macros-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-obs-build-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-source-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-syms-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.87-18.29.1 low 1.2 AV:L/AC:H/Au:N/C:P/I:N/A:N Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-09/msg00057.html https://www.suse.com/security/cve/CVE-2017-11472.html CVE-2017-11472 https://bugzilla.suse.com/1049580 SUSE Bug 1049580 https://bugzilla.suse.com/1087082 SUSE Bug 1087082 The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in Xen might allow local OS guest users to corrupt block device data streams and consequently obtain sensitive memory information, cause a denial of service, or gain host OS privileges by leveraging incorrect block IO merge-ability calculation. CVE-2017-12134 openSUSE Leap 42.2:kernel-debug-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-debug-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-docs-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-docs-html-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-macros-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-obs-build-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-source-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-syms-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.87-18.29.1 moderate 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-09/msg00057.html https://www.suse.com/security/cve/CVE-2017-12134.html CVE-2017-12134 https://bugzilla.suse.com/1051790 SUSE Bug 1051790 https://bugzilla.suse.com/1053919 SUSE Bug 1053919 An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access. CVE-2017-14051 openSUSE Leap 42.2:kernel-debug-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-debug-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-docs-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-docs-html-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-macros-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-obs-build-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-source-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-syms-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.87-18.29.1 moderate 6 AV:L/AC:H/Au:S/C:C/I:C/A:C Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-09/msg00057.html https://www.suse.com/security/cve/CVE-2017-14051.html CVE-2017-14051 https://bugzilla.suse.com/1056588 SUSE Bug 1056588 The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path. CVE-2017-14106 openSUSE Leap 42.2:kernel-debug-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-debug-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-debug-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-default-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-devel-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-docs-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-docs-html-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-docs-pdf-4.4.87-18.29.2 openSUSE Leap 42.2:kernel-macros-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-obs-build-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-obs-qa-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-source-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-source-vanilla-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-syms-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-base-4.4.87-18.29.1 openSUSE Leap 42.2:kernel-vanilla-devel-4.4.87-18.29.1 low 2.1 AV:L/AC:L/Au:N/C:N/I:N/A:P Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2017-09/msg00057.html https://www.suse.com/security/cve/CVE-2017-14106.html CVE-2017-14106 https://bugzilla.suse.com/1056982 SUSE Bug 1056982