1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2017:3288-1

[SUSE-SU-2017:3288-1] Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP2)

Severity Important
CVEs 2
Info References Vulnerabilities

Security update for the Linux Kernel (Live Patch 4 for SLE 12 SP2)

This update for the Linux Kernel 4.4.38-93 fixes several issues.

The following security issues were fixed:

  • CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
  • CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).

This non-security issue was fixed:

  • bsc#1062847: Enable proper shut down if NIC teaming is enabled
ID
SUSE-SU-2017:3288-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2017/suse-su-20173288-1/
Published
2017-12-14T10:48:18
(6 years ago)
Modified
2017-12-14T10:48:18
(6 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date