[SUSE-SU-2017:0407-1] Security update for the Linux Kernel
Severity
Important
CVEs
24
Security update for the Linux Kernel
The SUSE Linux Enterprise 12 rt-kernel was updated to 3.12.69 to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2015-8962: Fixed a double free vulnerability in the SCSI subsystem that allowed local users to gain privileges or cause a denial of service (memory corruption and system crash) (bnc#1010501).
- CVE-2015-8963: Fixed a race condition in kernel/events/core.c that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010502).
- CVE-2015-8964: Fixed a bug in the tty_set_termios_ldisc function that allowed local users to obtain sensitive information from kernel memory (bnc#1010507).
- CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1017710).
- CVE-2016-7910: Fixed a use-after-free vulnerability in the block subsystem that allowed local users to gain privileges (bnc#1010716).
- CVE-2016-7911: Fixed a race condition in the get_task_ioprio function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010711).
- CVE-2016-7913: Fixed a bug in the xc2028_set_config function that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1010478).
- CVE-2016-7914: The assoc_array_insert_into_terminal_node function did not check whether a slot is a leaf, which allowed local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and out-of-bounds read) (bnc#1010475).
- CVE-2016-8399: Fixed a bug in the kernel networking subsystem that could have enabled a local malicious application to execute arbitrary code within the context of the kernel. (bnc#1014746).
- CVE-2016-8632: The net subsystem did not validate the relationship between the minimum fragment length and the maximum packet size, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) (bnc#1008831).
- CVE-2016-8633: The firewire subsystem allowed remote attackers to execute arbitrary code via crafted fragmented packets in certain unusual hardware configurations (bnc#1008833).
- CVE-2016-8645: The TCP stack in the Linux kernel mishandled skb truncation, which allowed local users to cause a denial of service (system crash) (bnc#1009969).
- CVE-2016-8655: Fixed a race condition in the network subsystem that allowed local users to gain privileges or cause a denial of service (use-after-free) (bnc#1012754).
- CVE-2016-9083: The PCI subsystem local users to bypass integer overflow checks and cause a denial of service (memory corruption) or have unspecified other impact (bnc#1007197).
- CVE-2016-9084: The PCI subsystem misused the kzalloc() function, which allowed local users to cause a denial of service (integer overflow) or have unspecified other impact (bnc#1007197).
- CVE-2016-9555: Fixed a bug in the network subsystem that allowed remote attackers to cause a denial of service (out-of-bounds slab access) or possibly have unspecified other impact via crafted SCTP data (bnc#1011685).
- CVE-2016-9576: The block subsystem did not properly restrict the type of iterator, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) (bnc#1013604).
- CVE-2016-9756: The kernel did not properly initialize Code Segment (CS) in certain error cases, which allowed local users to obtain sensitive information from kernel stack memory (bnc#1013038).
- CVE-2016-9793: The net subsystem mishandled negative values of sk_sndbuf and sk_rcvbuf, which allowed local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact (bnc#1013531).
- CVE-2016-9794: Fixed a race condition in the ALSA subsystem that allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1013533).
- CVE-2016-9806: Fixed a race condition in the netlink_dump() function which could have allowed local users to cause a denial of service (double free) or possibly have unspecified other impact (bnc#1013540).
- CVE-2017-2583: kvm: x86: fixed emulation of 'MOV SS, null selector' (bsc#1020602).
- CVE-2017-2584: arch: x86: kvm: fixed a bug that could have allowed local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) (bnc#1019851).
- CVE-2017-5551: tmpfs: Fixed a bug that could have allowed users to set setgid bits on files they don't down. (bsc#1021258, CVE-2017-5551).
The following non-security bugs were fixed:
- 8250_pci: Fix potential use-after-free in error path (bsc#1013001).
- block_dev: do not test bdev->bd_contains when it is not stable (bsc#1008557).
- bna: Add synchronization for tx ring (bsc#993739).
- bnx2i/bnx2fc : fix randconfig error in next-20140909 (bsc#922052 bsc#922056).
- bnx2x: Correct ringparam estimate when DOWN (bsc#1020214).
- bnx2x: fix lockdep splat (bsc#922052 bsc#922056).
- btrfs: Ensure proper sector alignment for btrfs_free_reserved_data_space (bsc#1005666).
- btrfs: Export and move leaf/subtree qgroup helpers to qgroup.c (bsc#983087).
- btrfs: Revert 'do not delay inode ref updates during log replay' (bsc#987192).
- btrfs: bugfix: handle FS_IOC32_{GETFLAGS,SETFLAGS,GETVERSION} in btrfs_ioctl (bsc#1018100).
- btrfs: do not delay inode ref updates during log replay (bsc#987192).
- btrfs: fix incremental send failure caused by balance (bsc#985850).
- btrfs: fix relocation incorrectly dropping data references (bsc#990384).
- btrfs: increment ctx->pos for every emitted or skipped dirent in XXXXXXX (bsc#981709).
- btrfs: qgroup: Fix qgroup data leaking by using subtree tracing (bsc#983087).
- btrfs: remove old tree_root dirent processing in btrfs_real_readdir() (bsc#981709).
- btrfs: send, do not bug on inconsistent snapshots (bsc#985850).
- cpufreq: intel_pstate: Fix divide by zero on Knights Landing (KNL) (bsc#1008876).
- cpuset: fix sched_load_balance that was accidentally broken in a previous update (bsc#1010294).
- ext4: fix data exposure after a crash (bsc#1012985).
- fs/dcache: move the call of __d_drop(anon) into __d_materialise_unique(dentry, anon) (bsc#984194).
- fuse: do not use iocb after it may have been freed (bsc#1012985).
- hpilo: Add support for iLO5 (bsc#999101).
- ib/core: Avoid unsigned int overflow in sg_alloc_table (bsc#924381 bsc#921338).
- ib/mlx5: Fix FW version diaplay in sysfs (bnc#923036).
- ib/mlx5: Fix entries check in mlx5_ib_resize_cq (bnc#858727).
- ib/mlx5: Fix entries checks in mlx5_ib_create_cq (bnc#858727).
- ib/mlx5: Remove per-MR pas and dma pointers (bnc#923036).
- ibmveth: calculate gso_segs for large packets (bsc#1019148).
- ibmveth: check return of skb_linearize in ibmveth_start_xmit (bsc#1019148).
- ibmveth: consolidate kmalloc of array, memset 0 to kcalloc (bsc#1019148).
- ibmveth: set correct gso_size and gso_type (bsc#1019148).
- igb: Fix oops caused by missing queue pairing (bnc#857394).
- ipmi_si: create hardware-independent softdep for ipmi_devintf (bsc#1009062).
- ipr: Enable SIS pipe commands for SIS-32 devices (bsc#1016961).
- ipv4: Fix ip_queue_xmit to pass sk into ip_local_out_sk (bsc#938963).
- kabi: protect __sk_mem_reclaim (kabi).
- kabi: protect struct perf_event_context (kabi).
- kabi: reintroduce sk_filter (kabi).
- kernel: remove broken memory detection sanity check (bnc#1008567, LTC#148072).
- kgr: ignore zombie tasks during the patching (bnc#1008979).
- kgraft/iscsi-target: Do not block kGraft in iscsi_np kthread (bsc#1010612).
- kgraft/xen: Do not block kGraft in xenbus kthread (bsc#1017410).
- net/mlx5: Avoid passing dma address 0 to firmware (bnc#858727).
- net/mlx5: Fix typo in mlx5_query_port_pvlc (bnc#923036).
- net/mlx5e: Do not modify CQ before it was created (bnc#923036).
- net/mlx5e: Do not try to modify CQ moderation if it is not supported (bnc#923036).
- net/mlx5e: Fix MLX5E_100BASE_T define (bnc#923036).
- net/mlx5e: Remove wrong poll CQ optimization (bnc#923036).
- netback: correct array index (bsc#983348).
- nfsv4: Cap the transport reconnection timer at 1/2 lease period (bsc#1014410).
- nfsv4: Cleanup the setting of the nfs4 lease period (bsc#1014410).
- nfsv4: Fix 'NFS Lock reclaim failed' errors (bsc#1014410).
- ocfs2: fix BUG_ON() in ocfs2_ci_checkpointed() (bnc#1019783).
- posix_acl: Fixup acl reference leak and missing conversions in ext3, gfs2, jfs, hfsplus.
- powerpc/pseries: Use H_CLEAR_HPT to clear MMU hash table during kexec (bsc#1003813).
- proc: avoid including 'mountproto=' with no protocol in /proc/mounts (bsc#1019260).
- raid1: ignore discard error (bsc#1017164).
- reiserfs: fix race in prealloc discard (bsc#987576).
- rpm/kernel-binary.spec.in: Export a make-stderr.log file (bsc#1012422)
- rpm/kernel-spec-macros: Fix the check if there is no rebuild counter (bsc#1012060)
- rpm/kernel-spec-macros: Ignore too high rebuild counter (bsc#1012060)
- serial: 8250_pci: Detach low-level driver during PCI error recovery (bsc#1013001).
- sfc: clear napi_hash state when copying channels (bsc#923037).
- sfc: fix potential stack corruption from running past stat bitmask (bsc#923037).
- sfc: on MC reset, clear PIO buffer linkage in TXQs (bnc#856380).
- sunrpc: Enforce an upper limit on the number of cached credentials (bsc#1012917).
- sunrpc: Fix reconnection timeouts (bsc#1014410).
- sunrpc: Limit the reconnect backoff timer to the max RPC message timeout (bsc#1014410).
- target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE (bsc#991273).
- target: add XCOPY target/segment desc sense codes (bsc#991273).
- target: bounds check XCOPY segment descriptor list (bsc#991273).
- target: bounds check XCOPY total descriptor list length (bsc#991273).
- target: check XCOPY segment descriptor CSCD IDs (bsc#1017170).
- target: check for XCOPY parameter truncation (bsc#991273).
- target: return UNSUPPORTED TARGET/SEGMENT DESC TYPE CODE sense (bsc#991273).
- target: simplify XCOPY wwn->se_dev lookup helper (bsc#991273).
- target: support XCOPY requests without parameters (bsc#991273).
- target: use XCOPY TOO MANY TARGET DESCRIPTORS sense (bsc#991273).
- target: use XCOPY segment descriptor CSCD IDs (bsc#1017170).
- tg3: Avoid NULL pointer dereference in tg3_io_error_detected() (bsc#921778).
- tty: Prevent ldisc drivers from re-using stale tty fields (bnc#1010507).
- x86/apic: Order irq_enter/exit() calls correctly vs. ack_APIC_irq() (bsc#1013479).
- xen/ftrace/x86: Set ftrace_stub to weak to prevent gcc from using short jumps to it (bsc#984419).
- xenbus: correctly signal errors from xenstored_local_init() (luckily none so far).
- xfs: allow lazy sb counter sync during filesystem freeze sequence (bsc#980560).
- xfs: refactor xlog_recover_process_data() (bsc#1019300).
- ID
- SUSE-SU-2017:0407-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2017/suse-su-20170407-1/
- Published
-
2017-02-06T14:41:53
(7 years ago) - Modified
-
2017-02-06T14:41:53
(7 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS-2016-718
- ALAS-2016-772
- ALAS-2017-782
- ALAS-2017-786
- ALAS-2017-805
- ASA-201612-6
- ASA-201612-7
- ASA-201612-8
- ASA-201701-32
- ASA-201701-35
- ASA-201701-38
- ASA-201702-17
- ASA-201702-18
- DSA-3791-1
- ELSA-2016-3648
- ELSA-2016-3651
- ELSA-2016-3652
- ELSA-2017-0086
- ELSA-2017-0307
- ELSA-2017-0386
- ELSA-2017-0817
- ELSA-2017-0892
- ELSA-2017-0933
- ELSA-2017-1308
- ELSA-2017-1615
- ELSA-2017-1842
- ELSA-2017-2930
- ELSA-2017-3508
- ELSA-2017-3509
- ELSA-2017-3510
- ELSA-2017-3514
- ELSA-2017-3533
- ELSA-2017-3534
- ELSA-2017-3535
- ELSA-2017-3537
- ELSA-2017-3538
- ELSA-2017-3539
- ELSA-2017-3566
- ELSA-2017-3567
- ELSA-2018-1062
- ELSA-2020-5912
- FEDORA-2016-02db2f32fd
- FEDORA-2016-107f03cc00
- FEDORA-2016-29cde72f15
- FEDORA-2016-3548475bca
- FEDORA-2016-5aff4a6bbc
- FEDORA-2016-5cb5b4082d
- FEDORA-2016-5ec2475e3f
- FEDORA-2016-96d276367e
- FEDORA-2016-9c17cb9648
- FEDORA-2016-bbe98c341c
- FEDORA-2016-e5b72816d0
- FEDORA-2016-ee3a114958
- FEDORA-2017-18ce368ba3
- FEDORA-2017-6cc158c193
- FEDORA-2017-81fbd592d4
- FEDORA-2017-e6012e74b6
- RHSA-2016:2574
- RHSA-2017:0086
- RHSA-2017:0091
- RHSA-2017:0307
- RHSA-2017:0386
- RHSA-2017:0387
- RHSA-2017:0817
- RHSA-2017:0892
- RHSA-2017:0931
- RHSA-2017:0933
- RHSA-2017:1298
- RHSA-2017:1308
- RHSA-2017:1615
- RHSA-2017:1616
- RHSA-2017:1842
- RHSA-2017:2077
- RHSA-2017:2930
- RHSA-2017:2931
- RHSA-2018:0676
- RHSA-2018:1062
- SSA:2016-347-01
- SUSE-SU-2016:3039-1
- SUSE-SU-2016:3049-1
- SUSE-SU-2016:3063-1
- SUSE-SU-2016:3093-1
- SUSE-SU-2016:3094-1
- SUSE-SU-2016:3096-1
- SUSE-SU-2016:3098-1
- SUSE-SU-2016:3100-1
- SUSE-SU-2016:3104-1
- SUSE-SU-2016:3109-1
- SUSE-SU-2016:3111-1
- SUSE-SU-2016:3112-1
- SUSE-SU-2016:3113-1
- SUSE-SU-2016:3116-1
- SUSE-SU-2016:3117-1
- SUSE-SU-2016:3119-1
- SUSE-SU-2016:3146-1
- SUSE-SU-2016:3169-1
- SUSE-SU-2016:3183-1
- SUSE-SU-2016:3188-1
- SUSE-SU-2016:3197-1
- SUSE-SU-2016:3203-1
- SUSE-SU-2016:3205-1
- SUSE-SU-2016:3206-1
- SUSE-SU-2016:3217-1
- SUSE-SU-2016:3247-1
- SUSE-SU-2016:3248-1
- SUSE-SU-2016:3249-1
- SUSE-SU-2016:3252-1
- SUSE-SU-2017:0181-1
- SUSE-SU-2017:0226-1
- SUSE-SU-2017:0227-1
- SUSE-SU-2017:0228-1
- SUSE-SU-2017:0229-1
- SUSE-SU-2017:0230-1
- SUSE-SU-2017:0231-1
- SUSE-SU-2017:0232-1
- SUSE-SU-2017:0233-1
- SUSE-SU-2017:0234-1
- SUSE-SU-2017:0235-1
- SUSE-SU-2017:0244-1
- SUSE-SU-2017:0245-1
- SUSE-SU-2017:0246-1
- SUSE-SU-2017:0247-1
- SUSE-SU-2017:0248-1
- SUSE-SU-2017:0249-1
- SUSE-SU-2017:0267-1
- SUSE-SU-2017:0268-1
- SUSE-SU-2017:0278-1
- SUSE-SU-2017:0293-1
- SUSE-SU-2017:0294-1
- SUSE-SU-2017:0303-1
- SUSE-SU-2017:0307-1
- SUSE-SU-2017:0333-1
- SUSE-SU-2017:0437-1
- SUSE-SU-2017:0464-1
- SUSE-SU-2017:0471-1
- SUSE-SU-2017:0494-1
- SUSE-SU-2017:0575-1
- SUSE-SU-2017:1102-1
- SUSE-SU-2017:1990-1
- USN-3149-1
- USN-3149-2
- USN-3150-1
- USN-3150-2
- USN-3151-1
- USN-3151-2
- USN-3151-3
- USN-3151-4
- USN-3152-1
- USN-3152-2
- USN-3161-1
- USN-3161-2
- USN-3161-3
- USN-3161-4
- USN-3162-1
- USN-3162-2
- USN-3167-1
- USN-3167-2
- USN-3168-1
- USN-3168-2
- USN-3169-1
- USN-3169-2
- USN-3169-3
- USN-3169-4
- USN-3170-1
- USN-3170-2
- USN-3187-1
- USN-3187-2
- USN-3188-1
- USN-3188-2
- USN-3189-1
- USN-3189-2
- USN-3190-1
- USN-3190-2
- USN-3206-1
- USN-3207-1
- USN-3207-2
- USN-3208-1
- USN-3208-2
- USN-3209-1
- USN-3234-1
- USN-3234-2
- USN-3290-1
- USN-3312-1
- USN-3312-2
- USN-3359-1
- USN-3360-1
- USN-3360-2
- USN-3361-1
- USN-3406-1
- USN-3406-2
- USN-3422-1
- USN-3422-2
- USN-3445-1
- USN-3445-2
- USN-3470-1
- USN-3470-2
- USN-3754-1
- USN-3798-1
- USN-3798-2
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |