ID F5:K84024430 Type f5 Reporter f5 Modified 2018-12-18T22:08:00
Description
F5 Product Development has assigned ID 709256 (BIG-IP), ID 710329 (BIG-IQ), ID 710328 (Enterprise Manager), and ID 710329 (F5 iWorkflow) to this vulnerability. Additionally, BIG-IP iHealth may list Heuristic H84024430 on the Diagnostics > Identified > Medium page.
To determine if your product and version have been evaluated for this vulnerability, refer to the Applies to (see versions) box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.
1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.
If you are running a version listed in the Versions known to be vulnerable column, you can eliminate this vulnerability by upgrading to a version listed in the Fixes introduced in column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.
{"id": "F5:K84024430", "bulletinFamily": "software", "title": "Linux kernel vulnerability CVE-2017-7542", "description": "\nF5 Product Development has assigned ID 709256 (BIG-IP), ID 710329 (BIG-IQ), ID 710328 (Enterprise Manager), and ID 710329 (F5 iWorkflow) to this vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H84024430 on the **Diagnostics** > **Identified** > **Medium** page.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | 14.x | 14.0.0 | 14.1.0 \n14.0.0.3 | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \n13.x | 13.0.0 - 13.1.0 | 13.1.0.8 \n12.x | 12.1.0 - 12.1.3 | 12.1.3.3 \n11.x | 11.6.0 - 11.6.3 \n11.2.1 - 11.5.5 | 11.6.3.1 \n11.5.6 \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | 3.1.1 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \nBIG-IQ Centralized Management | 5.x | 5.0.0 - 5.4.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \n4.x | 4.6.0 | None \nBIG-IQ Cloud and Orchestration | 1.x | 1.0.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \nF5 iWorkflow | 2.x | 2.0.1 - 2.3.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \nLineRate | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | None | Medium | [5.5](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H>) | Kernel \n4.x | 4.0.5 - 4.4.0 | None \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\nTo determine the necessary upgrade path for your BIG-IQ system, you should understand the BIG-IQ product offering name changes. For more information, refer to [K21232150: Considerations for upgrading BIG-IQ or F5 iWorkflow systems](<https://support.f5.com/csp/article/K21232150>).\n\nMitigation\n\nNone\n\n * [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>)\n * [K41942608: Overview of Security Advisory articles](<https://support.f5.com/csp/article/K41942608>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2018-03-15T19:55:00", "modified": "2018-12-18T22:08:00", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "href": "https://support.f5.com/csp/article/K84024430", "reporter": "f5", "references": [], "cvelist": ["CVE-2017-7542"], "type": "f5", "lastseen": "2020-04-06T22:40:48", "edition": 1, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2017-7542"]}, {"type": "virtuozzo", "idList": ["VZA-2017-076", "VZA-2017-075", "VZA-2017-069", "VZA-2017-068", "VZA-2017-067"]}, {"type": "nessus", "idList": ["F5_BIGIP_SOL84024430.NASL", "ORACLELINUX_ELSA-2017-3631.NASL", "VIRTUOZZO_VZA-2017-069.NASL", "SL_20180125_KERNEL_ON_SL6_X.NASL", "VIRTUOZZO_VZA-2017-068.NASL", "ORACLEVM_OVMSA-2017-0163.NASL", "REDHAT-RHSA-2018-0169.NASL", "FEDORA_2017-39B5FACDA0.NASL", "ORACLEVM_OVMSA-2017-0164.NASL", "ORACLELINUX_ELSA-2018-0169.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2017-3633", "ELSA-2017-2930", "ELSA-2017-3632", "ELSA-2017-2930-1", "ELSA-2018-0169", "ELSA-2017-3635", "ELSA-2017-3657", "ELSA-2017-3659", "ELSA-2018-0008", "ELSA-2017-3631"]}, {"type": "fedora", "idList": ["FEDORA:83CF561C31BC", "FEDORA:0BAA361AC35C"]}, {"type": "centos", "idList": ["CESA-2018:0169", "CESA-2017:2930"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812046", "OPENVAS:1361412562310703945", "OPENVAS:1361412562310851586", "OPENVAS:1361412562310882840", "OPENVAS:1361412562311220191526", "OPENVAS:1361412562310882792", "OPENVAS:1361412562310703927", "OPENVAS:1361412562311220181026", "OPENVAS:1361412562310851592", "OPENVAS:1361412562311220171159"]}, {"type": "redhat", "idList": ["RHSA-2017:2931", "RHSA-2018:0169", "RHSA-2017:2918", "RHSA-2017:2930"]}, {"type": "amazon", "idList": ["ALAS-2017-870"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2017:2112-1", "SUSE-SU-2017:2908-1", "SUSE-SU-2017:2286-1", "OPENSUSE-SU-2017:2110-1", "SUSE-SU-2017:2920-1", "SUSE-SU-2017:2956-1", "SUSE-SU-2017:2389-1", "SUSE-SU-2017:2869-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1099-1:57108", "DEBIAN:DSA-3927-1:A186E", "DEBIAN:DSA-3945-1:532A6"]}, {"type": "ubuntu", "idList": ["USN-3583-1", "USN-3583-2"]}], "modified": "2020-04-06T22:40:48", "rev": 2}, "score": {"value": 6.3, "vector": "NONE", "modified": "2020-04-06T22:40:48", "rev": 2}, "vulnersScore": 6.3}, "affectedSoftware": []}
{"cve": [{"lastseen": "2020-12-09T20:13:37", "description": "The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.", "edition": 6, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2017-07-21T16:29:00", "title": "CVE-2017-7542", "type": "cve", "cwe": ["CWE-835", "CWE-190"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 4.9, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7542"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/o:linux:linux_kernel:4.12.3"], "id": "CVE-2017-7542", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7542", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:o:linux:linux_kernel:4.12.3:*:*:*:*:*:*:*"]}], "virtuozzo": [{"lastseen": "2019-11-05T11:27:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7541", "CVE-2017-7542"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-514.26.1.vz7.33.22 (Virtuozzo 7.0.5).\n**Vulnerability id:** CVE-2017-7542\nInteger overflow vulnerability in ip6_find_1stfragopt() function was found. Local attacker that has privileges to open raw sockets can cause infinite loop inside ip6_find_1stfragopt() function.\n\n**Vulnerability id:** CVE-2017-7541\nKernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash.\n\n", "edition": 1, "modified": "2017-08-04T00:00:00", "published": "2017-08-04T00:00:00", "id": "VZA-2017-069", "href": "https://help.virtuozzo.com/customer/portal/articles/2853435", "title": "Kernel security update: CVE-2017-7542 and other; Virtuozzo ReadyKernel patch 27.0 for Virtuozzo 7.0.5", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:27:50", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000111", "CVE-2017-14106", "CVE-2017-10661", "CVE-2017-1000112", "CVE-2017-7541", "CVE-2017-7542"], "description": "This update provides a new kernel 2.6.32-042stab124.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0 and is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.10.1.el6. It inherits fixes from the original RHEL kernel and provides internal security and stability fixes.\n**Vulnerability id:** CVE-2017-7542\nAn integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.\n\n**Vulnerability id:** CVE-2017-10661\nRace condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.\n\n**Vulnerability id:** CVE-2017-1000111\nA race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.\n\n**Vulnerability id:** CVE-2017-1000112\nAndrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.\n\n**Vulnerability id:** CVE-2017-7541\nKernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-11176\nThe mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use after free) which may lead to memory corruption or other unspecified other impact.\n\n**Vulnerability id:** CVE-2017-14106\nThe tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.\n\n", "edition": 1, "modified": "2017-09-04T00:00:00", "published": "2017-09-04T00:00:00", "id": "VZA-2017-076", "href": "https://help.virtuozzo.com/customer/portal/articles/2869792", "title": "Important kernel security update: CVE-2017-7542 and other; new kernel 2.6.32-042stab124.2, Virtuozzo 6.0 Update 12 Hotfix 14 (6.0.12-3683)", "type": "virtuozzo", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:28:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000111", "CVE-2017-14106", "CVE-2017-10661", "CVE-2017-1000112", "CVE-2017-7541", "CVE-2017-7542"], "description": "This update provides a new kernel 2.6.32-042stab124.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0 and is a rebase to the Red Hat Enterprise Linux 6.9 kernel 2.6.32-696.10.1.el6. It inherits fixes from the original RHEL kernel and provides internal security and stability fixes.\n**Vulnerability id:** CVE-2017-7542\nAn integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.\n\n**Vulnerability id:** CVE-2017-10661\nRace condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.\n\n**Vulnerability id:** CVE-2017-1000111\nA race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system.\n\n**Vulnerability id:** CVE-2017-1000112\nAndrey Konovalov discovered a race condition in the UDP Fragmentation Offload (UFO) code in the Linux kernel. A local attacker could use this to cause a denial of service or execute arbitrary code.\n\n**Vulnerability id:** CVE-2017-7541\nKernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.\n\n**Vulnerability id:** CVE-2017-11176\nThe mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use after free) which may lead to memory corruption or other unspecified other impact.\n\n**Vulnerability id:** CVE-2017-14106\nThe tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.\n\n", "edition": 1, "modified": "2017-09-04T00:00:00", "published": "2017-09-04T00:00:00", "id": "VZA-2017-075", "href": "https://help.virtuozzo.com/customer/portal/articles/2869791", "title": "Important kernel security update: CVE-2017-7542 and other; new kernel 2.6.32-042stab124.2 for Virtuozzo Containers for Linux 4.7, Server Bare Metal 5.0", "type": "virtuozzo", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:28:05", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7541", "CVE-2017-7542", "CVE-2017-11600"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-327.18.2.vz7.15.2 (Virtuozzo 7.0.0), 3.10.0-327.36.1.vz7.18.7 (Virtuozzo 7.0.1), and 3.10.0-327.36.1.vz7.20.18 (Virtuozzo 7.0.3).\n**Vulnerability id:** CVE-2017-11600\nA vulnerability was found in the handling of xfrm Netlink messages. A privileged user inside a container could cause a denial of service (kernel crash) by sending a crafted Netlink message with type XFRM_MSG_MIGRATE to the kernel.\n\n**Vulnerability id:** CVE-2017-7542\nInteger overflow vulnerability in ip6_find_1stfragopt() function was found. Local attacker that has privileges to open raw sockets can cause infinite loop inside ip6_find_1stfragopt() function.\n\n**Vulnerability id:** CVE-2017-7541\nKernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash.\n\n", "edition": 1, "modified": "2017-08-04T00:00:00", "published": "2017-08-04T00:00:00", "id": "VZA-2017-067", "href": "https://help.virtuozzo.com/customer/portal/articles/2853433", "title": "Kernel security update: CVE-2017-11600 and other; Virtuozzo ReadyKernel patch 27.2 for Virtuozzo 7.0.0, 7.0.1, and 7.0.3", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-11-05T11:28:03", "bulletinFamily": "unix", "cvelist": ["CVE-2017-7541", "CVE-2017-7542", "CVE-2017-11600"], "description": "The cumulative Virtuozzo ReadyKernel patch was updated with security and stability fixes. The patch applies to Virtuozzo kernels 3.10.0-514.16.1.vz7.30.10 (Virtuozzo 7.0.4) and 3.10.0-514.16.1.vz7.30.15 (Virtuozzo 7.0.4 HF3).\n**Vulnerability id:** CVE-2017-11600\nA vulnerability was found in the handling of xfrm Netlink messages. A privileged user inside a container could cause a denial of service (kernel crash) by sending a crafted Netlink message with type XFRM_MSG_MIGRATE to the kernel.\n\n**Vulnerability id:** CVE-2017-7542\nInteger overflow vulnerability in ip6_find_1stfragopt() function was found. Local attacker that has privileges to open raw sockets can cause infinite loop inside ip6_find_1stfragopt() function.\n\n**Vulnerability id:** CVE-2017-7541\nKernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash.\n\n", "edition": 1, "modified": "2017-08-04T00:00:00", "published": "2017-08-04T00:00:00", "id": "VZA-2017-068", "href": "https://help.virtuozzo.com/customer/portal/articles/2853434", "title": "Kernel security update: CVE-2017-11600 and other; Virtuozzo ReadyKernel patch 27.0 for Virtuozzo 7.0.4 and 7.0.4 HF3", "type": "virtuozzo", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2020-03-17T23:20:55", "description": "The ip6_find_1stfragopt function in net/ipv6/output_core.c in the\nLinux kernel through 4.12.3 allows local users to cause a denial of\nservice (integer overflow and infinite loop) by leveraging the ability\nto open a raw socket. (CVE-2017-7542)\n\nImpact\n\nThis vulnerability allowsdisruption of service.", "edition": 11, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-11-02T00:00:00", "title": "F5 Networks BIG-IP : Linux kernel vulnerability (K84024430)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7542"], "modified": "2018-11-02T00:00:00", "cpe": ["cpe:/a:f5:big-ip_global_traffic_manager", "cpe:/a:f5:big-ip_link_controller", "cpe:/a:f5:big-ip_advanced_firewall_manager", "cpe:/a:f5:big-ip_policy_enforcement_manager", "cpe:/a:f5:big-ip_application_security_manager", "cpe:/a:f5:big-ip_application_acceleration_manager", "cpe:/a:f5:big-ip_local_traffic_manager", "cpe:/h:f5:big-ip", "cpe:/a:f5:big-ip_application_visibility_and_reporting", "cpe:/a:f5:big-ip_webaccelerator", "cpe:/a:f5:big-ip_access_policy_manager"], "id": "F5_BIGIP_SOL84024430.NASL", "href": "https://www.tenable.com/plugins/nessus/118701", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from F5 Networks BIG-IP Solution K84024430.\n#\n# The text description of this plugin is (C) F5 Networks.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118701);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/09\");\n\n script_cve_id(\"CVE-2017-7542\");\n\n script_name(english:\"F5 Networks BIG-IP : Linux kernel vulnerability (K84024430)\");\n script_summary(english:\"Checks the BIG-IP version.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote device is missing a vendor-supplied security patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The ip6_find_1stfragopt function in net/ipv6/output_core.c in the\nLinux kernel through 4.12.3 allows local users to cause a denial of\nservice (integer overflow and infinite loop) by leveraging the ability\nto open a raw socket. (CVE-2017-7542)\n\nImpact\n\nThis vulnerability allowsdisruption of service.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://support.f5.com/csp/article/K84024430\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade to one of the non-vulnerable versions listed in the F5\nSolution K84024430.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_access_policy_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_advanced_firewall_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_acceleration_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_security_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_application_visibility_and_reporting\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_global_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_link_controller\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_local_traffic_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_policy_enforcement_manager\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:f5:big-ip_webaccelerator\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/h:f5:big-ip\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"F5 Networks Local Security Checks\");\n\n script_dependencies(\"f5_bigip_detect.nbin\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/BIG-IP/hotfix\", \"Host/BIG-IP/modules\", \"Host/BIG-IP/version\");\n\n exit(0);\n}\n\n\ninclude(\"f5_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nversion = get_kb_item(\"Host/BIG-IP/version\");\nif ( ! version ) audit(AUDIT_OS_NOT, \"F5 Networks BIG-IP\");\nif ( isnull(get_kb_item(\"Host/BIG-IP/hotfix\")) ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/hotfix\");\nif ( ! get_kb_item(\"Host/BIG-IP/modules\") ) audit(AUDIT_KB_MISSING, \"Host/BIG-IP/modules\");\n\nsol = \"K84024430\";\nvmatrix = make_array();\n\n# AFM\nvmatrix[\"AFM\"] = make_array();\nvmatrix[\"AFM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.5\");\nvmatrix[\"AFM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.0.8\",\"12.1.3.3\",\"11.6.3.1\",\"11.5.6\");\n\n# AM\nvmatrix[\"AM\"] = make_array();\nvmatrix[\"AM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.5\");\nvmatrix[\"AM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.0.8\",\"12.1.3.3\",\"11.6.3.1\",\"11.5.6\");\n\n# APM\nvmatrix[\"APM\"] = make_array();\nvmatrix[\"APM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.5\");\nvmatrix[\"APM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.0.8\",\"12.1.3.3\",\"11.6.3.1\",\"11.5.6\");\n\n# ASM\nvmatrix[\"ASM\"] = make_array();\nvmatrix[\"ASM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.5\");\nvmatrix[\"ASM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.0.8\",\"12.1.3.3\",\"11.6.3.1\",\"11.5.6\");\n\n# AVR\nvmatrix[\"AVR\"] = make_array();\nvmatrix[\"AVR\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.5\");\nvmatrix[\"AVR\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.0.8\",\"12.1.3.3\",\"11.6.3.1\",\"11.5.6\");\n\n# GTM\nvmatrix[\"GTM\"] = make_array();\nvmatrix[\"GTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.5\");\nvmatrix[\"GTM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.0.8\",\"12.1.3.3\",\"11.6.3.1\",\"11.5.6\");\n\n# LC\nvmatrix[\"LC\"] = make_array();\nvmatrix[\"LC\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.5\");\nvmatrix[\"LC\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.0.8\",\"12.1.3.3\",\"11.6.3.1\",\"11.5.6\");\n\n# LTM\nvmatrix[\"LTM\"] = make_array();\nvmatrix[\"LTM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.5\");\nvmatrix[\"LTM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.0.8\",\"12.1.3.3\",\"11.6.3.1\",\"11.5.6\");\n\n# PEM\nvmatrix[\"PEM\"] = make_array();\nvmatrix[\"PEM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.5\");\nvmatrix[\"PEM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.0.8\",\"12.1.3.3\",\"11.6.3.1\",\"11.5.6\");\n\n# WAM\nvmatrix[\"WAM\"] = make_array();\nvmatrix[\"WAM\"][\"affected\" ] = make_list(\"14.0.0\",\"13.0.0-13.1.0\",\"12.1.0-12.1.3\",\"11.6.0-11.6.3\",\"11.2.1-11.5.5\");\nvmatrix[\"WAM\"][\"unaffected\"] = make_list(\"14.1.0\",\"14.0.0.3\",\"13.1.0.8\",\"12.1.3.3\",\"11.6.3.1\",\"11.5.6\");\n\n\nif (bigip_is_affected(vmatrix:vmatrix, sol:sol))\n{\n if (report_verbosity > 0) security_warning(port:0, extra:bigip_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = bigip_get_tested_modules();\n audit_extra = \"For BIG-IP module(s) \" + tested + \",\";\n if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version);\n else audit(AUDIT_HOST_NOT, \"running any of the affected modules\");\n}\n", "cvss": {"score": 4.9, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2021-01-06T13:24:19", "description": "The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - ipv6: avoid overflow of offset in ip6_find_1stfragopt\n (Sabrina Dubroca) [Orabug: 27011255] (CVE-2017-7542)\n\n - udp: consistently apply ufo or fragmentation (Willem de\n Bruijn) [Orabug: 26921320] (CVE-2017-1000112)", "edition": 28, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-27T00:00:00", "title": "OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0163)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000112", "CVE-2017-7542"], "modified": "2017-10-27T00:00:00", "cpe": ["cpe:/o:oracle:vm_server:3.4", "p-cpe:/a:oracle:vm:kernel-uek", "p-cpe:/a:oracle:vm:kernel-uek-firmware"], "id": "ORACLEVM_OVMSA-2017-0163.NASL", "href": "https://www.tenable.com/plugins/nessus/104202", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from OracleVM\n# Security Advisory OVMSA-2017-0163.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104202);\n script_version(\"3.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2017-1000112\", \"CVE-2017-7542\");\n\n script_name(english:\"OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0163)\");\n script_summary(english:\"Checks the RPM output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote OracleVM host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote OracleVM system is missing necessary patches to address\ncritical security updates :\n\n - ipv6: avoid overflow of offset in ip6_find_1stfragopt\n (Sabrina Dubroca) [Orabug: 27011255] (CVE-2017-7542)\n\n - udp: consistently apply ufo or fragmentation (Willem de\n Bruijn) [Orabug: 26921320] (CVE-2017-1000112)\"\n );\n # https://oss.oracle.com/pipermail/oraclevm-errata/2017-October/000793.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8c32c1d7\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel-uek / kernel-uek-firmware packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:vm:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:vm_server:3.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"OracleVM Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleVM/release\", \"Host/OracleVM/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/OracleVM/release\");\nif (isnull(release) || \"OVS\" >!< release) audit(AUDIT_OS_NOT, \"OracleVM\");\nif (! preg(pattern:\"^OVS\" + \"3\\.4\" + \"(\\.[0-9]|$)\", string:release)) audit(AUDIT_OS_NOT, \"OracleVM 3.4\", \"OracleVM \" + release);\nif (!get_kb_item(\"Host/OracleVM/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"OracleVM\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-4.1.12-103.7.4.el6uek\")) flag++;\nif (rpm_check(release:\"OVS3.4\", reference:\"kernel-uek-firmware-4.1.12-103.7.4.el6uek\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel-uek / kernel-uek-firmware\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:52:02", "description": "Description of changes:\n\n[4.1.12-103.7.4.el7uek]\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina \nDubroca) [Orabug: 27011255] {CVE-2017-7542}\n- udp: consistently apply ufo or fragmentation (Willem de Bruijn) \n[Orabug: 26921320] {CVE-2017-1000112}", "edition": 29, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-26T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3631)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-1000112", "CVE-2017-7542"], "modified": "2017-10-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug"], "id": "ORACLELINUX_ELSA-2017-3631.NASL", "href": "https://www.tenable.com/plugins/nessus/104167", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3631.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104167);\n script_version(\"3.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-1000112\", \"CVE-2017-7542\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3631)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\n[4.1.12-103.7.4.el7uek]\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina \nDubroca) [Orabug: 27011255] {CVE-2017-7542}\n- udp: consistently apply ufo or fragmentation (Willem de Bruijn) \n[Orabug: 26921320] {CVE-2017-1000112}\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007302.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007303.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Linux Kernel UDP Fragmentation Offset (UFO) Privilege Escalation');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000112\", \"CVE-2017-7542\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2017-3631\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"4.1\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-103.7.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-103.7.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-103.7.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-103.7.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-103.7.4.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-103.7.4.el6uek\")) flag++;\n\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-4.1.12-103.7.4.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-4.1.12-103.7.4.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-4.1.12-103.7.4.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-4.1.12-103.7.4.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-4.1.12-103.7.4.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-4.1.12\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-4.1.12-103.7.4.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:13:14", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Integer overflow vulnerability in ip6_find_1stfragopt()\n function was found. Local attacker that has privileges\n to open raw sockets can cause infinite loop inside\n ip6_find_1stfragopt() function.\n\n - Kernel memory corruption due to a buffer overflow was\n found in brcmf_cfg80211_mgmt_tx() function in Linux\n kernels from v3.9-rc1 to v4.13-rc1. The vulnerability\n can be triggered by sending a crafted NL80211_CMD_FRAME\n packet via netlink. An unprivileged local user could\n use this flaw to induce kernel memory corruption on the\n system, leading to a crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 34, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-07T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-069)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7541", "CVE-2017-7542"], "modified": "2017-08-07T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:readykernel"], "id": "VIRTUOZZO_VZA-2017-069.NASL", "href": "https://www.tenable.com/plugins/nessus/102207", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102207);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-7541\",\n \"CVE-2017-7542\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-069)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - Integer overflow vulnerability in ip6_find_1stfragopt()\n function was found. Local attacker that has privileges\n to open raw sockets can cause infinite loop inside\n ip6_find_1stfragopt() function.\n\n - Kernel memory corruption due to a buffer overflow was\n found in brcmf_cfg80211_mgmt_tx() function in Linux\n kernels from v3.9-rc1 to v4.13-rc1. The vulnerability\n can be triggered by sending a crafted NL80211_CMD_FRAME\n packet via netlink. An unprivileged local user could\n use this flaw to induce kernel memory corruption on the\n system, leading to a crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2853435\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-33.22-27.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c7e59a3\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.26.1.vz7.33.22\",\n \"patch\",\"readykernel-patch-33.22-27.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-02-01T03:09:14", "description": "From Red Hat Security Advisory 2018:0169 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es) :\n\n* An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)\n\n* The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9074, Moderate)\n\n* A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system. (CVE-2017-11176, Moderate)\n\nBug Fix(es) :\n\n* Previously, the default timeout and retry settings in the VMBus driver were insufficient in some cases, for example when a Hyper-V host was under a significant load. Consequently, in Windows Server 2016, Hyper-V Server 2016, and Windows Azure Platform, when running a Red Hat Enterprise Linux Guest on the Hyper-V hypervisor, the guest failed to boot or booted with certain Hyper-V devices missing. This update alters the timeout and retry settings in VMBus, and Red Hat Enterprise Linux guests now boot as expected under the described conditions. (BZ#1506145)\n\n* Previously, an incorrect external declaration in the be2iscsi driver caused a kernel panic when using the systool utility. With this update, the external declaration in be2iscsi has been fixed, and the kernel no longer panics when using systool. (BZ#1507512)\n\n* Under high usage of the NFSD file system and memory pressure, if many tasks in the Linux kernel attempted to obtain the global spinlock to clean the Duplicate Reply Cache (DRC), these tasks stayed in an active wait in the nfsd_reply_cache_shrink() function for up to 99% of time. Consequently, a high load average occurred. This update fixes the bug by separating the DRC in several parts, each with an independent spinlock. As a result, the load and CPU utilization is no longer excessive under the described circumstances. (BZ#1509876)\n\n* When attempting to attach multiple SCSI devices simultaneously, Red Hat Enterprise Linux 6.9 on IBM z Systems sometimes became unresponsive. This update fixes the zfcp device driver, and attaching multiple SCSI devices simultaneously now works as expected in the described scenario. (BZ# 1512425)\n\n* On IBM z Systems, the tiqdio_call_inq_handlers() function in the Linux kernel incorrectly cleared the device state change indicator (DSCI) for the af_iucv devices using the HiperSockets transport with multiple input queues. Consequently, queue stalls on such devices occasionally occurred. With this update, tiqdio_call_inq_handlers() has been fixed to clear the DSCI only once, prior to scanning the queues. As a result, queue stalls for af_iucv devices using the HiperSockets transport no longer occur under the described circumstances. (BZ#1513314)\n\n* Previously, small data chunks caused the Stream Control Transmission Protocol (SCTP) to account the receiver_window (rwnd) values incorrectly when recovering from a 'zero-window situation'. As a consequence, window updates were not sent to the peer, and an artificial growth of rwnd could lead to packet drops. This update properly accounts such small data chunks and ignores the rwnd pressure values when reopening a window. As a result, window updates are now sent, and the announced rwnd reflects better the real state of the receive buffer. (BZ#1514443)\n\nThis plugin has been deprecated because Oracle has changed their mind and decided that ELSA-2018-0169 does not fix any security problems.", "edition": 2, "published": "2018-01-26T00:00:00", "title": "Oracle Linux 6 : kernel (ELSA-2018-0169) (deprecated)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-9074", "CVE-2017-7542"], "modified": "2018-01-31T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-debug", "p-cpe:/a:oracle:linux:kernel-devel", "p-cpe:/a:oracle:linux:kernel-doc", "p-cpe:/a:oracle:linux:perf", "p-cpe:/a:oracle:linux:kernel-debug-devel", "p-cpe:/a:oracle:linux:kernel-headers", "p-cpe:/a:oracle:linux:kernel-abi-whitelists", "p-cpe:/a:oracle:linux:kernel", "p-cpe:/a:oracle:linux:kernel-firmware", "p-cpe:/a:oracle:linux:python-perf"], "href": "https://www.tenable.com/plugins/index.php?view=single&id=106367", "id": "ORACLELINUX_ELSA-2018-0169.NASL", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2018:0169 and \n# Oracle Linux Security Advisory ELSA-2018-0169 respectively.\n#\n# @DEPRECATED@\n#\n# Disabled on 2018/01/31. There is no replacement.\n\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106367);\n script_version(\"$Revision: 3.2 $\");\n script_cvs_date(\"$Date: 2018/01/31 16:51:59 $\");\n\n script_cve_id(\"CVE-2017-11176\", \"CVE-2017-7542\", \"CVE-2017-9074\");\n script_xref(name:\"RHSA\", value:\"2018:0169\");\n\n script_name(english:\"Oracle Linux 6 : kernel (ELSA-2018-0169) (deprecated)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"This plugin has been deprecated.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2018:0169 :\n\nAn update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An integer overflow vulnerability in ip6_find_1stfragopt() function\nwas found. A local attacker that has privileges (of CAP_NET_RAW) to\nopen raw socket can cause an infinite loop inside the\nip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)\n\n* The IPv6 fragmentation implementation in the Linux kernel does not\nconsider that the nexthdr field may be associated with an invalid\noption, which allows local users to cause a denial of service\n(out-of-bounds read and BUG) or possibly have unspecified other impact\nvia crafted socket and send system calls. Due to the nature of the\nflaw, privilege escalation cannot be fully ruled out, although we\nbelieve it is unlikely. (CVE-2017-9074, Moderate)\n\n* A use-after-free flaw was found in the Netlink functionality of the\nLinux kernel networking subsystem. Due to the insufficient cleanup in\nthe mq_notify function, a local attacker could potentially use this\nflaw to escalate their privileges on the system. (CVE-2017-11176,\nModerate)\n\nBug Fix(es) :\n\n* Previously, the default timeout and retry settings in the VMBus\ndriver were insufficient in some cases, for example when a Hyper-V\nhost was under a significant load. Consequently, in Windows Server\n2016, Hyper-V Server 2016, and Windows Azure Platform, when running a\nRed Hat Enterprise Linux Guest on the Hyper-V hypervisor, the guest\nfailed to boot or booted with certain Hyper-V devices missing. This\nupdate alters the timeout and retry settings in VMBus, and Red Hat\nEnterprise Linux guests now boot as expected under the described\nconditions. (BZ#1506145)\n\n* Previously, an incorrect external declaration in the be2iscsi driver\ncaused a kernel panic when using the systool utility. With this\nupdate, the external declaration in be2iscsi has been fixed, and the\nkernel no longer panics when using systool. (BZ#1507512)\n\n* Under high usage of the NFSD file system and memory pressure, if\nmany tasks in the Linux kernel attempted to obtain the global spinlock\nto clean the Duplicate Reply Cache (DRC), these tasks stayed in an\nactive wait in the nfsd_reply_cache_shrink() function for up to 99% of\ntime. Consequently, a high load average occurred. This update fixes\nthe bug by separating the DRC in several parts, each with an\nindependent spinlock. As a result, the load and CPU utilization is no\nlonger excessive under the described circumstances. (BZ#1509876)\n\n* When attempting to attach multiple SCSI devices simultaneously, Red\nHat Enterprise Linux 6.9 on IBM z Systems sometimes became\nunresponsive. This update fixes the zfcp device driver, and attaching\nmultiple SCSI devices simultaneously now works as expected in the\ndescribed scenario. (BZ# 1512425)\n\n* On IBM z Systems, the tiqdio_call_inq_handlers() function in the\nLinux kernel incorrectly cleared the device state change indicator\n(DSCI) for the af_iucv devices using the HiperSockets transport with\nmultiple input queues. Consequently, queue stalls on such devices\noccasionally occurred. With this update, tiqdio_call_inq_handlers()\nhas been fixed to clear the DSCI only once, prior to scanning the\nqueues. As a result, queue stalls for af_iucv devices using the\nHiperSockets transport no longer occur under the described\ncircumstances. (BZ#1513314)\n\n* Previously, small data chunks caused the Stream Control Transmission\nProtocol (SCTP) to account the receiver_window (rwnd) values\nincorrectly when recovering from a 'zero-window situation'. As a\nconsequence, window updates were not sent to the peer, and an\nartificial growth of rwnd could lead to packet drops. This update\nproperly accounts such small data chunks and ignores the rwnd pressure\nvalues when reopening a window. As a result, window updates are now\nsent, and the announced rwnd reflects better the real state of the\nreceive buffer. (BZ#1514443)\n\nThis plugin has been deprecated because Oracle has changed their mind\nand decided that ELSA-2018-0169 does not fix any security problems.\" \n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2018-January/007509.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"n/a\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-abi-whitelists-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-abi-whitelists-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-debug-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-debug-devel-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-devel-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-devel-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-doc-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-doc-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-firmware-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-firmware-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-headers-2.6.32\") && rpm_check(release:\"EL6\", reference:\"kernel-headers-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"perf-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"EL6\", reference:\"python-perf-2.6.32-696.20.1.el6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-09-14T18:24:52", "description": "Security Fix(es) :\n\n - An integer overflow vulnerability in\n ip6_find_1stfragopt() function was found. A local\n attacker that has privileges (of CAP_NET_RAW) to open\n raw socket can cause an infinite loop inside the\n ip6_find_1stfragopt() function. (CVE-2017-7542,\n Moderate)\n\n - The IPv6 fragmentation implementation in the Linux\n kernel does not consider that the nexthdr field may be\n associated with an invalid option, which allows local\n users to cause a denial of service (out-of-bounds read\n and BUG) or possibly have unspecified other impact via\n crafted socket and send system calls. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out, although we believe it is unlikely. (CVE-2017-9074,\n Moderate)\n\n - A use-after-free flaw was found in the Netlink\n functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify\n function, a local attacker could potentially use this\n flaw to escalate their privileges on the system.\n (CVE-2017-11176, Moderate)\n\nBug Fix(es) :\n\n - Previously, the default timeout and retry settings in\n the VMBus driver were insufficient in some cases, for\n example when a Hyper-V host was under a significant\n load. Consequently, in Windows Server 2016, Hyper-V\n Server 2016, and Windows Azure Platform, when running a\n Scientific Linux Guest on the Hyper-V hypervisor, the\n guest failed to boot or booted with certain Hyper-V\n devices missing. This update alters the timeout and\n retry settings in VMBus, and Scientific Linux guests now\n boot as expected under the described conditions.\n\n - Previously, an incorrect external declaration in the\n be2iscsi driver caused a kernel panic when using the\n systool utility. With this update, the external\n declaration in be2iscsi has been fixed, and the kernel\n no longer panics when using systool.\n\n - Under high usage of the NFSD file system and memory\n pressure, if many tasks in the Linux kernel attempted to\n obtain the global spinlock to clean the Duplicate Reply\n Cache (DRC), these tasks stayed in an active wait in the\n nfsd_reply_cache_shrink() function for up to 99% of\n time. Consequently, a high load average occurred. This\n update fixes the bug by separating the DRC in several\n parts, each with an independent spinlock. As a result,\n the load and CPU utilization is no longer excessive\n under the described circumstances.\n\n - When attempting to attach multiple SCSI devices\n simultaneously, Scientific Linux 6.9 on IBM z Systems\n sometimes became unresponsive. This update fixes the\n zfcp device driver, and attaching multiple SCSI devices\n simultaneously now works as expected in the described\n scenario.\n\n - On IBM z Systems, the tiqdio_call_inq_handlers()\n function in the Linux kernel incorrectly cleared the\n device state change indicator (DSCI) for the af_iucv\n devices using the HiperSockets transport with multiple\n input queues. Consequently, queue stalls on such devices\n occasionally occurred. With this update,\n tiqdio_call_inq_handlers() has been fixed to clear the\n DSCI only once, prior to scanning the queues. As a\n result, queue stalls for af_iucv devices using the\n HiperSockets transport no longer occur under the\n described circumstances.\n\n - Previously, small data chunks caused the Stream Control\n Transmission Protocol (SCTP) to account the\n receiver_window (rwnd) values incorrectly when\n recovering from a 'zero-window situation'. As a\n consequence, window updates were not sent to the peer,\n and an artificial growth of rwnd could lead to packet\n drops. This update properly accounts such small data\n chunks and ignores the rwnd pressure values when\n reopening a window. As a result, window updates are now\n sent, and the announced rwnd reflects better the real\n state of the receive buffer.", "edition": 14, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-26T00:00:00", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180125)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-9074", "CVE-2017-7542"], "modified": "2018-01-26T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists", "p-cpe:/a:fermilab:scientific_linux:kernel", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo", "p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:perf-debuginfo", "p-cpe:/a:fermilab:scientific_linux:kernel-debug", "p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686", "p-cpe:/a:fermilab:scientific_linux:kernel-firmware", "p-cpe:/a:fermilab:scientific_linux:kernel-headers", "p-cpe:/a:fermilab:scientific_linux:python-perf", "p-cpe:/a:fermilab:scientific_linux:kernel-devel", "p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel", "x-cpe:/o:fermilab:scientific_linux", "p-cpe:/a:fermilab:scientific_linux:kernel-doc", "p-cpe:/a:fermilab:scientific_linux:perf"], "id": "SL_20180125_KERNEL_ON_SL6_X.NASL", "href": "https://www.tenable.com/plugins/nessus/106369", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106369);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2017-11176\", \"CVE-2017-7542\", \"CVE-2017-9074\");\n\n script_name(english:\"Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20180125)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Security Fix(es) :\n\n - An integer overflow vulnerability in\n ip6_find_1stfragopt() function was found. A local\n attacker that has privileges (of CAP_NET_RAW) to open\n raw socket can cause an infinite loop inside the\n ip6_find_1stfragopt() function. (CVE-2017-7542,\n Moderate)\n\n - The IPv6 fragmentation implementation in the Linux\n kernel does not consider that the nexthdr field may be\n associated with an invalid option, which allows local\n users to cause a denial of service (out-of-bounds read\n and BUG) or possibly have unspecified other impact via\n crafted socket and send system calls. Due to the nature\n of the flaw, privilege escalation cannot be fully ruled\n out, although we believe it is unlikely. (CVE-2017-9074,\n Moderate)\n\n - A use-after-free flaw was found in the Netlink\n functionality of the Linux kernel networking subsystem.\n Due to the insufficient cleanup in the mq_notify\n function, a local attacker could potentially use this\n flaw to escalate their privileges on the system.\n (CVE-2017-11176, Moderate)\n\nBug Fix(es) :\n\n - Previously, the default timeout and retry settings in\n the VMBus driver were insufficient in some cases, for\n example when a Hyper-V host was under a significant\n load. Consequently, in Windows Server 2016, Hyper-V\n Server 2016, and Windows Azure Platform, when running a\n Scientific Linux Guest on the Hyper-V hypervisor, the\n guest failed to boot or booted with certain Hyper-V\n devices missing. This update alters the timeout and\n retry settings in VMBus, and Scientific Linux guests now\n boot as expected under the described conditions.\n\n - Previously, an incorrect external declaration in the\n be2iscsi driver caused a kernel panic when using the\n systool utility. With this update, the external\n declaration in be2iscsi has been fixed, and the kernel\n no longer panics when using systool.\n\n - Under high usage of the NFSD file system and memory\n pressure, if many tasks in the Linux kernel attempted to\n obtain the global spinlock to clean the Duplicate Reply\n Cache (DRC), these tasks stayed in an active wait in the\n nfsd_reply_cache_shrink() function for up to 99% of\n time. Consequently, a high load average occurred. This\n update fixes the bug by separating the DRC in several\n parts, each with an independent spinlock. As a result,\n the load and CPU utilization is no longer excessive\n under the described circumstances.\n\n - When attempting to attach multiple SCSI devices\n simultaneously, Scientific Linux 6.9 on IBM z Systems\n sometimes became unresponsive. This update fixes the\n zfcp device driver, and attaching multiple SCSI devices\n simultaneously now works as expected in the described\n scenario.\n\n - On IBM z Systems, the tiqdio_call_inq_handlers()\n function in the Linux kernel incorrectly cleared the\n device state change indicator (DSCI) for the af_iucv\n devices using the HiperSockets transport with multiple\n input queues. Consequently, queue stalls on such devices\n occasionally occurred. With this update,\n tiqdio_call_inq_handlers() has been fixed to clear the\n DSCI only once, prior to scanning the queues. As a\n result, queue stalls for af_iucv devices using the\n HiperSockets transport no longer occur under the\n described circumstances.\n\n - Previously, small data chunks caused the Stream Control\n Transmission Protocol (SCTP) to account the\n receiver_window (rwnd) values incorrectly when\n recovering from a 'zero-window situation'. As a\n consequence, window updates were not sent to the peer,\n and an artificial growth of rwnd could lead to packet\n drops. This update properly accounts such small data\n chunks and ignores the rwnd pressure values when\n reopening a window. As a result, window updates are now\n sent, and the announced rwnd reflects better the real\n state of the receive buffer.\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1801&L=scientific-linux-errata&F=&S=&P=9818\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26a008af\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 6.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL6\", reference:\"kernel-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-abi-whitelists-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-debuginfo-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debug-devel-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-devel-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-doc-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-firmware-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"kernel-headers-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"perf-debuginfo-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-2.6.32-696.20.1.el6\")) flag++;\nif (rpm_check(release:\"SL6\", reference:\"python-perf-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T05:10:19", "description": "An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An integer overflow vulnerability in ip6_find_1stfragopt() function\nwas found. A local attacker that has privileges (of CAP_NET_RAW) to\nopen raw socket can cause an infinite loop inside the\nip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)\n\n* The IPv6 fragmentation implementation in the Linux kernel does not\nconsider that the nexthdr field may be associated with an invalid\noption, which allows local users to cause a denial of service\n(out-of-bounds read and BUG) or possibly have unspecified other impact\nvia crafted socket and send system calls. Due to the nature of the\nflaw, privilege escalation cannot be fully ruled out, although we\nbelieve it is unlikely. (CVE-2017-9074, Moderate)\n\n* A use-after-free flaw was found in the Netlink functionality of the\nLinux kernel networking subsystem. Due to the insufficient cleanup in\nthe mq_notify function, a local attacker could potentially use this\nflaw to escalate their privileges on the system. (CVE-2017-11176,\nModerate)\n\nBug Fix(es) :\n\n* Previously, the default timeout and retry settings in the VMBus\ndriver were insufficient in some cases, for example when a Hyper-V\nhost was under a significant load. Consequently, in Windows Server\n2016, Hyper-V Server 2016, and Windows Azure Platform, when running a\nRed Hat Enterprise Linux Guest on the Hyper-V hypervisor, the guest\nfailed to boot or booted with certain Hyper-V devices missing. This\nupdate alters the timeout and retry settings in VMBus, and Red Hat\nEnterprise Linux guests now boot as expected under the described\nconditions. (BZ#1506145)\n\n* Previously, an incorrect external declaration in the be2iscsi driver\ncaused a kernel panic when using the systool utility. With this\nupdate, the external declaration in be2iscsi has been fixed, and the\nkernel no longer panics when using systool. (BZ#1507512)\n\n* Under high usage of the NFSD file system and memory pressure, if\nmany tasks in the Linux kernel attempted to obtain the global spinlock\nto clean the Duplicate Reply Cache (DRC), these tasks stayed in an\nactive wait in the nfsd_reply_cache_shrink() function for up to 99% of\ntime. Consequently, a high load average occurred. This update fixes\nthe bug by separating the DRC in several parts, each with an\nindependent spinlock. As a result, the load and CPU utilization is no\nlonger excessive under the described circumstances. (BZ#1509876)\n\n* When attempting to attach multiple SCSI devices simultaneously, Red\nHat Enterprise Linux 6.9 on IBM z Systems sometimes became\nunresponsive. This update fixes the zfcp device driver, and attaching\nmultiple SCSI devices simultaneously now works as expected in the\ndescribed scenario. (BZ# 1512425)\n\n* On IBM z Systems, the tiqdio_call_inq_handlers() function in the\nLinux kernel incorrectly cleared the device state change indicator\n(DSCI) for the af_iucv devices using the HiperSockets transport with\nmultiple input queues. Consequently, queue stalls on such devices\noccasionally occurred. With this update, tiqdio_call_inq_handlers()\nhas been fixed to clear the DSCI only once, prior to scanning the\nqueues. As a result, queue stalls for af_iucv devices using the\nHiperSockets transport no longer occur under the described\ncircumstances. (BZ#1513314)\n\n* Previously, small data chunks caused the Stream Control Transmission\nProtocol (SCTP) to account the receiver_window (rwnd) values\nincorrectly when recovering from a 'zero-window situation'. As a\nconsequence, window updates were not sent to the peer, and an\nartificial growth of rwnd could lead to packet drops. This update\nproperly accounts such small data chunks and ignores the rwnd pressure\nvalues when reopening a window. As a result, window updates are now\nsent, and the announced rwnd reflects better the real state of the\nreceive buffer. (BZ#1514443)", "edition": 26, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2018-01-25T00:00:00", "title": "RHEL 6 : kernel (RHSA-2018:0169)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-9074", "CVE-2017-7542"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x", "p-cpe:/a:redhat:enterprise_linux:kernel-firmware", "p-cpe:/a:redhat:enterprise_linux:kernel-devel", "p-cpe:/a:redhat:enterprise_linux:kernel-debug", "p-cpe:/a:redhat:enterprise_linux:kernel-headers", "p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel", "p-cpe:/a:redhat:enterprise_linux:perf-debuginfo", "p-cpe:/a:redhat:enterprise_linux:kernel", "p-cpe:/a:redhat:enterprise_linux:python-perf", "cpe:/o:redhat:enterprise_linux:6", "p-cpe:/a:redhat:enterprise_linux:perf", "p-cpe:/a:redhat:enterprise_linux:kernel-doc", "p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686"], "id": "REDHAT-RHSA-2018-0169.NASL", "href": "https://www.tenable.com/plugins/nessus/106334", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0169. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(106334);\n script_version(\"1.12\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2017-11176\", \"CVE-2017-7542\", \"CVE-2017-9074\");\n script_xref(name:\"RHSA\", value:\"2018:0169\");\n\n script_name(english:\"RHEL 6 : kernel (RHSA-2018:0169)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for kernel is now available for Red Hat Enterprise Linux 6.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Important. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\nSecurity Fix(es) :\n\n* An integer overflow vulnerability in ip6_find_1stfragopt() function\nwas found. A local attacker that has privileges (of CAP_NET_RAW) to\nopen raw socket can cause an infinite loop inside the\nip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)\n\n* The IPv6 fragmentation implementation in the Linux kernel does not\nconsider that the nexthdr field may be associated with an invalid\noption, which allows local users to cause a denial of service\n(out-of-bounds read and BUG) or possibly have unspecified other impact\nvia crafted socket and send system calls. Due to the nature of the\nflaw, privilege escalation cannot be fully ruled out, although we\nbelieve it is unlikely. (CVE-2017-9074, Moderate)\n\n* A use-after-free flaw was found in the Netlink functionality of the\nLinux kernel networking subsystem. Due to the insufficient cleanup in\nthe mq_notify function, a local attacker could potentially use this\nflaw to escalate their privileges on the system. (CVE-2017-11176,\nModerate)\n\nBug Fix(es) :\n\n* Previously, the default timeout and retry settings in the VMBus\ndriver were insufficient in some cases, for example when a Hyper-V\nhost was under a significant load. Consequently, in Windows Server\n2016, Hyper-V Server 2016, and Windows Azure Platform, when running a\nRed Hat Enterprise Linux Guest on the Hyper-V hypervisor, the guest\nfailed to boot or booted with certain Hyper-V devices missing. This\nupdate alters the timeout and retry settings in VMBus, and Red Hat\nEnterprise Linux guests now boot as expected under the described\nconditions. (BZ#1506145)\n\n* Previously, an incorrect external declaration in the be2iscsi driver\ncaused a kernel panic when using the systool utility. With this\nupdate, the external declaration in be2iscsi has been fixed, and the\nkernel no longer panics when using systool. (BZ#1507512)\n\n* Under high usage of the NFSD file system and memory pressure, if\nmany tasks in the Linux kernel attempted to obtain the global spinlock\nto clean the Duplicate Reply Cache (DRC), these tasks stayed in an\nactive wait in the nfsd_reply_cache_shrink() function for up to 99% of\ntime. Consequently, a high load average occurred. This update fixes\nthe bug by separating the DRC in several parts, each with an\nindependent spinlock. As a result, the load and CPU utilization is no\nlonger excessive under the described circumstances. (BZ#1509876)\n\n* When attempting to attach multiple SCSI devices simultaneously, Red\nHat Enterprise Linux 6.9 on IBM z Systems sometimes became\nunresponsive. This update fixes the zfcp device driver, and attaching\nmultiple SCSI devices simultaneously now works as expected in the\ndescribed scenario. (BZ# 1512425)\n\n* On IBM z Systems, the tiqdio_call_inq_handlers() function in the\nLinux kernel incorrectly cleared the device state change indicator\n(DSCI) for the af_iucv devices using the HiperSockets transport with\nmultiple input queues. Consequently, queue stalls on such devices\noccasionally occurred. With this update, tiqdio_call_inq_handlers()\nhas been fixed to clear the DSCI only once, prior to scanning the\nqueues. As a result, queue stalls for af_iucv devices using the\nHiperSockets transport no longer occur under the described\ncircumstances. (BZ#1513314)\n\n* Previously, small data chunks caused the Stream Control Transmission\nProtocol (SCTP) to account the receiver_window (rwnd) values\nincorrectly when recovering from a 'zero-window situation'. As a\nconsequence, window updates were not sent to the peer, and an\nartificial growth of rwnd could lead to packet drops. This update\nproperly accounts such small data chunks and ignores the rwnd pressure\nvalues when reopening a window. As a result, window updates are now\nsent, and the announced rwnd reflects better the real state of the\nreceive buffer. (BZ#1514443)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0169\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-7542\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-9074\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2017-11176\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-abi-whitelists\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-i686\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-s390x\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-debuginfo-common-x86_64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-headers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:kernel-kdump-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python-perf-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:6\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/05/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^6([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 6.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-11176\", \"CVE-2017-7542\", \"CVE-2017-9074\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for RHSA-2018:0169\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0169\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-abi-whitelists-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debug-devel-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debug-devel-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debug-devel-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-debuginfo-common-i686-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-debuginfo-common-s390x-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-debuginfo-common-x86_64-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-devel-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-devel-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-devel-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-doc-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", reference:\"kernel-firmware-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"kernel-headers-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-headers-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"kernel-headers-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"kernel-kdump-devel-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"perf-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"perf-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"perf-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"i686\", reference:\"python-perf-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"s390x\", reference:\"python-perf-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n if (rpm_check(release:\"RHEL6\", cpu:\"x86_64\", reference:\"python-perf-debuginfo-2.6.32-696.20.1.el6\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel / kernel-abi-whitelists / kernel-debug / etc\");\n }\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:52:02", "description": "Description of changes:\n\nkernel-uek\n[3.8.13-118.19.10.el7uek]\n- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: \n26643556] {CVE-2017-11176}\n\n[3.8.13-118.19.9.el7uek]\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina \nDubroca) [Orabug: 27011273] {CVE-2017-7542}\n- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) \n[Orabug: 27002450] {CVE-2017-1000111}\n\n[3.8.13-118.19.8.el7uek]\n- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin \nGuay) [Orabug: 26883934] - xen/x86: Add interface for querying amount \nof host memory (Boris Ostrovsky) [Orabug: 26883934]", "edition": 27, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-10-26T00:00:00", "title": "Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3632)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-1000111", "CVE-2017-7542"], "modified": "2017-10-26T00:00:00", "cpe": ["cpe:/o:oracle:linux:6", "p-cpe:/a:oracle:linux:kernel-uek-firmware", "p-cpe:/a:oracle:linux:kernel-uek-doc", "p-cpe:/a:oracle:linux:kernel-uek", "p-cpe:/a:oracle:linux:kernel-uek-debug-devel", "p-cpe:/a:oracle:linux:kernel-uek-devel", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.10.el6uek", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:kernel-uek-debug", "p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.10.el7uek"], "id": "ORACLELINUX_ELSA-2017-3632.NASL", "href": "https://www.tenable.com/plugins/nessus/104168", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2017-3632.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104168);\n script_version(\"3.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2017-1000111\", \"CVE-2017-11176\", \"CVE-2017-7542\");\n\n script_name(english:\"Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3632)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Description of changes:\n\nkernel-uek\n[3.8.13-118.19.10.el7uek]\n- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: \n26643556] {CVE-2017-11176}\n\n[3.8.13-118.19.9.el7uek]\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina \nDubroca) [Orabug: 27011273] {CVE-2017-7542}\n- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) \n[Orabug: 27002450] {CVE-2017-1000111}\n\n[3.8.13-118.19.8.el7uek]\n- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin \nGuay) [Orabug: 26883934] - xen/x86: Add interface for querying amount \nof host memory (Boris Ostrovsky) [Orabug: 26883934]\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007304.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2017-October/007305.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected unbreakable enterprise kernel packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.10.el6uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:dtrace-modules-3.8.13-118.19.10.el7uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-debug-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:kernel-uek-firmware\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/10/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(6|7)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 6 / 7\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-1000111\", \"CVE-2017-11176\", \"CVE-2017-7542\"); \n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for ELSA-2017-3632\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nkernel_major_minor = get_kb_item(\"Host/uname/major_minor\");\nif (empty_or_null(kernel_major_minor)) exit(1, \"Unable to determine kernel major-minor level.\");\nexpected_kernel_major_minor = \"3.8\";\nif (kernel_major_minor != expected_kernel_major_minor)\n audit(AUDIT_OS_NOT, \"running kernel level \" + expected_kernel_major_minor + \", it is running kernel level \" + kernel_major_minor);\n\nflag = 0;\nif (rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.19.10.el6uek-0.4.5-3.el6\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.19.10.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.19.10.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.19.10.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.19.10.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.19.10.el6uek\")) flag++;\nif (rpm_exists(release:\"EL6\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL6\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.19.10.el6uek\")) flag++;\n\nif (rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"dtrace-modules-3.8.13-118.19.10.el7uek-0.4.5-3.el7\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-3.8.13-118.19.10.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-3.8.13-118.19.10.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-debug-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-debug-devel-3.8.13-118.19.10.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-devel-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-devel-3.8.13-118.19.10.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-doc-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-doc-3.8.13-118.19.10.el7uek\")) flag++;\nif (rpm_exists(release:\"EL7\", rpm:\"kernel-uek-firmware-3.8.13\") && rpm_check(release:\"EL7\", cpu:\"x86_64\", reference:\"kernel-uek-firmware-3.8.13-118.19.10.el7uek\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"affected kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-06T09:13:14", "description": "According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A vulnerability was found in the handling of xfrm\n Netlink messages. A privileged user inside a container\n could cause a denial of service (kernel crash) by\n sending a crafted Netlink message with type\n XFRM_MSG_MIGRATE to the kernel.\n\n - Integer overflow vulnerability in ip6_find_1stfragopt()\n function was found. Local attacker that has privileges\n to open raw sockets can cause infinite loop inside\n ip6_find_1stfragopt() function.\n\n - Kernel memory corruption due to a buffer overflow was\n found in brcmf_cfg80211_mgmt_tx() function in Linux\n kernels from v3.9-rc1 to v4.13-rc1. The vulnerability\n can be triggered by sending a crafted NL80211_CMD_FRAME\n packet via netlink. An unprivileged local user could\n use this flaw to induce kernel memory corruption on the\n system, leading to a crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 34, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-08-07T00:00:00", "title": "Virtuozzo 7 : readykernel-patch (VZA-2017-068)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-7541", "CVE-2017-7542", "CVE-2017-11600"], "modified": "2017-08-07T00:00:00", "cpe": ["cpe:/o:virtuozzo:virtuozzo:7", "p-cpe:/a:virtuozzo:virtuozzo:readykernel"], "id": "VIRTUOZZO_VZA-2017-068.NASL", "href": "https://www.tenable.com/plugins/nessus/102206", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(102206);\n script_version(\"3.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\n \"CVE-2017-11600\",\n \"CVE-2017-7541\",\n \"CVE-2017-7542\"\n );\n\n script_name(english:\"Virtuozzo 7 : readykernel-patch (VZA-2017-068)\");\n script_summary(english:\"Checks the readykernel output for the updated patch.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Virtuozzo host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the vzkernel package and the\nreadykernel-patch installed, the Virtuozzo installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A vulnerability was found in the handling of xfrm\n Netlink messages. A privileged user inside a container\n could cause a denial of service (kernel crash) by\n sending a crafted Netlink message with type\n XFRM_MSG_MIGRATE to the kernel.\n\n - Integer overflow vulnerability in ip6_find_1stfragopt()\n function was found. Local attacker that has privileges\n to open raw sockets can cause infinite loop inside\n ip6_find_1stfragopt() function.\n\n - Kernel memory corruption due to a buffer overflow was\n found in brcmf_cfg80211_mgmt_tx() function in Linux\n kernels from v3.9-rc1 to v4.13-rc1. The vulnerability\n can be triggered by sending a crafted NL80211_CMD_FRAME\n packet via netlink. An unprivileged local user could\n use this flaw to induce kernel memory corruption on the\n system, leading to a crash.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Virtuozzo security advisory.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://help.virtuozzo.com/customer/portal/articles/2853434\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.10-27.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?288bafa8\");\n # https://readykernel.com/patch/Virtuozzo-7/readykernel-patch-30.15-27.0-1.vl7/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?36119146\");\n script_set_attribute(attribute:\"solution\", value:\"Update the readykernel patch.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/08/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/08/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:virtuozzo:virtuozzo:readykernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:virtuozzo:virtuozzo:7\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Virtuozzo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Virtuozzo/release\", \"Host/Virtuozzo/rpm-list\", \"Host/readykernel-info\");\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"readykernel.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/Virtuozzo/release\");\nif (isnull(release) || \"Virtuozzo\" >!< release) audit(AUDIT_OS_NOT, \"Virtuozzo\");\nos_ver = pregmatch(pattern: \"Virtuozzo Linux release ([0-9]+\\.[0-9])(\\D|$)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Virtuozzo 7.x\", \"Virtuozzo \" + os_ver);\n\nif (!get_kb_item(\"Host/Virtuozzo/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Virtuozzo\", cpu);\n\nrk_info = get_kb_item(\"Host/readykernel-info\");\nif (empty_or_null(rk_info)) audit(AUDIT_UNKNOWN_APP_VER, \"Virtuozzo\");\n\nchecks = make_list2(\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.10\",\n \"patch\",\"readykernel-patch-30.10-27.0-1.vl7\"\n ),\n make_array(\n \"kernel\",\"vzkernel-3.10.0-514.16.1.vz7.30.15\",\n \"patch\",\"readykernel-patch-30.15-27.0-1.vl7\"\n )\n);\nreadykernel_execute_checks(checks:checks, severity:SECURITY_HOLE, release:\"Virtuozzo-7\");\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-12T10:15:54", "description": "The 4.11.12 update contains a number of important fixes across the\ntree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 18, "cvss3": {"score": 7.8, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2017-07-27T00:00:00", "title": "Fedora 25 : kernel (2017-39b5facda0)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11473", "CVE-2017-7541", "CVE-2017-7542"], "modified": "2017-07-27T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:kernel", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-39B5FACDA0.NASL", "href": "https://www.tenable.com/plugins/nessus/101992", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-39b5facda0.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(101992);\n script_version(\"3.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2017-11473\", \"CVE-2017-7541\", \"CVE-2017-7542\");\n script_xref(name:\"FEDORA\", value:\"2017-39b5facda0\");\n\n script_name(english:\"Fedora 25 : kernel (2017-39b5facda0)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The 4.11.12 update contains a number of important fixes across the\ntree.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-39b5facda0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected kernel package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:kernel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/07/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/07/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"linux_alt_patch_detect.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\ninclude(\"ksplice.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nif (get_one_kb_item(\"Host/ksplice/kernel-cves\"))\n{\n rm_kb_item(name:\"Host/uptrack-uname-r\");\n cve_list = make_list(\"CVE-2017-11473\", \"CVE-2017-7541\", \"CVE-2017-7542\");\n if (ksplice_cves_check(cve_list))\n {\n audit(AUDIT_PATCH_INSTALLED, \"KSplice hotfix for FEDORA-2017-39b5facda0\");\n }\n else\n {\n __rpm_report = ksplice_reporting_text();\n }\n}\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"kernel-4.11.12-200.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kernel\");\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2019-05-29T18:38:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000112", "CVE-2017-7542"], "description": "[4.1.12-103.7.4]\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011255] {CVE-2017-7542}\n- udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 26921320] {CVE-2017-1000112}", "edition": 5, "modified": "2017-10-24T00:00:00", "published": "2017-10-24T00:00:00", "id": "ELSA-2017-3631", "href": "http://linux.oracle.com/errata/ELSA-2017-3631.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:33", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000111", "CVE-2017-7542"], "description": "kernel-uek\n[3.8.13-118.19.10]\n- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643556] {CVE-2017-11176}\n[3.8.13-118.19.9]\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011273] {CVE-2017-7542}\n- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002450] {CVE-2017-1000111}\n[3.8.13-118.19.8]\n- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26883934] \n- xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26883934]", "edition": 5, "modified": "2017-10-24T00:00:00", "published": "2017-10-24T00:00:00", "id": "ELSA-2017-3632", "href": "http://linux.oracle.com/errata/ELSA-2017-3632.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:38:09", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000111", "CVE-2017-7542"], "description": "[2.6.39-400.297.11]\n- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643562] {CVE-2017-11176}\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011278] {CVE-2017-7542}\n- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002453] {CVE-2017-1000111}\n[2.6.39-400.297.10]\n- mlx4_core: calculate log_mtt based on total system memory (Wei Lin Guay) [Orabug: 26867355] \n- xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26867355]", "edition": 6, "modified": "2017-10-24T00:00:00", "published": "2017-10-24T00:00:00", "id": "ELSA-2017-3633", "href": "http://linux.oracle.com/errata/ELSA-2017-3633.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:37:04", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-9074", "CVE-2017-5715", "CVE-2017-7542"], "description": "[2.6.32-696.20.1.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-696.20.1]\n- [x86] kaiser/efi: unbreak tboot (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] pti/mm: Fix trampoline stack problem with XEN PV (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] pti/mm: Fix XEN PV boot failure (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Invoke TRACE_IRQS_IRETQ in paranoid_userspace_restore_all (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] spec_ctrl: show added cpuid flags in /proc/cpuinfo after late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- Revert 'x86/entry: Use retpoline for syscall's indirect calls' (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel %gs has been restored (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] revert: mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm: Set IBPB upon context switch (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [kvm] x86: clear registers on VM exit (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] [kvm] Pad RSB on VM transition (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [fs] udf: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [fs] prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [netdrv] p54: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [media] uvcvideo: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [x86] Add another set of MSR accessor functions (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add Kconfig (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: stack trampoline (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] Separate out entry text section (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n[2.6.32-696.19.1]\n- [scsi] bnx2fc: Fix hung task messages when a cleanup response is not received during abort (Chad Dupuis) [1523783 1504260]", "edition": 73, "modified": "2018-01-25T00:00:00", "published": "2018-01-25T00:00:00", "id": "ELSA-2018-0169", "href": "http://linux.oracle.com/errata/ELSA-2018-0169.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:12", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-5753", "CVE-2017-5754", "CVE-2017-9074", "CVE-2017-5715", "CVE-2017-7542"], "description": "[2.6.32-696.18.7.OL6]\n- Update genkey [bug 25599697]\n[2.6.32-696.18.7]\n- [x86] spec_ctrl: svm: spec_ctrl at vmexit needs per-cpu areas functional (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Eliminate redundnat FEATURE Not Present messages (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: enable IBRS and stuff_RSB before calling NMI C code (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: skip CAP_SYS_PTRACE check to skip audit (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: disable ibrs while in intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: skip IBRS/CR3 restore when paranoid exception returns to userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- Revert 'x86/entry: Use retpoline for syscall's indirect calls' (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm/dump_pagetables: Allow dumping current pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/dump_pagetables: Add a pgd argument to walk_pgd_level() (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/dump_pagetables: Add page table directory (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Remove unneeded nmi_userspace code (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Fix nmi exit code with CONFIG_TRACE_IRQFLAGS (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: init_tss is supposed to go in the PAGE_ALIGNED per-cpu section (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Clear kdump pgd page to prevent incorrect behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: consider the init_mm.pgd a kaiser pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: convert userland visible 'kpti' name to 'pti' (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n[2.6.32-696.18.6]\n- [x86] spec_ctrl: set IBRS during resume from RAM if ibrs_enabled is 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: __load_cr3 in resume from RAM after kernel %gs has been restored (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: Revert the __GFP_COMP flag change (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Fix paranoid_exit() trampoline clobber (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n[2.6.32-696.18.5]\n- [x86] spec_ctrl: allow use_ibp_disable only if both SPEC_CTRL and IBPB_SUPPORT are missing (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Documentation spec_ctrl.txt (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: remove irqs_disabled() check from intel_idle() (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use enum when setting ibrs/ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: undo speculation barrier for ibrs_enabled and noibrs_cmdline (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: introduce ibpb_enabled = 2 for IBPB instead of IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: introduce SPEC_CTRL_PCP_ONLY_IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: cleanup s/flush/sync/ naming when sending IPIs (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: set IBRS during CPU init if in ibrs_enabled == 2 (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use IBRS_ENABLED instead of 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: allow the IBP disable feature to be toggled at runtime (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: always initialize save_reg in ENABLE_IBRS_SAVE_AND_CLOBBER (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: ibrs_enabled() is expected to return > 1 (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: CLEAR_EXTRA_REGS and extra regs save/restore (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] syscall: Clear unused extra registers on syscall (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] entry: Add back STUFF_RSB to interrupt and error paths (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm/kaiser: make is_kaiser_pgd reliable (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] revert: mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: fix pgd freeing in error path (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Fix 32-bit program crash with 64-bit kernel on AMD boxes (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: reload spec_ctrl cpuid in all microcode load paths (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: Prevent unwanted speculation without IBRS (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: add noibrs noibpb boot options (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] entry: Use retpoline for syscall's indirect calls (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] syscall: Clear unused extra registers on 32-bit compatible syscall entrance (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: rescan cpuid after a late microcode update (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: add debugfs ibrs_enabled ibpb_enabled (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: consolidate the spec control boot detection (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] Remove __cpuinitdata from some data & function (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] KVM/spec_ctrl: allow IBRS to stay enabled in host userland (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: move stuff_RSB in spec_ctrl.h (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] entry: Remove STUFF_RSB in error and interrupt code (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] entry: Stuff RSB for entry to kernel for non-SMEP platform (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm: Only set IBPB when the new thread cannot ptrace (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] mm: Set IBPB upon context switch (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] idle: Disable IBRS when offlining cpu and re-enable (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] idle: Disable IBRS entering idle and enable it on wakeup (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: implement spec ctrl C methods (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: save IBRS MSR value in save_paranoid for NMI (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] enter: Use IBRS on syscall and interrupts (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: swap rdx with rsi for nmi nesting detection (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: spec_ctrl_pcp and kaiser_enabled_pcp in same cachline (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] spec_ctrl: use per-cpu knob instead of ALTERNATIVES for ibpb and ibrs (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] enter: MACROS to set/clear IBRS and set IBPB (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [kvm] x86: add SPEC_CTRL to MSR and CPUID lists (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [kvm] svm: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] svm: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [kvm] vmx: add MSR_IA32_SPEC_CTRL and MSR_IA32_PRED_CMD (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [kvm] vmx: Set IBPB when running a different VCPU (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [kvm] x86: clear registers on VM exit (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] [kvm] Pad RSB on VM transition (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [security] Add SPEC_CTRL Kconfig option (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] cpu/AMD: Control indirect branch predictor when SPEC_CTRL not available (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] feature: Report presence of IBPB and IBRS control (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] feature: Enable the x86 feature to control Speculation (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] cpuid: Provide get_scattered_cpuid_leaf() (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] cpuid: Cleanup cpuid_regs definitions (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] microcode: Share native MSR accessing variants (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] nop: Make the ASM_NOP* macros work from assembly (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] cpu: Clean up and unify the NOP selection infrastructure (Waiman Long) [1519797 1519796] {CVE-2017-5715}\n- [x86] entry: Further simplify the paranoid_exit code (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Remove trampoline check from paranoid entry path (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Don't switch to trampoline stack in paranoid_exit (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Simplify trampoline stack restore code (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [misc] locking/barriers: prevent speculative execution based on Coverity scan results (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [fs] udf: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [fs] prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [scsi] qla2xxx: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [netdrv] p54: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [netdrv] carl9170: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [media] uvcvideo: prevent speculative execution (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [x86] cpu/AMD: Remove now unused definition of MFENCE_RDTSC feature (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [x86] cpu/AMD: Make the LFENCE instruction serialized (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [kernel] locking/barriers: introduce new memory barrier gmb() (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [x86] Fix typo preventing msr_set/clear_bit from having an effect (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [x86] Add another set of MSR accessor functions (Waiman Long) [1519787 1519789] {CVE-2017-5753}\n- [x86] mm/kaiser: Replace kaiser with kpti to sync with upstream (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map the trace idt tables in userland shadow pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add 'kaiser' and 'nokaiser' boot options (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: fix RESTORE_CR3 crash in kaiser_stop_machine (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use stop_machine for enable/disable knob (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: use atomic ops to poison/unpoison user pagetables (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use invpcid to flush the two kaiser PCID AISD (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use two PCID ASIDs optimize the TLB during enter/exit kernel (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: stop patching flush_tlb_single (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: If INVPCID is available, use it to flush global mappings (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: use PCID feature to make user and kernel switches faster (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/64: Initialize CR4.PCIDE early (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: Add a 'noinvpcid' boot option to turn off INVPCID (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: Add the 'nopcid' boot option to turn off PCID (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: validate trampoline stack (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] entry: Move SYSENTER_stack to the beginning of struct tss_struct (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: isolate the user mapped per cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: selective boot time defaults (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser/xen: Dynamically disable KAISER when running under Xen PV (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add Kconfig (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: avoid false positives during non-kaiser pgd updates (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Respect disabled CPU features (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] kaiser/mm: trampoline stack comments (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: stack trampoline (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: re-enable vsyscalls (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow to build KAISER with KASRL (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow KAISER to be enabled/disabled at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: un-poison PGDs at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add a function to check for KAISER being enabled (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add debugfs file to turn KAISER on/off at runtime (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: disable native VSYSCALL (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map virtually-addressed performance monitoring buffers (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add kprobes text section (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map trace interrupt entry (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map entry stack per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: map dynamically-allocated LDTs (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: make sure static PGDs are 8k in size (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: allow NX poison to be set in p4d/pgd (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: unmap kernel from userspace page tables (core patch) (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: mark per-cpu data structures required for entry/exit (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: introduce user-mapped per-cpu areas (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: add cr3 switches to entry code (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: remove scratch registers (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: prepare assembly for entry/exit CR3 switching (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/kaiser: Disable global pages by default with KAISER (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: Document X86_CR4_PGE toggling behavior (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm/tlb: Make CR4-based TLB flushes more robust (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: Do not set _PAGE_USER for init_mm page tables (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] increase robusteness of bad_iret fixup handler (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] mm: Check if PUD is large when validating a kernel address (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [x86] Separate out entry text section (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [include] linux/const.h: Add _BITUL() and _BITULL() (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [include] linux/mmdebug.h: add VM_WARN_ON() and VM_WARN_ON_ONCE() (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n- [include] stddef.h: Move offsetofend() from vfio.h to a generic kernel header (Waiman Long) [1519799 1519802] {CVE-2017-5754}\n[2.6.32-696.18.1]\n- [s390] s390/qdio: clear DSCI prior to scanning multiple input queues (Hendrik Brueckner) [1513314 1467962]\n- [net] sctp: do not loose window information if in rwnd_over (Marcelo Leitner) [1514443 1492220]\n- [net] sctp: fix recovering from 0 win with small data chunks (Marcelo Leitner) [1514443 1492220]\n- [s390] zfcp: fix erp_action use-before-initialize in REC action trace (Hendrik Brueckner) [1512425 1497000]\n- [hv] vmbus: Fix error code returned by vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846]\n- [hv] vmbus: Increase the time between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846]\n- [hv] vmbus: Raise retry/wait limits in vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846]\n- [hv] vmbus: Reduce the delay between retries in vmbus_post_msg() (Vitaly Kuznetsov) [1506145 1491846]\n- [scsi] be2iscsi: fix bad extern declaration (Maurizio Lombardi) [1507512 1497152]\n- [kernel] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476122 1476124] {CVE-2017-11176}\n- [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Matteo Croce) [1477008 1477006] {CVE-2017-7542}\n- [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Matteo Croce) [1477008 1477006] {CVE-2017-7542}\n- [net] ipv6: Fix leak in ipv6_gso_segment() (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074}\n- [net] gre: fix a possible skb leak (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074}\n- [net] ipv6: xfrm: Handle errors reported by xfrm6_find_1stfragopt() (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074}\n- [net] ipv6: Check ip6_find_1stfragopt() return value properly (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074}\n- [net] ipv6: Prevent overrun when parsing v6 header options (Sabrina Dubroca) [1502417 1459951] {CVE-2017-9074}\n[2.6.32-696.17.1]\n- [fs] nfsd: reorder nfsd_cache_match to check more powerful discriminators first (Thiago Becker) [1509876 1435787]\n- [fs] nfsd: split DRC global spinlock into per-bucket locks (Thiago Becker) [1509876 1435787]\n- [fs] nfsd: convert num_drc_entries to an atomic_t (Thiago Becker) [1509876 1435787]\n- [fs] nfsd: remove the cache_hash list (Thiago Becker) [1509876 1435787]\n- [fs] nfsd: convert the lru list into a per-bucket thing (Thiago Becker) [1509876 1435787]\n- [fs] nfsd: clean up drc cache in preparation for global spinlock elimination (Thiago Becker) [1509876 1435787]", "edition": 73, "modified": "2018-01-04T00:00:00", "published": "2018-01-04T00:00:00", "id": "ELSA-2018-0008", "href": "http://linux.oracle.com/errata/ELSA-2018-0008.html", "title": "kernel security update", "type": "oraclelinux", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:36:28", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14489", "CVE-2017-7618", "CVE-2017-14106", "CVE-2017-10661", "CVE-2017-1000112", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-12154"], "description": "[4.1.12-103.9.2]\n- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Brian Maly) [Orabug: 27037811]\n[4.1.12-103.9.1]\n- xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013241] \n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988633] {CVE-2017-14489}\n- nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) [Orabug: 26999097] \n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27013220] {CVE-2017-7542}\n- udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 27013227] {CVE-2017-1000112}\n- drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943884]\n[4.1.12-103.8.1]\n- tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26923675] \n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899775] {CVE-2017-10661}\n- kvm: nVMX: Don't allow L2 to access the hardware CR8 (Jim Mattson) {CVE-2017-12154} {CVE-2017-12154}\n- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26880590] {CVE-2017-7541}\n- crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 26916575] {CVE-2017-7618}\n- ovl: use O_LARGEFILE in ovl_copy_up() (David Howells) [Orabug: 25953280] \n- rxrpc: Fix several cases where a padded len isn't checked in ticket decode (David Howells) [Orabug: 26880508] {CVE-2017-7482} {CVE-2017-7482}\n- tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26813385] {CVE-2017-14106}", "edition": 4, "modified": "2017-11-02T00:00:00", "published": "2017-11-02T00:00:00", "id": "ELSA-2017-3635", "href": "http://linux.oracle.com/errata/ELSA-2017-3635.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-04T17:29:18", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-7184", "CVE-2017-1000111", "CVE-2016-8399", "CVE-2017-14106", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-7558", "CVE-2017-7541", "CVE-2017-7542"], "description": "- [3.10.0-693.5.2.OL7]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-693.5.2]\n- [mm] page_cgroup: Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747]\n- Revert: [mm] Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747]\n[3.10.0-693.5.1]\n- [netdrv] i40e: point wb_desc at the nvm_wb_desc during i40e_read_nvm_aq (Stefan Assmann) [1491972 1484232]\n- [netdrv] i40e: avoid NVM acquire deadlock during NVM update (Stefan Assmann) [1491972 1484232]\n- [mm] Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747]\n- [fs] nfsv4: Ensure we don't re-test revoked and freed stateids (Dave Wysochanski) [1491969 1459733]\n- [netdrv] bonding: commit link status change after propose (Jarod Wilson) [1491121 1469790]\n- [mm] page_alloc: ratelimit PFNs busy info message (Jonathan Toppins) [1491120 1383179]\n- [netdrv] cxgb4: avoid crash on PCI error recovery path (Gustavo Duarte) [1489872 1456990]\n- [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1489814 1468727]\n- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488341 1487061] {CVE-2017-14106}\n- [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488341 1487061] {CVE-2017-14106}\n- [net] sctp: Avoid out-of-bounds reads from address storage (Stefano Brivio) [1484356 1484355] {CVE-2017-7558}\n- [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481530 1481535] {CVE-2017-1000112}\n- [net] udp: account for current skb length when deciding about UFO (Davide Caratti) [1481530 1481535] {CVE-2017-1000112}\n- [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481530 1481535] {CVE-2017-1000112}\n- [net] udp: avoid ufo handling on IP payload compression packets (Stefano Brivio) [1490263 1464161]\n- [pci] hv: Use vPCI protocol version 1.2 (Vitaly Kuznetsov) [1478256 1459202]\n- [pci] hv: Add vPCI version protocol negotiation (Vitaly Kuznetsov) [1478256 1459202]\n- [pci] hv: Use page allocation for hbus structure (Vitaly Kuznetsov) [1478256 1459202]\n- [pci] hv: Fix comment formatting and use proper integer fields (Vitaly Kuznetsov) [1478256 1459202]\n- [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Stefano Brivio) [1477007 1477010] {CVE-2017-7542}\n- [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [1477007 1477010] {CVE-2017-7542}\n- [net] xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Hannes Frederic Sowa) [1435672 1435670] {CVE-2017-7184}\n- [net] xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Hannes Frederic Sowa) [1435672 1435670] {CVE-2017-7184}\n- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1489788 1489789] {CVE-2017-1000251}\n[3.10.0-693.4.1]\n- [fs] nfsv4: Add missing nfs_put_lock_context() (Benjamin Coddington) [1487271 1476826]\n- [fs] nfs: discard nfs_lockowner structure (Benjamin Coddington) [1487271 1476826]\n- [fs] nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (Benjamin Coddington) [1487271 1476826]\n- [fs] nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (Benjamin Coddington) [1487271 1476826]\n- [fs] nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (Benjamin Coddington) [1487271 1476826]\n- [fs] nfsv4: add flock_owner to open context (Benjamin Coddington) [1487271 1476826]\n- [fs] nfs: remove l_pid field from nfs_lockowner (Benjamin Coddington) [1487271 1476826]\n- [x86] platform/uv/bau: Disable BAU on single hub configurations (Frank Ramsay) [1487159 1487160 1472455 1473353]\n- [x86] platform/uv/bau: Fix congested_response_us not taking effect (Frank Ramsay) [1487159 1472455]\n- [fs] cifs: Disable encryption capability for RHEL 7.4 kernel (Sachin Prabhu) [1485445 1485445]\n- [fs] sunrpc: Handle EADDRNOTAVAIL on connection failures (Dave Wysochanski) [1484269 1479043]\n- [fs] include/linux/printk.h: include pr_fmt in pr_debug_ratelimited (Sachin Prabhu) [1484267 1472823]\n- [fs] printk: pr_debug_ratelimited: check state first to reduce 'callbacks suppressed' messages (Sachin Prabhu) [1484267 1472823]\n- [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481938 1481940] {CVE-2017-1000111}\n- [fs] proc: revert /proc/\n/maps [stack:TID] annotation (Waiman Long) [1481724 1448534]\n- [net] ping: check minimum size on ICMP header length (Matteo Croce) [1481578 1481573] {CVE-2016-8399}\n- [ipc] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476128 1476126] {CVE-2017-11176}\n- [netdrv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474778 1474784] {CVE-2017-7541}\n[3.10.0-693.3.1]\n- [block] blk-mq-tag: fix wakeup hang after tag resize (Ming Lei) [1487281 1472434]", "edition": 6, "modified": "2017-10-19T00:00:00", "published": "2017-10-19T00:00:00", "id": "ELSA-2017-2930", "href": "http://linux.oracle.com/errata/ELSA-2017-2930.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2020-12-30T19:23:05", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-7184", "CVE-2017-1000111", "CVE-2016-8399", "CVE-2017-14106", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-7558", "CVE-2017-7541", "CVE-2017-7542"], "description": "- [3.10.0-693.5.2.0.1.el7.OL7]\n- [ipc] ipc/sem.c: bugfix for semctl(,,GETZCNT) (Manfred Spraul) [orabug 22552377]\n- Oracle Linux certificates (Alexey Petrenko)\n- Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko@oracle.com)\n- Update x509.genkey [bug 24817676]\n[3.10.0-693.5.2.el7]\n- [mm] page_cgroup: Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747]\n- Revert: [mm] Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747]\n[3.10.0-693.5.1.el7]\n- [netdrv] i40e: point wb_desc at the nvm_wb_desc during i40e_read_nvm_aq (Stefan Assmann) [1491972 1484232]\n- [netdrv] i40e: avoid NVM acquire deadlock during NVM update (Stefan Assmann) [1491972 1484232]\n- [mm] Fix Kernel bug during boot with memory cgroups enabled (Larry Woodman) [1491970 1483747]\n- [fs] nfsv4: Ensure we don't re-test revoked and freed stateids (Dave Wysochanski) [1491969 1459733]\n- [netdrv] bonding: commit link status change after propose (Jarod Wilson) [1491121 1469790]\n- [mm] page_alloc: ratelimit PFNs busy info message (Jonathan Toppins) [1491120 1383179]\n- [netdrv] cxgb4: avoid crash on PCI error recovery path (Gustavo Duarte) [1489872 1456990]\n- [scsi] Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan Milne) [1489814 1468727]\n- [net] tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Davide Caratti) [1488341 1487061] {CVE-2017-14106}\n- [net] tcp: fix 0 divide in __tcp_select_window() (Davide Caratti) [1488341 1487061] {CVE-2017-14106}\n- [net] sctp: Avoid out-of-bounds reads from address storage (Stefano Brivio) [1484356 1484355] {CVE-2017-7558}\n- [net] udp: consistently apply ufo or fragmentation (Davide Caratti) [1481530 1481535] {CVE-2017-1000112}\n- [net] udp: account for current skb length when deciding about UFO (Davide Caratti) [1481530 1481535] {CVE-2017-1000112}\n- [net] ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (Davide Caratti) [1481530 1481535] {CVE-2017-1000112}\n- [net] udp: avoid ufo handling on IP payload compression packets (Stefano Brivio) [1490263 1464161]\n- [pci] hv: Use vPCI protocol version 1.2 (Vitaly Kuznetsov) [1478256 1459202]\n- [pci] hv: Add vPCI version protocol negotiation (Vitaly Kuznetsov) [1478256 1459202]\n- [pci] hv: Use page allocation for hbus structure (Vitaly Kuznetsov) [1478256 1459202]\n- [pci] hv: Fix comment formatting and use proper integer fields (Vitaly Kuznetsov) [1478256 1459202]\n- [net] ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt() (Stefano Brivio) [1477007 1477010] {CVE-2017-7542}\n- [net] ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [1477007 1477010] {CVE-2017-7542}\n- [net] xfrm_user: validate XFRM_MSG_NEWAE incoming ESN size harder (Hannes Frederic Sowa) [1435672 1435670] {CVE-2017-7184}\n- [net] xfrm_user: validate XFRM_MSG_NEWAE XFRMA_REPLAY_ESN_VAL replay_window (Hannes Frederic Sowa) [1435672 1435670] {CVE-2017-7184}\n- [net] l2cap: prevent stack overflow on incoming bluetooth packet (Neil Horman) [1489788 1489789] {CVE-2017-1000251}\n[3.10.0-693.4.1.el7]\n- [fs] nfsv4: Add missing nfs_put_lock_context() (Benjamin Coddington) [1487271 1476826]\n- [fs] nfs: discard nfs_lockowner structure (Benjamin Coddington) [1487271 1476826]\n- [fs] nfsv4: enhance nfs4_copy_lock_stateid to use a flock stateid if there is one (Benjamin Coddington) [1487271 1476826]\n- [fs] nfsv4: change nfs4_select_rw_stateid to take a lock_context inplace of lock_owner (Benjamin Coddington) [1487271 1476826]\n- [fs] nfsv4: change nfs4_do_setattr to take an open_context instead of a nfs4_state (Benjamin Coddington) [1487271 1476826]\n- [fs] nfsv4: add flock_owner to open context (Benjamin Coddington) [1487271 1476826]\n- [fs] nfs: remove l_pid field from nfs_lockowner (Benjamin Coddington) [1487271 1476826]\n- [x86] platform/uv/bau: Disable BAU on single hub configurations (Frank Ramsay) [1487159 1487160 1472455 1473353]\n- [x86] platform/uv/bau: Fix congested_response_us not taking effect (Frank Ramsay) [1487159 1472455]\n- [fs] cifs: Disable encryption capability for RHEL 7.4 kernel (Sachin Prabhu) [1485445 1485445]\n- [fs] sunrpc: Handle EADDRNOTAVAIL on connection failures (Dave Wysochanski) [1484269 1479043]\n- [fs] include/linux/printk.h: include pr_fmt in pr_debug_ratelimited (Sachin Prabhu) [1484267 1472823]\n- [fs] printk: pr_debug_ratelimited: check state first to reduce 'callbacks suppressed' messages (Sachin Prabhu) [1484267 1472823]\n- [net] packet: fix tp_reserve race in packet_set_ring (Stefano Brivio) [1481938 1481940] {CVE-2017-1000111}\n- [fs] proc: revert /proc/\n/maps [stack:TID] annotation (Waiman Long) [1481724 1448534]\n- [net] ping: check minimum size on ICMP header length (Matteo Croce) [1481578 1481573] {CVE-2016-8399}\n- [ipc] mqueue: fix a use-after-free in sys_mq_notify() (Davide Caratti) [1476128 1476126] {CVE-2017-11176}\n- [netdrv] brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Stanislaw Gruszka) [1474778 1474784] {CVE-2017-7541}\n[3.10.0-693.3.1.el7]\n- [block] blk-mq-tag: fix wakeup hang after tag resize (Ming Lei) [1487281 1472434]", "edition": 7, "modified": "2017-10-20T00:00:00", "published": "2017-10-20T00:00:00", "id": "ELSA-2017-2930-1", "href": "http://linux.oracle.com/errata/ELSA-2017-2930-1.html", "title": "kernel security and bug fix update", "type": "oraclelinux", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:35:01", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9191", "CVE-2017-14489", "CVE-2017-7618", "CVE-2017-15649", "CVE-2017-14106", "CVE-2017-16527", "CVE-2017-10661", "CVE-2017-1000112", "CVE-2017-12192", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-16650", "CVE-2016-10318", "CVE-2017-7542", "CVE-2017-2618", "CVE-2017-12154", "CVE-2017-1000405", "CVE-2017-12190"], "description": "[4.1.12-112.14.1]\n- ext4: fix off-by-one on max nr_pages in ext4_find_unwritten_pgoff() (Eryu Guan) [Orabug: 27233471]\n[4.1.12-112.13.1]\n- cgroup: make sure a parent css isnt offlined before its children (Tejun Heo) [Orabug: 27179269]\n[4.1.12-112.12.1]\n- ctf: allow dwarf2ctf to run as root but produce no output (Nick Alcock) [Orabug: 27133094] \n- net: qmi_wwan: fix divide by 0 on bad descriptors (Bjorn Mork) [Orabug: 27215221] {CVE-2017-16650}\n- ctf: fix thinko preventing linking of out-of-tree modules when CTF is off (Nick Alcock) [Orabug: 27215293] \n- Revert 'firmware: dmi_scan: add SBMIOS entry and DMI tables' (Dan Duval) [Orabug: 27100376]\n[4.1.12-112.11.1]\n- mm, thp: Do not make page table dirty unconditionally in follow_trans_huge_pmd() (Kirill A. Shutemov) [Orabug: 27200880] {CVE-2017-1000405}\n- uek-rpm: Update linux firmware package for OL7 (Dhaval Giani) [Orabug: 27210206] \n- uek-rpm: Update firmware for OL6 UEK spec file (Dhaval Giani) [Orabug: 27210204] \n- scsi: Add STARGET_CREATED_REMOVE state to scsi_target_state (Ewan D. Milne) [Orabug: 27187218] \n- xen/time: do not decrease steal time after live migration on xen (Dongli Zhang) [Orabug: 26770163] \n- ALSA: usb-audio: Kill stray URB at exiting (Takashi Iwai) [Orabug: 27148272] {CVE-2017-16527}\n- scsi: qla2xxx: Fix NULL pointer access due to redundant fc_host_port_name call (Quinn Tran) [Orabug: 27149785] \n- scsi: qla2xxx: Initialize Work element before requesting IRQs (Himanshu Madhani) [Orabug: 27149785] \n- scsi: qla2xxx: Fix uninitialized work element (Quinn Tran) [Orabug: 27149785]\n[4.1.12-112.10.1]\n- Revert 'Improves clear_huge_page() using work queues' (Jack Vogel) [Orabug: 27055693] \n- packet: in packet_do_bind, test fanout with bind_lock held (Willem de Bruijn) [Orabug: 27069060] {CVE-2017-15649}\n- packet: hold bind lock when rebinding to fanout hook (Willem de Bruijn) [Orabug: 27069060] {CVE-2017-15649}\n- net: convert packet_fanout.sk_ref from atomic_t to refcount_t (Reshetova, Elena) [Orabug: 27069060] {CVE-2017-15649}\n- packet: fix races in fanout_add() (Eric Dumazet) [Orabug: 27069060] {CVE-2017-15649}\n- refcount_t: Introduce a special purpose refcount type (Peter Zijlstra) [Orabug: 27069060] {CVE-2017-15649}\n- locking/atomics: Add _{acquire|release|relaxed}() variants of some atomic operations (Will Deacon) [Orabug: 27069060] {CVE-2017-15649}\n- scsi: qla2xxx: Fix slow mem alloc behind lock (Quinn Tran) [Orabug: 27100873]\n[4.1.12-112.9.1]\n- xfs: Fix off-by-in in loop termination in xfs_find_get_desired_pgoff() (Jan Kara) [Orabug: 26862911] \n- xfs: Fix missed holes in SEEK_HOLE implementation (Jan Kara) [Orabug: 26862911] \n- ext4: fix off-by-in in loop termination in ext4_find_unwritten_pgoff() (Jan Kara) [Orabug: 26862911] \n- ext4: fix SEEK_HOLE (Jan Kara) [Orabug: 26862911] \n- rtc: cmos: century support (Sylvain Chouleur) [Orabug: 27025943] \n- ocfs2: code clean up for direct io (Ryan Ding) [Orabug: 27117733] \n- scsi: Dont abort scsi_scan due to unexpected response (John Sobecki) [Orabug: 27119610] \n- ocfs2: fstrim: Fix start offset of first cluster group during fstrim (Ashish Samant) [Orabug: 26326914]\n[4.1.12-112.8.1]\n- uek-rpm: disable CONFIG_NUMA_BALANCING_DEFAULT_ENABLED (Fred Herard) [Orabug: 26798697] \n- uek-rpm: Add more missing modules to OL7 ueknano (Somasundaram Krishnasamy) [Orabug: 27028326] \n- fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069034] {CVE-2017-12190}\n- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069034] {CVE-2017-12190}\n- usb: Quiet down false peer failure messages (Don Zickus) [Orabug: 26669801] \n- ovl: during copy up, switch to mounters creds early (Vivek Goyal) [Orabug: 27052885] \n- ovl: lookup: do getxattr with mounters permission (Miklos Szeredi) [Orabug: 27052885] \n- ovl: get rid of the dead code left from broken (and disabled) optimizations (Al Viro) [Orabug: 27052885] \n- selinux: Implement dentry_create_files_as() hook (Vivek Goyal) [Orabug: 27052885] \n- security, overlayfs: Provide hook to correctly label newly created files (Vivek Goyal) [Orabug: 27052885] \n- selinux: Pass security pointer to determine_inode_label() (Vivek Goyal) [Orabug: 27052885] \n- selinux: Implementation for inode_copy_up_xattr() hook (Vivek Goyal) [Orabug: 27052885] \n- security,overlayfs: Provide security hook for copy up of xattrs for overlay file (Vivek Goyal) [Orabug: 27052885] \n- selinux: Implementation for inode_copy_up() hook (Vivek Goyal) [Orabug: 27052885] \n- security, overlayfs: provide copy up security hook for unioned files (Vivek Goyal) [Orabug: 27052885] \n- selinux: delay inode label lookup as long as possible (Paul Moore) [Orabug: 27052885] \n- selinux: Add accessor functions for inode->i_security (Andreas Gruenbacher) [Orabug: 27052885] \n- selinux: Create a common helper to determine an inode label [ver #3] (David Howells) [Orabug: 27052885] \n- KVM: nVMX: Fix loss of L2s NMI blocking state (Wanpeng Li) [Orabug: 27056291] \n- KVM: nVMX: track NMI blocking state separately for each VMCS (Paolo Bonzini) [Orabug: 27056291] \n- KVM: VMX: require virtual NMI support (Paolo Bonzini) [Orabug: 27056291] \n- KVM: nVMX: Fix the NMI IDT-vectoring handling (Wanpeng Li) [Orabug: 27056291] \n- netlink: allow to listen 'all' netns (Nicolas Dichtel) [Orabug: 27077793] \n- netlink: rename private flags and states (Nicolas Dichtel) [Orabug: 27077793] \n- netns: use a spin_lock to protect nsid management (Nicolas Dichtel) [Orabug: 27077793] \n- netns: notify new nsid outside __peernet2id() (Nicolas Dichtel) [Orabug: 27077793] \n- netns: rename peernet2id() to peernet2id_alloc() (Nicolas Dichtel) [Orabug: 27077793] \n- netns: always provide the id to rtnl_net_fill() (Nicolas Dichtel) [Orabug: 27077793] \n- netns: returns always an id in __peernet2id() (Nicolas Dichtel) [Orabug: 27077793] \n- uek-rpm: add update-el-x86; fix-up ol6/update-el (Chuck Anderson) [Orabug: 26844981] \n- xscore: add dma address check (Zhu Yanjun) [Orabug: 26994454] \n- qla2xxx: Update driver version to 9.00.00.00.40.0-k (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix delayed response to command for loop mode/direct connect. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Use IOCB interface to submit non-critical MBX. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Add async new target notification (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Allow relogin to proceed if remote login did not finish (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix sess_lock & hardware_lock lock order problem. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix inadequate lock protection for ABTS. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix request queue corruption. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix memory leak for abts processing (Quinn Tran) [Orabug: 26844197] \n- scsi: qla2xxx: Fix ql_dump_buffer (Joe Perches) [Orabug: 26844197] \n- scsi: qla2xxx: Fix response queue count for Target mode. (Michael Hernandez) [Orabug: 26844197] \n- scsi: qla2xxx: Cleaned up queue configuration code. (Michael Hernandez) [Orabug: 26844197] \n- qla2xxx: Fix a warning reported by the 'smatch' static checker (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Simplify usage of SRB structure in driver (Bart Van Assche) [Orabug: 26844197] \n- qla2xxx: Simplify usage of SRB structure in driver (Joe Carnuccio) [Orabug: 26844197] \n- qla2xxx: Improve RSCN handling in driver (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Add framework for async fabric discovery (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Track I-T nexus as single fc_port struct (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: introduce a private sess_kref (Christoph Hellwig) [Orabug: 26844197] \n- qla2xxx: Use d_id instead of s_id for more clarity (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix wrong argument in sp done callback (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Remove SRR code (Himanshu Madhani) [Orabug: 26844197] \n- qla2xxx: Cleanup TMF code translation from qla_target (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Disable out-of-order processing by default in firmware (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix erroneous invalid handle message (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Reduce exess wait during chip reset (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Terminate exchange if corrupted (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Fix crash due to null pointer access (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Collect additional information to debug fw dump (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Reset reserved field in firmware options to 0 (Himanshu Madhani) [Orabug: 26844197] \n- qla2xxx: Include ATIO queue in firmware dump when in target mode (Himanshu Madhani) [Orabug: 26844197] \n- qla2xxx: Fix wrong IOCB type assumption (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Add DebugFS node for target sess list. (Quinn Tran) [Orabug: 26844197] \n- tcm_qla2xxx: Convert to target_alloc_session usage (Nicholas Bellinger) [Orabug: 26844197] \n- qla2xxx: Use ATIO type to send correct tmr response (Swapnil Nagle) [Orabug: 26844197] \n- qla2xxx: Fix TMR ABORT interaction issue between qla2xxx and TCM (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Move atioq to a different lock to reduce lock contention (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Remove dependency on hardware_lock to reduce lock contention. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Replace QLA_TGT_STATE_ABORTED with a bit. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Wait for all conflicts before acking PLOGI (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: Delete session if initiator is gone from FW (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: Added interface to send explicit LOGO. (Himanshu Madhani) [Orabug: 26844197] \n- qla2xxx: Add FW resource count in DebugFS. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Enable Target counters in DebugFS. (Himanshu Madhani) [Orabug: 26844197] \n- qla2xxx: terminate exchange when command is aborted by LIO (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: drop cmds/tmrs arrived while session is being deleted (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: disable scsi_transport_fc registration in target mode (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: added sess generations to detect RSCN update races (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: Abort stale cmds on qla_tgt_wq when plogi arrives (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: delay plogi/prli ack until existing sessions are deleted (Alexei Potashnik) [Orabug: 26844197] \n- qla2xxx: cleanup cmd in qla workqueue before processing TMR (Swapnil Nagle) [Orabug: 26844197] \n- qla2xxx: Add flush after updating ATIOQ consumer index. (Quinn Tran) [Orabug: 26844197] \n- qla2xxx: Enable target mode for ISP27XX (Himanshu Madhani) [Orabug: 26844197]\n[4.1.12-112.7.1]\n- x86/platform/uv: Fix kdump for UV (Kirtikar Kashyap) [Orabug: 27031280] \n- firmware: dmi_scan: add SBMIOS entry and DMI tables (Ivan Khoronzhuk) [Orabug: 27045425] \n- KEYS: prevent KEYCTL_READ on negative key (Eric Biggers) [Orabug: 27050237] {CVE-2017-12192}\n- NFS: Add static NFS I/O tracepoints (Chuck Lever) \n- Hang/soft lockup in d_invalidate with simultaneous calls (Al Viro) [Orabug: 27052680] \n- scsi: mpt3sas: Bump mpt3sas driver version to v16.100.00.00 (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Adding support for SAS3616 HBA device (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Fix possibility of using invalid Enclosure Handle for SAS device after host reset (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Display chassis slot information of the drive (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Updated MPI headers to v2.00.48 (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Fix IO error occurs on pulling out a drive from RAID1 volume created on two SATA drive (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Fix removal and addition of vSES device during host reset (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Reduce memory footprint in kdump kernel (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Fixed memory leaks in driver (Sreekanth Reddy) [Orabug: 26894579] \n- scsi: mpt3sas: Processing of Cable Exception events (Sreekanth Reddy) [Orabug: 26894579] \n- storvsc: dont assume SG list is contiguous (Aruna Ramakrishna) [Orabug: 27044703] \n- sysctl: Drop reference added by grab_header in proc_sys_readdir (Zhou Chengming) [Orabug: 27036905] {CVE-2016-9191} {CVE-2016-9191} {CVE-2016-9191}\n- uek-rpm: Update kernel-ueknanos provides list. (Somasundaram Krishnasamy) [Orabug: 27022769] \n- uek-rpm: Add more modules to ueknano for OL7 (Somasundaram Krishnasamy) [Orabug: 27015961] \n- selinux: fix off-by-one in setprocattr (Stephen Smalley) [Orabug: 27001687] {CVE-2017-2618} {CVE-2017-2618} {CVE-2017-2618}\n- dtrace: Add CTF archive to the UEK nano package (Tomas Jedlicka) [Orabug: 27039123] \n- Revert 'drivers/char/mem.c: deny access in open operation when securelevel is set' (Dhaval Giani) [Orabug: 27037801] \n- thp: run vma_adjust_trans_huge() outside i_mmap_rwsem (Kirill A. Shutemov) [Orabug: 26763484]\n[4.1.12-112.6.1]\n- ocfs2: fix posix_acl_create deadlock (Junxiao Bi) [Orabug: 26808507] \n- rds: Proper init/exit declaration for module init/exit function (Ka-Cheong Poon) [Orabug: 26937730] \n- rds: Remove .exit from struct rds_transport (Ka-Cheong Poon) [Orabug: 26937730] \n- smartpqi: update driver version (Don Brace) [Orabug: 26882397] \n- smartpqi: cleanup raid map warning message (Kevin Barnett) [Orabug: 26882397] \n- smartpqi: update controller ids (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: remove the smp_handler stub (Christoph Hellwig) [Orabug: 26882397] \n- scsi: smartpqi: change driver version to 1.1.2-125 (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: add in new controller ids (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: update kexec and power down support (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: cleanup doorbell register usage. (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: update pqi passthru ioctl (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: enhance BMIC cache flush (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: add pqi reset quiesce support (Kevin Barnett) [Orabug: 26882397] \n- scsi: smartpqi: make pdev pointer names consistent (Kevin Barnett) [Orabug: 26882397] \n- udp: consistently apply ufo or fragmentation (Willem de Bruijn) [Orabug: 26921314] {CVE-2017-1000112}\n- be2net: fix TSO6/GSO issue causing TX-stall on Lancer/BEx (Suresh Reddy) [Orabug: 26928620] \n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011248] {CVE-2017-7542}\n- xfs: use dedicated log worker wq to avoid deadlock with cil wq (Brian Foster) [Orabug: 27013239] \n- nvme: honor RTD3 Entry Latency for shutdowns (Martin K. Petersen) [Orabug: 26929569]\n[4.1.12-112.5.1]\n- uek-rpm: Build kernel ueknano rpm for OL7 (Somasundaram Krishnasamy) [Orabug: 26803594] \n- uek/config: enable NVME SG_IO support by default (Shan Hai) [Orabug: 26981802] \n- nvme: report the scsi TUR state correctly (Shan Hai) [Orabug: 26981802] \n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesnt parse nlmsg properly (Xin Long) [Orabug: 26988631] {CVE-2017-14489}\n- CVE-2016-10318 missing authorization check fscrypt_process_policy (Jack Vogel) [Orabug: 26989776] \n- ovl: fix get_acl() on tmpfs (Miklos Szeredi) [Orabug: 26975443]\n[4.1.12-112.2.1]\n- ixgbe: Initialize 64-bit stats seqcounts (Florian Fainelli) [Orabug: 26785078] \n- ixgbe: Disable flow control for XFI (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: Do not support flow control autonegotiation for X553 (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: Update NW_MNG_IF_SEL support for X553 (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: Enable LASI interrupts for X552 devices (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: Ensure MAC filter was added before setting MACVLAN (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: pci_set_drvdata must be called before register_netdev (Jeff Mahoney) [Orabug: 26785078] \n- ixgbe: Resolve cppcheck format string warning (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: fix writes to PFQDE (Emil Tantilov) [Orabug: 26785078] \n- ixgbevf: Bump version number (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: Bump version number (Tony Nguyen) [Orabug: 26785078] \n- ixgbe: check for Tx timestamp timeouts during watchdog (Jacob Keller) [Orabug: 26785078] \n- ixgbe: add statistic indicating number of skipped Tx timestamps (Jacob Keller) [Orabug: 26785078] \n- ixgbe: avoid permanent lock of *_PTP_TX_IN_PROGRESS (Jacob Keller) [Orabug: 26785078] \n- ixgbe: fix race condition with PTP_TX_IN_PROGRESS bits (Jacob Keller) [Orabug: 26785078] \n- net: better skb->sender_cpu and skb->napi_id cohabitation (Eric Dumazet) [Orabug: 26953388] [Orabug: 26591689] \n- uek-rpm: Clean up installed directories when uninstalling kernel-ueknano (Somasundaram Krishnasamy) [Orabug: 26929773] \n- uek-rpm: Add missing ko modules to nano rpm (Somasundaram Krishnasamy) [Orabug: 26929773] \n- i40e: point wb_desc at the nvm_wb_desc during i40e_read_nvm_aq (Jacob Keller) [Orabug: 26785018] \n- i40e: avoid NVM acquire deadlock during NVM update (Anjali Singhai Jain) [Orabug: 26785018] \n- i40e/i40evf: avoid dynamic ITR updates when polling or low packet rate (Jacob Keller) [Orabug: 26785018] \n- i40e/i40evf: remove ULTRA latency mode (Jacob Keller) [Orabug: 26785018] \n- i40e: invert logic for checking incorrect cpu vs irq affinity (Jacob Keller) [Orabug: 26785018] \n- i40e: initialize our affinity_mask based on cpu_possible_mask (Jacob Keller) [Orabug: 26785018] \n- i40e: move enabling icr0 into i40e_update_enable_itr (Jacob Keller) [Orabug: 26785018] \n- i40e: remove workaround for resetting XPS (Jacob Keller) [Orabug: 26785018] \n- i40e: Fix for unused value issue found by static analysis (Carolyn Wyborny) [Orabug: 26785018] \n- i40e: 25G FEC status improvements (Mariusz Stachura) [Orabug: 26785018] \n- i40e: force VMDQ device name truncation (Jacob Keller) [Orabug: 26785018] \n- i40evf: fix possible snprintf truncation of q_vector->name (Jacob Keller) [Orabug: 26785018] \n- i40e: Use correct flag to enable egress traffic for unicast promisc (Akeem G Abodunrin) [Orabug: 26785018] \n- i40e: prevent snprintf format specifier truncation (Jacob Keller) [Orabug: 26785018] \n- i40e: Store the requested FEC information (Mariusz Stachura) [Orabug: 26785018] \n- i40e: Update state variable for adminq subtask (Sudheer Mogilappagari) [Orabug: 26785018] \n- i40e: synchronize nvmupdate command and adminq subtask (Sudheer Mogilappagari) [Orabug: 26785018] \n- i40e: prevent changing ITR if adaptive-rx/tx enabled (Alan Brady) [Orabug: 26785018] \n- i40evf: use netdev variable in reset task (Alan Brady) [Orabug: 26785018] \n- i40e: move check for avoiding VID=0 filters into i40e_vsi_add_vlan (Jacob Keller) [Orabug: 26785018] \n- i40e/i40evf: use cmpxchg64 when updating private flags in ethtool (Jacob Keller) [Orabug: 26785018] \n- i40e: Detect ATR HW Evict NVM issue and disable the feature (Anjali Singhai Jain) [Orabug: 26785018] \n- i40e: Fix a bug with VMDq RSS queue allocation (Anjali Singhai Jain) [Orabug: 26785018] \n- i40evf: prevent VF close returning before state transitions to DOWN (Sudheer Mogilappagari) [Orabug: 26785018] \n- i40e: Initialize 64-bit statistics TX ring seqcount (Florian Fainelli) [Orabug: 26785018] \n- i40e: handle setting administratively set MAC address back to zero (Stefan Assmann) [Orabug: 26785018] \n- i40evf: remove unnecessary __packed (Tushar Dave) [Orabug: 26785018] \n- i40evf: add some missing includes (Jesse Brandeburg) [Orabug: 26785018] \n- i40e: display correct UDP tunnel type name (Jacob Keller) [Orabug: 26785018] \n- i40e/i40evf: remove mismatched type warnings (Jesse Brandeburg) [Orabug: 26785018] \n- i40e/i40evf: make IPv6 ATR code clearer (Jesse Brandeburg) [Orabug: 26785018] \n- i40e: fix odd formatting and indent (Jesse Brandeburg) [Orabug: 26785018] \n- i40e: fix up 32 bit timespec references (Jesse Brandeburg) [Orabug: 26785018] \n- i40e: Handle admin Q timeout when releasing NVM (Paul M Stillwell Jr) [Orabug: 26785018] \n- i40e: remove WQ_UNBOUND and the task limit of our workqueue (Jacob Keller) [Orabug: 26785018] \n- i40e: Fix for trace found with S4 state (Carolyn Wyborny) [Orabug: 26785018] \n- i40e: fix incorrect variable assignment (Gustavo A R Silva) [Orabug: 26785018] \n- i40e: dont hold RTNL lock for the entire reset (Jacob Keller) [Orabug: 26785018] \n- i40e: clear only cause_ena bit (Shannon Nelson) [Orabug: 26785018] \n- i40e: fix disabling overflow promiscuous mode (Alan Brady) [Orabug: 26785018] \n- i40e: Add support for OEM firmware version (Filip Sadowski) [Orabug: 26785018] \n- i40e: genericize the partition bandwidth control (Shannon Nelson) [Orabug: 26785018] \n- i40e: Add message for unsupported MFP mode (Carolyn Wyborny) [Orabug: 26785018] \n- i40e: Support firmware CEE DCB UP to TC map re-definition (Greg Bowers) [Orabug: 26785018] \n- i40e: Fix potential out of bound array access (Sudheer Mogilappagari) [Orabug: 26785018] \n- i40e: comment that udp_port must be in host byte order (Jacob Keller) [Orabug: 26785018] \n- i40e: use dev_dbg instead of dev_info when warning about missing routine (Jacob Keller) [Orabug: 26785018] \n- i40e/i40evf: update WOL and I40E_AQC_ADDR_VALID_MASK flags (Alice Michael) [Orabug: 26785018] \n- i40evf: assign num_active_queues inside i40evf_alloc_queues (Jacob Keller) [Orabug: 26785018] \n- i40e: Fix a sleep-in-atomic bug (Jia-Ju Bai) [Orabug: 26785018] \n- i40e: fix handling of HW ATR eviction (Jacob Keller) [Orabug: 26785018] \n- i40evf: update i40evf.txt with new content (Jesse Brandeburg) [Orabug: 26785018] \n- i40evf: Add support for Adaptive Virtual Function (Preethi Banala) [Orabug: 26785018] \n- i40evf: drop i40e_type.h include (Jesse Brandeburg) [Orabug: 26785018] \n- i40e: Check for memory allocation failure (Christophe Jaillet) [Orabug: 26785018] \n- i40e: check for Tx timestamp timeouts during watchdog (Jacob Keller) [Orabug: 26785018] \n- i40e: use pf data structure directly in i40e_ptp_rx_hang (Jacob Keller) [Orabug: 26785018] \n- i40e: add statistic indicating number of skipped Tx timestamps (Jacob Keller) [Orabug: 26785018] \n- i40e: avoid permanent lock of *_PTP_TX_IN_PROGRESS (Jacob Keller) [Orabug: 26785018] \n- i40e: fix race condition with PTP_TX_IN_PROGRESS bits (Jacob Keller) [Orabug: 26785018] \n- i40evf: disable unused flags (Jesse Brandeburg) [Orabug: 26785018] \n- i40evf: fix merge error in older patch (Jesse Brandeburg) [Orabug: 26785018] \n- i40evf: fix duplicate lines (Jesse Brandeburg) [Orabug: 26785018] \n- i40evf: hide unused variable (Arnd Bergmann) [Orabug: 26785018] \n- i40evf: allocate queues before we setup the interrupts and q_vectors (Jacob Keller) [Orabug: 26785018] \n- i40evf: remove I40E_FLAG_FDIR_ATR_ENABLED (Jacob Keller) [Orabug: 26785018] \n- i40e: remove hw_disabled_flags in favor of using separate flag bits (Jacob Keller) [Orabug: 26785018] \n- i40evf: remove needless min_t() on num_online_cpus()*2 (Jacob Keller) [Orabug: 26785018] \n- i40e: remove unnecessary msleep() delay in i40e_free_vfs (Jacob Keller) [Orabug: 26785018] \n- i40e: amortize wait time when disabling lots of VFs (Jacob Keller) [Orabug: 26785018] \n- i40e: Reprogram port offloads after reset (Alexander Duyck) [Orabug: 26785018] \n- i40e: rename index to port to avoid confusion (Jacob Keller) [Orabug: 26785018] \n- i40e: make use of i40e_reset_all_vfs when initializing new VFs (Jacob Keller) [Orabug: 26785018] \n- i40e: properly spell I40E_VF_STATE_* flags (Jacob Keller) [Orabug: 26785018] \n- i40e: use i40e_stop_rings_no_wait to implement PORT_SUSPENDED state (Jacob Keller) [Orabug: 26785018] \n- i40e: reset all VFs in parallel when rebuilding PF (Jacob Keller) [Orabug: 26785018] \n- i40e: split some code in i40e_reset_vf into helpers (Jacob Keller) [Orabug: 26785018] \n- i40e: remove I40E_FLAG_IN_NETPOLL entirely (Jacob Keller) [Orabug: 26785018] \n- i40e: reduce wait time for adminq command completion (Jacob Keller) [Orabug: 26785018] \n- i40e: fix CONFIG_BUSY checks in i40e_set_settings function (Jacob Keller) [Orabug: 26785018] \n- i40e: factor out queue control from i40e_vsi_control_(tx|rx) (Jacob Keller) [Orabug: 26785018] \n- i40e: dont hold RTNL lock while waiting for VF reset to finish (Jacob Keller) [Orabug: 26785018] \n- i40e: new AQ commands (Jingjing Wu) [Orabug: 26785018] \n- i40e/i40evf: Add tracepoints (Scott Peterson) [Orabug: 26785018] \n- i40evf: add client interface (Mitch Williams) [Orabug: 26785018] \n- i40e: dump VF information in debugfs (Mitch Williams) [Orabug: 26785018] \n- i40e: Fix support for flow director programming status (Alexander Duyck) [Orabug: 26785018] \n- i40e/i40evf: Remove VF Rx csum offload for tunneled packets (alice michael) [Orabug: 26785018] \n- i40evf: Use net_device_stats from struct net_device (Tobias Klauser) [Orabug: 26785018] \n- i40e: clean up historic deprecated flag definitions (Jacob Keller) [Orabug: 26785018] \n- i40e: remove I40E_FLAG_NEED_LINK_UPDATE (Alice Michael) [Orabug: 26785018] \n- i40e: remove extraneous loop in i40e_vsi_wait_queues_disabled (Jacob Keller) [Orabug: 26785018] \n- i40e: Simplify i40e_detect_recover_hung_queue logic (Alan Brady) [Orabug: 26785018] \n- i40e: Decrease the scope of rtnl lock (Maciej Sosin) [Orabug: 26785018] \n- i40e: Swap use of pf->flags and pf->hw_disabled_flags for ATR Eviction (Alexander Duyck) [Orabug: 26785018] \n- i40e: update error message when trying to add invalid filters (Jacob Keller) [Orabug: 26785018] \n- i40e: only register client on iWarp-capable devices (Mitch Williams) [Orabug: 26785018] \n- i40e: close client on remove and shutdown (Mitch Williams) [Orabug: 26785018] \n- i40e: register existing client on probe (Mitch Williams) [Orabug: 26785018] \n- i40e: remove client instance on driver unload (Mitch Williams) [Orabug: 26785018] \n- i40e: fix for queue timing delays (Wyborny, Carolyn) [Orabug: 26785018] \n- i40e/i40evf: Change the way we limit the maximum frame size for Rx (Alexander Duyck) [Orabug: 26785018] \n- i40e/i40evf: Add legacy-rx private flag to allow fallback to old Rx flow (Alexander Duyck) [Orabug: 26785018] \n- i40e/i40evf: Pull code for grabbing and syncing rx_buffer from fetch_buffer (Alexander Duyck) [Orabug: 26785018] \n- i40e/i40evf: Use length to determine if descriptor is done (Alexander Duyck) [Orabug: 26785018] \n- drivers/char/mem.c: deny access in open operation when securelevel is set (Ethan Zhao) [Orabug: 26943864]\n[4.1.12-112.1.0]\n- x86/mm/64: Enable SWIOTLB if system has SRAT memory regions above MAX_DMA32_PFN (Igor Mammedov) [Orabug: 26754302] \n- x86/mm: Introduce max_possible_pfn (Igor Mammedov) [Orabug: 26754302] \n- dtrace lockstat provider probes (Alan Maguire) [Orabug: 26149674] [Orabug: 26149956] \n- rds: RDS diagnostics when connections are stuck in Receiver Not Ready state. (hui.han) \n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26673877] {CVE-2017-10661}\n- brcmfmac: fix possible buffer overflow in brcmf_cfg80211_mgmt_tx() (Tim Tianyang Chen) [Orabug: 26540118] {CVE-2017-7541}\n- crypto: ahash - Fix EINPROGRESS notification callback (Herbert Xu) [Orabug: 25882988] {CVE-2017-7618}\n- xen/mmu: Call xen_cleanhighmap() with 4MB aligned for page tables mapping (Zhenzhong Duan) [Orabug: 26883325] \n- selftests/memfd: add memfd_create hugetlbfs selftest (Mike Kravetz) [Orabug: 26768367] \n- mm/shmem: add hugetlbfs support to memfd_create() (Mike Kravetz) [Orabug: 26768367] \n- mm: shm: use new hugetlb size encoding definitions (Mike Kravetz) [Orabug: 26768367] \n- mm: arch: consolidate mmap hugetlb size encodings (Mike Kravetz) [Orabug: 26768367] \n- uapi/Kbuild: add new header file hugetlb_encode.h (Mike Kravetz) [Orabug: 26768367] \n- mm: hugetlb: define system call hugetlb size encodings in single file (Mike Kravetz) [Orabug: 26768367] \n- RDS: IB: Change the proxy qps path_mtu to IB_MTU_256 (Avinash Repaka) [Orabug: 26864694] \n- devpts: clean up interface to pty drivers (Linus Torvalds) [Orabug: 26743034] \n- tcp: fix tcp_mark_head_lost to check skb len before fragmenting (Neal Cardwell) [Orabug: 26646104] \n- kvm: nVMX: Dont allow L2 to access the hardware CR8 (Jim Mattson) {CVE-2017-12154} {CVE-2017-12154}\n- dtrace: ensure SDT stub function returns 0 (Kris Van Hees) [Orabug: 26909775] \n- tcp: initialize rcv_mss to TCP_MIN_MSS instead of 0 (Wei Wang) [Orabug: 26796038] {CVE-2017-14106}\n- xfrm: fix stack access out of bounds with CONFIG_XFRM_SUB_POLICY (Sabrina Dubroca) [Orabug: 25959303] \n- rxrpc: Fix several cases where a padded len isnt checked in ticket decode (David Howells) [Orabug: 26376434] {CVE-2017-7482} {CVE-2017-7482}\n- xen: dont print error message in case of missing Xenstore entry (Juergen Gross) [Orabug: 26841566] \n- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26526968] \n- xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26526923] \n- rds: Fix non-atomic operation on shared flag variable (Hakon Bugge) [Orabug: 26842076] \n- rds: Fix incorrect statistics counting (Hakon Bugge) [Orabug: 26847583] \n- i40e: use cpumask_copy instead of direct assignment (Jacob Keller) [Orabug: 26822609] \n- mm: thp: set THP defrag by default to madvise and add a stall-free defrag option (Mel Gorman) [Orabug: 26587019] \n- crypto: testmgr - Set struct aead_testvec iv member size to MAX_IVLEN (Somasundaram Krishnasamy) [Orabug: 25925256] \n- SPEC: remove ctf.ko from ueknano modules list (Nick Alcock) [Orabug: 25815362] \n- SPEC: generate CTF when DTrace is enabled. (Nick Alcock) [Orabug: 25815362] \n- SPEC: bump libdtrace-ctf requirement to 0.7+. (Nick Alcock) [Orabug: 25815362] \n- Documentation: add watermark_scale_factor to the list of vm systcl file (Jerome Marchand) [Orabug: 26643957] \n- mm: scale kswapd watermarks in proportion to memory (Johannes Weiner) [Orabug: 26643957] \n- ctf: delete the deduplication blacklist (Nick Alcock) [Orabug: 26765112] \n- ctf: automate away the deduplication blacklist (Nick Alcock) [Orabug: 26765112] \n- ctf: drop CONFIG_DT_DISABLE_CTF, ctf.ko, and all that it implies (Nick Alcock) [Orabug: 25815362] \n- ctf: do not allow dwarf2ctf to run as root (Nick Alcock) [Orabug: 25815362] \n- ctf: decouple CTF building from the kernel build (Nick Alcock) [Orabug: 25815362] \n- ctf: handle the bit_offset in members with a DW_FORM_block data_member_location (Nick Alcock) [Orabug: 26387109] \n- ctf: handle DW_AT_specification (Nick Alcock) [Orabug: 26386100]", "edition": 72, "modified": "2017-12-13T00:00:00", "published": "2017-12-13T00:00:00", "id": "ELSA-2017-3659", "href": "http://linux.oracle.com/errata/ELSA-2017-3659.html", "title": "Unbreakable Enterprise kernel security and bugfix update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-06-04T17:28:47", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9604", "CVE-2017-11176", "CVE-2016-7097", "CVE-2017-1000380", "CVE-2017-1000111", "CVE-2017-14489", "CVE-2017-7889", "CVE-2017-7645", "CVE-2017-9242", "CVE-2016-10200", "CVE-2017-8831", "CVE-2017-2671", "CVE-2017-11473", "CVE-2017-9075", "CVE-2017-10661", "CVE-2016-9685", "CVE-2017-1000251", "CVE-2017-12134", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-1000365", "CVE-2016-10044", "CVE-2017-12190"], "description": "kernel-uek\n[3.8.13-118.20.1]\n- tty: Fix race in pty_write() leading to NULL deref (Todd Vierling) [Orabug: 25392692] \n- ocfs2/dlm: ignore cleaning the migration mle that is inuse (xuejiufei) [Orabug: 26479780] \n- KEYS: fix dereferencing NULL payload with nonzero length (Eric Biggers) [Orabug: 26592025] \n- oracleasm: Copy the integrity descriptor (Martin K. Petersen) [Orabug: 26649818] \n- mm: Tighten x86 /dev/mem with zeroing reads (Kees Cook) [Orabug: 26675925] {CVE-2017-7889}\n- xscore: add dma address check (Zhu Yanjun) [Orabug: 27058468] \n- more bio_map_user_iov() leak fixes (Al Viro) [Orabug: 27069042] {CVE-2017-12190}\n- fix unbalanced page refcounting in bio_map_user_iov (Vitaly Mayatskikh) [Orabug: 27069042] {CVE-2017-12190}\n- nvme: Drop nvmeq->q_lock before dma_pool_alloc(), so as to prevent hard lockups (Aruna Ramakrishna) [Orabug: 25409587] \n- nvme: Handle PM1725 HIL reset (Martin K. Petersen) [Orabug: 26277600] \n- char: lp: fix possible integer overflow in lp_setup() (Willy Tarreau) [Orabug: 26403940] {CVE-2017-1000363}\n- ALSA: timer: Fix missing queue indices reset at SNDRV_TIMER_IOCTL_SELECT (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race between read and ioctl (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: fix NULL pointer dereference in read()/ioctl() race (Vegard Nossum) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix negative queue usage by racy accesses (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race at concurrent reads (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ALSA: timer: Fix race among timer ioctls (Takashi Iwai) [Orabug: 26403956] {CVE-2017-1000380}\n- ipv6/dccp: do not inherit ipv6_mc_list from parent (WANG Cong) [Orabug: 26404005] {CVE-2017-9077}\n- ocfs2: fix deadlock issue when taking inode lock at vfs entry points (Eric Ren) [Orabug: 26427126] \n- ocfs2/dlmglue: prepare tracking logic to avoid recursive cluster lock (Eric Ren) [Orabug: 26427126] \n- ping: implement proper locking (Eric Dumazet) [Orabug: 26540286] {CVE-2017-2671}\n- aio: mark AIO pseudo-fs noexec (Jann Horn) [Orabug: 26643598] {CVE-2016-10044}\n- vfs: Commit to never having exectuables on proc and sysfs. (Eric W. Biederman) [Orabug: 26643598] {CVE-2016-10044}\n- vfs, writeback: replace FS_CGROUP_WRITEBACK with SB_I_CGROUPWB (Tejun Heo) [Orabug: 26643598] {CVE-2016-10044}\n- x86/acpi: Prevent out of bound access caused by broken ACPI tables (Seunghun Han) [Orabug: 26643645] {CVE-2017-11473}\n- sctp: do not inherit ipv6_{mc|ac|fl}_list from parent (Eric Dumazet) [Orabug: 26650883] {CVE-2017-9075}\n- [media] saa7164: fix double fetch PCIe access condition (Steven Toth) [Orabug: 26675142] {CVE-2017-8831}\n- [media] saa7164: fix sparse warnings (Hans Verkuil) [Orabug: 26675142] {CVE-2017-8831}\n- fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE (Abhi Das) [Orabug: 26797306] \n- timerfd: Protect the might cancel mechanism proper (Thomas Gleixner) [Orabug: 26899787] {CVE-2017-10661}\n- scsi: scsi_transport_iscsi: fix the issue that iscsi_if_rx doesn't parse nlmsg properly (Xin Long) [Orabug: 26988627] {CVE-2017-14489}\n- mqueue: fix a use-after-free in sys_mq_notify() (Cong Wang) [Orabug: 26643556] {CVE-2017-11176}\n- ipv6: avoid overflow of offset in ip6_find_1stfragopt (Sabrina Dubroca) [Orabug: 27011273] {CVE-2017-7542}\n- packet: fix tp_reserve race in packet_set_ring (Willem de Bruijn) [Orabug: 27002450] {CVE-2017-1000111}\n- mlx4_core: calculate log_num_mtt based on total system memory (Wei Lin Guay) [Orabug: 26883934] \n- xen/x86: Add interface for querying amount of host memory (Boris Ostrovsky) [Orabug: 26883934] \n- Bluetooth: Properly check L2CAP config option output buffer length (Ben Seri) [Orabug: 26796364] {CVE-2017-1000251}\n- xen: fix bio vec merging (Roger Pau Monne) [Orabug: 26645550] {CVE-2017-12134}\n- fs/exec.c: account for argv/envp pointers (Kees Cook) [Orabug: 26638921] {CVE-2017-1000365} {CVE-2017-1000365}\n- l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26586047] {CVE-2016-10200}\n- xfs: fix two memory leaks in xfs_attr_list.c error paths (Mateusz Guzik) [Orabug: 26586022] {CVE-2016-9685}\n- KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26585994] {CVE-2016-9604}\n- ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26578198] {CVE-2017-9242}\n- posix_acl: Clear SGID bit when setting file permissions (Jan Kara) [Orabug: 25507344] {CVE-2016-7097} {CVE-2016-7097}\n- nfsd: check for oversized NFSv2/v3 arguments (J. Bruce Fields) [Orabug: 26366022] {CVE-2017-7645}", "edition": 6, "modified": "2017-12-07T00:00:00", "published": "2017-12-07T00:00:00", "id": "ELSA-2017-3657", "href": "http://linux.oracle.com/errata/ELSA-2017-3657.html", "title": "Unbreakable Enterprise kernel security update", "type": "oraclelinux", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11473", "CVE-2017-7541", "CVE-2017-7542"], "description": "The kernel meta package ", "modified": "2017-07-26T22:53:49", "published": "2017-07-26T22:53:49", "id": "FEDORA:0BAA361AC35C", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: kernel-4.11.12-200.fc25", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-11473", "CVE-2017-7541", "CVE-2017-7542"], "description": "The kernel meta package ", "modified": "2017-07-26T21:20:27", "published": "2017-07-26T21:20:27", "id": "FEDORA:83CF561C31BC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 24 Update: kernel-4.11.12-100.fc24", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "centos": [{"lastseen": "2020-12-08T03:39:14", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-9074", "CVE-2017-7542"], "description": "**CentOS Errata and Security Advisory** CESA-2018:0169\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)\n\n* The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9074, Moderate)\n\n* A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system. (CVE-2017-11176, Moderate)\n\nBug Fix(es):\n\n* Previously, the default timeout and retry settings in the VMBus driver were insufficient in some cases, for example when a Hyper-V host was under a significant load. Consequently, in Windows Server 2016, Hyper-V Server 2016, and Windows Azure Platform, when running a Red Hat Enterprise Linux Guest on the Hyper-V hypervisor, the guest failed to boot or booted with certain Hyper-V devices missing. This update alters the timeout and retry settings in VMBus, and Red Hat Enterprise Linux guests now boot as expected under the described conditions. (BZ#1506145)\n\n* Previously, an incorrect external declaration in the be2iscsi driver caused a kernel panic when using the systool utility. With this update, the external declaration in be2iscsi has been fixed, and the kernel no longer panics when using systool. (BZ#1507512)\n\n* Under high usage of the NFSD file system and memory pressure, if many tasks in the Linux kernel attempted to obtain the global spinlock to clean the Duplicate Reply Cache (DRC), these tasks stayed in an active wait in the nfsd_reply_cache_shrink() function for up to 99% of time. Consequently, a high load average occurred. This update fixes the bug by separating the DRC in several parts, each with an independent spinlock. As a result, the load and CPU utilization is no longer excessive under the described circumstances. (BZ#1509876)\n\n* When attempting to attach multiple SCSI devices simultaneously, Red Hat Enterprise Linux 6.9 on IBM z Systems sometimes became unresponsive. This update fixes the zfcp device driver, and attaching multiple SCSI devices simultaneously now works as expected in the described scenario. (BZ#1512425)\n\n* On IBM z Systems, the tiqdio_call_inq_handlers() function in the Linux kernel incorrectly cleared the device state change indicator (DSCI) for the af_iucv devices using the HiperSockets transport with multiple input queues. Consequently, queue stalls on such devices occasionally occurred. With this update, tiqdio_call_inq_handlers() has been fixed to clear the DSCI only once, prior to scanning the queues. As a result, queue stalls for af_iucv devices using the HiperSockets transport no longer occur under the described circumstances. (BZ#1513314)\n\n* Previously, small data chunks caused the Stream Control Transmission Protocol (SCTP) to account the receiver_window (rwnd) values incorrectly when recovering from a \"zero-window situation\". As a consequence, window updates were not sent to the peer, and an artificial growth of rwnd could lead to packet drops. This update properly accounts such small data chunks and ignores the rwnd pressure values when reopening a window. As a result, window updates are now sent, and the announced rwnd reflects better the real state of the receive buffer. (BZ#1514443)\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2018-January/034794.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 5, "modified": "2018-01-31T11:35:03", "published": "2018-01-31T11:35:03", "id": "CESA-2018:0169", "href": "http://lists.centos.org/pipermail/centos-announce/2018-January/034794.html", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-08T03:39:00", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-7184", "CVE-2017-1000111", "CVE-2016-8399", "CVE-2017-14106", "CVE-2017-1000112", "CVE-2017-7558", "CVE-2017-7541", "CVE-2017-7542"], "description": "**CentOS Errata and Security Advisory** CESA-2017:2930\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. (CVE-2017-7184, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2017-1000111, Important)\n\n* An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important)\n\n* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate)\n\n* An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)\n\n* A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. (CVE-2017-7558, Moderate)\n\n* The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use-after-free) which may lead to memory corruption or other unspecified other impact. (CVE-2017-11176, Moderate)\n\n* A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate)\n\nRed Hat would like to thank Chaitin Security Research Lab for reporting CVE-2017-7184; Willem de Bruijn for reporting CVE-2017-1000111; and Andrey Konovalov for reporting CVE-2017-1000112. The CVE-2017-7558 issue was discovered by Stefano Brivio (Red Hat).\n\nSpace precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/node/3212921.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2017-October/034643.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "edition": 5, "modified": "2017-10-23T17:05:09", "published": "2017-10-23T17:05:09", "id": "CESA-2017:2930", "href": "http://lists.centos.org/pipermail/centos-announce/2017-October/034643.html", "title": "kernel, perf, python security update", "type": "centos", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2019-05-29T18:33:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-9074", "CVE-2017-7542"], "description": "Check the version of kernel", "modified": "2019-03-08T00:00:00", "published": "2018-02-01T00:00:00", "id": "OPENVAS:1361412562310882840", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882840", "type": "openvas", "title": "CentOS Update for kernel CESA-2018:0169 centos6", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2018_0169_kernel_centos6.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for kernel CESA-2018:0169 centos6\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882840\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-02-01 07:49:11 +0100 (Thu, 01 Feb 2018)\");\n script_cve_id(\"CVE-2017-7542\", \"CVE-2017-9074\", \"CVE-2017-11176\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2018:0169 centos6\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux\nkernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * An integer overflow vulnerability in ip6_find_1stfragopt() function was\nfound. A local attacker that has privileges (of CAP_NET_RAW) to open raw\nsocket can cause an infinite loop inside the ip6_find_1stfragopt()\nfunction. (CVE-2017-7542, Moderate)\n\n * The IPv6 fragmentation implementation in the Linux kernel does not\nconsider that the nexthdr field may be associated with an invalid option,\nwhich allows local users to cause a denial of service (out-of-bounds read\nand BUG) or possibly have unspecified other impact via crafted socket and\nsend system calls. Due to the nature of the flaw, privilege escalation\ncannot be fully ruled out, although we believe it is unlikely.\n(CVE-2017-9074, Moderate)\n\n * A use-after-free flaw was found in the Netlink functionality of the Linux\nkernel networking subsystem. Due to the insufficient cleanup in the\nmq_notify function, a local attacker could potentially use this flaw to\nescalate their privileges on the system. (CVE-2017-11176, Moderate)\n\nBug Fix(es):\n\n * Previously, the default timeout and retry settings in the VMBus driver\nwere insufficient in some cases, for example when a Hyper-V host was under\na significant load. Consequently, in Windows Server 2016, Hyper-V Server\n2016, and Windows Azure Platform, when running a Red Hat Enterprise Linux\nGuest on the Hyper-V hypervisor, the guest failed to boot or booted with\ncertain Hyper-V devices missing. This update alters the timeout and retry\nsettings in VMBus, and Red Hat Enterprise Linux guests now boot as expected\nunder the described conditions. (BZ#1506145)\n\n * Previously, an incorrect external declaration in the be2iscsi driver\ncaused a kernel panic when using the systool utility. With this update, the\nexternal declaration in be2iscsi has been fixed, and the kernel no longer\npanics when using systool. (BZ#1507512)\n\n * Under high usage of the NFSD file system and memory pressure, if many\ntasks in the Linux kernel attempted to obtain the global spinlock to clean\nthe Duplicate Reply Cache (DRC), these tasks stayed in an active wait in\nthe nfsd_reply_cache_shrink() function for up to 99% of time. Consequently,\na high load average occurred. This update fixes the bug by separating the\nDRC in several parts, each with an independent spinlock. As a result, the\nload and CPU utilization is no longer excessive under the described\ncircumstances. (BZ#1509876)\n\n * When attempting to attach multiple SCSI devices simultaneously, Red Hat\nEnterprise Linux 6.9 on IBM z Systems sometimes became unresponsive. This\nupdate fixes the zfcp ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 6\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2018:0169\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2018-January/022756.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS6\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS6\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-firmware\", rpm:\"kernel-firmware~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~2.6.32~696.20.1.el6\", rls:\"CentOS6\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:28:24", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11473", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-08-12T00:00:00", "id": "OPENVAS:1361412562310851592", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851592", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2112-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851592\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-12 07:31:10 +0200 (Sat, 12 Aug 2017)\");\n script_cve_id(\"CVE-2017-11473\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2112-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.3 kernel was updated to 4.4.79 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bnc#1049483).\n\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n\n The following non-security bugs were fixed:\n\n - ACPI / processor: Avoid reserving IO regions too early (bsc#1051478).\n\n - ALSA: fm801: Initialize chip after IRQ handler is registered\n (bsc#1031717).\n\n - Added sbitmap patch to blacklist.conf Add a patch 'sbitmap: fix wakeup\n hang after sbq resize' to the blacklist.conf file because it is not\n needed in SLE 12 SP2.\n\n - Btrfs: incremental send, fix invalid path for link commands\n (bsc#1051479).\n\n - Btrfs: incremental send, fix invalid path for unlink commands\n (bsc#1051479).\n\n - Btrfs: send, fix invalid path after renaming and linking file\n (bsc#1051479).\n\n - Delete\n patches.drivers/0004-iommu-amd-reduce-delay-waiting-for-command-buffer-spac\n e. Remove the patch because it caused problems for users. See\n bsc#1048348.\n\n - Drop patches obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'\n\n - Fix kABI breakage by KVM CVE fix (bsc#1045922).\n\n - IB/rxe: Fix kernel panic from skb destructor (bsc#1049361).\n\n - KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478).\n\n - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC\n (bsc#1051478).\n\n - KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).\n\n - NFS: Cache aggressively when file is open for writing (bsc#1033587).\n\n - NFS: Do not flush caches for a getattr that races with writeback\n (bsc#1033587).\n\n - NFS: invalidate file size when taking a lock (git-fixes).\n\n - PCI / PM: Fix native PME handling during system suspend/resume\n (bsc#1051478).\n\n - PCI: Add Mellanox device IDs (bsc#1051478).\n\n - PCI: Convert Mellanox broken INTx quirks to be for ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2112-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.79~4.2\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:28:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-10810", "CVE-2017-11473", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2017-08-10T00:00:00", "id": "OPENVAS:1361412562310851586", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851586", "type": "openvas", "title": "openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2110-1)", "sourceData": "# Copyright (C) 2017 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851586\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2017-08-10 07:29:40 +0200 (Thu, 10 Aug 2017)\");\n script_cve_id(\"CVE-2017-10810\", \"CVE-2017-11473\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for kernel (openSUSE-SU-2017:2110-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The openSUSE Leap 42.2 kernel was updated to 4.4.79 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bnc#1049483).\n\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n\n - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed\n attackers to cause a denial of service (memory consumption) by\n triggering object-initialization failures (bnc#1047277).\n\n The following non-security bugs were fixed:\n\n - acpi / processor: Avoid reserving IO regions too early (bsc#1051478).\n\n - af_key: Add lock to key dump (bsc#1047653).\n\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n\n - alsa: fm801: Initialize chip after IRQ handler is registered\n (bsc#1031717).\n\n - alsa: hda - Fix endless loop of codec configure (bsc#1031717).\n\n - alsa: hda - set input_path bitmap to zero after moving it to new place\n (bsc#1031717).\n\n - b43: Add missing MODULE_FIRMWARE() (bsc#1037344).\n\n - bcache: force trigger gc (bsc#1038078).\n\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n\n - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).\n\n - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb()\n\n - blacklist.conf:\n\n - blacklist.conf: 1151f838cb62 is high-risk and we're not aware of any\n systems that might need it in SP2.\n\n - blacklist.conf: 8b8642af15ed not a supported driver\n\n - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)\n\n - blacklist.conf: add inapplicable commits for wifi (bsc#1031717)\n\n - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).\n\n - blacklist.conf: add unapplicable drm fixes (bsc#1031717).\n\n - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI\n dependency') (bs ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n\n script_tag(name:\"affected\", value:\"Linux Kernel on openSUSE Leap 42.2\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2017:2110-1\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.2\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.2\") {\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base\", rpm:\"kernel-debug-base~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-base-debuginfo\", rpm:\"kernel-debug-base-debuginfo~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-debugsource\", rpm:\"kernel-debug-debugsource~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel-debuginfo\", rpm:\"kernel-debug-devel-debuginfo~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default\", rpm:\"kernel-default~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base\", rpm:\"kernel-default-base~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-base-debuginfo\", rpm:\"kernel-default-base-debuginfo~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debuginfo\", rpm:\"kernel-default-debuginfo~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-debugsource\", rpm:\"kernel-default-debugsource~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-default-devel\", rpm:\"kernel-default-devel~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build\", rpm:\"kernel-obs-build~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-build-debugsource\", rpm:\"kernel-obs-build-debugsource~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-obs-qa\", rpm:\"kernel-obs-qa~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-syms\", rpm:\"kernel-syms~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla\", rpm:\"kernel-vanilla~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base\", rpm:\"kernel-vanilla-base~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-base-debuginfo\", rpm:\"kernel-vanilla-base-debuginfo~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debuginfo\", rpm:\"kernel-vanilla-debuginfo~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-debugsource\", rpm:\"kernel-vanilla-debugsource~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-vanilla-devel\", rpm:\"kernel-vanilla-devel~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs\", rpm:\"kernel-docs~4.4.79~18.23.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-html\", rpm:\"kernel-docs-html~4.4.79~18.23.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-docs-pdf\", rpm:\"kernel-docs-pdf~4.4.79~18.23.2\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-macros\", rpm:\"kernel-macros~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source\", rpm:\"kernel-source~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-source-vanilla\", rpm:\"kernel-source-vanilla~4.4.79~18.23.1\", rls:\"openSUSELeap42.2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-01-27T18:36:47", "bulletinFamily": "scanner", "cvelist": ["CVE-2016-9604", "CVE-2017-11176", "CVE-2017-12762", "CVE-2017-11473", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-11600", "CVE-2017-1000365"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220171159", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220171159", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1159)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2017.1159\");\n script_version(\"2020-01-23T10:54:17+0000\");\n script_cve_id(\"CVE-2016-9604\", \"CVE-2017-1000365\", \"CVE-2017-11176\", \"CVE-2017-11473\", \"CVE-2017-11600\", \"CVE-2017-12762\", \"CVE-2017-7541\", \"CVE-2017-7542\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 10:54:17 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 10:54:17 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2017-1159)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP1\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2017-1159\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1159\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2017-1159 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.(CVE-2017-11176)\n\nThe brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/ cfg80211.c in the Linux kernel before 4.12.3 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet.(CVE-2017-7541)\n\nThe ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.(CVE-2017-7542)\n\nBuffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table.(CVE-2017-11473)\n\nnet/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when CONFIG_XFRM_MIGRATE is enabled, does not ensure that the dir value of xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which allows local users to cause a denial of service (out-of-bounds access) or possibly have unspecified other impact via an XFRM_MSG_MIGRATE xfrm Netlink message.(CVE-2017-11600)\n\nIt was discovered that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.(CVE-2016-9604)\n\nA user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. This affects the Linux kernel 4.9-stable tree, 4.12-stable tree, 3.18-stable tree, and 4.4-stable tree.(CVE-2017-12762)\n\nThe Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but does not take the argument and environment pointers into account, which allows attackers to bypass this limitation. This affects Linux Kernel versions 4.11.5 and earlier. It appears that this feature was introduced in the Linux Kernel version 2.6.23.(CVE-2017-1000365)\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~229.49.1.142\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~229.49.1.142\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~229.49.1.142\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~229.49.1.142\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~229.49.1.142\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~229.49.1.142\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~229.49.1.142\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~229.49.1.142\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~229.49.1.142\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~229.49.1.142\", rls:\"EULEROS-2.0SP1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-7184", "CVE-2017-1000111", "CVE-2016-8399", "CVE-2017-14106", "CVE-2017-1000112", "CVE-2017-7558", "CVE-2017-7541", "CVE-2017-7542"], "description": "Check the version of kernel", "modified": "2019-03-08T00:00:00", "published": "2017-10-25T00:00:00", "id": "OPENVAS:1361412562310882792", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310882792", "type": "openvas", "title": "CentOS Update for kernel CESA-2017:2930 centos7", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_CESA-2017_2930_kernel_centos7.nasl 14058 2019-03-08 13:25:52Z cfischer $\n#\n# CentOS Update for kernel CESA-2017:2930 centos7\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.882792\");\n script_version(\"$Revision: 14058 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-08 14:25:52 +0100 (Fri, 08 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-25 15:03:50 +0200 (Wed, 25 Oct 2017)\");\n script_cve_id(\"CVE-2016-8399\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-11176\",\n \"CVE-2017-14106\", \"CVE-2017-7184\", \"CVE-2017-7541\", \"CVE-2017-7542\",\n \"CVE-2017-7558\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"CentOS Update for kernel CESA-2017:2930 centos7\");\n script_tag(name:\"summary\", value:\"Check the version of kernel\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\nthe core of any Linux operating system.\n\nSecurity Fix(es):\n\n * Out-of-bounds kernel heap access vulnerability was found in xfrm,\nkernel's IP framework for transforming packets. An error dealing with\nnetlink messages from an unprivileged user leads to arbitrary read/write\nand privilege escalation. (CVE-2017-7184, Important)\n\n * A race condition issue leading to a use-after-free flaw was found in the\nway the raw packet sockets are implemented in the Linux kernel networking\nsubsystem handling synchronization. A local user able to open a raw packet\nsocket (requires the CAP_NET_RAW capability) could use this flaw to elevate\ntheir privileges on the system. (CVE-2017-1000111, Important)\n\n * An exploitable memory corruption flaw was found in the Linux kernel. The\nappend path can be erroneously switched from UFO to non-UFO in\nip_ufo_append_data() when building an UFO packet with MSG_MORE option. If\nunprivileged user namespaces are available, this flaw can be exploited to\ngain root privileges. (CVE-2017-1000112, Important)\n\n * A flaw was found in the Linux networking subsystem where a local attacker\nwith CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access\nby creating a smaller-than-expected ICMP header and sending to its\ndestination via sendto(). (CVE-2016-8399, Moderate)\n\n * Kernel memory corruption due to a buffer overflow was found in\nbrcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to\nv4.13-rc1. The vulnerability can be triggered by sending a crafted\nNL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered\nremotely as certain userspace code is needed for this. An unprivileged\nlocal user could use this flaw to induce kernel memory corruption on the\nsystem, leading to a crash. Due to the nature of the flaw, privilege\nescalation cannot be fully ruled out, although it is unlikely.\n(CVE-2017-7541, Moderate)\n\n * An integer overflow vulnerability in ip6_find_1stfragopt() function was\nfound. A local attacker that has privileges (of CAP_NET_RAW) to open raw\nsocket can cause an infinite loop inside the ip6_find_1stfragopt()\nfunction. (CVE-2017-7542, Moderate)\n\n * A kernel data leak due to an out-of-bound read was found in the Linux\nkernel in inet_diag_msg_sctp{, l}addr_fill() and sctp_get_sctp_info()\nfunctions present since version 4.7-rc1 through version 4.13. A data leak\nhappens when these functions fill in sockaddr data structures used to\nexport socket's diagnostic information. As a result, up to 100 bytes of the\nslab data could be leaked to a userspace. (CVE-2017-7558, Moderate)\n\n * The mq_notify function in the Linux ke ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on CentOS 7\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"CESA\", value:\"2017:2930\");\n script_xref(name:\"URL\", value:\"http://lists.centos.org/pipermail/centos-announce/2017-October/022605.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"CentOS Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/centos\", \"ssh/login/rpms\", re:\"ssh/login/release=CentOS7\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"CentOS7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~693.5.2.el7\", rls:\"CentOS7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-7184", "CVE-2017-1000111", "CVE-2016-8399", "CVE-2017-14106", "CVE-2017-1000112", "CVE-2017-7558", "CVE-2017-7541", "CVE-2017-7542"], "description": "The remote host is missing an update for the ", "modified": "2018-11-23T00:00:00", "published": "2017-10-20T00:00:00", "id": "OPENVAS:1361412562310812046", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812046", "type": "openvas", "title": "RedHat Update for kernel RHSA-2017:2930-01", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_RHSA-2017_2930-01_kernel.nasl 12497 2018-11-23 08:28:21Z cfischer $\n#\n# RedHat Update for kernel RHSA-2017:2930-01\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812046\");\n script_version(\"$Revision: 12497 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-23 09:28:21 +0100 (Fri, 23 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2017-10-20 08:39:36 +0200 (Fri, 20 Oct 2017)\");\n script_cve_id(\"CVE-2016-8399\", \"CVE-2017-1000111\", \"CVE-2017-1000112\", \"CVE-2017-11176\",\n \"CVE-2017-14106\", \"CVE-2017-7184\", \"CVE-2017-7541\", \"CVE-2017-7542\",\n \"CVE-2017-7558\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"RedHat Update for kernel RHSA-2017:2930-01\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'kernel'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The kernel packages contain the Linux kernel,\n the core of any Linux operating system.\n\nSecurity Fix(es):\n\n * Out-of-bounds kernel heap access vulnerability was found in xfrm,\nkernel's IP framework for transforming packets. An error dealing with\nnetlink messages from an unprivileged user leads to arbitrary read/write\nand privilege escalation. (CVE-2017-7184, Important)\n\n * A race condition issue leading to a use-after-free flaw was found in the\nway the raw packet sockets are implemented in the Linux kernel networking\nsubsystem handling synchronization. A local user able to open a raw packet\nsocket (requires the CAP_NET_RAW capability) could use this flaw to elevate\ntheir privileges on the system. (CVE-2017-1000111, Important)\n\n * An exploitable memory corruption flaw was found in the Linux kernel. The\nappend path can be erroneously switched from UFO to non-UFO in\nip_ufo_append_data() when building an UFO packet with MSG_MORE option. If\nunprivileged user namespaces are available, this flaw can be exploited to\ngain root privileges. (CVE-2017-1000112, Important)\n\n * A flaw was found in the Linux networking subsystem where a local attacker\nwith CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access\nby creating a smaller-than-expected ICMP header and sending to its\ndestination via sendto(). (CVE-2016-8399, Moderate)\n\n * Kernel memory corruption due to a buffer overflow was found in\nbrcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to\nv4.13-rc1. The vulnerability can be triggered by sending a crafted\nNL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered\nremotely as certain userspace code is needed for this. An unprivileged\nlocal user could use this flaw to induce kernel memory corruption on the\nsystem, leading to a crash. Due to the nature of the flaw, privilege\nescalation cannot be fully ruled out, although it is unlikely.\n(CVE-2017-7541, Moderate)\n\n * An integer overflow vulnerability in ip6_find_1stfragopt() function was\nfound. A local attacker that has privileges (of CAP_NET_RAW) to open raw\nsocket can cause an infinite loop inside the ip6_find_1stfragopt()\nfunction. (CVE-2017-7542, Moderate)\n\n * A kernel data leak due to an out-of-bound read was found in the Linux\nkernel in inet_diag_msg_sctp{, l}addr_fill() and sctp_get_sctp_info()\nfunctions present since version 4.7-rc1 through version 4.13. A data leak\nhappens when these functions fill in sockaddr data structures used to\nexport socket's diagnostic information. As a result, up to 100 bytes of the\nslab data could be leaked to a userspace. (CVE-2017-7558, Moderate)\n\n * The mq_n ...\n\n Description truncated, please see the referenced URL(s) for more information.\");\n script_tag(name:\"affected\", value:\"kernel on Red Hat Enterprise Linux Server (v. 7)\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n\n script_xref(name:\"RHSA\", value:\"2017:2930-01\");\n script_xref(name:\"URL\", value:\"https://www.redhat.com/archives/rhsa-announce/2017-October/msg00025.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Red Hat Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/rhel\", \"ssh/login/rpms\", re:\"ssh/login/release=RHENT_7\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"RHENT_7\")\n{\n\n if ((res = isrpmvuln(pkg:\"kernel-abi-whitelists\", rpm:\"kernel-abi-whitelists~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-doc\", rpm:\"kernel-doc~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-debuginfo\", rpm:\"kernel-debug-debuginfo~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-debuginfo\", rpm:\"kernel-tools-debuginfo~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"perf-debuginfo\", rpm:\"perf-debuginfo~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if ((res = isrpmvuln(pkg:\"python-perf-debuginfo\", rpm:\"python-perf-debuginfo~3.10.0~693.5.2.el7\", rls:\"RHENT_7\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-7346", "CVE-2017-10810", "CVE-2017-7533", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-9605", "CVE-2017-1000365"], "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7346\nLi Qiang discovered that the DRM driver for VMware virtual GPUs does\nnot properly check user-controlled values in the\nvmw_surface_define_ioctl() functions for upper limits. A local user\ncan take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\nFan Wu and Shixiong Zhao discovered a race condition between inotify\nevents and VFS rename operations allowing an unprivileged local\nattacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\nA buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\ndriver could allow a local user to cause kernel memory corruption,\nleading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-9605\nMurray McAllister discovered that the DRM driver for VMware virtual\nGPUs does not properly initialize memory, potentially allowing a\nlocal attacker to obtain sensitive information from uninitialized\nkernel memory via a crafted ioctl call.\n\nCVE-2017-10810\nLi Qiang discovered a memory leak flaw within the VirtIO GPU driver\nresulting in denial of service (memory consumption).\n\nCVE-2017-10911 /\nXSA-216\nAnthony Perard of Citrix discovered an information leak flaw in Xen\nblkif response handling, allowing a malicious unprivileged guest to\nobtain sensitive information from the host or other guests.\n\nCVE-2017-11176\nIt was discovered that the mq_notify() function does not set the\nsock pointer to NULL upon entry into the retry logic. An attacker\ncan take advantage of this flaw during a user-space close of a\nNetlink socket to cause a denial of service or potentially cause\nother impact.\n\nCVE-2017-1000365\nIt was discovered that argument and environment pointers are not\ntaken properly into account to the imposed size restrictions on\narguments and environmental strings passed through\nRLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\nthis flaw in conjunction with other flaws to execute arbitrary code.", "modified": "2019-03-18T00:00:00", "published": "2017-08-07T00:00:00", "id": "OPENVAS:1361412562310703927", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703927", "type": "openvas", "title": "Debian Security Advisory DSA 3927-1 (linux - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3927.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3927-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703927\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2017-1000365\", \"CVE-2017-10810\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-7346\", \"CVE-2017-7482\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-9605\");\n script_name(\"Debian Security Advisory DSA 3927-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-07 00:00:00 +0200 (Mon, 07 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3927.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems will be fixed in\na subsequent DSA.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u3.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7346\nLi Qiang discovered that the DRM driver for VMware virtual GPUs does\nnot properly check user-controlled values in the\nvmw_surface_define_ioctl() functions for upper limits. A local user\ncan take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\nFan Wu and Shixiong Zhao discovered a race condition between inotify\nevents and VFS rename operations allowing an unprivileged local\nattacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\nA buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\ndriver could allow a local user to cause kernel memory corruption,\nleading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-9605\nMurray McAllister discovered that the DRM driver for VMware virtual\nGPUs does not properly initialize memory, potentially allowing a\nlocal attacker to obtain sensitive information from uninitialized\nkernel memory via a crafted ioctl call.\n\nCVE-2017-10810\nLi Qiang discovered a memory leak flaw within the VirtIO GPU driver\nresulting in denial of service (memory consumption).\n\nCVE-2017-10911 /\nXSA-216\nAnthony Perard of Citrix discovered an information leak flaw in Xen\nblkif response handling, allowing a malicious unprivileged guest to\nobtain sensitive information from the host or other guests.\n\nCVE-2017-11176\nIt was discovered that the mq_notify() function does not set the\nsock pointer to NULL upon entry into the retry logic. An attacker\ncan take advantage of this flaw during a user-space close of a\nNetlink socket to cause a denial of service or potentially cause\nother impact.\n\nCVE-2017-1000365\nIt was discovered that argument and environment pointers are not\ntaken properly into account to the imposed size restrictions on\narguments and environmental strings passed through\nRLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\nthis flaw in conjunction with other flaws to execute arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"hyperv-daemons\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcpupower-dev\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libcpupower1\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"libusbip-dev\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-arm\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-s390\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-6-x86\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-cpupower\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-4.9\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-4kc-malta\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-5kc-malta\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-686-pae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-amd64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-arm64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armel\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-armhf\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-i386\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mips64el\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-mipsel\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-ppc64el\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-all-s390x\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-amd64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-arm64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-armmp-lpae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-common-rt\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-loongson-3\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-marvell\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-octeon\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-powerpc64le\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-686-pae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-rt-amd64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-4.9.0-3-s390x\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-4kc-malta-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-5kc-malta-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-686-pae-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-amd64-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-arm64-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-armmp-lpae-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-loongson-3-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-marvell-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-octeon-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-powerpc64le-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-686-pae-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-rt-amd64-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-4.9.0-3-s390x-dbg\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-kbuild-4.9\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-4.9\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-perf-4.9\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-4.9\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-4.9.0-3\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"usbip\", ver:\"4.9.30-2+deb9u3\", rls:\"DEB9\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2019-05-29T18:33:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-11176", "CVE-2017-7889", "CVE-2017-7346", "CVE-2014-9940", "CVE-2017-7533", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-1000363", "CVE-2017-7542", "CVE-2017-9605", "CVE-2017-1000365"], "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2014-9940\nA use-after-free flaw in the voltage and current regulator driver\ncould allow a local user to cause a denial of service or potentially\nescalate privileges.\n\nCVE-2017-7346\nLi Qiang discovered that the DRM driver for VMware virtual GPUs does\nnot properly check user-controlled values in the\nvmw_surface_define_ioctl() functions for upper limits. A local user\ncan take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\nFan Wu and Shixiong Zhao discovered a race condition between inotify\nevents and VFS rename operations allowing an unprivileged local\nattacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\nA buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\ndriver could allow a local user to cause kernel memory corruption,\nleading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-7889\nTommi Rantala and Brad Spengler reported that the mm subsystem does\nnot properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\nallowing a local attacker with access to /dev/mem to obtain\nsensitive information or potentially execute arbitrary code.\n\nCVE-2017-9605\nMurray McAllister discovered that the DRM driver for VMware virtual\nGPUs does not properly initialize memory, potentially allowing a\nlocal attacker to obtain sensitive information from uninitialized\nkernel memory via a crafted ioctl call.\n\nCVE-2017-10911\n/ XSA-216\n\nAnthony Perard of Citrix discovered an information leak flaw in Xen\nblkif response handling, allowing a malicious unprivileged guest to\nobtain sensitive information from the host or other guests.\n\nCVE-2017-11176\nIt was discovered that the mq_notify() function does not set the\nsock pointer to NULL upon entry into the retry logic. An attacker\ncan take advantage of this flaw during a userspace close of a\nNetlink socket to cause a denial of service or potentially cause\nother impact.\n\nCVE-2017-1000363\nRoee Hay reported that the lp driver does not properly bounds-check\npassed arguments, allowing a local attacker with write access to the\nkernel command line arguments to execute arbitrary code.\n\nCVE-2017-1000365\nIt was discovered that argument and environment pointers are not\ntaken properly into account to the imposed size restrictions on\narguments and environmental strings passed through\nRLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\nthis flaw in conjunction with other flaws to execute arbitrary code.", "modified": "2019-03-18T00:00:00", "published": "2017-08-17T00:00:00", "id": "OPENVAS:1361412562310703945", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703945", "type": "openvas", "title": "Debian Security Advisory DSA 3945-1 (linux - security update)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: deb_3945.nasl 14280 2019-03-18 14:50:45Z cfischer $\n#\n# Auto-generated from advisory DSA 3945-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.703945\");\n script_version(\"$Revision: 14280 $\");\n script_cve_id(\"CVE-2014-9940\", \"CVE-2017-1000363\", \"CVE-2017-1000365\", \"CVE-2017-10911\", \"CVE-2017-11176\", \"CVE-2017-7346\", \"CVE-2017-7482\", \"CVE-2017-7533\", \"CVE-2017-7541\", \"CVE-2017-7542\", \"CVE-2017-7889\", \"CVE-2017-9605\");\n script_name(\"Debian Security Advisory DSA 3945-1 (linux - security update)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:50:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-08-17 00:00:00 +0200 (Thu, 17 Aug 2017)\");\n script_tag(name:\"cvss_base\", value:\"7.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2017/dsa-3945.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2017 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n script_tag(name:\"affected\", value:\"linux on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u3.\n\nWe recommend that you upgrade your linux packages.\");\n script_tag(name:\"summary\", value:\"Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2014-9940\nA use-after-free flaw in the voltage and current regulator driver\ncould allow a local user to cause a denial of service or potentially\nescalate privileges.\n\nCVE-2017-7346\nLi Qiang discovered that the DRM driver for VMware virtual GPUs does\nnot properly check user-controlled values in the\nvmw_surface_define_ioctl() functions for upper limits. A local user\ncan take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\nShi Lei discovered that RxRPC Kerberos 5 ticket handling code does\nnot properly verify metadata, leading to information disclosure,\ndenial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\nFan Wu and Shixiong Zhao discovered a race condition between inotify\nevents and VFS rename operations allowing an unprivileged local\nattacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\nA buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\ndriver could allow a local user to cause kernel memory corruption,\nleading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\nAn integer overflow vulnerability in the ip6_find_1stfragopt()\nfunction was found allowing a local attacker with privileges to open\nraw sockets to cause a denial of service.\n\nCVE-2017-7889\nTommi Rantala and Brad Spengler reported that the mm subsystem does\nnot properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\nallowing a local attacker with access to /dev/mem to obtain\nsensitive information or potentially execute arbitrary code.\n\nCVE-2017-9605\nMurray McAllister discovered that the DRM driver for VMware virtual\nGPUs does not properly initialize memory, potentially allowing a\nlocal attacker to obtain sensitive information from uninitialized\nkernel memory via a crafted ioctl call.\n\nCVE-2017-10911\n/ XSA-216\n\nAnthony Perard of Citrix discovered an information leak flaw in Xen\nblkif response handling, allowing a malicious unprivileged guest to\nobtain sensitive information from the host or other guests.\n\nCVE-2017-11176\nIt was discovered that the mq_notify() function does not set the\nsock pointer to NULL upon entry into the retry logic. An attacker\ncan take advantage of this flaw during a userspace close of a\nNetlink socket to cause a denial of service or potentially cause\nother impact.\n\nCVE-2017-1000363\nRoee Hay reported that the lp driver does not properly bounds-check\npassed arguments, allowing a local attacker with write access to the\nkernel command line arguments to execute arbitrary code.\n\nCVE-2017-1000365\nIt was discovered that argument and environment pointers are not\ntaken properly into account to the imposed size restrictions on\narguments and environmental strings passed through\nRLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\nthis flaw in conjunction with other flaws to execute arbitrary code.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-arm\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-s390\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-compiler-gcc-4.8-x86\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-doc-3.16\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-586\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-686-pae\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-amd64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-arm64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armel\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-armhf\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-i386\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mips\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-mipsel\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-powerpc\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-ppc64el\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-all-s390x\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-arm64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-armmp-lpae\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-common\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-ixp4xx\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-kirkwood\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2e\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-loongson-3\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-octeon\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-orion5x\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc-smp\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-powerpc64le\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-s390x\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.16.0-4-versatile\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mips\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-all-mipsel\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-common\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-octeon\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-cobalt\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-headers-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-586\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-686-pae-dbg\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-amd64-dbg\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-arm64-dbg\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-armmp-lpae\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-ixp4xx\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-kirkwood\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2e\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-loongson-3\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-octeon\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-orion5x\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc-smp\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-powerpc64le\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-s390x-dbg\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.16.0-4-versatile\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-4kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-5kc-malta\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-loongson-2f\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-octeon\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r4k-ip22\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-cobalt\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-r5k-ip32\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1-bcm91250a\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-image-3.2.0-4-sb1a-bcm91480b\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-libc-dev\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-manual-3.16\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-source-3.16\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"linux-support-3.16.0-4\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"xen-linux-system-3.16.0-4-amd64\", ver:\"3.16.43-2+deb8u3\", rls:\"DEB8\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:33:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2017-17450", "CVE-2017-17558", "CVE-2017-12193", "CVE-2017-17805", "CVE-2017-8824", "CVE-2017-17448", "CVE-2017-1000407", "CVE-2017-16939", "CVE-2017-17449", "CVE-2017-15868", "CVE-2017-17807", "CVE-2017-7542", "CVE-2017-12190", "CVE-2017-17806"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181026", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181026", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1026)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1026\");\n script_version(\"2020-01-23T11:08:36+0000\");\n script_cve_id(\"CVE-2017-1000407\", \"CVE-2017-12190\", \"CVE-2017-12193\", \"CVE-2017-15868\", \"CVE-2017-16939\", \"CVE-2017-17448\", \"CVE-2017-17449\", \"CVE-2017-17450\", \"CVE-2017-17558\", \"CVE-2017-17805\", \"CVE-2017-17806\", \"CVE-2017-17807\", \"CVE-2017-7542\", \"CVE-2017-8824\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:08:36 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:08:36 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1026)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1026\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1026\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2018-1026 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.(CVE-2017-16939)\n\nThe bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.(CVE-2017-12190)\n\nThe assoc_array_insert_into_terminal_node function in lib/assoc_array.c in the Linux kernel before 4.13.11 mishandles node splitting, which allows local users to cause a denial of service (NULL pointer dereference and panic) via a crafted application, as demonstrated by the keyring key type, and key addition and link creation operations.(CVE-2017-12193)\n\nThe ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.(CVE-2017-7542)\n\nThe bnep_add_connection function in net/bluetooth/bnep/core.c in the Linux kernel before 3.19 does not ensure that an l2cap socket is available, which allows local users to gain privileges via a crafted application.(CVE-2017-15868)\n\nThe dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.(CVE-2017-8824)\n\nnet/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.(CVE-2017-17448)\n\nThe __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.(CVE-2017-17449)\n\nnet/netfilter/xt_osf.c in the Li ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~3.10.0~327.59.59.46.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug\", rpm:\"kernel-debug~3.10.0~327.59.59.46.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debug-devel\", rpm:\"kernel-debug-devel~3.10.0~327.59.59.46.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo\", rpm:\"kernel-debuginfo~3.10.0~327.59.59.46.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-debuginfo-common-x86_64\", rpm:\"kernel-debuginfo-common-x86_64~3.10.0~327.59.59.46.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~3.10.0~327.59.59.46.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~3.10.0~327.59.59.46.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~3.10.0~327.59.59.46.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~3.10.0~327.59.59.46.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~3.10.0~327.59.59.46.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~3.10.0~327.59.59.46.h49\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-04T14:02:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-7027", "CVE-2016-9806", "CVE-2019-7222", "CVE-2018-1108", "CVE-2013-2896", "CVE-2013-7270", "CVE-2013-6432", "CVE-2010-5321", "CVE-2016-2053", "CVE-2007-6761", "CVE-2016-3139", "CVE-2017-10810", "CVE-2018-17182", "CVE-2014-3645", "CVE-2017-18208", "CVE-2017-17053", "CVE-2016-2062", "CVE-2014-9710", "CVE-2017-7542", "CVE-2014-3687", "CVE-2017-10662"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-02-05T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191526", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191526", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1526)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1526\");\n script_version(\"2020-02-05T08:56:28+0000\");\n script_cve_id(\"CVE-2010-5321\", \"CVE-2013-2896\", \"CVE-2013-6432\", \"CVE-2013-7027\", \"CVE-2013-7270\", \"CVE-2014-3645\", \"CVE-2014-3687\", \"CVE-2014-9710\", \"CVE-2016-2053\", \"CVE-2016-2062\", \"CVE-2016-3139\", \"CVE-2016-9806\", \"CVE-2017-10662\", \"CVE-2017-10810\", \"CVE-2017-17053\", \"CVE-2017-18208\", \"CVE-2017-7542\", \"CVE-2018-1108\", \"CVE-2018-17182\", \"CVE-2019-7222\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-02-05 08:56:28 +0000 (Wed, 05 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:04:52 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1526)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1526\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1526\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'kernel' package(s) announced via the EulerOS-SA-2019-1526 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A double free vulnerability was found in netlink_dump, which could cause a denial of service or possibly other unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2016-9806)\n\nMemory leak in drivers/media/video/videobuf-core.c in the videobuf subsystem in the Linux kernel 2.6.x through 4.x allows local users to cause a denial of service (memory consumption) by leveraging /dev/video access for a series of mmap calls that require new allocations, a different vulnerability than CVE-2007-6761. NOTE: as of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.(CVE-2010-5321)\n\nkernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.(CVE-2018-1108)\n\nThe KVM implementation in the Linux kernel through 4.20.5 has an Information Leak.(CVE-2019-7222)\n\nThe adreno_perfcounter_query_group function in drivers/gpu/msm/adreno_perfcounter.c in the Adreno GPU driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, uses an incorrect integer data type, which allows attackers to cause a denial of service (integer overflow, heap-based buffer overflow, and incorrect memory allocation) or possibly have unspecified other impact via a crafted IOCTL_KGSL_PERFCOUNTER_QUERY ioctl call.(CVE-2016-2062)\n\ndrivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_NTRIG is enabled, allows physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device.(CVE-2013-2896)\n\nThe wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.(CVE-2016-3139)\n\nAn integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.(CVE-2017-7542)\n\nMemory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel through 4.11.8 allows attackers to cause a denial of service (memory consumption) by triggering object-initialization failures.(CVE-2017-10810) ...\n\n Description truncated. Please see the references for more information.\");\n\n script_tag(name:\"affected\", value:\"'kernel' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel\", rpm:\"kernel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-devel\", rpm:\"kernel-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-headers\", rpm:\"kernel-headers~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools\", rpm:\"kernel-tools~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs\", rpm:\"kernel-tools-libs~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"kernel-tools-libs-devel\", rpm:\"kernel-tools-libs-devel~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"perf\", rpm:\"perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-perf\", rpm:\"python-perf~4.19.28~1.2.117\", rls:\"EULEROSVIRTARM64-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:29", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-7542", "CVE-2017-9074"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)\n\n* The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9074, Moderate)\n\n* A use-after-free flaw was found in the Netlink functionality of the Linux kernel networking subsystem. Due to the insufficient cleanup in the mq_notify function, a local attacker could potentially use this flaw to escalate their privileges on the system. (CVE-2017-11176, Moderate)\n\nBug Fix(es):\n\n* Previously, the default timeout and retry settings in the VMBus driver were insufficient in some cases, for example when a Hyper-V host was under a significant load. Consequently, in Windows Server 2016, Hyper-V Server 2016, and Windows Azure Platform, when running a Red Hat Enterprise Linux Guest on the Hyper-V hypervisor, the guest failed to boot or booted with certain Hyper-V devices missing. This update alters the timeout and retry settings in VMBus, and Red Hat Enterprise Linux guests now boot as expected under the described conditions. (BZ#1506145)\n\n* Previously, an incorrect external declaration in the be2iscsi driver caused a kernel panic when using the systool utility. With this update, the external declaration in be2iscsi has been fixed, and the kernel no longer panics when using systool. (BZ#1507512)\n\n* Under high usage of the NFSD file system and memory pressure, if many tasks in the Linux kernel attempted to obtain the global spinlock to clean the Duplicate Reply Cache (DRC), these tasks stayed in an active wait in the nfsd_reply_cache_shrink() function for up to 99% of time. Consequently, a high load average occurred. This update fixes the bug by separating the DRC in several parts, each with an independent spinlock. As a result, the load and CPU utilization is no longer excessive under the described circumstances. (BZ#1509876)\n\n* When attempting to attach multiple SCSI devices simultaneously, Red Hat Enterprise Linux 6.9 on IBM z Systems sometimes became unresponsive. This update fixes the zfcp device driver, and attaching multiple SCSI devices simultaneously now works as expected in the described scenario. (BZ#1512425)\n\n* On IBM z Systems, the tiqdio_call_inq_handlers() function in the Linux kernel incorrectly cleared the device state change indicator (DSCI) for the af_iucv devices using the HiperSockets transport with multiple input queues. Consequently, queue stalls on such devices occasionally occurred. With this update, tiqdio_call_inq_handlers() has been fixed to clear the DSCI only once, prior to scanning the queues. As a result, queue stalls for af_iucv devices using the HiperSockets transport no longer occur under the described circumstances. (BZ#1513314)\n\n* Previously, small data chunks caused the Stream Control Transmission Protocol (SCTP) to account the receiver_window (rwnd) values incorrectly when recovering from a \"zero-window situation\". As a consequence, window updates were not sent to the peer, and an artificial growth of rwnd could lead to packet drops. This update properly accounts such small data chunks and ignores the rwnd pressure values when reopening a window. As a result, window updates are now sent, and the announced rwnd reflects better the real state of the receive buffer. (BZ#1514443)", "modified": "2018-06-07T18:22:25", "published": "2018-01-25T15:07:07", "id": "RHSA-2018:0169", "href": "https://access.redhat.com/errata/RHSA-2018:0169", "type": "redhat", "title": "(RHSA-2018:0169) Important: kernel security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:46:38", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8399", "CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-11176", "CVE-2017-14106", "CVE-2017-7184", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-7558"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. (CVE-2017-7184, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2017-1000111, Important)\n\n* An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important)\n\n* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate)\n\n* An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)\n\n* A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. (CVE-2017-7558, Moderate)\n\n* The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use-after-free) which may lead to memory corruption or other unspecified other impact. (CVE-2017-11176, Moderate)\n\n* A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate)\n\nRed Hat would like to thank Chaitin Security Research Lab for reporting CVE-2017-7184; Willem de Bruijn for reporting CVE-2017-1000111; and Andrey Konovalov for reporting CVE-2017-1000112. The CVE-2017-7558 issue was discovered by Stefano Brivio (Red Hat).\n\nBug Fix(es):\n\n* The kernel-rt packages have been upgraded to the 3.10.0-693.5.2 source tree, which provides number of bug fixes over the previous version. (BZ#1489084)", "modified": "2018-03-19T16:29:53", "published": "2017-10-19T17:19:05", "id": "RHSA-2017:2931", "href": "https://access.redhat.com/errata/RHSA-2017:2931", "type": "redhat", "title": "(RHSA-2017:2931) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:47:00", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-11176", "CVE-2017-14106", "CVE-2017-14340", "CVE-2017-7184", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-7558"], "description": "The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.\n\nSecurity Fix(es):\n\n* Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. (CVE-2017-7184, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2017-1000111, Important)\n\n* An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important)\n\n* Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate)\n\n* An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)\n\n* A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. (CVE-2017-7558, Moderate)\n\n* The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use-after-free) which may lead to memory corruption or other unspecified other impact. (CVE-2017-11176, Moderate)\n\n* A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate)\n\n* A flaw was found where the XFS filesystem code mishandles a user-settable inode flag in the Linux kernel prior to 4.14-rc1. This can cause a local denial of service via a kernel panic. (CVE-2017-14340, Moderate)\n\nRed Hat would like to thank Chaitin Security Research Lab for reporting CVE-2017-7184; Willem de Bruijn for reporting CVE-2017-1000111; and Andrey Konovalov for reporting CVE-2017-1000112. The CVE-2017-7558 issue was discovered by Stefano Brivio (Red Hat) and the CVE-2017-14340 issue was discovered by Dave Chinner (Red Hat).\n\nBug Fix(es):\n\n* kernel-rt packages have been upgraded to the 3.10.0-693.5.2 source tree, which provides number of bug fixes over the previous version. (BZ#1489085)", "modified": "2018-06-07T18:14:51", "published": "2017-10-19T17:10:34", "id": "RHSA-2017:2918", "href": "https://access.redhat.com/errata/RHSA-2017:2918", "type": "redhat", "title": "(RHSA-2017:2918) Important: kernel-rt security and bug fix update", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:41", "bulletinFamily": "unix", "cvelist": ["CVE-2016-8399", "CVE-2017-1000111", "CVE-2017-1000112", "CVE-2017-11176", "CVE-2017-14106", "CVE-2017-7184", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-7558"], "description": "The kernel packages contain the Linux kernel, the core of any Linux operating system.\n\nSecurity Fix(es):\n\n* Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. (CVE-2017-7184, Important)\n\n* A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2017-1000111, Important)\n\n* An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important)\n\n* A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)\n\n* Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate)\n\n* An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)\n\n* A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. (CVE-2017-7558, Moderate)\n\n* The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use-after-free) which may lead to memory corruption or other unspecified other impact. (CVE-2017-11176, Moderate)\n\n* A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate)\n\nRed Hat would like to thank Chaitin Security Research Lab for reporting CVE-2017-7184; Willem de Bruijn for reporting CVE-2017-1000111; and Andrey Konovalov for reporting CVE-2017-1000112. The CVE-2017-7558 issue was discovered by Stefano Brivio (Red Hat).\n\nSpace precludes documenting all of the bug fixes and enhancements included in this advisory. To see the complete list of bug fixes and enhancements, refer to the following KnowledgeBase article: https://access.redhat.com/node/3212921.", "modified": "2018-04-12T03:33:03", "published": "2017-10-19T17:19:00", "id": "RHSA-2017:2930", "href": "https://access.redhat.com/errata/RHSA-2017:2930", "type": "redhat", "title": "(RHSA-2017:2930) Important: kernel security and bug fix update", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}], "amazon": [{"lastseen": "2020-11-10T12:34:36", "bulletinFamily": "unix", "cvelist": ["CVE-2017-8831", "CVE-2017-11473", "CVE-2017-7533", "CVE-2017-7542"], "description": "**Issue Overview:**\n\nBuffer overflow in mp_override_legacy_irq(): \nBuffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. ([CVE-2017-11473 __](<https://access.redhat.com/security/cve/CVE-2017-11473>))\n\nA race between inotify_handle_event() and sys_rename(): \nA race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. ([CVE-2017-7533 __](<https://access.redhat.com/security/cve/CVE-2017-7533>))\n\nInteger overflow in ip6_find_1stfragopt() causes infinite loop: \nAn integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.([CVE-2017-7542 __](<https://access.redhat.com/security/cve/CVE-2017-7542>))\n\nDouble fetch vulnerability in saa7164_bus_get function The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.10.14 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability. Please note, the saa7164 driver is not enabled in the Amazon Linux AMI kernel ([CVE-2017-8831 __](<https://access.redhat.com/security/cve/CVE-2017-8831>))\n\n \n**Affected Packages:** \n\n\nkernel\n\n \n**Issue Correction:** \nRun _yum update kernel_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n i686: \n perf-4.9.43-17.38.amzn1.i686 \n kernel-tools-devel-4.9.43-17.38.amzn1.i686 \n kernel-tools-4.9.43-17.38.amzn1.i686 \n kernel-tools-debuginfo-4.9.43-17.38.amzn1.i686 \n kernel-headers-4.9.43-17.38.amzn1.i686 \n kernel-debuginfo-common-i686-4.9.43-17.38.amzn1.i686 \n kernel-debuginfo-4.9.43-17.38.amzn1.i686 \n kernel-devel-4.9.43-17.38.amzn1.i686 \n perf-debuginfo-4.9.43-17.38.amzn1.i686 \n kernel-4.9.43-17.38.amzn1.i686 \n \n noarch: \n kernel-doc-4.9.43-17.38.amzn1.noarch \n \n src: \n kernel-4.9.43-17.38.amzn1.src \n \n x86_64: \n kernel-headers-4.9.43-17.38.amzn1.x86_64 \n perf-4.9.43-17.38.amzn1.x86_64 \n kernel-4.9.43-17.38.amzn1.x86_64 \n kernel-debuginfo-4.9.43-17.38.amzn1.x86_64 \n kernel-tools-debuginfo-4.9.43-17.38.amzn1.x86_64 \n kernel-debuginfo-common-x86_64-4.9.43-17.38.amzn1.x86_64 \n kernel-tools-4.9.43-17.38.amzn1.x86_64 \n perf-debuginfo-4.9.43-17.38.amzn1.x86_64 \n kernel-devel-4.9.43-17.38.amzn1.x86_64 \n kernel-tools-devel-4.9.43-17.38.amzn1.x86_64 \n \n \n", "edition": 5, "modified": "2017-08-17T18:09:00", "published": "2017-08-17T18:09:00", "id": "ALAS-2017-870", "href": "https://alas.aws.amazon.com/ALAS-2017-870.html", "title": "Important: kernel", "type": "amazon", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2017-08-09T17:07:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11473", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542"], "description": "The openSUSE Leap 42.3 kernel was updated to 4.4.79 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bnc#1049483).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n\n The following non-security bugs were fixed:\n\n - ACPI / processor: Avoid reserving IO regions too early (bsc#1051478).\n - ALSA: fm801: Initialize chip after IRQ handler is registered\n (bsc#1031717).\n - Added sbitmap patch to blacklist.conf Add a patch "sbitmap: fix wakeup\n hang after sbq resize" to the blacklist.conf file because it is not\n needed in SLE 12 SP2.\n - Btrfs: incremental send, fix invalid path for link commands\n (bsc#1051479).\n - Btrfs: incremental send, fix invalid path for unlink commands\n (bsc#1051479).\n - Btrfs: send, fix invalid path after renaming and linking file\n (bsc#1051479).\n - Delete\n patches.drivers/0004-iommu-amd-reduce-delay-waiting-for-command-buffer-spac\n e. Remove the patch because it caused problems for users. See\n bsc#1048348.\n - Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'\n - Fix kABI breakage by KVM CVE fix (bsc#1045922).\n - IB/rxe: Fix kernel panic from skb destructor (bsc#1049361).\n - KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478).\n - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC\n (bsc#1051478).\n - KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).\n - NFS: Cache aggressively when file is open for writing (bsc#1033587).\n - NFS: Do not flush caches for a getattr that races with writeback\n (bsc#1033587).\n - NFS: invalidate file size when taking a lock (git-fixes).\n - PCI / PM: Fix native PME handling during system suspend/resume\n (bsc#1051478).\n - PCI: Add Mellanox device IDs (bsc#1051478).\n - PCI: Convert Mellanox broken INTx quirks to be for listed devices only\n (bsc#1051478).\n - PCI: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).\n - PCI: Enable ECRC only if device supports it (bsc#1051478).\n - PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+\n (bsc#1051478).\n - PCI: dwc: Fix uninitialized variable in dw_handle_msi_irq()\n (bsc#1051478).\n - PCI: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN\n (bsc#1051478).\n - PM / Hibernate: Fix scheduling while atomic during hibernation\n (bsc#1051059).\n - RDMA/qedr: Prevent memory overrun in verbs' user responses (bsc#1022604\n FATE#321747).\n - README.BRANCH: Add Oliver as openSUSE-42.3 branch co-maintainer\n - Refresh patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix a\n stupid bug where the VCPU_REGS_TF shift was used as a mask.\n - Revert "Add "shutdown" to "struct class"." (kabi).\n - Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi).\n - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"\n (bsc#1048914).\n - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"\n (bsc#1048914).\n - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi).\n - Update patches.drivers/0011-hpsa-remove-abort-handler.patch (bsc#1022600\n fate#321928 bsc#1016119).\n - Update\n patches.fixes/xfs-refactor-log-record-unpack-and-data-processing.patch\n (bsc#1043598, bsc#1036215).\n - apply mainline tags to some hyperv patches\n - arm64: kernel: restrict /dev/mem read() calls to linear region\n (bsc#1046651).++ kernel-source.spec (revision 3)%define patchversion\n 4.4.79Version: 4.4.79Release: <RELEASE>.g4dc78e3\n - arm64: mm: remove page_mapping check in __sync_icache_dcache\n (bsc#1040347).\n - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb()\n - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)\n - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI\n dependency') (bsc#1051478) This commit just removes an include and does\n not fix a real issue.\n - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok()\n argument type') (bsc#1051478) Fixes only a compile-warning.\n - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in\n test_nmi_ipi()') It only fixes a self-test (bsc#1051478).\n - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help\n text file path reference to lockup watchdog documentation') Updates only\n kconfig help-text (bsc#1051478).\n - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI\n capability for all architectures') This only fixes machines not\n supported by our kernels.\n - blacklist.conf: Do not need 55d728a40d36, we do it differently in SLE\n - blacklist.conf: add inapplicable commits for wifi (bsc#1031717)\n - blacklist.conf: blacklist 7b73305160f1, unneeded cleanup\n - blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be # FRV not\n applicable to SLE\n - blkfront: add uevent for size change (bnc#1036632).\n - block: Fix front merge check (bsc#1051239).\n - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).\n - btrfs: fix lockup in find_free_extent with read-only block groups\n (bsc#1046682).\n - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).\n - cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778).\n - cxgb4: fix a NULL dereference (bsc#1005778).\n - cxgb4: fix memory leak in init_one() (bsc#1005778).\n - dentry name snapshots (bsc#1049483).\n - device-dax: fix sysfs attribute deadlock (bsc#1048919).\n - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).\n - drm/vmwgfx: Fix large topology crash (bsc#1048155).\n - drm/vmwgfx: Support topology greater than texture size (bsc#1048155).\n - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).\n - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors\n (bsc#1012829).\n - gcov: add support for gcc version >= 6 (bsc#1051663).\n - gcov: support GCC 7.1 (bsc#1051663).\n - gfs2: fix flock panic issue (bsc#1012829).\n - hv: print extra debug in kvp_on_msg in error paths (bnc#1039153).\n - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421).\n - hv_netvsc: Fix the queue index computation in forwarding case\n (bsc#1048421).\n - i2c: designware-baytrail: fix potential null pointer dereference on dev\n (bsc#1011913).\n - introduce the walk_process_tree() helper (bnc#1022476).\n - iommu/amd: Fix interrupt remapping when disable guest_mode (bsc#1051471).\n - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).\n - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).\n - iwlwifi: pcie: fix command completion name debug (bsc#1031717).\n - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly\n version in panic path" (bsc#1051478).\n - kABI: protect lwtunnel include in ip6_route.h (kabi).\n - kABI: protect struct iscsi_tpg_attrib (kabi).\n - kABI: protect struct tpm_chip (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).\n - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1048919).\n - libnvdimm, region: fix flush hint detection crash (bsc#1048919).\n - libnvdimm: fix badblock range handling of ARS range (bsc#1051048).\n - lightnvm: fix "warning: \u00e2\u0080\u0098ret\u00e2\u0080\u0099 may be used uninitialized"\n (FATE#319466).\n - md-cluster: Fix a memleak in an error handling path (bsc#1049289).\n - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).\n - mwifiex: do not update MCS set from hostapd (bsc#1031717).\n - net/ena: switch to pci_alloc_irq_vectors (bsc#1047121).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - net: hns: Bugfix for Tx timeout handling in hns driver (bsc#1048451).\n - net: phy: Do not perform software reset for Generic PHY (bsc#1042286).\n - nvme: also provide a UUID in the WWID sysfs attribute (bsc#1048146).\n - nvme: wwid_show: strip trailing 0-bytes (bsc#1048146).\n - nvmet: identify controller: improve standard compliance (bsc#1048146).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: Make ocfs2_set_acl() static (bsc#1030552).\n - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).\n - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).\n - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).\n - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).\n - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill\n dmi list (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill\n (bsc#1051022).\n - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used\n (bsc#1049231).\n - powerpc: Add POWER9 architected mode to cputable (bsc#1048916,\n fate#321439).\n - powerpc: Support POWER9 in architected mode (bsc#1048916, fate#321439).\n - prctl: propagate has_child_subreaper flag to every descendant\n (bnc#1022476).\n - qed: Add missing static/local dcbx info (bsc#1019695).\n - qed: Correct print in iscsi error-flow (bsc#1019695).\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - reorder upstream commit d0c2c9973ecd net: use core MTU range checking in\n virt drivers\n - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id\n This needs rpm-4.14+ (bsc#964063).\n - s390/crash: Remove unused KEXEC_NOTE_BYTES (bsc#1049706).\n - s390/kdump: remove code to create ELF notes in the crashed system\n (bsc#1049706).\n - sched/core: Allow __sched_setscheduler() in interrupts when PI is not\n used (bnc#1022476).\n - sched/debug: Print the scheduler topology group mask (bnc#1022476).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).\n - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).\n - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all\n cfs_rqs (bnc#1022476).\n - sched/topology: Add sched_group_capacity debugging (bnc#1022476).\n - sched/topology: Fix building of overlapping sched-groups (bnc#1022476).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).\n - sched/topology: Move comment about asymmetric node setups (bnc#1022476).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1022476).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).\n - sched/topology: Small cleanup (bnc#1022476).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1022476).\n - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).\n - scsi: aacraid: Do not copy uninitialized stack memory to userspace\n (bsc#1048912).\n - scsi: aacraid: fix leak of data from stack back to userspace\n (bsc#1048912).\n - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).\n - scsi: lpfc: Add MDS Diagnostic support (bsc#1037838).\n - scsi: lpfc: Add auto EQ delay logic (bsc#1042257).\n - scsi: lpfc: Added recovery logic for running out of NVMET IO context\n resources (bsc#1037838).\n - scsi: lpfc: Adding additional stats counters for nvme (bsc#1037838).\n - scsi: lpfc: Cleanup entry_repost settings on SLI4 queues (bsc#1037838).\n - scsi: lpfc: Driver responds LS_RJT to Beacon Off ELS - Linux\n (bsc#1044623).\n - scsi: lpfc: Fix NMI watchdog assertions when running nvmet IOPS tests\n (bsc#1037838).\n - scsi: lpfc: Fix NVME I+T not registering NVME as a supported FC4 type\n (bsc#1037838).\n - scsi: lpfc: Fix NVMEI driver not decrementing counter causing bad rport\n state (bsc#1037838).\n - scsi: lpfc: Fix NVMEI's handling of NVMET's PRLI response attributes\n (bsc#1037838).\n - scsi: lpfc: Fix SLI3 drivers attempting NVME ELS commands (bsc#1044623).\n - scsi: lpfc: Fix crash after firmware flash when IO is running\n (bsc#1044623).\n - scsi: lpfc: Fix crash doing IO with resets (bsc#1044623).\n - scsi: lpfc: Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an\n abort request (bsc#1044623).\n - scsi: lpfc: Fix debugfs root inode "lpfc" not getting deleted on driver\n unload (bsc#1037838).\n - scsi: lpfc: Fix defects reported by Coverity Scan (bsc#1042257).\n - scsi: lpfc: Fix nvme io stoppage after link bounce (bsc#1045404).\n - scsi: lpfc: Fix nvmet RQ resource needs for large block writes\n (bsc#1037838).\n - scsi: lpfc: Fix system crash when port is reset (bsc#1037838).\n - scsi: lpfc: Fix system panic when express lane enabled (bsc#1044623).\n - scsi: lpfc: Fix used-RPI accounting problem (bsc#1037838).\n - scsi: lpfc: Reduce time spent in IRQ for received NVME commands\n (bsc#1044623).\n - scsi: lpfc: Separate NVMET RQ buffer posting from IO resources\n SGL/iocbq/context (bsc#1037838).\n - scsi: lpfc: Separate NVMET data buffer pool fir ELS/CT (bsc#1037838).\n - scsi: lpfc: Vport creation is failing with "Link Down" error\n (bsc#1044623).\n - scsi: lpfc: fix refcount error on node list (bsc#1045404).\n - scsi: lpfc: update to revision to 11.4.0.1 (bsc#1044623).\n - scsi: lpfc: update version to 11.2.0.14 (bsc#1037838).\n - scsi: qedf: Fix a return value in case of error in\n 'qedf_alloc_global_queues' (bsc#1048912).\n - scsi: qedi: Remove WARN_ON for untracked cleanup (bsc#1044443).\n - scsi: qedi: Remove WARN_ON from clear task context (bsc#1044443).\n - sfc: Add ethtool -m support for QSFP modules (bsc#1049619).\n - string.h: add memcpy_and_pad() (bsc#1048146).\n - timers: Plug locking race vs. timer migration (bnc#1022476).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).\n - udf: Fix races with i_size changes during readpage (bsc#1012829).\n - x86/LDT: Print the real LDT base address (bsc#1051478).\n - x86/mce: Make timer handling more robust (bsc#1042422).\n - x86/panic: replace smp_send_stop() with kdump friendly version in panic\n path (bsc#1051478).\n - x86/platform/uv/BAU: Disable BAU on single hub configurations\n (bsc#1050320).\n - x86/platform/uv/BAU: Fix congested_response_us not taking effect\n (bsc#1050322).\n - xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563).\n - xen: hold lock_device_hotplug throughout vcpu hotplug operations\n (bsc#1042422).\n - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598).\n - xfs: detect and trim torn writes during log recovery (bsc#1036215).\n - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).\n - xfs: refactor and open code log record crc check (bsc#1036215).\n - xfs: refactor log record start detection into a new helper (bsc#1036215).\n - xfs: return start block of first bad log record during recovery\n (bsc#1036215).\n - xfs: support a crc verification only log record pass (bsc#1036215).\n - xgene: Do not fail probe, if there is no clk resource for SGMII\n interfaces (bsc#1048501).\n\n", "edition": 1, "modified": "2017-08-09T15:21:43", "published": "2017-08-09T15:21:43", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00032.html", "id": "OPENSUSE-SU-2017:2112-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-08-09T17:07:07", "bulletinFamily": "unix", "cvelist": ["CVE-2017-10810", "CVE-2017-11473", "CVE-2017-7533", "CVE-2017-7541", "CVE-2017-7542"], "description": "The openSUSE Leap 42.2 kernel was updated to 4.4.79 to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n - CVE-2017-7533: A bug in inotify code allowed local users to escalate\n privilege (bnc#1049483).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed\n attackers to cause a denial of service (memory consumption) by\n triggering object-initialization failures (bnc#1047277).\n\n The following non-security bugs were fixed:\n\n - acpi / processor: Avoid reserving IO regions too early (bsc#1051478).\n - af_key: Add lock to key dump (bsc#1047653).\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n - alsa: fm801: Initialize chip after IRQ handler is registered\n (bsc#1031717).\n - alsa: hda - Fix endless loop of codec configure (bsc#1031717).\n - alsa: hda - set input_path bitmap to zero after moving it to new place\n (bsc#1031717).\n - b43: Add missing MODULE_FIRMWARE() (bsc#1037344).\n - bcache: force trigger gc (bsc#1038078).\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).\n - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb()\n - blacklist.conf:\n - blacklist.conf: 1151f838cb62 is high-risk and we're not aware of any\n systems that might need it in SP2.\n - blacklist.conf: 8b8642af15ed not a supported driver\n - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)\n - blacklist.conf: add inapplicable commits for wifi (bsc#1031717)\n - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).\n - blacklist.conf: add unapplicable drm fixes (bsc#1031717).\n - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI\n dependency') (bsc#1051478) This commit just removes an include and does\n not fix a real issue.\n - blacklist.conf: blacklist 7b73305160f1, unneeded cleanup\n - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok()\n argument type') (bsc#1051478) Fixes only a compile-warning.\n - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in\n test_nmi_ipi()') It only fixes a self-test (bsc#1051478).\n - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help\n text file path reference to lockup watchdog documentation') Updates only\n kconfig help-text (bsc#1051478).\n - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI\n capability for all architectures') This only fixes machines not\n supported by our kernels.\n - blacklist.conf: build time cleanup our kernel compiles. No need to shut\n up warnings nobody looks at\n - blacklist.conf: cleanup, no bugs fixed\n - blacklist.conf: cxgb4 commit does not fit for SP2\n - blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be # FRV not\n applicable to SLE\n - blacklist.conf: Do not need 55d728a40d36, we do it differently in SLE\n - blacklist.conf: kABI breakage This touches struct device.\n - blacklist.conf: lp8788 is not compiled\n - blacklist.conf: unneeded Fixing debug statements on BE systems for IrDA\n - blkfront: add uevent for size change (bnc#1036632).\n - block: Allow bdi re-registration (bsc#1040307).\n - block: Fix front merge check (bsc#1051239).\n - block: Make del_gendisk() safer for disks without queues (bsc#1040307).\n - block: Move bdi_unregister() to del_gendisk() (bsc#1040307).\n - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).\n - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).\n - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - btrfs: fix lockup in find_free_extent with read-only block groups\n (bsc#1046682).\n - btrfs: incremental send, fix invalid path for link commands\n (bsc#1051479).\n - btrfs: incremental send, fix invalid path for unlink commands\n (bsc#1051479).\n - btrfs: resume qgroup rescan on rw remount (bsc#1047152).\n - btrfs: send, fix invalid path after renaming and linking file\n (bsc#1051479).\n - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).\n - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).\n - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).\n - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).\n - dentry name snapshots (bsc#1049483).\n - dm: fix second blk_delay_queue() parameter to be in msec units not\n (bsc#1047670).\n - drivers: hv: Fix the bug in generating the guest ID (fate#320485).\n - drivers: hv: util: Fix a typo (fate#320485).\n - drivers: hv: vmbus: Get the current time from the current clocksource\n (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).\n - drivers: hv: vmbus: Increase the time between retries in\n vmbus_post_msg() (fate#320485, bnc#1044112).\n - drivers: hv: vmbus: Move the code to signal end of message (fate#320485).\n - drivers: hv: vmbus: Move the definition of generate_guest_id()\n (fate#320485).\n - drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents\n (fate#320485).\n - drivers: hv: vmbus: Restructure the clockevents code (fate#320485).\n - drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions\n (bsc#1031717).\n - drm/bochs: Implement nomodeset (bsc#1047096).\n - drm/i915/fbdev: Stop repeating tile configuration on stagnation\n (bsc#1031717).\n - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).\n - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).\n - drm/vmwgfx: Fix large topology crash (bsc#1048155).\n - drm/vmwgfx: Support topology greater than texture size (bsc#1048155).\n - drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'\n - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors\n (bsc#1012829).\n - Fix kABI breakage by KVM CVE fix (bsc#1045922).\n - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).\n - gcov: add support for gcc version >= 6 (bsc#1051663).\n - gcov: support GCC 7.1 (bsc#1051663).\n - gfs2: fix flock panic issue (bsc#1012829).\n - hrtimer: Catch invalid clockids again (bsc#1047651).\n - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).\n - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485,\n bnc#1044112, bnc#1042778, bnc#1029693).\n - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485,\n bnc#1044112, bnc#1042778, bnc#1029693).\n - hv_util: switch to using timespec64 (fate#320485).\n - i2c: designware-baytrail: fix potential null pointer dereference on dev\n (bsc#1011913).\n - i40e: add hw struct local variable (bsc#1039915).\n - i40e: add private flag to control source pruning (bsc#1034075).\n - i40e: add VSI info to macaddr messages (bsc#1039915).\n - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).\n - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).\n - i40e: delete filter after adding its replacement when converting\n (bsc#1039915).\n - i40e: do not add broadcast filter for VFs (bsc#1039915).\n - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1\n (bsc#1039915).\n - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter\n (bsc#1039915).\n - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast\n filter (bsc#1039915).\n - i40e: factor out addition/deletion of VLAN per each MAC address\n (bsc#1039915).\n - i40e: fix MAC filters when removing VLANs (bsc#1039915).\n - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan\n (bsc#1039915).\n - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915).\n - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915).\n - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: no need to check is_vsi_in_vlan before calling\n i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915).\n - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan\n (bsc#1039915).\n - i40e: refactor i40e_update_filter_state to avoid passing aq_err\n (bsc#1039915).\n - i40e: refactor Rx filter handling (bsc#1039915).\n - i40e: Removal of workaround for simple MAC address filter deletion\n (bsc#1039915).\n - i40e: remove code to handle dev_addr specially (bsc#1039915).\n - i40e: removed unreachable code (bsc#1039915).\n - i40e: remove duplicate add/delete adminq command code for filters\n (bsc#1039915).\n - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid\n (bsc#1039915).\n - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan\n (bsc#1039915).\n - i40e: restore workaround for removing default MAC filter (bsc#1039915).\n - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915).\n - i40e: store MAC/VLAN filters in a hash with the MAC Address as key\n (bsc#1039915).\n - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID\n (bsc#1039915).\n - i40e: when adding or removing MAC filters, correctly handle VLANs\n (bsc#1039915).\n - i40e: When searching all MAC/VLAN filters, ignore removed filters\n (bsc#1039915).\n - i40e: write HENA for VFs (bsc#1039915).\n - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value\n (bsc#1031717).\n - Input: gpio-keys - fix check for disabling unsupported keys\n (bsc#1031717).\n - introduce the walk_process_tree() helper (bnc#1022476).\n - ipv4: Should use consistent conditional judgement for ip fragment in\n __ip_append_data and ip_finish_output (bsc#1041958).\n - ipv6: Should use consistent conditional judgement for ip6 fragment\n between __ip6_append_data and ip6_finish_output (bsc#1041958).\n - iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335).\n - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).\n - iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).\n - iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: fix command completion name debug (bsc#1031717).\n - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly\n version in panic path" (bsc#1051478).\n - kABI: protect lwtunnel include in ip6_route.h (kabi).\n - kABI: protect struct iscsi_tpg_attrib (kabi).\n - kABI: protect struct tpm_chip (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC\n (bsc#1051478).\n - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).\n - kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478).\n - kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).\n - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651).\n - md: fix sleep in atomic (bsc#1040351).\n - mm: adaptive hash table scaling (bnc#1036303).\n - mm-adaptive-hash-table-scaling-v5 (bnc#1036303).\n - mm: call page_ext_init() after all struct pages are initialized (VM\n Debugging Functionality, bsc#1047048).\n - mm: drop HASH_ADAPT (bnc#1036303).\n - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality,\n bsc#1042314).\n - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).\n - More Git-commit header fixups No functional change intended.\n - mwifiex: do not update MCS set from hostapd (bsc#1031717).\n - net: account for current skb length when deciding about UFO\n (bsc#1041958).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()\n (bsc#1042286).\n - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes).\n - net: phy: Do not perform software reset for Generic PHY (bsc#1042286).\n - nfs: Cache aggressively when file is open for writing (bsc#1033587).\n - nfs: Do not flush caches for a getattr that races with writeback\n (bsc#1033587).\n - nfs: invalidate file size when taking a lock (git-fixes).\n - nfs: only invalidate dentrys that are clearly invalid (bsc#1047118).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).\n - ocfs2: Make ocfs2_set_acl() static (bsc#1030552).\n - pci: Add Mellanox device IDs (bsc#1051478).\n - pci: Convert Mellanox broken INTx quirks to be for listed devices only\n (bsc#1051478).\n - pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).\n - pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN\n (bsc#1051478).\n - pci: dwc: Fix uninitialized variable in dw_handle_msi_irq()\n (bsc#1051478).\n - pci: Enable ECRC only if device supports it (bsc#1051478).\n - PCI / PM: Fix native PME handling during system suspend/resume\n (bsc#1051478).\n - pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+\n (bsc#1051478).\n - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).\n - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).\n - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).\n - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill\n dmi list (bsc#1051022).\n - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - Pm / Hibernate: Fix scheduling while atomic during hibernation\n (bsc#1051059).\n - prctl: propagate has_child_subreaper flag to every descendant\n (bnc#1022476).\n - README.BRANCH: Add Oliver as openSUSE-42.2 branch co-maintainer\n - Refresh patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix a\n stupid bug where the VCPU_REGS_TF shift was used as a mask.\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"\n (bsc#1031717).\n - Revert "Add "shutdown" to "struct class"." (kabi).\n - Revert "kvm: x86: fix emulation of RSM and IRET instructions" (kabi).\n - Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi).\n - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"\n (bsc#1048914).\n - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi).\n - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id\n This needs rpm-4.14+ (bsc#964063).\n - sched/core: Allow __sched_setscheduler() in interrupts when PI is not\n used (bnc#1022476).\n - sched/debug: Print the scheduler topology group mask (bnc#1022476).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).\n - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).\n - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all\n cfs_rqs (bnc#1022476).\n - sched/topology: Add sched_group_capacity debugging (bnc#1022476).\n - sched/topology: Fix building of overlapping sched-groups (bnc#1022476).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).\n - sched/topology: Move comment about asymmetric node setups (bnc#1022476).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1022476).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).\n - sched/topology: Small cleanup (bnc#1022476).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1022476).\n - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).\n - scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485,\n bnc#1044636).\n - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - sysctl: do not print negative flag for proc_douintvec (bnc#1046985).\n - timers: Plug locking race vs. timer migration (bnc#1022476).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).\n - udf: Fix races with i_size changes during readpage (bsc#1012829).\n - x86/LDT: Print the real LDT base address (bsc#1051478).\n - x86/mce: Make timer handling more robust (bsc#1042422).\n - x86/panic: replace smp_send_stop() with kdump friendly version in panic\n path (bsc#1051478).\n - xen: allocate page for shared info page from low memory (bnc#1038616).\n - xen/balloon: do not online new memory initially (bnc#1028173).\n - xen: hold lock_device_hotplug throughout vcpu hotplug operations\n (bsc#1042422).\n - xen-netfront: Rework the fix for Rx stall during OOM and network stress\n (git-fixes).\n - xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563).\n - xfrm: NULL dereference on allocation failure (bsc#1047343).\n - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).\n - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n\n", "edition": 1, "modified": "2017-08-09T15:08:18", "published": "2017-08-09T15:08:18", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00031.html", "id": "OPENSUSE-SU-2017:2110-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-08-29T21:10:26", "bulletinFamily": "unix", "cvelist": ["CVE-2017-1000111", "CVE-2017-8831", "CVE-2017-10810", "CVE-2017-11473", "CVE-2017-7533", "CVE-2017-1000112", "CVE-2017-7541", "CVE-2017-7542"], "description": "The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.82 to receive\n various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-1000111: Fixed a race condition in net-packet code that could\n be exploited to cause out-of-bounds memory access (bsc#1052365).\n - CVE-2017-1000112: Fixed a race condition in net-packet code that could\n have been exploited by unprivileged users to gain root access.\n (bsc#1052311).\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed\n local users to cause a denial of service (out-of-bounds array access) or\n possibly have unspecified other impact by changing a certain\n sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n - CVE-2017-7533: Race condition in the fsnotify implementation in the\n Linux kernel allowed local users to gain privileges or cause a denial of\n service (memory corruption) via a crafted application that leverages\n simultaneous execution of the inotify_handle_event and vfs_rename\n functions (bnc#1049483 bnc#1050677).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed\n attackers to cause a denial of service (memory consumption) by\n triggering object-initialization failures (bnc#1047277).\n\n The following non-security bugs were fixed:\n\n - acpi/nfit: Add support of NVDIMM memory error notification in ACPI 6.2\n (bsc#1052325).\n - acpi/nfit: Issue Start ARS to retrieve existing records (bsc#1052325).\n - acpi / processor: Avoid reserving IO regions too early (bsc#1051478).\n - acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).\n - Add "shutdown" to "struct class" (bsc#1053117).\n - af_key: Add lock to key dump (bsc#1047653).\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n - alsa: fm801: Initialize chip after IRQ handler is registered\n (bsc#1031717).\n - alsa: hda - add more ML register definitions (bsc#1048356).\n - alsa: hda - add sanity check to force the separate stream tags\n (bsc#1048356).\n - alsa: hda: Add support for parsing new HDA capabilities (bsc#1048356).\n - alsa: hdac: Add support for hda DMA Resume capability (bsc#1048356).\n - alsa: hdac_regmap - fix the register access for runtime PM (bsc#1048356).\n - alsa: hda: Fix cpu lockup when stopping the cmd dmas (bsc#1048356).\n - alsa: hda - Fix endless loop of codec configure (bsc#1031717).\n - alsa: hda: fix to wait for RIRB & CORB DMA to set (bsc#1048356).\n - alsa: hda - Loop interrupt handling until really cleared (bsc#1048356).\n - alsa: hda - move bus_parse_capabilities to core (bsc#1048356).\n - alsa: hda - set input_path bitmap to zero after moving it to new place\n (bsc#1031717).\n - alsa: hda - set intel audio clock to a proper value (bsc#1048356).\n - arm64: kernel: restrict /dev/mem read() calls to linear region\n (bsc#1046651).\n - arm64: mm: remove page_mapping check in __sync_icache_dcache\n (bsc#1040347).\n - arm64: Update config files. Disable DEVKMEM\n - b43: Add missing MODULE_FIRMWARE() (bsc#1037344).\n - bcache: force trigger gc (bsc#1038078).\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).\n - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)\n - blacklist.conf: add inapplicable commits for wifi (bsc#1031717)\n - blacklist.conf: add non-applicable fixes for iwlwifi (FATE#323335)\n - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).\n - blacklist.conf: add unapplicable drm fixes (bsc#1031717).\n - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok()\n argument type') (bsc#1051478) Fixes only a compile-warning.\n - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in\n test_nmi_ipi()') It only fixes a self-test (bsc#1051478).\n - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help\n text file path reference to lockup watchdog documentation') Updates only\n kconfig help-text (bsc#1051478).\n - blkfront: add uevent for size change (bnc#1036632).\n - blk-mq: map all HWQ also in hyperthreaded system (bsc#1045866).\n - block: add kblock_mod_delayed_work_on() (bsc#1050211).\n - block: Allow bdi re-registration (bsc#1040307).\n - block: do not allow updates through sysfs until registration completes\n (bsc#1047027).\n - block: Fix front merge check (bsc#1051239).\n - block: Make blk_mq_delay_kick_requeue_list() rerun the queue at a quiet\n time (bsc#1050211).\n - block: Make del_gendisk() safer for disks without queues (bsc#1040307).\n - block: Move bdi_unregister() to del_gendisk() (bsc#1040307).\n - block: provide bio_uninit() free freeing integrity/task associations\n (bsc#1050211).\n - bluetooth: hidp: fix possible might sleep error in hidp_session_thread\n (bsc#1031784).\n - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).\n - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).\n - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - btrfs: fix lockup in find_free_extent with read-only block groups\n (bsc#1046682).\n - btrfs: incremental send, fix invalid path for link commands\n (bsc#1051479).\n - btrfs: incremental send, fix invalid path for unlink commands\n (bsc#1051479).\n - btrfs: Manually implement device_total_bytes getter/setter (bsc#1043912).\n - btrfs: resume qgroup rescan on rw remount (bsc#1047152).\n - btrfs: Round down values which are written for total_bytes_size\n (bsc#1043912).\n - btrfs: send, fix invalid path after renaming and linking file\n (bsc#1051479).\n - cifs: Fix some return values in case of error in 'crypt_message'\n (bnc#1047802).\n - clocksource/drivers/arm_arch_timer: Fix read and iounmap of incorrect\n variable (bsc#1045937).\n - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).\n - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).\n - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).\n - cxgb4: fix a NULL dereference (bsc#1005778).\n - cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778).\n - cxgb4: fix memory leak in init_one() (bsc#1005778).\n - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).\n - dentry name snapshots (bsc#1049483).\n - device-dax: fix sysfs attribute deadlock (bsc#1048919).\n - dm: fix second blk_delay_queue() parameter to be in msec units not\n (bsc#1047670).\n - dm: make flush bios explicitly sync (bsc#1050211).\n - dm raid1: fixes two crash cases if mirror leg failed (bsc#1043520)\n - drivers/char: kmem: disable on arm64 (bsc#1046655).\n - drivers: hv: As a bandaid, increase HV_UTIL_TIMEOUT from 30 to 60\n seconds (bnc#1039153)\n - drivers: hv: Fix a typo (fate#320485).\n - drivers: hv: Fix the bug in generating the guest ID (fate#320485).\n - drivers: hv: util: Fix a typo (fate#320485).\n - drivers: hv: util: Make hv_poll_channel() a little more efficient\n (fate#320485).\n - drivers: hv: vmbus: Close timing hole that can corrupt per-cpu page\n (fate#320485).\n - drivers: hv: vmbus: Fix error code returned by vmbus_post_msg()\n (fate#320485).\n - drivers: hv: vmbus: Get the current time from the current clocksource\n (fate#320485, bnc#1044112).\n - drivers: hv: vmbus: Get the current time from the current clocksource\n (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).\n - drivers: hv: vmbus: Increase the time between retries in\n vmbus_post_msg() (fate#320485, bnc#1044112).\n - drivers: hv: vmbus: Increase the time between retries in\n vmbus_post_msg() (fate#320485, bnc#1044112).\n - drivers: hv: vmbus: Move the code to signal end of message (fate#320485).\n - drivers: hv: vmbus: Move the definition of generate_guest_id()\n (fate#320485).\n - drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents\n (fate#320485).\n - drivers: hv: vmbus: Restructure the clockevents code (fate#320485).\n - drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions\n (bsc#1031717).\n - drm/bochs: Implement nomodeset (bsc#1047096).\n - drm/i915/fbdev: Stop repeating tile configuration on stagnation\n (bsc#1031717).\n - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).\n - drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821).\n - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).\n - drm/vmwgfx: Fix large topology crash (bsc#1048155).\n - drm/vmwgfx: Support topology greater than texture size (bsc#1048155).\n - Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state'\n - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors\n (bsc#1012829).\n - Fix kABI breakage by HD-audio bus caps extensions (bsc#1048356).\n - Fix kABI breakage by KVM CVE fix (bsc#1045922).\n - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).\n - fs: pass on flags in compat_writev (bsc#1050211).\n - fuse: initialize the flock flag in fuse_file on allocation (git-fixes).\n - gcov: add support for gcc version >= 6 (bsc#1051663).\n - gcov: support GCC 7.1 (bsc#1051663).\n - gfs2: fix flock panic issue (bsc#1012829).\n - hpsa: limit transfer length to 1MB (bsc#1025461).\n - hrtimer: Catch invalid clockids again (bsc#1047651).\n - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).\n - hv_netvsc: change netvsc device default duplex to FULL (fate#320485).\n - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421).\n - hv_netvsc: Fix the carrier state error when data path is off\n (fate#320485).\n - hv_netvsc: Fix the queue index computation in forwarding case\n (bsc#1048421).\n - hv_netvsc: Remove unnecessary var link_state from struct\n netvsc_device_info (fate#320485).\n - hv: print extra debug in kvp_on_msg in error paths (bnc#1039153).\n - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485,\n bnc#1044112).\n - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485,\n bnc#1044112, bnc#1042778, bnc#1029693).\n - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485,\n bnc#1044112).\n - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485,\n bnc#1044112, bnc#1042778, bnc#1029693).\n - hv_util: switch to using timespec64 (fate#320485).\n - hwpoison, memcg: forcibly uncharge LRU pages (bnc#1046105).\n - hyperv: fix warning about missing prototype (fate#320485).\n - hyperv: netvsc: Neaten netvsc_send_pkt by using a temporary\n (fate#320485).\n - hyperv: remove unnecessary return variable (fate#320485).\n - i2c: designware-baytrail: fix potential null pointer dereference on dev\n (bsc#1011913).\n - i40e: add hw struct local variable (bsc#1039915).\n - i40e: add private flag to control source pruning (bsc#1034075).\n - i40e: add VSI info to macaddr messages (bsc#1039915).\n - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).\n - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).\n - i40e: delete filter after adding its replacement when converting\n (bsc#1039915).\n - i40e: do not add broadcast filter for VFs (bsc#1039915).\n - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1\n (bsc#1039915).\n - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter\n (bsc#1039915).\n - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast\n filter (bsc#1039915).\n - i40e: factor out addition/deletion of VLAN per each MAC address\n (bsc#1039915).\n - i40e: fix ethtool to get EEPROM data from X722 interface (bsc#1047418).\n - i40e: fix MAC filters when removing VLANs (bsc#1039915).\n - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan\n (bsc#1039915).\n - i40e/i40evf: Fix use after free in Rx cleanup path (bsc#1051689).\n - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915).\n - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915).\n - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: no need to check is_vsi_in_vlan before calling\n i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915).\n - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan\n (bsc#1039915).\n - i40e: refactor i40e_update_filter_state to avoid passing aq_err\n (bsc#1039915).\n - i40e: refactor Rx filter handling (bsc#1039915).\n - i40e: Removal of workaround for simple MAC address filter deletion\n (bsc#1039915).\n - i40e: remove code to handle dev_addr specially (bsc#1039915).\n - i40e: removed unreachable code (bsc#1039915).\n - i40e: remove duplicate add/delete adminq command code for filters\n (bsc#1039915).\n - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid\n (bsc#1039915).\n - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan\n (bsc#1039915).\n - i40e: restore workaround for removing default MAC filter (bsc#1039915).\n - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915).\n - i40e: store MAC/VLAN filters in a hash with the MAC Address as key\n (bsc#1039915).\n - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID\n (bsc#1039915).\n - i40evf: fix merge error in older patch (bsc#1024346 FATE#321239\n bsc#1024373 FATE#321247).\n - i40e: when adding or removing MAC filters, correctly handle VLANs\n (bsc#1039915).\n - i40e: When searching all MAC/VLAN filters, ignore removed filters\n (bsc#1039915).\n - i40e: write HENA for VFs (bsc#1039915).\n - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).\n - IB/iser: Fix connection teardown race condition (bsc#1050211).\n - ibmvnic: Check for transport event on driver resume (bsc#1051556,\n bsc#1052709).\n - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).\n - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).\n - IB/rxe: Fix kernel panic from skb destructor (bsc#1049361).\n - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value\n (bsc#1031717).\n - include/linux/mmzone.h: simplify zone_intersects() (bnc#1047506).\n - input: gpio-keys - fix check for disabling unsupported keys\n (bsc#1031717).\n - introduce the walk_process_tree() helper (bnc#1022476).\n - iommu/amd: Add flush counters to struct dma_ops_domain (bsc#1045709).\n - iommu/amd: Add locking to per-domain flush-queue (bsc#1045709).\n - iommu/amd: Add new init-state IOMMU_CMDLINE_DISABLED (bsc#1045715).\n - iommu/amd: Add per-domain flush-queue data structures (bsc#1045709).\n - iommu/amd: Add per-domain timer to flush per-cpu queues (bsc#1045709).\n - iommu/amd: Check for error states first in iommu_go_to_state()\n (bsc#1045715).\n - iommu/amd: Constify irq_domain_ops (bsc#1045709).\n - iommu/amd: Disable IOMMUs at boot if they are enabled (bsc#1045715).\n - iommu/amd: Enable ga_log_intr when enabling guest_mode (bsc1052533).\n - iommu/amd: Fix interrupt remapping when disable guest_mode (bsc#1051471).\n - iommu/amd: Fix schedule-while-atomic BUG in initialization code\n (bsc1052533).\n - iommu/amd: Free already flushed ring-buffer entries before full-check\n (bsc#1045709).\n - iommu/amd: Free IOMMU resources when disabled on command line\n (bsc#1045715).\n - iommu/amd: Make use of the per-domain flush queue (bsc#1045709).\n - iommu/amd: Ratelimit io-page-faults per device (bsc#1045709).\n - iommu/amd: Reduce amount of MMIO when submitting commands (bsc#1045709).\n - iommu/amd: Reduce delay waiting for command buffer space (bsc#1045709).\n - iommu/amd: Remove amd_iommu_disabled check from amd_iommu_detect()\n (bsc#1045715).\n - iommu/amd: Remove queue_release() function (bsc#1045709).\n - iommu/amd: Rename free_on_init_error() (bsc#1045715).\n - iommu/amd: Rip out old queue flushing code (bsc#1045709).\n - iommu/amd: Set global pointers to NULL after freeing them (bsc#1045715).\n - iommu/amd: Suppress IO_PAGE_FAULTs in kdump kernel (bsc#1045715\n bsc#1043261).\n - iommu: Remove a patch because it caused problems for users. See\n bsc#1048348.\n - ipv4: Should use consistent conditional judgement for ip fragment in\n __ip_append_data and ip_finish_output (bsc#1041958).\n - ipv6: Should use consistent conditional judgement for ip6 fragment\n between __ip6_append_data and ip6_finish_output (bsc#1041958).\n - iw_cxgb4: Fix error return code in c4iw_rdev_open() (bsc#1026570).\n - iwlwifi: 8000: fix MODULE_FIRMWARE input (FATE#321353, FATE#323335).\n - iwlwifi: 9000: increase the number of queues (FATE#321353, FATE#323335).\n - iwlwifi: add device ID for 8265 (FATE#321353, FATE#323335).\n - iwlwifi: add device IDs for the 8265 device (FATE#321353, FATE#323335).\n - iwlwifi: add disable_11ac module param (FATE#321353, FATE#323335).\n - iwlwifi: add new 3168 series devices support (FATE#321353, FATE#323335).\n - iwlwifi: add new 8260 PCI IDs (FATE#321353, FATE#323335).\n - iwlwifi: add new 8265 (FATE#321353, FATE#323335).\n - iwlwifi: add new 8265 series PCI ID (FATE#321353, FATE#323335).\n - iwlwifi: Add new PCI IDs for 9260 and 5165 series (FATE#321353,\n FATE#323335).\n - iwlwifi: Add PCI IDs for the new 3168 series (FATE#321353, FATE#323335).\n - iwlwifi: Add PCI IDs for the new series 8165 (FATE#321353, FATE#323335).\n - iwlwifi: add support for 12K Receive Buffers (FATE#321353, FATE#323335).\n - iwlwifi: add support for getting HW address from CSR (FATE#321353,\n FATE#323335).\n - iwlwifi: avoid d0i3 commands when no/init ucode is loaded (FATE#321353,\n FATE#323335).\n - iwlwifi: bail out in case of bad trans state (FATE#321353, FATE#323335).\n - iwlwifi: block the queues when we send ADD_STA for uAPSD (FATE#321353,\n FATE#323335).\n - iwlwifi: change the Intel Wireless email address (FATE#321353,\n FATE#323335).\n - iwlwifi: change the Intel Wireless email address (FATE#321353,\n FATE#323335).\n - iwlwifi: check for valid ethernet address provided by OEM (FATE#321353,\n FATE#323335).\n - iwlwifi: clean up transport debugfs handling (FATE#321353, FATE#323335).\n - iwlwifi: clear ieee80211_tx_info->driver_data in the op_mode\n (FATE#321353, FATE#323335).\n - iwlwifi: Document missing module options (FATE#321353, FATE#323335).\n - iwlwifi: dump prph registers in a common place for all transports\n (FATE#321353, FATE#323335).\n - iwlwifi: dvm: advertise NETIF_F_SG (FATE#321353, FATE#323335).\n - iwlwifi: dvm: fix compare_const_fl.cocci warnings (FATE#321353,\n FATE#323335).\n - iwlwifi: dvm: handle zero brightness for wifi LED (FATE#321353,\n FATE#323335).\n - iwlwifi: dvm: remove a wrong dependency on m (FATE#321353, FATE#323335).\n - iwlwifi: dvm: remove Kconfig default (FATE#321353, FATE#323335).\n - iwlwifi: dvm: remove stray debug code (FATE#321353, FATE#323335).\n - iwlwifi: export the _no_grab version of PRPH IO functions (FATE#321353,\n FATE#323335).\n - iwlwifi: expose fw usniffer mode to more utilities (FATE#321353,\n FATE#323335).\n - iwlwifi: fix double hyphen in MODULE_FIRMWARE for 8000 (FATE#321353,\n FATE#323335).\n - iwlwifi: Fix firmware name maximum length definition (FATE#321353,\n FATE#323335).\n - iwlwifi: fix name of ucode loaded for 8265 series (FATE#321353,\n FATE#323335).\n - iwlwifi: fix printf specifier (FATE#321353, FATE#323335).\n - iwlwifi: generalize d0i3_entry_timeout module parameter (FATE#321353,\n FATE#323335).\n - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).\n - iwlwifi: mvm: adapt the firmware assert log to new firmware\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: add 9000-series RX API (FATE#321353, FATE#323335).\n - iwlwifi: mvm: add 9000 series RX processing (FATE#321353, FATE#323335).\n - iwlwifi: mvm: add a non-trigger window to fw dbg triggers (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: add an option to start rs from HT/VHT rates (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: Add a station in monitor mode (FATE#321353, FATE#323335).\n - iwlwifi: mvm: add bt rrc and ttc to debugfs (FATE#321353, FATE#323335).\n - iwlwifi: mvm: add bt settings to debugfs (FATE#321353, FATE#323335).\n - iwlwifi: mvm: add ctdp operations to debugfs (FATE#321353, FATE#323335).\n - iwlwifi: mvm: add CT-KILL notification (FATE#321353, FATE#323335).\n - iwlwifi: mvm: add debug print if scan config is ignored (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: add extended dwell time (FATE#321353, FATE#323335).\n - iwlwifi: mvm: add new ADD_STA command version (FATE#321353, FATE#323335).\n - iwlwifi: mvm: Add P2P client snoozing (FATE#321353, FATE#323335).\n - iwlwifi: mvm: add registration to cooling device (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: add registration to thermal zone (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: add support for negative temperatures (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: add tlv for multi queue rx support (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: add trigger for firmware dump upon TDLS events\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: add trigger for firmware dump upon TX response status\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: advertise NETIF_F_SG (FATE#321353, FATE#323335).\n - iwlwifi: mvm: Align bt-coex priority with requirements (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: allow to disable beacon filtering for AP/GO interface\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: avoid harmless -Wmaybe-uninialized warning (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: avoid panics with thermal device usage (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: avoid to WARN about gscan capabilities (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: bail out if CTDP start operation fails (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: bump firmware API to 21 (FATE#321353, FATE#323335).\n - iwlwifi: mvm: bump max API to 20 (FATE#321353, FATE#323335).\n - iwlwifi: mvm: change access to ieee80211_hdr (FATE#321353, FATE#323335).\n - iwlwifi: mvm: change iwl_mvm_get_key_sta_id() to return the station\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: change mcc update API (FATE#321353, FATE#323335).\n - iwlwifi: mvm: change name of iwl_mvm_d3_update_gtk (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: Change number of associated stations when station becomes\n associated (FATE#321353, FATE#323335).\n - iwlwifi: mvm: change protocol offload flows (FATE#321353, FATE#323335).\n - iwlwifi: mvm: change the check for ADD_STA status (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: check FW's response for nvm access write cmd (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: check iwl_mvm_wowlan_config_key_params() return value\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: check minimum temperature notification length\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: cleanup roc te on restart cleanup (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335).\n - iwlwifi: mvm: Configure fragmented scan for scheduled scan (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: configure scheduled scan according to traffic conditions\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: constify the parameters of a few functions in fw-dbg.c\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: Disable beacon storing in D3 when WOWLAN configured\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: disable DQA support (FATE#321353, FATE#323335).\n - iwlwifi: mvm: do not ask beacons when P2P GO vif and no assoc sta\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: do not keep an mvm ref when the interface is down\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: do not let NDPs mess the packet tracking (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: do not restart HW if suspend fails with unified image\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: Do not switch to D3 image on suspend (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: do not try to offload AES-CMAC in AP/IBSS modes\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: drop low_latency_agg_frame_cnt_limit (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: dump more registers upon error (FATE#321353, FATE#323335).\n - iwlwifi: mvm: dump the radio registers when the firmware crashes\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: enable L3 filtering (FATE#321353, FATE#323335).\n - iwlwifi: mvm: Enable MPLUT only on supported hw (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: enable VHT MU-MIMO for supported hardware (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: extend time event duration (FATE#321353, FATE#323335).\n - iwlwifi: mvm: fix accessing Null pointer during fw dump collection\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: fix d3_test with unified D0/D3 images (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: fix debugfs signedness warning (FATE#321353, FATE#323335).\n - iwlwifi: mvm: fix extended dwell time (FATE#321353, FATE#323335).\n - iwlwifi: mvm: fix incorrect fallthrough in iwl_mvm_check_running_scans()\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: fix memory leaks in error paths upon fw error dump\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: fix netdetect starting/stopping for unified images\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: fix RSS key sizing (FATE#321353, FATE#323335).\n - iwlwifi: mvm: fix unregistration of thermal in some error flows\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: flush all used TX queues before suspending (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: forbid U-APSD for P2P Client if the firmware does not\n support it (FATE#321353, FATE#323335).\n - iwlwifi: mvm: handle pass all scan reporting (FATE#321353, FATE#323335).\n - iwlwifi: mvm: ignore LMAC scan notifications when running UMAC scans\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: infrastructure for frame-release message (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: kill iwl_mvm_enable_agg_txq (FATE#321353, FATE#323335).\n - iwlwifi: mvm: let the firmware choose the antenna for beacons\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: make collecting fw debug data optional (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: move fw-dbg code to separate file (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: only release the trans ref if d0i3 is supported in fw\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: prepare the code towards TSO implementation (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: refactor d3 key update functions (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: refactor the way fw_key_table is handled (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: remove an extra tab (FATE#321353, FATE#323335).\n - iwlwifi: mvm: Remove bf_vif from iwl_power_vifs (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: Remove iwl_mvm_update_beacon_abort (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: remove redundant d0i3 flag from the config struct\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: remove shadowing variable (FATE#321353, FATE#323335).\n - iwlwifi: mvm: remove stray nd_config element (FATE#321353, FATE#323335).\n - iwlwifi: mvm: remove the vif parameter of\n iwl_mvm_configure_bcast_filter() (FATE#321353, FATE#323335).\n - iwlwifi: mvm: remove unnecessary check in iwl_mvm_is_d0i3_supported()\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: remove useless WARN_ON and rely on cfg80211's combination\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: report wakeup for wowlan (FATE#321353, FATE#323335).\n - iwlwifi: mvm: reset mvm->scan_type when firmware is started\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).\n - iwlwifi: mvm: return the cooling state index instead of the budget\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: ROC: cleanup time event info on FW failure (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: ROC: Extend the ROC max delay duration & limit ROC\n duration (FATE#321353, FATE#323335).\n - iwlwifi: mvm: rs: fix a potential out of bounds access (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: rs: fix a theoretical access to uninitialized array\n elements (FATE#321353, FATE#323335).\n - iwlwifi: mvm: rs: fix a warning message (FATE#321353, FATE#323335).\n - iwlwifi: mvm: rs: fix TPC action decision algorithm (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: rs: fix TPC statistics handling (FATE#321353, FATE#323335).\n - iwlwifi: mvm: Send power command on BSS_CHANGED_BEACON_INFO if needed\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: set default new STA as non-aggregated (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: set the correct amsdu enum values (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: set the correct descriptor size for tracing (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: small update in the firmware API (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: support A-MSDU in A-MPDU (FATE#321353, FATE#323335).\n - iwlwifi: mvm: support beacon storing (FATE#321353, FATE#323335).\n - iwlwifi: mvm: support description for user triggered fw dbg collection\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: support rss queues configuration command (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: Support setting continuous recording debug mode\n (FATE#321353, FATE#323335).\n - iwlwifi: mvm: support setting minimum quota from debugfs (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: support sw queue start/stop from mvm (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: take care of padded packets (FATE#321353, FATE#323335).\n - iwlwifi: mvm: take the transport ref back when leaving (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: track low-latency sources separately (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).\n - iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: update GSCAN capabilities (FATE#321353, FATE#323335).\n - iwlwifi: mvm: update ucode status before stopping device (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: use build-time assertion for fw trigger ID (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: use firmware station lookup, combine code (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: various trivial cleanups (FATE#321353, FATE#323335).\n - iwlwifi: mvm: writing zero bytes to debugfs causes a crash (FATE#321353,\n FATE#323335).\n - iwlwifi: nvm: fix loading default NVM file (FATE#321353, FATE#323335).\n - iwlwifi: nvm: fix up phy section when reading it (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: add 9000 series multi queue rx DMA support (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: add infrastructure for multi-queue rx (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: add initial RTPM support for PCI (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: Add new configuration to enable MSIX (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: add pm_prepare and pm_complete ops (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: add RTPM support when wifi is enabled (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: aggregate Flow Handler configuration writes (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: allow the op_mode to block the tx queues (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: allow to pretend to have Tx CSUM for debug (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: avoid restocks inside rx loop if not emergency\n (FATE#321353, FATE#323335).\n - iwlwifi: pcie: buffer packets to avoid overflowing Tx queues\n (FATE#321353, FATE#323335).\n - iwlwifi: pcie: build an A-MSDU using TSO core (FATE#321353, FATE#323335).\n - iwlwifi: pcie: configure more RFH settings (FATE#321353, FATE#323335).\n - iwlwifi: pcie: detect and workaround invalid write ptr behavior\n (FATE#321353, FATE#323335).\n - iwlwifi: pcie: do not increment / decrement a bool (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: enable interrupts before releasing the NIC's CPU\n (FATE#321353, FATE#323335).\n - iwlwifi: pcie: enable multi-queue rx path (FATE#321353, FATE#323335).\n - iwlwifi: pcie: extend device reset delay (FATE#321353, FATE#323335).\n - iwlwifi: pcie: fine tune number of rxbs (FATE#321353, FATE#323335).\n - iwlwifi: pcie: fix a race in firmware loading flow (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: fix command completion name debug (bsc#1031717).\n - iwlwifi: pcie: fix erroneous return value (FATE#321353, FATE#323335).\n - iwlwifi: pcie: fix global table size (FATE#321353, FATE#323335).\n - iwlwifi: pcie: fix identation in trans.c (FATE#321353, FATE#323335).\n - iwlwifi: pcie: fix RF-Kill vs. firmware load race (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: forbid RTPM on device removal (FATE#321353, FATE#323335).\n - iwlwifi: pcie: mark command queue lock with separate lockdep class\n (FATE#321353, FATE#323335).\n - iwlwifi: pcie: prevent skbs shadowing in iwl_trans_pcie_reclaim\n (FATE#321353, FATE#323335).\n - iwlwifi: pcie: refactor RXBs reclaiming code (FATE#321353, FATE#323335).\n - iwlwifi: pcie: remove ICT allocation message (FATE#321353, FATE#323335).\n - iwlwifi: pcie: remove pointer from debug message (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: re-organize code towards TSO (FATE#321353, FATE#323335).\n - iwlwifi: pcie: set RB chunk size back to 64 (FATE#321353, FATE#323335).\n - iwlwifi: pcie: update iwl_mpdu_desc fields (FATE#321353, FATE#323335).\n - iwlwifi: print index in api/capa flags parsing message (FATE#321353,\n FATE#323335).\n - iwlwifi: refactor the code that reads the MAC address from the NVM\n (FATE#321353, FATE#323335).\n - iwlwifi: remove IWL_DL_LED (FATE#321353, FATE#323335).\n - iwlwifi: remove unused parameter from grab_nic_access (FATE#321353,\n FATE#323335).\n - iwlwifi: replace d0i3_mode and wowlan_d0i3 with more generic variables\n (FATE#321353, FATE#323335).\n - iwlwifi: set max firmware version of 7265 to 17 (FATE#321353,\n FATE#323335).\n - iwlwifi: support ucode with d0 unified image - regular and usniffer\n (FATE#321353, FATE#323335).\n - iwlwifi: trans: make various conversion macros inlines (FATE#321353,\n FATE#323335).\n - iwlwifi: trans: support a callback for ASYNC commands (FATE#321353,\n FATE#323335).\n - iwlwifi: treat iwl_parse_nvm_data() MAC addr as little endian\n (FATE#321353, FATE#323335).\n - iwlwifi: tt: move ucode_loaded check under mutex (FATE#321353,\n FATE#323335).\n - iwlwifi: uninline iwl_trans_send_cmd (FATE#321353, FATE#323335).\n - iwlwifi: update host command messages to new format (FATE#321353,\n FATE#323335).\n - iwlwifi: Update PCI IDs for 8000 and 9000 series (FATE#321353,\n FATE#323335).\n - iwlwifi: update support for 3168 series firmware and NVM (FATE#321353,\n FATE#323335).\n - iwlwifi: various comments and code cleanups (FATE#321353, FATE#323335).\n - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly\n version in panic path" (bsc#1051478).\n - kABI: protect lwtunnel include in ip6_route.h (kabi).\n - KABI protect struct acpi_nfit_desc (bsc#1052325).\n - kABI: protect struct iscsi_tpg_attrib (kabi).\n - kABI: protect struct se_lun (kabi).\n - kABI: protect struct tpm_chip (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kabi/severities: add drivers/scsi/hisi_sas to kabi severities\n - kabi/severities: ignore kABi changes in iwlwifi stuff itself\n - kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC\n (bsc#1051478).\n - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).\n - kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478).\n - kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).\n - libnvdimm: fix badblock range handling of ARS range (bsc#1023175).\n - libnvdimm: fix badblock range handling of ARS range (bsc#1051048).\n - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).\n - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1048919).\n - libnvdimm, region: fix flush hint detection crash (bsc#1048919).\n - lightnvm: fix "warning: \u00e2\u0080\u0098ret\u00e2\u0080\u0099 may be used uninitialized"\n (FATE#319466).\n - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651).\n - md-cluster: Fix a memleak in an error handling path (bsc#1049289).\n - md: do not return -EAGAIN in md_allow_write for external metadata arrays\n (bsc#1047174).\n - md: fix sleep in atomic (bsc#1040351).\n - mm: call page_ext_init() after all struct pages are initialized (VM\n Debugging Functionality, bsc#1047048).\n - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality,\n bsc#1042314).\n - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).\n - mm, memory_hotplug: get rid of is_zone_device_section fix (bnc#1047595).\n - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack\n (bnc#1039348).\n - mwifiex: do not update MCS set from hostapd (bsc#1031717).\n - net: account for current skb length when deciding about UFO\n (bsc#1041958).\n - net: add netdev_lockdep_set_classes() helper (fate#320485).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net/ena: switch to pci_alloc_irq_vectors (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()\n (bsc#1042286).\n - net: hns: Bugfix for Tx timeout handling in hns driver (bsc#1048451).\n - net: hyperv: use new api ethtool_{get|set}_link_ksettings (fate#320485).\n - net/mlx4_core: Fixes missing capability bit in flags2 capability dump\n (bsc#1015337).\n - net/mlx4_core: Fix namespace misalignment in QinQ VST support commit\n (bsc#1015337).\n - net/mlx4_core: Fix sl_to_vl_change bit offset in flags2 dump\n (bsc#1015337).\n - net/mlx5: Cancel delayed recovery work when unloading the driver\n (bsc#1015342).\n - net/mlx5: Clean SRIOV eswitch resources upon VF creation failure\n (bsc#1015342).\n - net/mlx5: Consider tx_enabled in all modes on remap (bsc#1015342).\n - net/mlx5e: Add field select to MTPPS register (bsc#1015342).\n - net/mlx5e: Add missing support for PTP_CLK_REQ_PPS request (bsc#1015342).\n - net/mlx5e: Change 1PPS out scheme (bsc#1015342).\n - net/mlx5e: Fix broken disable 1PPS flow (bsc#1015342).\n - net/mlx5e: Fix outer_header_zero() check size (bsc#1015342).\n - net/mlx5e: Fix TX carrier errors report in get stats ndo (bsc#1015342).\n - net/mlx5e: Initialize CEE's getpermhwaddr address buffer to 0xff\n (bsc#1015342).\n - net/mlx5e: Rename physical symbol errors counter (bsc#1015342).\n - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes).\n - net/mlx5: Fix mlx5_add_flow_rules call with correct num of dests\n (bsc#1015342).\n - net/mlx5: Fix mlx5_ifc_mtpps_reg_bits structure size (bsc#1015342).\n - net/mlx5: Fix offset of hca cap reserved field (bsc#1015342).\n - net: phy: Do not perform software reset for Generic PHY (bsc#1042286).\n - netvsc: add comments about callback's and NAPI (fate#320485).\n - netvsc: Add #include's for csum_* function declarations (fate#320485).\n - netvsc: add rtnl annotations in rndis (fate#320485).\n - netvsc: add some rtnl_dereference annotations (fate#320485).\n - netvsc: avoid race with callback (fate#320485).\n - netvsc: change logic for change mtu and set_queues (fate#320485).\n - netvsc: change max channel calculation (fate#320485).\n - netvsc: change order of steps in setting queues (fate#320485).\n - netvsc: Deal with rescinded channels correctly (fate#320485).\n - netvsc: do not access netdev->num_rx_queues directly (fate#320485).\n - netvsc: do not overload variable in same function (fate#320485).\n - netvsc: do not print pointer value in error message (fate#320485).\n - netvsc: eliminate unnecessary skb == NULL checks (fate#320485).\n - netvsc: enable GRO (fate#320485).\n - netvsc: Fix a bug in sub-channel handling (fate#320485).\n - netvsc: fix and cleanup rndis_filter_set_packet_filter (fate#320485).\n - netvsc: fix calculation of available send sections (fate#320485).\n - netvsc: fix dereference before null check errors (fate#320485).\n - netvsc: fix error unwind on device setup failure (fate#320485).\n - netvsc: fix hang on netvsc module removal (fate#320485).\n - netvsc: fix NAPI performance regression (fate#320485).\n - netvsc: fix net poll mode (fate#320485).\n - netvsc: fix netvsc_set_channels (fate#320485).\n - netvsc: fix ptr_ret.cocci warnings (fate#320485).\n - netvsc: fix rcu dereference warning from ethtool (fate#320485).\n - netvsc: fix RCU warning in get_stats (fate#320485).\n - netvsc: fix return value for set_channels (fate#320485).\n - netvsc: fix rtnl deadlock on unregister of vf (fate#320485, bsc#1052442).\n - netvsc: fix use after free on module removal (fate#320485).\n - netvsc: fix warnings reported by lockdep (fate#320485).\n - netvsc: fold in get_outbound_net_device (fate#320485).\n - netvsc: force link update after MTU change (fate#320485).\n - netvsc: handle offline mtu and channel change (fate#320485).\n - netvsc: implement NAPI (fate#320485).\n - netvsc: include rtnetlink.h (fate#320485).\n - netvsc: Initialize all channel related state prior to opening the\n channel (fate#320485).\n - netvsc: make sure and unregister datapath (fate#320485, bsc#1052899).\n - netvsc: make sure napi enabled before vmbus_open (fate#320485).\n - netvsc: mark error cases as unlikely (fate#320485).\n - netvsc: move filter setting to rndis_device (fate#320485).\n - netvsc: need napi scheduled during removal (fate#320485).\n - netvsc: need rcu_derefence when accessing internal device info\n (fate#320485).\n - netvsc: optimize calculation of number of slots (fate#320485).\n - netvsc: optimize receive completions (fate#320485).\n - netvsc: pass net_device to netvsc_init_buf and netvsc_connect_vsp\n (fate#320485).\n - netvsc: prefetch the first incoming ring element (fate#320485).\n - netvsc: Properly initialize the return value (fate#320485).\n - netvsc: remove bogus rtnl_unlock (fate#320485).\n - netvsc: remove no longer used max_num_rss queues (fate#320485).\n - netvsc: Remove redundant use of ipv6_hdr() (fate#320485).\n - netvsc: remove unnecessary indirection of page_buffer (fate#320485).\n - netvsc: remove unnecessary lock on shutdown (fate#320485).\n - netvsc: remove unused #define (fate#320485).\n - netvsc: replace netdev_alloc_skb_ip_align with napi_alloc_skb\n (fate#320485).\n - netvsc: save pointer to parent netvsc_device in channel table\n (fate#320485).\n - netvsc: signal host if receive ring is emptied (fate#320485).\n - netvsc: transparent VF management (fate#320485, bsc#1051979).\n - netvsc: use ERR_PTR to avoid dereference issues (fate#320485).\n - netvsc: use hv_get_bytes_to_read (fate#320485).\n - netvsc: use napi_consume_skb (fate#320485).\n - netvsc: use RCU to protect inner device structure (fate#320485).\n - netvsc: uses RCU instead of removal flag (fate#320485).\n - netvsc: use typed pointer for internal state (fate#320485).\n - nfs: Cache aggressively when file is open for writing (bsc#1033587).\n - nfs: Do not flush caches for a getattr that races with writeback\n (bsc#1033587).\n - nfs: invalidate file size when taking a lock (git-fixes).\n - nfs: only invalidate dentrys that are clearly invalid (bsc#1047118).\n - nfs: Optimize fallocate by refreshing mapping when needed (git-fixes).\n - nvme: add hostid token to fabric options (bsc#1045293).\n - nvme: also provide a UUID in the WWID sysfs attribute (bsc#1048146).\n - nvme: fabrics commands should use the fctype field for data direction\n (bsc#1043805).\n - nvme-pci: fix CMB sysfs file removal in reset path (bsc#1050211).\n - nvme/pci: Fix stuck nvme reset (bsc#1043805).\n - nvmet: identify controller: improve standard compliance (bsc#1048146).\n - nvme: wwid_show: strip trailing 0-bytes (bsc#1048146).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).\n - ocfs2: Make ocfs2_set_acl() static (bsc#1030552).\n - pci: Add Mellanox device IDs (bsc#1051478).\n - pci: Convert Mellanox broken INTx quirks to be for listed devices only\n (bsc#1051478).\n - pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).\n - pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN\n (bsc#1051478).\n - pci: dwc: Fix uninitialized variable in dw_handle_msi_irq()\n (bsc#1051478).\n - pci: Enable ECRC only if device supports it (bsc#1051478).\n - pci: hv: Allocate interrupt descriptors with GFP_ATOMIC (fate#320295,\n bnc#1034113).\n - pci: hv: Lock PCI bus on device eject (fate#320295, bnc#1034113).\n Replaces a change for (bnc#998664)\n - pci/msi: fix the pci_alloc_irq_vectors_affinity stub (bsc#1050211).\n - pci/msi: Ignore affinity if pre/post vector count is more than min_vecs\n (1050211).\n - pci/pm: Fix native PME handling during system suspend/resume\n (bsc#1051478).\n - pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+\n (bsc#1051478).\n - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).\n - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).\n - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).\n - pipe: cap initial pipe capacity according to pipe-max-size limit\n (bsc#1045330).\n - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill\n dmi list (bsc#1051022).\n - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - pm / Hibernate: Fix scheduling while atomic during hibernation\n (bsc#1051059).\n - powerpc: Add POWER9 architected mode to cputable (bsc#1048916,\n fate#321439).\n - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used\n (bsc#1049231).\n - powerpc/ftrace: Pass the correct stack pointer for\n DYNAMIC_FTRACE_WITH_REGS (FATE#322421).\n - powerpc/perf: Fix branch event code for power9 (fate#321438, Pending\n SUSE Kernel Fixes).\n - powerpc/perf: Fix oops when kthread execs user process\n - powerpc/perf: Fix SDAR_MODE value for continous sampling on Power9\n (bsc#1053043 (git-fixes)).\n - powerpc: Support POWER9 in architected mode (bsc#1048916, fate#321439).\n - powerpc/tm: Fix saving of TM SPRs in core dump (fate#318470, git-fixes\n 08e1c01d6aed).\n - prctl: propagate has_child_subreaper flag to every descendant\n (bnc#1022476).\n - printk: Correctly handle preemption in console_unlock() (bsc#1046434).\n - printk/xen: Force printk sync mode when migrating Xen guest\n (bsc#1043347).\n - qed: Add missing static/local dcbx info (bsc#1019695).\n - qed: Correct print in iscsi error-flow (bsc#1019695).\n - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).\n - rbd: drop extra rbd_img_request_get (bsc#1045596).\n - rbd: make sure pages are freed by libceph (bsc#1045596).\n - rdma/bnxt_re: checking for NULL instead of IS_ERR() (bsc#1052925).\n - rdma/iw_cxgb4: Always wake up waiter in c4iw_peer_abort_intr()\n (bsc#1026570).\n - rdma/mlx5: Fix existence check for extended address vector (bsc#1015342).\n - rdma/qedr: Prevent memory overrun in verbs' user responses (bsc#1022604\n FATE#321747).\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - Remove upstream commit e14b4db7a567 netvsc: fix race during\n initialization will be replaced by following changes\n - reorder upstream commit d0c2c9973ecd net: use core MTU range checking in\n virt drivers\n - Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"\n (bsc#1031717).\n - Revert "Add "shutdown" to "struct class"." (kabi).\n - Revert "KVM: x86: fix emulation of RSM and IRET instructions" (kabi).\n - Revert "Make file credentials available to the seqfile interfaces"\n (kabi).\n - Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi).\n - Revert "netvsc: optimize calculation of number of slots" (fate#320485).\n - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"\n (bsc#1048914).\n - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"\n (bsc#1048914).\n - Revert "/proc/iomem: only expose physical resource addresses to\n privileged users" (kabi).\n - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi).\n - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id\n This needs rpm-4.14+ (bsc#964063).\n - s390/crash: Remove unused KEXEC_NOTE_BYTES (bsc#1049706).\n - s390/kdump: remove code to create ELF notes in the crashed system\n (bsc#1049706).\n - sched/core: Allow __sched_setscheduler() in interrupts when PI is not\n used (bnc#1022476).\n - sched/debug: Print the scheduler topology group mask (bnc#1022476).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).\n - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).\n - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all\n cfs_rqs (bnc#1022476).\n - sched/topology: Add sched_group_capacity debugging (bnc#1022476).\n - sched/topology: Fix building of overlapping sched-groups (bnc#1022476).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).\n - sched/topology: Move comment about asymmetric node setups (bnc#1022476).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1022476).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).\n - sched/topology: Small cleanup (bnc#1022476).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1022476).\n - scsi: aacraid: Do not copy uninitialized stack memory to userspace\n (bsc#1048912).\n - scsi: aacraid: fix leak of data from stack back to userspace\n (bsc#1048912).\n - scsi: aacraid: fix PCI error recovery path (bsc#1048912).\n - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi_devinfo: fixup string compare (bsc#1037404).\n - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).\n - scsi: hisi_sas: add pci_dev in hisi_hba struct (bsc#1049298).\n - scsi: hisi_sas: add v2 hw internal abort timeout workaround\n (bsc#1049298).\n - scsi: hisi_sas: controller reset for multi-bits ECC and AXI fatal errors\n (bsc#1049298).\n - scsi: hisi_sas: fix NULL deference when TMF timeouts (bsc#1049298).\n - scsi: hisi_sas: fix timeout check in hisi_sas_internal_task_abort()\n (bsc#1049298).\n - scsi: hisi_sas: optimise DMA slot memory (bsc#1049298).\n - scsi: hisi_sas: optimise the usage of hisi_hba.lock (bsc#1049298).\n - scsi: hisi_sas: relocate get_ata_protocol() (bsc#1049298).\n - scsi: hisi_sas: workaround a SoC SATA IO processing bug (bsc#1049298).\n - scsi: hisi_sas: workaround SoC about abort timeout bug (bsc#1049298).\n - scsi: hisi_sas: workaround STP link SoC bug (bsc#1049298).\n - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).\n - scsi: lpfc: Add auto EQ delay logic (bsc#1042257).\n - scsi: lpfc: Added recovery logic for running out of NVMET IO context\n resources (bsc#1037838).\n - scsi: lpfc: Adding additional stats counters for nvme (bsc#1037838).\n - scsi: lpfc: Add MDS Diagnostic support (bsc#1037838).\n - scsi: lpfc: Cleanup entry_repost settings on SLI4 queues (bsc#1037838).\n - scsi: lpfc: do not double count abort errors (bsc#1048912).\n - scsi: lpfc: Driver responds LS_RJT to Beacon Off ELS - Linux\n (bsc#1044623).\n - scsi: lpfc: Fix crash after firmware flash when IO is running\n (bsc#1044623).\n - scsi: lpfc: Fix crash doing IO with resets (bsc#1044623).\n - scsi: lpfc: Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an\n abort request (bsc#1044623).\n - scsi: lpfc: Fix debugfs root inode "lpfc" not getting deleted on driver\n unload (bsc#1037838).\n - scsi: lpfc: Fix defects reported by Coverity Scan (bsc#1042257).\n - scsi: lpfc: fix linking against modular NVMe support (bsc#1048912).\n - scsi: lpfc: Fix NMI watchdog assertions when running nvmet IOPS tests\n (bsc#1037838).\n - scsi: lpfc: Fix NVMEI driver not decrementing counter causing bad rport\n state (bsc#1037838).\n - scsi: lpfc: Fix nvme io stoppage after link bounce (bsc#1045404).\n - scsi: lpfc: Fix NVMEI's handling of NVMET's PRLI response attributes\n (bsc#1037838).\n - scsi: lpfc: Fix NVME I+T not registering NVME as a supported FC4 type\n (bsc#1037838).\n - scsi: lpfc: Fix nvmet RQ resource needs for large block writes\n (bsc#1037838).\n - scsi: lpfc: fix refcount error on node list (bsc#1045404).\n - scsi: lpfc: Fix SLI3 drivers attempting NVME ELS commands (bsc#1044623).\n - scsi: lpfc: Fix system crash when port is reset (bsc#1037838).\n - scsi: lpfc: Fix system panic when express lane enabled (bsc#1044623).\n - scsi: lpfc: Fix used-RPI accounting problem (bsc#1037838).\n - scsi: lpfc: Reduce time spent in IRQ for received NVME commands\n (bsc#1044623).\n - scsi: lpfc: Separate NVMET data buffer pool fir ELS/CT (bsc#1037838).\n - scsi: lpfc: Separate NVMET RQ buffer posting from IO resources\n SGL/iocbq/context (bsc#1037838).\n - scsi: lpfc: update to revision to 11.4.0.1 (bsc#1044623).\n - scsi: lpfc: update version to 11.2.0.14 (bsc#1037838).\n - scsi: lpfc: Vport creation is failing with "Link Down" error\n (bsc#1044623).\n - scsi: qedf: Fix a return value in case of error in\n 'qedf_alloc_global_queues' (bsc#1048912).\n - scsi: qedi: Fix return code in qedi_ep_connect() (bsc#1048912).\n - scsi: qedi: Remove WARN_ON for untracked cleanup (bsc#1044443).\n - scsi: qedi: Remove WARN_ON from clear task context (bsc#1044443).\n - scsi: storvsc: Prefer kcalloc over kzalloc with multiply (fate#320485).\n - scsi: storvsc: remove return at end of void function (fate#320485).\n - scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485,\n bnc#1044636).\n - sfc: Add ethtool -m support for QSFP modules (bsc#1049619).\n - smartpqi: limit transfer length to 1MB (bsc#1025461).\n - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - string.h: add memcpy_and_pad() (bsc#1048146).\n - sysctl: do not print negative flag for proc_douintvec (bnc#1046985).\n - Temporarily disable iwlwifi-expose-default-fallback-ucode-api ... for\n updating iwlwifi stack\n - timers: Plug locking race vs. timer migration (bnc#1022476).\n - tools: hv: Add clean up for included files in Ubuntu net config\n (fate#320485).\n - tools: hv: Add clean up function for Ubuntu config (fate#320485).\n - tools: hv: properly handle long paths (fate#320485).\n - tools: hv: set allow-hotplug for VF on Ubuntu (fate#320485).\n - tools: hv: set hotplug for VF on Suse (fate#320485).\n - Tools: hv: vss: Thaw the filesystem and continue if freeze call has\n timed out (fate#320485).\n - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).\n - tpm: KABI fix (bsc#1053117).\n - tpm_tis: Fix IRQ autoprobing when using platform_device (bsc#1020645,\n fate#321435, fate#321507, fate#321600, Pending fixes 2017-07-06).\n - tpm_tis: Use platform_get_irq (bsc#1020645, fate#321435, fate#321507,\n fate#321600, Pending fixes 2017-07-06).\n - tpm/tpm_crb: fix priv->cmd_size initialisation (bsc#1020645,\n fate#321435, fate#321507, fate#321600, Pending SUSE Kernel Fixes).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).\n - udf: Fix races with i_size changes during readpage (bsc#1012829).\n - Update config files: add CONFIG_IWLWIFI_PCIE_RTPM=y (FATE#323335)\n - vfs: fix missing inode_get_dev sites (bsc#1052049).\n - vmbus: cleanup header file style (fate#320485).\n - vmbus: expose debug info for drivers (fate#320485).\n - vmbus: fix spelling errors (fate#320485).\n - vmbus: introduce in-place packet iterator (fate#320485).\n - vmbus: only reschedule tasklet if time limit exceeded (fate#320485).\n - vmbus: re-enable channel tasklet (fate#320485).\n - vmbus: remove unnecessary initialization (fate#320485).\n - vmbus: remove useless return's (fate#320485).\n - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache()\n (bsc#1051399).\n - x86/hyperv: Check frequency MSRs presence according to the specification\n (fate#320485).\n - x86/LDT: Print the real LDT base address (bsc#1051478).\n - x86/mce: Make timer handling more robust (bsc#1042422).\n - x86/panic: replace smp_send_stop() with kdump friendly version in panic\n path (bsc#1051478).\n - x86/platform/uv/BAU: Disable BAU on single hub configurations\n (bsc#1050320).\n - x86/platform/uv/BAU: Fix congested_response_us not taking effect\n (bsc#1050322).\n - xen: allocate page for shared info page from low memory (bnc#1038616).\n - xen/balloon: do not online new memory initially (bnc#1028173).\n - xen: hold lock_device_hotplug throughout vcpu hotplug operations\n (bsc#1042422).\n - xen-netfront: Rework the fix for Rx stall during OOM and network stress\n (git-fixes).\n - xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563).\n - xfrm: NULL dereference on allocation failure (bsc#1047343).\n - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598).\n - xfs: detect and trim torn writes during log recovery (bsc#1036215).\n - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).\n - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - xfs: refactor and open code log record crc check (bsc#1036215).\n - xfs: refactor log record start detection into a new helper (bsc#1036215).\n - xfs: return start block of first bad log record during recovery\n (bsc#1036215).\n - xfs: support a crc verification only log record pass (bsc#1036215).\n - xgene: Do not fail probe, if there is no clk resource for SGMII\n interfaces (bsc#1048501).\n - xilinx network drivers: disable (bsc#1046170).\n\n", "edition": 1, "modified": "2017-08-29T18:11:41", "published": "2017-08-29T18:11:41", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-08/msg00071.html", "id": "SUSE-SU-2017:2286-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-10-27T20:32:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-13080", "CVE-2017-14489", "CVE-2017-7518", "CVE-2017-15649", "CVE-2017-1000252", "CVE-2017-11472", "CVE-2017-8831", "CVE-2017-10810", "CVE-2017-14106", "CVE-2017-11473", "CVE-2017-7541", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-6346", "CVE-2017-7542", "CVE-2017-12154"], "description": "The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.90 to receive\n various security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS\n users to cause a denial of service (assertion failure, and hypervisor\n hang or crash) via an out-of bounds guest_irq value, related to\n arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).\n - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed\n attackers to cause a denial of service (memory consumption) by\n triggering object-initialization failures (bnc#1047277).\n - CVE-2017-11472: The acpi_ns_terminate() function in\n drivers/acpi/acpica/nsutils.c in the Linux kernel did not flush the\n operand cache and causes a kernel stack dump, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism (in the kernel through 4.9) via a crafted ACPI\n table (bnc#1049580).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n - CVE-2017-12134: The xen_biovec_phys_mergeable function in\n drivers/xen/biomerge.c in Xen might allow local OS guest users to\n corrupt block device data streams and consequently obtain sensitive\n memory information, cause a denial of service, or gain host OS\n privileges by leveraging incorrect block IO merge-ability calculation\n (bnc#1051790 bnc#1053919).\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410).\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the\n Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store\n exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR\n shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain\n read and write access to the hardware CR8 register (bnc#1058507).\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed\n reinstallation of the Group Temporal Key (GTK) during the group key\n handshake, allowing an attacker within radio range to replay frames from\n access points to clients (bnc#1063667).\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users\n to cause a denial of service (memory corruption and system crash) by\n leveraging root access (bnc#1056588).\n - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the\n Linux kernel allowed local users to cause a denial of service\n (__tcp_select_window divide-by-zero error and system crash) by\n triggering a disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n - CVE-2017-14489: The iscsi_if_rx function in\n drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local\n users to cause a denial of service (panic) by leveraging incorrect\n length validation (bnc#1059051).\n - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local\n users to gain privileges via crafted system calls that trigger\n mishandling of packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that leads to a\n use-after-free, a different vulnerability than CVE-2017-6346\n (bnc#1064388).\n - CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug\n exception(#DB) error. It could occur while emulating a syscall\n instruction and potentially lead to guest privilege escalation.\n (bsc#1045922).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed\n local users to cause a denial of service (out-of-bounds array access) or\n possibly have unspecified other impact by changing a certain\n sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).\n\n The following non-security bugs were fixed:\n\n - acpi / processor: Avoid reserving IO regions too early (bsc#1051478).\n - acpi / scan: Prefer devices without _HID for _ADR matching (git-fixes).\n - af_key: Add lock to key dump (bsc#1047653).\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n - alsa: fm801: Initialize chip after IRQ handler is registered\n (bsc#1031717).\n - alsa: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)\n (bsc#1020657).\n - alsa: hda - Fix endless loop of codec configure (bsc#1031717).\n - alsa: hda - Implement mic-mute LED mode enum (bsc#1055013).\n - alsa: hda/realtek - Add support headphone Mic for ALC221 of HP platform\n (bsc#1024405).\n - alsa: hda - set input_path bitmap to zero after moving it to new place\n (bsc#1031717).\n - alsa: ice1712: Add support for STAudio ADCIII (bsc#1048934).\n - alsa: usb-audio: Apply sample rate quirk to Sennheiser headset\n (bsc#1052580).\n - arc: Re-enable MMU upon Machine Check exception (bnc#1012382).\n - arm64: fault: Route pte translation faults via do_translation_fault\n (bnc#1012382).\n - arm64: Make sure SPsel is always set (bnc#1012382).\n - arm: pxa: add the number of DMA requestor lines (bnc#1012382).\n - arm: pxa: fix the number of DMA requestor lines (bnc#1012382).\n - b43: Add missing MODULE_FIRMWARE() (bsc#1037344).\n - bcache: correct cache_dirty_target in __update_writeback_rate()\n (bnc#1012382).\n - bcache: Correct return value for sysfs attach errors (bnc#1012382).\n - bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).\n - bcache: fix bch_hprint crash and improve output (bnc#1012382).\n - bcache: fix for gc and write-back race (bnc#1012382).\n - bcache: Fix leak of bdev reference (bnc#1012382).\n - bcache: force trigger gc (bsc#1038078).\n - bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).\n - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb()\n - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)\n - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).\n - blacklist.conf: add unapplicable drm fixes (bsc#1031717).\n - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI\n dependency') (bsc#1051478) This commit just removes an include and does\n not fix a real issue.\n - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok()\n argument type') (bsc#1051478) Fixes only a compile-warning.\n - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in\n test_nmi_ipi()') It only fixes a self-test (bsc#1051478).\n - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help\n text file path reference to lockup watchdog documentation') Updates only\n kconfig help-text (bsc#1051478).\n - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI\n capability for all architectures') This only fixes machines not\n supported by our kernels.\n - blkfront: add uevent for size change (bnc#1036632).\n - block: Allow bdi re-registration (bsc#1040307).\n - block: do not allow updates through sysfs until registration completes\n (bsc#1047027).\n - block: Fix front merge check (bsc#1051239).\n - block: Make del_gendisk() safer for disks without queues (bsc#1040307).\n - block: Move bdi_unregister() to del_gendisk() (bsc#1040307).\n - block: Relax a check in blk_start_queue() (bnc#1012382).\n - bluetooth: bnep: fix possible might sleep error in bnep_session\n (bsc#1031784).\n - bluetooth: cmtp: fix possible might sleep error in cmtp_session\n (bsc#1031784).\n - bluetooth: hidp: fix possible might sleep error in hidp_session_thread\n (bsc#1031784).\n - bnxt: add a missing rcu synchronization (bnc#1038583).\n - bnxt: do not busy-poll when link is down (bnc#1038583).\n - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).\n - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).\n - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).\n - bnxt_en: Fix NULL pointer dereference in a failure path during open\n (bnc#1038583).\n - bnxt_en: Fix NULL pointer dereference in reopen failure path\n (bnc#1038583).\n - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).\n - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).\n - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).\n - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583).\n - bnxt_en: Fix VF virtual link state (bnc#1038583).\n - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).\n - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).\n - bnxt_en: Refactor TPA code path (bnc#1038583).\n - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).\n - bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).\n - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).\n - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).\n - btrfs: change how we decide to commit transactions during flushing\n (bsc#1060197).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).\n - btrfs: fix lockup in find_free_extent with read-only block groups\n (bsc#1046682).\n - btrfs: fix NULL pointer dereference from free_reloc_roots()\n (bnc#1012382).\n - btrfs: incremental send, fix invalid path for link commands\n (bsc#1051479).\n - btrfs: incremental send, fix invalid path for unlink commands\n (bsc#1051479).\n - btrfs: prevent to set invalid default subvolid (bnc#1012382).\n - btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382).\n - btrfs: qgroup: move noisy underflow warning to debugging build\n (bsc#1055755).\n - btrfs: resume qgroup rescan on rw remount (bsc#1047152).\n - btrfs: send, fix invalid path after renaming and linking file\n (bsc#1051479).\n - ceph: fix readpage from fscache (bsc#1057015).\n - cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).\n - cifs: release auth_key.response for reconnect (bnc#1012382).\n - class: Add "shutdown" to "struct class" (bsc#1053117).\n - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).\n - crypto: AF_ALG - remove SGL terminator indicator when chaining\n (bnc#1012382).\n - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).\n - crypto: talitos - Do not provide setkey for non hmac hashing algs\n (bnc#1012382).\n - crypto: talitos - fix sha224 (bnc#1012382).\n - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).\n - cxgb4: Fix stack out-of-bounds read due to wrong size to\n t4_record_mbox() (bsc#1021424 bsc#1022743).\n - cxl: Fix driver use count (bnc#1012382).\n - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).\n - dentry name snapshots (bsc#1049483).\n - dmaengine: mmp-pdma: add number of requestors (bnc#1012382).\n - dm: fix second blk_delay_queue() parameter to be in msec units not\n (bsc#1047670).\n - drivers: hv: Fix the bug in generating the guest ID (fate#320485).\n - drivers: hv: util: Fix a typo (fate#320485).\n - drivers: hv: vmbus: Get the current time from the current clocksource\n (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693).\n - drivers: hv: vmbus: Increase the time between retries in\n vmbus_post_msg() (fate#320485, bnc#1044112).\n - drivers: hv: vmbus: Move the code to signal end of message (fate#320485).\n - drivers: hv: vmbus: Move the definition of generate_guest_id()\n (fate#320485).\n - drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents\n (fate#320485).\n - drivers: hv: vmbus: Restructure the clockevents code (fate#320485).\n - drivers: net: xgene: Fix wrong logical operation (bsc#1056827).\n - drm: Add driver-private objects to atomic state (bsc#1055493).\n - drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions\n (bsc#1031717).\n - drm/bochs: Implement nomodeset (bsc#1047096).\n - drm/dp: Introduce MST topology state to track available link bandwidth\n (bsc#1055493).\n - drm/i915/fbdev: Stop repeating tile configuration on stagnation\n (bsc#1031717).\n - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).\n - drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821).\n - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).\n - drm/vmwgfx: Fix large topology crash (bsc#1048155).\n - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).\n - drm/vmwgfx: Support topology greater than texture size (bsc#1048155).\n - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: fix incorrect quotaoff if the quota feature is enabled\n (bnc#1012382).\n - ext4: fix quota inconsistency during orphan cleanup for read-only mounts\n (bnc#1012382).\n - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors\n (bsc#1012829).\n - f2fs: check hot_data for roll-forward recovery (bnc#1012382).\n - fix xen_swiotlb_dma_mmap prototype (bnc#1012382).\n - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).\n - ftrace: Fix memleak when unregistering dynamic ops when tracing disabled\n (bnc#1012382).\n - ftrace: Fix selftest goto location on error (bnc#1012382).\n - fuse: initialize the flock flag in fuse_file on allocation (git-fixes).\n - gcov: add support for gcc version >= 6 (bsc#1051663).\n - gcov: support GCC 7.1 (bsc#1051663).\n - genirq: Fix for_each_action_of_desc() macro (bsc#1061064).\n - getcwd: Close race with d_move called by lustre (bsc#1052593).\n - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).\n - gfs2: Fix debugfs glocks dump (bnc#1012382).\n - gfs2: fix flock panic issue (bsc#1012829).\n - gianfar: Fix Tx flow control deactivation (bnc#1012382).\n - hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch\n (bnc#1022967).\n - hrtimer: Catch invalid clockids again (bsc#1047651).\n - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).\n - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485,\n bnc#1044112, bnc#1042778, bnc#1029693).\n - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485,\n bnc#1044112, bnc#1042778, bnc#1029693).\n - hv_util: switch to using timespec64 (fate#320485).\n - i2c: designware-baytrail: fix potential null pointer dereference on dev\n (bsc#1011913).\n - i40e: add hw struct local variable (bsc#1039915).\n - i40e: add private flag to control source pruning (bsc#1034075).\n - i40e: add VSI info to macaddr messages (bsc#1039915).\n - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).\n - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).\n - i40e: delete filter after adding its replacement when converting\n (bsc#1039915).\n - i40e: do not add broadcast filter for VFs (bsc#1039915).\n - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1\n (bsc#1039915).\n - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter\n (bsc#1039915).\n - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast\n filter (bsc#1039915).\n - i40e: factor out addition/deletion of VLAN per each MAC address\n (bsc#1039915).\n - i40e: fix MAC filters when removing VLANs (bsc#1039915).\n - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan\n (bsc#1039915).\n - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915).\n - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915).\n - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: no need to check is_vsi_in_vlan before calling\n i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915).\n - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan\n (bsc#1039915).\n - i40e: refactor i40e_update_filter_state to avoid passing aq_err\n (bsc#1039915).\n - i40e: refactor Rx filter handling (bsc#1039915).\n - i40e: Removal of workaround for simple MAC address filter deletion\n (bsc#1039915).\n - i40e: remove code to handle dev_addr specially (bsc#1039915).\n - i40e: removed unreachable code (bsc#1039915).\n - i40e: remove duplicate add/delete adminq command code for filters\n (bsc#1039915).\n - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid\n (bsc#1039915).\n - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan\n (bsc#1039915).\n - i40e: restore workaround for removing default MAC filter (bsc#1039915).\n - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915).\n - i40e: store MAC/VLAN filters in a hash with the MAC Address as key\n (bsc#1039915).\n - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID\n (bsc#1039915).\n - i40e: when adding or removing MAC filters, correctly handle VLANs\n (bsc#1039915).\n - i40e: When searching all MAC/VLAN filters, ignore removed filters\n (bsc#1039915).\n - i40e: write HENA for VFs (bsc#1039915).\n - ib/hfi1: Wait for QSFP modules to initialize (bsc#1019151).\n - ibmvnic: Check for transport event on driver resume (bsc#1051556,\n bsc#1052709).\n - ibmvnic: Clean up resources on probe failure (fate#323285, bsc#1058116).\n - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).\n - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).\n - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value\n (bsc#1031717).\n - input: gpio-keys - fix check for disabling unsupported keys\n (bsc#1031717).\n - input: i8042 - add Gigabyte P57 to the keyboard reset table\n (bnc#1012382).\n - introduce the walk_process_tree() helper (bnc#1022476).\n - iommu/amd: Fix schedule-while-atomic BUG in initialization code\n (bsc1052533).\n - iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067).\n - ipv4: Should use consistent conditional judgement for ip fragment in\n __ip_append_data and ip_finish_output (bsc#1041958).\n - ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()\n (bnc#1012382).\n - ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).\n - ipv6: fix memory leak with multiple tables during netns destruction\n (bnc#1012382).\n - ipv6: fix sparse warning on rt6i_node (bnc#1012382).\n - ipv6: fix typo in fib6_net_exit() (bnc#1012382).\n - ipv6: Should use consistent conditional judgement for ip6 fragment\n between __ip6_append_data and ip6_finish_output (bsc#1041958).\n - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).\n - iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335).\n - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported\n (bsc#1031717).\n - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).\n - iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353,\n FATE#323335).\n - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).\n - iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353,\n FATE#323335).\n - iwlwifi: pcie: fix command completion name debug (bsc#1031717).\n - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly\n version in panic path" (bsc#1051478).\n - kABI: protect enum pid_type (kabi).\n - kABI: protect lwtunnel include in ip6_route.h (kabi).\n - kABI: protect struct iscsi_np (kabi).\n - kABI: protect struct iscsi_tpg_attrib (kabi).\n - kABI: protect struct se_lun (kabi).\n - kABI: protect struct tpm_chip (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kABI: protect struct xfrm_dst (kabi).\n - kabi/severities: ignore nfs_pgio_data_destroy\n - kABI: uninline task_tgid_nr_nr (kabi).\n - kernel/*: switch to memdup_user_nul() (bsc#1048893).\n - keys: fix writing past end of user-supplied buffer in keyring_read()\n (bnc#1012382).\n - keys: prevent creating a different user's keyrings (bnc#1012382).\n - keys: prevent KEYCTL_READ on negative key (bnc#1012382).\n - kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"\n exceptions simultaneously (bsc#1061017).\n - kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC\n (bsc#1051478).\n - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).\n - kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478).\n - kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()\n (bnc#1012382).\n - kvm: SVM: Add a missing 'break' statement (bsc#1061017).\n - kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017).\n - kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt\n (bsc#1061017).\n - kvm: VMX: use cmpxchg64 (bnc#1012382).\n - kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).\n - libnvdimm: fix badblock range handling of ARS range (bsc#1023175).\n - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).\n - lib: test_rhashtable: fix for large entry counts (bsc#1055359).\n - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).\n - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill\n warning (FATE#319466).\n - mac80211: flush hw_roc_start work before cancelling the ROC\n (bnc#1012382).\n - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651).\n - md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).\n - md: fix sleep in atomic (bsc#1040351).\n - md/raid5: fix a race condition in stripe batch (linux-stable).\n - md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list\n (bnc#1012382).\n - md/raid5: release/flush io in raid5_do_work() (bnc#1012382).\n - media: uvcvideo: Prevent heap overflow when accessing mapped controls\n (bnc#1012382).\n - media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of both infinite inputs\n (bnc#1012382).\n - mips: math-emu: <MAXA|MINA>.<D|S>: Fix cases of input values with\n opposite signs (bnc#1012382).\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix cases of both inputs zero\n (bnc#1012382).\n - mips: math-emu: <MAX|MAXA|MIN|MINA>.<D|S>: Fix quiet NaN propagation\n (bnc#1012382).\n - mips: math-emu: <MAX|MIN>.<D|S>: Fix cases of both inputs negative\n (bnc#1012382).\n - mips: math-emu: MINA.<D|S>: Fix some cases of infinity and zero inputs\n (bnc#1012382).\n - mm: adaptive hash table scaling (bnc#1036303).\n - mm: call page_ext_init() after all struct pages are initialized (VM\n Debugging Functionality, bsc#1047048).\n - mm: drop HASH_ADAPT (bnc#1036303).\n - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality,\n bsc#1042314).\n - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw\n poison -- git fixes).\n - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).\n - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation\n attempt (bnc#971975 VM -- git fixes).\n - mm: prevent double decrease of nr_reserved_highatomic (bnc#1012382).\n - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).\n - mwifiex: do not update MCS set from hostapd (bsc#1031717).\n - net: account for current skb length when deciding about UFO\n (bsc#1041958).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).\n - netfilter: x_tables: pack percpu counter allocations (bsc#1052888).\n - netfilter: x_tables: pass xt_counters struct instead of packet counter\n (bsc#1052888).\n - netfilter: x_tables: pass xt_counters struct to counter allocator\n (bsc#1052888).\n - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()\n (bsc#1042286).\n - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes).\n - net: phy: Do not perform software reset for Generic PHY (bsc#1042286).\n - new helper: memdup_user_nul() (bsc#1048893).\n - nfs: Cache aggressively when file is open for writing (bsc#1033587).\n - nfsd: Fix general protection fault in release_lock_stateid()\n (bnc#1012382).\n - nfs: Do not flush caches for a getattr that races with writeback\n (bsc#1033587).\n - nfs: flush data when locking a file to ensure cache coherence for mmap\n (bsc#981309).\n - nfs: invalidate file size when taking a lock (git-fixes).\n - nfs: only invalidate dentrys that are clearly invalid (bsc#1047118).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).\n - ocfs2: Make ocfs2_set_acl() static (bsc#1030552).\n - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes()\n (bsc#1056827).\n - ovl: fix dentry leak for default_permissions (bsc#1054084).\n - pci: Add Mellanox device IDs (bsc#1051478).\n - pci: Allow PCI express root ports to find themselves (bsc#1061046).\n - pci: Convert Mellanox broken INTx quirks to be for listed devices only\n (bsc#1051478).\n - pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).\n - pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN\n (bsc#1051478).\n - pci: dwc: Fix uninitialized variable in dw_handle_msi_irq()\n (bsc#1051478).\n - pci: Enable ECRC only if device supports it (bsc#1051478).\n - pci: fix oops when try to find Root Port for a PCI device (bsc#1061046).\n - pci: Fix race condition with driver_override (bnc#1012382).\n - pci / pm: Fix native PME handling during system suspend/resume\n (bsc#1051478).\n - pci: shpchp: Enable bridge bus mastering if MSI is enabled (bnc#1012382).\n - pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+\n (bsc#1051478).\n - percpu_ref: allow operation mode switching operations to be called\n concurrently (bsc#1055096).\n - percpu_ref: remove unnecessary RCU grace period for staggered atomic\n switching confirmation (bsc#1055096).\n - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate\n percpu_ref_switch_to_atomic() (bsc#1055096).\n - percpu_ref: restructure operation mode switching (bsc#1055096).\n - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).\n - perf/x86: Fix RDPMC vs. mm_struct tracking (bsc#1061831).\n - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).\n - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).\n - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).\n - perf/x86: kABI Workaround for 'perf/x86: Fix RDPMC vs. mm_struct\n tracking' (bsc#1061831).\n - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill\n dmi list (bsc#1051022).\n - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - pm / Hibernate: Fix scheduling while atomic during hibernation\n (bsc#1051059).\n - powerpc: Fix DAR reporting when alignment handler faults (bnc#1012382).\n - powerpc/pseries: Fix parent_dn reference leak in add_dt_node()\n (bnc#1012382).\n - prctl: propagate has_child_subreaper flag to every descendant\n (bnc#1022476).\n - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).\n - qlge: avoid memcpy buffer overflow (bnc#1012382).\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"\n (bsc#1031717).\n - Revert "net: fix percpu memory leaks" (bnc#1012382).\n - Revert "net: phy: Correctly process PHY_HALTED in phy_stop_machine()"\n (bnc#1012382).\n - Revert "net: use lib/percpu_counter API for fragmentation mem\n accounting" (bnc#1012382).\n - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"\n (bsc#1048914).\n - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi).\n - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id\n This needs rpm-4.14+ (bsc#964063).\n - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).\n - s390: export symbols for crash-kmp (bsc#1053915).\n - sched/core: Allow __sched_setscheduler() in interrupts when PI is not\n used (bnc#1022476).\n - sched/debug: Print the scheduler topology group mask (bnc#1022476).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).\n - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).\n - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all\n cfs_rqs (bnc#1022476).\n - sched/topology: Add sched_group_capacity debugging (bnc#1022476).\n - sched/topology: Fix building of overlapping sched-groups (bnc#1022476).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).\n - sched/topology: Move comment about asymmetric node setups (bnc#1022476).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1022476).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).\n - sched/topology: Small cleanup (bnc#1022476).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1022476).\n - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi_devinfo: fixup string compare (bsc#1037404).\n - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).\n - scsi: ILLEGAL REQUEST + ASC==27 =&gt; target failure (bsc#1059465).\n - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).\n - scsi: megaraid_sas: Check valid aen class range to avoid kernel panic\n (bnc#1012382).\n - scsi: megaraid_sas: Return pended IOCTLs with cmd_status\n MFI_STAT_WRONG_STATE in case adapter is dead (bnc#1012382).\n - scsi: sg: close race condition in sg_remove_sfp_usercontext()\n (bsc#1064206).\n - scsi: sg: factor out sg_fill_request_table() (bnc#1012382).\n - scsi: sg: fixup infoleak when using SG_GET_REQUEST_TABLE (bnc#1012382).\n - scsi: sg: off by one in sg_ioctl() (bnc#1012382).\n - scsi: sg: remove 'save_scat_len' (bnc#1012382).\n - scsi: sg: use standard lists for sg_requests (bnc#1012382).\n - scsi: storvsc: fix memory leak on ring buffer busy (bnc#1012382).\n - scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485,\n bnc#1044636).\n - scsi: zfcp: add handling for FCP_RESID_OVER to the fcp ingress path\n (bnc#1012382).\n - scsi: zfcp: fix capping of unsuccessful GPN_FT SAN response trace\n records (bnc#1012382).\n - scsi: zfcp: fix missing trace records for early returns in TMF eh\n handlers (bnc#1012382).\n - scsi: zfcp: fix passing fsf_req to SCSI trace on TMF to correlate with\n HBA (bnc#1012382).\n - scsi: zfcp: fix payload with full FCP_RSP IU in SCSI trace records\n (bnc#1012382).\n - scsi: zfcp: fix queuecommand for scsi_eh commands when DIX enabled\n (bnc#1012382).\n - scsi: zfcp: trace HBA FSF response by default on dismiss or timedout\n late response (bnc#1012382).\n - scsi: zfcp: trace high part of "new" 64 bit SCSI LUN (bnc#1012382).\n - seccomp: fix the usage of get/put_seccomp_filter() in\n seccomp_get_filter() (bnc#1012382).\n - skd: Avoid that module unloading triggers a use-after-free (bnc#1012382).\n - skd: Submit requests to firmware before triggering the doorbell\n (bnc#1012382).\n - smb3: Do not ignore O_SYNC/O_DSYNC and O_DIRECT flags (bnc#1012382).\n - smb: Validate negotiate (to protect against downgrade) even if signing\n off (bnc#1012382).\n - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - supported.conf: clear mistaken external support flag for cifs.ko\n (bsc#1053802).\n - swiotlb-xen: implement xen_swiotlb_dma_mmap callback (bnc#1012382).\n - sysctl: do not print negative flag for proc_douintvec (bnc#1046985).\n - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).\n - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).\n - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).\n - sysctl: simplify unsigned int support (bsc#1048893).\n - timers: Plug locking race vs. timer migration (bnc#1022476).\n - timer/sysclt: Restrict timer migration sysctl values to 0 and 1\n (bnc#1012382).\n - tpm: fix: return rc when devm_add_action() fails (bsc#1020645,\n fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes\n 8e0ee3c9faed).\n - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).\n - tpm: KABI fix (bsc#1053117).\n - tpm: read burstcount from TPM_STS in one 32-bit transaction\n (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,\n git-fixes 27084efee0c3).\n - tpm_tis_core: Choose appropriate timeout for reading burstcount\n (bsc#1020645, fate#321435, fate#321507, fate#321600, bsc#1034048,\n git-fixes aec04cbdf723).\n - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645,\n fate#321435, fate#321507, fate#321600, bsc#1034048, git-fixes\n aec04cbdf723).\n - tracing: Apply trace_clock changes to instance max buffer (bnc#1012382).\n - tracing: Erase irqsoff trace with empty write (bnc#1012382).\n - tracing: Fix trace_pipe behavior for instance traces (bnc#1012382).\n - tty: fix __tty_insert_flip_char regression (bnc#1012382).\n - tty: improve tty_insert_flip_char() fast path (bnc#1012382).\n - tty: improve tty_insert_flip_char() slow path (bnc#1012382).\n - tty: serial: msm: Support more bauds (git-fixes).\n - ubifs: Correctly evict xattr inodes (bsc#1012829).\n - ubifs: Do not leak kernel memory to the MTD (bsc#1012829).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).\n - udf: Fix races with i_size changes during readpage (bsc#1012829).\n - usb: core: fix device node leak (bsc#1047487).\n - vfs: fix missing inode_get_dev sites (bsc#1052049).\n - vfs: Return -ENXIO for negative SEEK_HOLE / SEEK_DATA offsets\n (bnc#1012382).\n - video: fbdev: aty: do not leak uninitialized padding in clk to userspace\n (bnc#1012382).\n - Workaround for kABI compatibility with DP-MST patches (bsc#1055493).\n - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache()\n (bsc#1051399).\n - x86/fpu: Do not let userspace set bogus xcomp_bv (bnc#1012382).\n - x86/fsgsbase/64: Report FSBASE and GSBASE correctly in core dumps\n (bnc#1012382).\n - x86/ldt: Fix off by one in get_segment_base() (bsc#1061872).\n - x86/LDT: Print the real LDT base address (bsc#1051478).\n - x86/mce: Make timer handling more robust (bsc#1042422).\n - x86/panic: replace smp_send_stop() with kdump friendly version in panic\n path (bsc#1051478).\n - xen: allocate page for shared info page from low memory (bnc#1038616).\n - xen/balloon: do not online new memory initially (bnc#1028173).\n - xen: hold lock_device_hotplug throughout vcpu hotplug operations\n (bsc#1042422).\n - xen-netfront: Rework the fix for Rx stall during OOM and network stress\n (git-fixes).\n - xen/pvh*: Support &gt; 32 VCPUs at domain restore (bnc#1045563).\n - xfrm: NULL dereference on allocation failure (bsc#1047343).\n - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n - xfs/dmapi: fix incorrect file-&gt;f_path.dentry-&gt;d_inode usage\n (bsc#1055896).\n - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).\n - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - xfs: fix inobt inode allocation search optimization (bsc#1012829).\n\n", "edition": 1, "modified": "2017-10-27T18:31:25", "published": "2017-10-27T18:31:25", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00077.html", "id": "SUSE-SU-2017:2869-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}, {"lastseen": "2017-11-09T00:32:08", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-1000111", "CVE-2017-7518", "CVE-2017-1000252", "CVE-2017-11472", "CVE-2017-8831", "CVE-2017-10810", "CVE-2017-14106", "CVE-2017-11473", "CVE-2017-7533", "CVE-2017-1000251", "CVE-2017-1000112", "CVE-2017-7541", "CVE-2017-12134", "CVE-2017-7542", "CVE-2017-12154", "CVE-2017-1000365"], "description": "The SUSE Linux Enterprise 12 SP2 RT kernel was updated to 4.4.88 to\n receive various security and bugfixes.\n\n\n The following security bugs were fixed:\n\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation (bnc#1039354)\n - CVE-2017-1000112: Prevent race condition in net-packet code that could\n have been exploited by unprivileged users to gain root access.\n (bnc#1052311)\n - CVE-2017-1000251: The native Bluetooth stack was vulnerable to a stack\n overflow vulnerability in the processing of L2CAP configuration\n responses resulting in remote code execution in kernel space\n (bnc#1057389)\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c allowed local users to cause a denial of\n service (memory corruption and system crash) by leveraging root access\n (bnc#1056588)\n - CVE-2017-8831: The saa7164_bus_get function allowed local users to cause\n a denial of service (out-of-bounds array access) or possibly have\n unspecified\n other impact by changing a certain sequence-number value, aka a "double\n fetch" vulnerability (bnc#1037994)\n - CVE-2017-1000252: Wrong gsi values via KVM_IRQFD allowed unprivileged\n users using KVM to cause DoS on Intel systems (bsc#1058038).\n - CVE-2017-1000111: Prevent in packet_set_ring on PACKET_RESERVE\n (bsc#1052365).\n - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in\n drivers/gpu/drm/virtio/virtgpu_object.c allowed attackers to cause a\n denial of service (memory consumption) by triggering\n object-initialization failures (bnc#1047277).\n - CVE-2017-11472: The acpi_ns_terminate() function did not flush the\n operand cache and causes a kernel stack dump, which allowed local users\n to obtain sensitive information from kernel memory and bypass the KASLR\n protection mechanism via a crafted ACPI table (bnc#1049580).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n allowed local users to gain privileges via a crafted ACPI table\n (bnc#1049603).\n - CVE-2017-12134: The xen_biovec_phys_mergeable function might have allow\n local OS guest users to corrupt block device data streams and\n consequently obtain sensitive memory information, cause a denial of\n service, or gain host OS privileges by leveraging incorrect block IO\n merge-ability calculation (bnc#1051790).\n - CVE-2017-12154: L2 guest could have accessed hardware(L0) CR8 register\n and crashed the host system (bsc#1058507).\n - CVE-2017-14106: The tcp_disconnect function allowed local users to cause\n a denial of service (__tcp_select_window divide-by-zero error and system\n crash) by triggering a disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n - CVE-2017-7518: Faulty debug exception via syscall emulation allowed\n non-linux guests to escalate their privileges in the guest (bsc#1045922).\n - CVE-2017-7533: Race condition in the fsnotify implementation allowed\n local users to gain privileges or cause a denial of service (memory\n corruption) via a crafted application that leverages simultaneous\n execution of the inotify_handle_event and vfs_rename functions\n (bsc#1049483).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function allowed local users\n to cause a denial of service (buffer overflow and system crash) or\n possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet\n (bsc#1049645).\n - CVE-2017-7542: The ip6_find_1stfragopt function allowed local users to\n cause a denial of service (integer overflow and infinite loop) by\n leveraging the ability to open a raw socket (bsc#1049882).\n\n The following non-security bugs were fixed:\n\n - ACPI / processor: Avoid reserving IO regions too early (bsc#1051478).\n - ACPI / scan: Prefer devices without _HID for _ADR matching.\n - ALSA: fm801: Initialize chip after IRQ handler is registered\n (bsc#1031717).\n - ALSA: hda - Add stereo mic quirk for Lenovo G50-70 (17aa:3978)\n (bsc#1020657).\n - ALSA: hda - Fix endless loop of codec configure (bsc#1031717).\n - ALSA: hda - Implement mic-mute LED mode enum (bsc#1055013).\n - ALSA: hda - set input_path bitmap to zero after moving it to new place\n (bsc#1031717).\n - ALSA: hda/realtek - Add support headphone Mic for ALC221 of HP platform\n (bsc#1024405).\n - ALSA: ice1712: Add support for STAudio ADCIII (bsc#1048934).\n - ALSA: usb-audio: Apply sample rate quirk to Sennheiser headset\n (bsc#1052580).\n - Add "shutdown" to "struct class" (bsc#1053117).\n - Bluetooth: bnep: fix possible might sleep error in bnep_session\n (bsc#1031784).\n - Bluetooth: cmtp: fix possible might sleep error in cmtp_session\n (bsc#1031784).\n - Bluetooth: hidp: fix possible might sleep error in hidp_session_thread\n (bsc#1031784).\n - Drivers: hv: Fix the bug in generating the guest ID.\n - Drivers: hv: util: Fix a typo.\n - Drivers: hv: vmbus: Get the current time from the current clocksource\n (bnc#1044112, bnc#1042778, bnc#1029693).\n - Drivers: hv: vmbus: Move the code to signal end of message.\n - Drivers: hv: vmbus: Move the definition of generate_guest_id().\n - Drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents.\n - Drivers: hv: vmbus: Restructure the clockevents code.\n - Fix kABI breakage by KVM CVE fix (bsc#1045922).\n - IB/hfi1: Wait for QSFP modules to initialize (bsc#1019151).\n - Input: gpio-keys - fix check for disabling unsupported keys\n (bsc#1031717).\n - KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478).\n - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC\n (bsc#1051478).\n - KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478).\n - MD: fix sleep in atomic (bsc#1040351).\n - More Git-commit header fixups No functional change intended.\n - NFS: Cache aggressively when file is open for writing (bsc#1033587).\n - NFS: Do not flush caches for a getattr that races with writeback\n (bsc#1033587).\n - NFS: flush data when locking a file to ensure cache coherence for mmap\n (bsc#981309).\n - NFS: invalidate file size when taking a lock (git-fixes).\n - NFS: only invalidate dentrys that are clearly invalid (bsc#1047118).\n - PCI / PM: Fix native PME handling during system suspend/resume\n (bsc#1051478).\n - PCI: Add Mellanox device IDs (bsc#1051478).\n - PCI: Convert Mellanox broken INTx quirks to be for listed devices only\n (bsc#1051478).\n - PCI: Correct PCI_STD_RESOURCE_END usage (bsc#1051478).\n - PCI: Enable ECRC only if device supports it (bsc#1051478).\n - PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+\n (bsc#1051478).\n - PCI: dwc: Fix uninitialized variable in dw_handle_msi_irq()\n (bsc#1051478).\n - PCI: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN\n (bsc#1051478).\n - PM / Hibernate: Fix scheduling while atomic during hibernation\n (bsc#1051059).\n - Revert "/proc/iomem: only expose physical resource addresses to\n privileged users" (kabi).\n - Revert "ACPI / video: Add force_native quirk for HP Pavilion dv6"\n (bsc#1031717).\n - Revert "Add "shutdown" to "struct class"." (kabi).\n - Revert "KVM: x86: fix emulation of RSM and IRET instructions" (kabi).\n - Revert "Make file credentials available to the seqfile interfaces"\n (kabi).\n - Revert "mm/list_lru.c: fix list_lru_count_node() to be race free" (kabi).\n - Revert "powerpc/numa: Fix percpu allocations to be NUMA aware"\n (bsc#1048914).\n - Revert "tpm: Issue a TPM2_Shutdown for TPM2 devices." (kabi).\n - USB: core: fix device node leak (bsc#1047487).\n - Update kabi files: sync with 4.4.74 updates\n - af_key: Add lock to key dump (bsc#1047653).\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n - b43: Add missing MODULE_FIRMWARE() (bsc#1037344).\n - bcache: force trigger gc (bsc#1038078).\n - bcache: force trigger gc (bsc#1038078).\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n - bcache: only recovery I/O error for writethrough mode (bsc#1043652).\n - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307).\n - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061)\n - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in\n test_nmi_ipi()') It only fixes a self-test (bsc#1051478).\n - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help\n text file path reference to lockup watchdog documentation') Updates only\n kconfig help-text (bsc#1051478).\n - blacklist.conf: add inapplicable commits for wifi (bsc#1031717)\n - blacklist.conf: add unapplicable drm fixes (bsc#1031717).\n - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717).\n - blkfront: add uevent for size change (bnc#1036632).\n - block: Allow bdi re-registration (bsc#1040307).\n - block: Fix front merge check (bsc#1051239).\n - block: Make del_gendisk() safer for disks without queues (bsc#1040307).\n - block: Move bdi_unregister() to del_gendisk() (bsc#1040307).\n - block: do not allow updates through sysfs until registration completes\n (bsc#1047027).\n - bnxt: add a missing rcu synchronization (bnc#1038583).\n - bnxt: do not busy-poll when link is down (bnc#1038583).\n - bnxt_en: Enable MRU enables bit when configuring VNIC MRU (bnc#1038583).\n - bnxt_en: Fix "uninitialized variable" bug in TPA code path (bnc#1038583).\n - bnxt_en: Fix NULL pointer dereference in a failure path during open\n (bnc#1038583).\n - bnxt_en: Fix NULL pointer dereference in reopen failure path\n (bnc#1038583).\n - bnxt_en: Fix TX push operation on ARM64 (bnc#1038583).\n - bnxt_en: Fix VF virtual link state (bnc#1038583).\n - bnxt_en: Fix a VXLAN vs GENEVE issue (bnc#1038583).\n - bnxt_en: Fix and clarify link_info->advertising (bnc#1038583).\n - bnxt_en: Fix ring arithmetic in bnxt_setup_tc() (bnc#1038583).\n - bnxt_en: Pad TX packets below 52 bytes (bnc#1038583).\n - bnxt_en: Refactor TPA code path (bnc#1038583).\n - bnxt_en: fix pci cleanup in bnxt_init_one() failure path (bnc#1038583).\n - bnxt_en: initialize rc to zero to avoid returning garbage (bnc#1038583).\n - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717).\n - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286).\n - btrfs: fix early ENOSPC due to delalloc (bsc#1049226).\n - btrfs: fix lockup in find_free_extent with read-only block groups\n (bsc#1046682).\n - btrfs: incremental send, fix invalid path for link commands\n (bsc#1051479).\n - btrfs: incremental send, fix invalid path for unlink commands\n (bsc#1051479).\n - btrfs: resume qgroup rescan on rw remount (bsc#1047152).\n - btrfs: send, fix invalid path after renaming and linking file\n (bsc#1051479).\n - ceph: fix readpage from fscache (bsc#1057015).\n - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476).\n - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317).\n - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154).\n - cxgb4: Fix stack out-of-bounds read due to wrong size to\n t4_record_mbox() (bsc#1021424 bsc#1022743).\n - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes).\n - dentry name snapshots (bsc#1049483).\n - dm: fix second blk_delay_queue() parameter to be in msec units not\n (bsc#1047670).\n - drivers: hv: vmbus: Increase the time between retries in\n vmbus_post_msg() (bnc#1044112).\n - drivers: net: xgene: Fix wrong logical operation (bsc#1056827).\n - drm/amdgpu: Fix overflow of watermark calcs at greater than 4k\n resolutions (bsc#1031717).\n - drm/bochs: Implement nomodeset (bsc#1047096).\n - drm/i915/fbdev: Stop repeating tile configuration on stagnation\n (bsc#1031717).\n - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717).\n - drm/i915: Serialize GTT/Aperture accesses on BXT (bsc#1046821).\n - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277).\n - drm/vmwgfx: Fix large topology crash (bsc#1048155).\n - drm/vmwgfx: Limit max desktop dimensions to 8Kx8K (bsc#1048155).\n - drm/vmwgfx: Support topology greater than texture size (bsc#1048155).\n - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486).\n - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors\n (bsc#1012829).\n - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180).\n - fuse: initialize the flock flag in fuse_file on allocation (git-fixes).\n - gcov: add support for gcc version greater than 6 (bsc#1051663).\n - gcov: support GCC 7.1 (bsc#1051663).\n - gfs2: Do not clear SGID when inheriting ACLs (bsc#1012829).\n - gfs2: fix flock panic issue (bsc#1012829).\n - hrtimer: Catch invalid clockids again (bsc#1047651).\n - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651).\n - hv_util: switch to using timespec64.\n - hv_utils: drop .getcrosststamp() support from PTP driver (bnc#1044112,\n bnc#1042778, bnc#1029693).\n - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (bnc#1044112,\n bnc#1042778, bnc#1029693).\n - i2c: designware-baytrail: fix potential null pointer dereference on dev\n (bsc#1011913).\n - i40e: Removal of workaround for simple MAC address filter deletion\n (bsc#1039915).\n - i40e: When searching all MAC/VLAN filters, ignore removed filters\n (bsc#1039915).\n - i40e: add VSI info to macaddr messages (bsc#1039915).\n - i40e: add hw struct local variable (bsc#1039915).\n - i40e: add private flag to control source pruning (bsc#1034075).\n - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915).\n - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915).\n - i40e: delete filter after adding its replacement when converting\n (bsc#1039915).\n - i40e: do not add broadcast filter for VFs (bsc#1039915).\n - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID lower\n than 1 (bsc#1039915).\n - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter\n (bsc#1039915).\n - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast\n filter (bsc#1039915).\n - i40e: factor out addition/deletion of VLAN per each MAC address\n (bsc#1039915).\n - i40e: fix MAC filters when removing VLANs (bsc#1039915).\n - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan\n (bsc#1039915).\n - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915).\n - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915).\n - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: no need to check is_vsi_in_vlan before calling\n i40e_del_mac_all_vlan (bsc#1039915).\n - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters\n (bsc#1039915).\n - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915).\n - i40e: refactor Rx filter handling (bsc#1039915).\n - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan\n (bsc#1039915).\n - i40e: refactor i40e_update_filter_state to avoid passing aq_err\n (bsc#1039915).\n - i40e: remove code to handle dev_addr specially (bsc#1039915).\n - i40e: remove duplicate add/delete adminq command code for filters\n (bsc#1039915).\n - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid\n (bsc#1039915).\n - i40e: removed unreachable code (bsc#1039915).\n - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan\n (bsc#1039915).\n - i40e: restore workaround for removing default MAC filter (bsc#1039915).\n - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915).\n - i40e: store MAC/VLAN filters in a hash with the MAC Address as key\n (bsc#1039915).\n - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID\n (bsc#1039915).\n - i40e: when adding or removing MAC filters, correctly handle VLANs\n (bsc#1039915).\n - i40e: write HENA for VFs (bsc#1039915).\n - ibmvnic: Check for transport event on driver resume (bsc#1051556,\n bsc#1052709).\n - ibmvnic: Clean up resources on probe failure (bsc#1058116).\n - ibmvnic: Initialize SCRQ's during login renegotiation (bsc#1052223).\n - ibmvnic: Report rx buffer return codes as netdev_dbg (bsc#1052794).\n - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value\n (bsc#1031717).\n - introduce the walk_process_tree() helper (bnc#1022476).\n - iommu/amd: Fix schedule-while-atomic BUG in initialization code\n (bsc1052533).\n - ipv4: Should use consistent conditional judgement for ip fragment in\n __ip_append_data and ip_finish_output (bsc#1041958).\n - ipv6: Should use consistent conditional judgement for ip6 fragment\n between __ip6_append_data and ip6_finish_output (bsc#1041958).\n - iwlwifi: missing error code in iwl_trans_pcie_alloc() (bsc#1031717).\n - iwlwifi: mvm: compare full command ID.\n - iwlwifi: mvm: do not send CTDP commands via debugfs if not supported\n (bsc#1031717).\n - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717).\n - iwlwifi: mvm: synchronize firmware DMA paging memory.\n - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717).\n - iwlwifi: mvm: unmap the paging memory before freeing it.\n - iwlwifi: pcie: fix command completion name debug (bsc#1031717).\n - kABI-fix for "x86/panic: replace smp_send_stop() with kdump friendly\n version in panic path" (bsc#1051478).\n - kernel/*: switch to memdup_user_nul() (bsc#1048893).\n - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478).\n - lib: test_rhashtable: Fix KASAN warning (bsc#1055359).\n - lib: test_rhashtable: fix for large entry counts (bsc#1055359).\n - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1023175).\n - libnvdimm: fix badblock range handling of ARS range (bsc#1023175).\n - lightnvm: nvme reset_controller is not working after adapter's firmware\n upgrade (bsc#988784).\n - lightnvm: remove unused rq parameter of nvme_nvm_rqtocmd() to kill\n warning.\n - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651).\n - md/raid5: fix a race condition in stripe batch (linux-stable).\n - mm, madvise: ensure poisoned pages are removed from per-cpu lists (VM hw\n poison -- git fixes).\n - mm-adaptive-hash-table-scaling-v5 (bnc#1036303).\n - mm/page_alloc.c: apply gfp_allowed_mask before the first allocation\n attempt (bnc#971975 VM -- git fixes).\n - mm: adaptive hash table scaling (bnc#1036303).\n - mm: call page_ext_init() after all struct pages are initialized (VM\n Debugging Functionality, bsc#1047048).\n - mm: drop HASH_ADAPT (bnc#1036303).\n - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality,\n bsc#1042314).\n - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891).\n - mptsas: Fixup device hotplug for VMWare ESXi (bsc#1030850).\n - mwifiex: do not update MCS set from hostapd (bsc#1031717).\n - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes).\n - net: account for current skb length when deciding about UFO\n (bsc#1041958).\n - net: ena: add hardware hints capability to the driver (bsc#1047121).\n - net: ena: add missing return when ena_com_get_io_handlers() fails\n (bsc#1047121).\n - net: ena: add missing unmap bars on device removal (bsc#1047121).\n - net: ena: add reset reason for each device FLR (bsc#1047121).\n - net: ena: add support for out of order rx buffers refill (bsc#1047121).\n - net: ena: allow the driver to work with small number of msix vectors\n (bsc#1047121).\n - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121).\n - net: ena: change return value for unsupported features unsupported\n return value (bsc#1047121).\n - net: ena: change sizeof() argument to be the type pointer (bsc#1047121).\n - net: ena: disable admin msix while working in polling mode (bsc#1047121).\n - net: ena: fix bug that might cause hang after consecutive open/close\n interface (bsc#1047121).\n - net: ena: fix race condition between submit and completion admin command\n (bsc#1047121).\n - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121).\n - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121).\n - net: ena: separate skb allocation to dedicated function (bsc#1047121).\n - net: ena: update driver's rx drop statistics (bsc#1047121).\n - net: ena: update ena driver to version 1.1.7 (bsc#1047121).\n - net: ena: update ena driver to version 1.2.0 (bsc#1047121).\n - net: ena: use lower_32_bits()/upper_32_bits() to split dma address\n (bsc#1047121).\n - net: ena: use napi_schedule_irqoff when possible (bsc#1047121).\n - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish()\n (bsc#1042286).\n - net: phy: Do not perform software reset for Generic PHY (bsc#1042286).\n - netfilter: fix IS_ERR_VALUE usage (bsc#1052888).\n - netfilter: x_tables: pack percpu counter allocations (bsc#1052888).\n - netfilter: x_tables: pass xt_counters struct instead of packet counter\n (bsc#1052888).\n - netfilter: x_tables: pass xt_counters struct to counter allocator\n (bsc#1052888).\n - new helper: memdup_user_nul() (bsc#1048893).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: Make ocfs2_set_acl() static (bsc#1030552).\n - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829).\n - of: fix "/cpus" reference leak in of_numa_parse_cpu_nodes()\n (bsc#1056827).\n - ovl: fix dentry leak for default_permissions (bsc#1054084).\n - percpu_ref: allow operation mode switching operations to be called\n concurrently (bsc#1055096).\n - percpu_ref: remove unnecessary RCU grace period for staggered atomic\n switching confirmation (bsc#1055096).\n - percpu_ref: reorganize __percpu_ref_switch_to_atomic() and relocate\n percpu_ref_switch_to_atomic() (bsc#1055096).\n - percpu_ref: restructure operation mode switching (bsc#1055096).\n - percpu_ref: unify staggered atomic switching wait behavior (bsc#1055096).\n - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478).\n - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478).\n - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478).\n - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill\n dmi list (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill\n (bsc#1051022).\n - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill\n (bsc#1051022).\n - prctl: propagate has_child_subreaper flag to every descendant\n (bnc#1022476).\n - qeth: fix L3 next-hop im xmit qeth hdr (bnc#1052773, LTC#157374).\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id\n This needs rpm-4.14+ (bsc#964063).\n - rtnetlink: fix rtnl_vfinfo_size (bsc#1056261).\n - s390: export symbols for crash-kmp (bsc#1053915).\n - sched/core: Allow __sched_setscheduler() in interrupts when PI is not\n used (bnc#1022476).\n - sched/debug: Print the scheduler topology group mask (bnc#1022476).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476).\n - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476).\n - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all\n cfs_rqs (bnc#1022476).\n - sched/topology: Add sched_group_capacity debugging (bnc#1022476).\n - sched/topology: Fix building of overlapping sched-groups (bnc#1022476).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476).\n - sched/topology: Move comment about asymmetric node setups (bnc#1022476).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1022476).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476).\n - sched/topology: Small cleanup (bnc#1022476).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1022476).\n - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887).\n - scsi: storvsc: Workaround for virtual DVD SCSI version (bnc#1044636).\n - scsi_devinfo: fixup string compare (bsc#1037404).\n - scsi_dh_alua: suppress errors from unsupported devices (bsc#1038792).\n - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - supported.conf: clear mistaken external support flag for cifs.ko\n (bsc#1053802).\n - sysctl: do not print negative flag for proc_douintvec (bnc#1046985).\n - sysctl: fix lax sysctl_check_table() sanity check (bsc#1048893).\n - sysctl: fold sysctl_writes_strict checks into helper (bsc#1048893).\n - sysctl: kdoc'ify sysctl_writes_strict (bsc#1048893).\n - sysctl: simplify unsigned int support (bsc#1048893).\n - timers: Plug locking race vs. timer migration (bnc#1022476).\n - tpm: Issue a TPM2_Shutdown for TPM2 devices (bsc#1053117).\n - tpm: KABI fix (bsc#1053117).\n - tpm: fix: return rc when devm_add_action() fails (bsc#1020645,\n bsc#1034048).\n - tpm: read burstcount from TPM_STS in one 32-bit transaction\n (bsc#1020645, bsc#1034048).\n - tpm_tis_core: Choose appropriate timeout for reading burstcount\n (bsc#1020645, bsc#1034048).\n - tpm_tis_core: convert max timeouts from msec to jiffies (bsc#1020645,\n bsc#1034048).\n - tty: serial: msm: Support more bauds (git-fixes).\n - ubifs: Correctly evict xattr inodes (bsc#1012829).\n - ubifs: Do not leak kernel memory to the MTD (bsc#1012829).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829).\n - udf: Fix races with i_size changes during readpage (bsc#1012829).\n - vfs: fix missing inode_get_dev sites (bsc#1052049).\n - x86/LDT: Print the real LDT base address (bsc#1051478).\n - x86/dmi: Switch dmi_remap() from ioremap() to ioremap_cache()\n (bsc#1051399).\n - x86/mce: Make timer handling more robust (bsc#1042422).\n - x86/panic: replace smp_send_stop() with kdump friendly version in panic\n path (bsc#1051478).\n - xen-netfront: Rework the fix for Rx stall during OOM and network stress\n (git-fixes).\n - xen/balloon: do not online new memory initially (bnc#1028173).\n - xen/pvh*: Support greater than 32 VCPUs at domain restore (bnc#1045563).\n - xen: allocate page for shared info page from low memory (bnc#1038616).\n - xen: hold lock_device_hotplug throughout vcpu hotplug operations\n (bsc#1042422).\n - xfrm: NULL dereference on allocation failure (bsc#1047343).\n - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188).\n - xfs: fix inobt inode allocation search optimization (bsc#1012829).\n\n", "edition": 1, "modified": "2017-11-08T21:08:45", "published": "2017-11-08T21:08:45", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00013.html", "id": "SUSE-SU-2017:2956-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 8.3, "vector": "AV:ADJACENT_NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-09-09T09:57:39", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10277", "CVE-2017-11176", "CVE-2017-1000380", "CVE-2017-9074", "CVE-2017-9242", "CVE-2017-11473", "CVE-2017-9075", "CVE-2017-7533", "CVE-2017-8924", "CVE-2017-7482", "CVE-2014-9922", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-8925", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-1000365", "CVE-2017-8890"], "description": "The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-7482: Several missing length checks ticket decode allowing for\n information leak or potentially code execution (bsc#1046107).\n - CVE-2016-10277: Potential privilege escalation due to a missing bounds\n check in the lp driver. A kernel command-line adversary can overflow the\n parport_nr array to execute code (bsc#1039456).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bsc#1049882).\n - CVE-2017-7533: Bug in inotify code allowing privilege escalation\n (bsc#1049483).\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set\n the sock pointer to NULL upon entry into the retry logic. During a\n user-space close of a Netlink socket, it allowed attackers to cause a\n denial of service (use-after-free) or possibly have unspecified other\n impact (bsc#1048275).\n - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function\n in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users\n to gain privileges via a crafted ACPI table (bnc#1049603).\n - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation. (bnc#1039354)\n - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local\n users to gain privileges via a large filesystem stack that includes an\n overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c\n (bnc#1032340)\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to\n obtain sensitive information (in the dmesg ringbuffer and syslog) from\n uninitialized kernel memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer underflow (bnc#1038982).\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c\n in the Linux kernel allowed local users to cause a denial of service\n (tty exhaustion) by leveraging reference count mishandling (bnc#1038981).\n - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in\n the ALSA /dev/snd/timer driver resulting in local users being able to\n read information belonging to other users, i.e., uninitialized memory\n contents could have bene disclosed when a read and an ioctl happen at\n the same time (bnc#1044125)\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n was too late in checking whether an overwrite of an skb data structure\n may occur, which allowed local users to cause a denial of service\n (system crash) via crafted system calls (bnc#1041431)\n - CVE-2017-1000363: A buffer overflow in kernel commandline handling of\n the "lp" parameter could be used by local console attackers to bypass\n certain secure boot settings. (bnc#1039456)\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885)\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069)\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883)\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882)\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879)\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544)\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (NULL pointer\n dereference and system crash) via vectors involving a NULL value for a\n certain match field, related to the keyring_search_iterator function in\n keyring.c (bnc#1030593)\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed local users to cause\n a denial of service (NULL pointer dereference and OOPS) via a\n request_key system call for the "dead" type (bnc#1029850)\n\n The following non-security bugs were fixed:\n\n - 8250: use callbacks to access UART_DLL/UART_DLM.\n - ALSA: ctxfi: Fallback DMA mask to 32bit (bsc#1045538).\n - ALSA: hda - Fix regression of HD-audio controller fallback modes\n (bsc#1045538).\n - ALSA: hda - using uninitialized data (bsc#1045538).\n - ALSA: hda/realtek - Correction of fixup codes for PB V7900 laptop\n (bsc#1045538).\n - ALSA: hda/realtek - Fix COEF widget NID for ALC260 replacer fixup\n (bsc#1045538).\n - ALSA: off by one bug in snd_riptide_joystick_probe() (bsc#1045538).\n - ALSA: seq: Fix snd_seq_call_port_info_ioctl in compat mode (bsc#1045538).\n - Add CVE tag to references\n - CIFS: backport prepath matching fix (bsc#799133).\n - Drop CONFIG_PPC_CELL from bigmem (bsc#1049128).\n - EDAC, amd64_edac: Shift wrapping issue in f1x_get_norm_dct_addr().\n - Fix scripts/bigmem-generate-ifdef-guard to work on all branches\n - Fix soft lockup in svc_rdma_send (bsc#1044854).\n - IB/mlx4: Demote mcg message from warning to debug (bsc#919382).\n - IB/mlx4: Fix ib device initialization error flow (bsc#919382).\n - IB/mlx4: Fix port query for 56Gb Ethernet links (bsc#919382).\n - IB/mlx4: Handle well-known-gid in mad_demux processing (bsc#919382).\n - IB/mlx4: Reduce SRIOV multicast cleanup warning message to debug level\n (bsc#919382).\n - IB/mlx4: Set traffic class in AH (bsc#919382).\n - Implement an ioctl to support the USMTMC-USB488 READ_STATUS_BYTE\n operation (bsc#1036288).\n - Input: cm109 - validate number of endpoints before using them\n (bsc#1037193).\n - Input: hanwang - validate number of endpoints before using them\n (bsc#1037232).\n - Input: yealink - validate number of endpoints before using them\n (bsc#1037227).\n - KEYS: Disallow keyrings beginning with '.' to be joined as session\n keyrings (bnc#1035576).\n - NFS: Avoid getting confused by confused server (bsc#1045416).\n - NFS: Fix another OPEN_DOWNGRADE bug (git-next).\n - NFS: Fix size of NFSACL SETACL operations (git-fixes).\n - NFS: Make nfs_readdir revalidate less often (bsc#1048232).\n - NFS: tidy up nfs_show_mountd_netid (git-fixes).\n - NFSD: Do not use state id of 0 - it is reserved (bsc#1049688\n bsc#1051770).\n - NFSv4: Do not call put_rpccred() under the rcu_read_lock() (git-fixes).\n - NFSv4: Fix another bug in the close/open_downgrade code (git-fixes).\n - NFSv4: Fix problems with close in the presence of a delegation\n (git-fixes).\n - NFSv4: Fix the underestimation of delegation XDR space reservation\n (git-fixes).\n - NFSv4: fix getacl head length estimation (git-fixes).\n - PCI: Fix devfn for VPD access through function 0 (bnc#943786 git-fixes).\n - Remove superfluous make flags (bsc#1012422)\n - Return short read or 0 at end of a raw device, not EIO (bsc#1039594).\n - Revert "math64: New div64_u64_rem helper" (bnc#938352).\n - SUNRPC: Fix a memory leak in the backchannel code (git-fixes).\n - Staging: vt6655-6: potential NULL dereference in\n hostap_disable_hostapd() (bsc#1045479).\n - USB: class: usbtmc.c: Cleaning up uninitialized variables (bsc#1036288).\n - USB: class: usbtmc: do not print error when allocating urb fails\n (bsc#1036288).\n - USB: class: usbtmc: do not print on ENOMEM (bsc#1036288).\n - USB: iowarrior: fix NULL-deref in write (bsc#1037359).\n - USB: iowarrior: fix info ioctl on big-endian hosts (bsc#1037441).\n - USB: r8a66597-hcd: select a different endpoint on timeout (bsc#1047053).\n - USB: serial: ark3116: fix register-accessor error handling (git-fixes).\n - USB: serial: ch341: fix open error handling (bsc#1037441).\n - USB: serial: cp210x: fix tiocmget error handling (bsc#1037441).\n - USB: serial: ftdi_sio: fix line-status over-reporting (bsc#1037441).\n - USB: serial: io_edgeport: fix epic-descriptor handling (bsc#1037441).\n - USB: serial: io_ti: fix information leak in completion handler\n (git-fixes).\n - USB: serial: mos7840: fix another NULL-deref at open (bsc#1034026).\n - USB: serial: oti6858: fix NULL-deref at open (bsc#1037441).\n - USB: serial: sierra: fix bogus alternate-setting assumption\n (bsc#1037441).\n - USB: serial: spcp8x5: fix NULL-deref at open (bsc#1037441).\n - USB: usbip: fix nonconforming hub descriptor (bsc#1047487).\n - USB: usbtmc: Add flag rigol_quirk to usbtmc_device_data (bsc#1036288).\n - USB: usbtmc: Change magic number to constant (bsc#1036288).\n - USB: usbtmc: Set rigol_quirk if device is listed (bsc#1036288).\n - USB: usbtmc: TMC request code segregated from usbtmc_read (bsc#1036288).\n - USB: usbtmc: add device quirk for Rigol DS6104 (bsc#1036288).\n - USB: usbtmc: add missing endpoint sanity check (bsc#1036288).\n - USB: usbtmc: fix DMA on stack (bsc#1036288).\n - USB: usbtmc: fix big-endian probe of Rigol devices (bsc#1036288).\n - USB: usbtmc: fix probe error path (bsc#1036288).\n - USB: usbtmc: usbtmc_read sends multiple TMC header based on rigol_quirk\n (bsc#1036288).\n - USB: wusbcore: fix NULL-deref at probe (bsc#1045487).\n - Update patches.fixes/nfs-svc-rdma.fix (bsc#1044854).\n - Use make --output-sync feature when available (bsc#1012422).\n - Xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).\n - __bitmap_parselist: fix bug in empty string handling (bnc#1042633).\n - acpi: Disable APEI error injection if securelevel is set (bsc#972891,\n bsc#1023051).\n - af_key: Add lock to key dump (bsc#1047653).\n - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354).\n - ath9k: fix buffer overrun for ar9287 (bsc#1045538).\n - blacklist b50a6c584bb4 powerpc/perf: Clear MMCR2 when enabling PMU\n (bsc#1035721).\n - blacklist.conf: Add a few inapplicable items (bsc#1045538).\n - blacklist.conf: Blacklist 847fa1a6d3d0 ('ftrace/x86_32: Set ftrace_stub\n to weak to prevent gcc from using short jumps to it') The released\n kernels are not build with a gas new enough to optimize the jmps so that\n this patch would be required. (bsc#1051478)\n - blkback/blktap: do not leak stack data via response ring (bsc#1042863\n XSA-216).\n - block: do not allow updates through sysfs until registration completes\n (bsc#1047027).\n - block: fix ext_dev_lock lockdep report (bsc#1050154).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - cifs: Timeout on SMBNegotiate request (bsc#1044913).\n - cifs: do not compare uniqueids in cifs_prime_dcache unless server inode\n numbers are in use (bsc#1041975). backporting upstream commit\n 2f2591a34db6c9361faa316c91a6e320cb4e6aee\n - cifs: small underflow in cnvrtDosUnixTm() (bsc#1043935).\n - cputime: Avoid multiplication overflow on utime scaling (bnc#938352).\n - crypto: nx - off by one bug in nx_of_update_msc() (bnc#792863).\n - decompress_bunzip2: off by one in get_next_block() (git-fixes).\n - dentry name snapshots (bsc#1049483).\n - devres: fix a for loop bounds check (git-fixes).\n - dm: fix ioctl retry termination with signal (bsc#1050154).\n - drm/mgag200: Add support for G200eH3 (bnc#1044216)\n - drm/mgag200: Fix to always set HiPri for G200e4 (bsc#1015452,\n bsc#995542).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext3: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: fix fdatasync(2) after extent manipulation operations\n (bsc#1013018).\n - ext4: keep existing extra fields when inode expands (bsc#1013018).\n - fbdev/efifb: Fix 16 color palette entry calculation (bsc#1041762).\n - firmware: fix directory creation rule matching with make 3.80\n (bsc#1012422).\n - firmware: fix directory creation rule matching with make 3.82\n (bsc#1012422).\n - fixed invalid assignment of 64bit mask to host dma_boundary for scatter\n gather segment boundary limit (bsc#1042045).\n - fnic: Return 'DID_IMM_RETRY' if rport is not ready (bsc#1035920).\n - fnic: Using rport->dd_data to check rport online instead of rport_lookup\n (bsc#1035920).\n - fs/block_dev: always invalidate cleancache in invalidate_bdev()\n (git-fixes).\n - fs/xattr.c: zero out memory copied to userspace in getxattr\n (bsc#1013018).\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n - fuse: add missing FR_FORCE (bsc#1013018).\n - genirq: Prevent proc race against freeing of irq descriptors\n (bnc#1044230).\n - hrtimer: Allow concurrent hrtimer_start() for self restarting timers\n (bnc#1013018).\n - initial cr0 bits (bnc#1036056, LTC#153612).\n - ipmr, ip6mr: fix scheduling while atomic and a deadlock with\n ipmr_get_route (git-fixes).\n - irq: Fix race condition (bsc#1042615).\n - isdn/gigaset: fix NULL-deref at probe (bsc#1037356).\n - isofs: Do not return EACCES for unknown filesystems (bsc#1013018).\n - jsm: add support for additional Neo cards (bsc#1045615).\n - kernel-binary.spec: Propagate MAKE_ARGS to %build (bsc#1012422)\n - libata: fix sff host state machine locking while polling (bsc#1045525).\n - libceph: NULL deref on crush_decode() error path (bsc#1044015).\n - libceph: potential NULL dereference in ceph_msg_data_create()\n (bsc#1051515).\n - libfc: fixup locking in fc_disc_stop() (bsc#1029140).\n - libfc: move 'pending' and 'requested' setting (bsc#1029140).\n - libfc: only restart discovery after timeout if not already running\n (bsc#1029140).\n - locking/rtmutex: Prevent dequeue vs. unlock race (bnc#1013018).\n - math64: New div64_u64_rem helper (bnc#938352).\n - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).\n - md/raid1: extend spinlock to protect raid1_end_read_request against\n inconsistencies (git-fixes).\n - md/raid1: fix test for 'was read error from last working device'\n (git-fixes).\n - md/raid5: Fix CPU hotplug callback registration (git-fixes).\n - md/raid5: do not record new size if resize_stripes fails (git-fixes).\n - md: ensure md devices are freed before module is unloaded (git-fixes).\n - md: fix a null dereference (bsc#1040351).\n - md: flush ->event_work before stopping array (git-fixes).\n - md: make sure GET_ARRAY_INFO ioctl reports correct "clean" status\n (git-fixes).\n - md: use separate bio_pool for metadata writes (bsc#1040351).\n - megaraid_sas: add missing curly braces in ioctl handler (bsc#1050154).\n - mlx4: reduce OOM risk on arches with large pages (bsc#919382).\n - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM\n Functionality, bsc#1042832).\n - mm/memory-failure.c: use compound_head() flags for huge pages\n (bnc#971975 VM -- git fixes).\n - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM\n Functionality, bsc#1042832).\n - mmc: core: add missing pm event in mmc_pm_notify to fix hib restore\n (bsc#1045547).\n - mmc: ushc: fix NULL-deref at probe (bsc#1037191).\n - module: fix memory leak on early load_module() failures (bsc#1043014).\n - mwifiex: printk() overflow with 32-byte SSIDs (bsc#1048185).\n - net/mlx4: Fix the check in attaching steering rules (bsc#919382).\n - net/mlx4: Fix uninitialized fields in rule when adding promiscuous mode\n to device managed flow steering (bsc#919382).\n - net/mlx4_core: Eliminate warning messages for SRQ_LIMIT under SRIOV\n (bsc#919382).\n - net/mlx4_core: Enhance the MAD_IFC wrapper to convert VF port to\n physical (bsc#919382).\n - net/mlx4_core: Fix VF overwrite of module param which disables DMFS on\n new probed PFs (bsc#919382).\n - net/mlx4_core: Fix when to save some qp context flags for dynamic VST to\n VGT transitions (bsc#919382).\n - net/mlx4_core: Get num_tc using netdev_get_num_tc (bsc#919382).\n - net/mlx4_core: Prevent VF from changing port configuration (bsc#919382).\n - net/mlx4_core: Use cq quota in SRIOV when creating completion EQs\n (bsc#919382).\n - net/mlx4_core: Use-after-free causes a resource leak in flow-steering\n detach (bsc#919382).\n - net/mlx4_en: Avoid adding steering rules with invalid ring (bsc#919382).\n - net/mlx4_en: Change the error print to debug print (bsc#919382).\n - net/mlx4_en: Fix type mismatch for 32-bit systems (bsc#919382).\n - net/mlx4_en: Resolve dividing by zero in 32-bit system (bsc#919382).\n - net/mlx4_en: Wake TX queues only when there's enough room (bsc#1039258).\n - net/mlx4_en: fix overflow in mlx4_en_init_timestamp() (bsc#919382).\n - net: avoid reference counter overflows on fib_rules in multicast\n forwarding (git-fixes).\n - net: ip6mr: fix static mfc/dev leaks on table destruction (git-fixes).\n - net: ipmr: fix static mfc/dev leaks on table destruction (git-fixes).\n - net: wimax/i2400m: fix NULL-deref at probe (bsc#1037358).\n - netxen_nic: set rcode to the return status from the call to\n netxen_issue_cmd (bnc#784815).\n - nfs: fix nfs_size_to_loff_t (git-fixes).\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670).\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670).\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ocfs2: NFS hangs in __ocfs2_cluster_lock due to race with\n ocfs2_unblock_lock (bsc#962257).\n - perf/core: Correct event creation with PERF_FORMAT_GROUP (bnc#1013018).\n - perf/core: Fix event inheritance on fork() (bnc#1013018).\n - powerpc/ibmebus: Fix device reference leaks in sysfs interface\n (bsc#1035777 [2017-04-24] Pending Base Kernel Fixes).\n - powerpc/ibmebus: Fix further device reference leaks (bsc#1035777\n [2017-04-24] Pending Base Kernel Fixes).\n - powerpc/mm/hash: Check for non-kernel address in get_kernel_vsid()\n (bsc#1032471).\n - powerpc/mm/hash: Convert mask to unsigned long (bsc#1032471).\n - powerpc/mm/hash: Increase VA range to 128TB (bsc#1032471).\n - powerpc/mm/hash: Properly mask the ESID bits when building proto VSID\n (bsc#1032471).\n - powerpc/mm/hash: Support 68 bit VA (bsc#1032471).\n - powerpc/mm/hash: Use context ids 1-4 for the kernel (bsc#1032471).\n - powerpc/mm/slice: Convert slice_mask high slice to a bitmap\n (bsc#1032471).\n - powerpc/mm/slice: Fix off-by-1 error when computing slice mask\n (bsc#1032471).\n - powerpc/mm/slice: Move slice_mask struct definition to slice.c\n (bsc#1032471).\n - powerpc/mm/slice: Update slice mask printing to use bitmap printing\n (bsc#1032471).\n - powerpc/mm/slice: Update the function prototype (bsc#1032471).\n - powerpc/mm: Do not alias user region to other regions below PAGE_OFFSET\n (bsc#928138).\n - powerpc/mm: Remove checks that TASK_SIZE_USER64 is too small\n (bsc#1032471).\n - powerpc/mm: use macro PGTABLE_EADDR_SIZE instead of digital\n (bsc#1032471).\n - powerpc/pci/rpadlpar: Fix device reference leaks (bsc#1035777\n [2017-04-24] Pending Base Kernel Fixes).\n - powerpc/pseries: Release DRC when configure_connector fails\n (bsc#1035777, Pending Base Kernel Fixes).\n - powerpc: Drop support for pre-POWER4 cpus (bsc#1032471).\n - powerpc: Remove STAB code (bsc#1032471).\n - random32: fix off-by-one in seeding requirement (git-fixes).\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - reiserfs: do not preallocate blocks for extended attributes (bsc#990682).\n - rfkill: fix rfkill_fop_read wait_event usage (bsc#1046192).\n - s390/qdio: clear DSCI prior to scanning multiple input queues\n (bnc#1046715, LTC#156234).\n - s390/qeth: no ETH header for outbound AF_IUCV (bnc#1046715, LTC#156276).\n - s390/qeth: size calculation outbound buffers (bnc#1046715, LTC#156276).\n - sched/core: Remove false-positive warning from wake_up_process()\n (bnc#1044882).\n - sched/cputime: Do not scale when utime == 0 (bnc#938352).\n - sched/debug: Print the scheduler topology group mask (bnc#1013018).\n - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1013018).\n - sched/fair: Fix min_vruntime tracking (bnc#1013018).\n - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1013018). Prep\n for b60205c7c558 sched/fair: Fix min_vruntime tracking\n - sched/topology: Fix building of overlapping sched-groups (bnc#1013018).\n - sched/topology: Fix overlapping sched_group_capacity (bnc#1013018).\n - sched/topology: Fix overlapping sched_group_mask (bnc#1013018).\n - sched/topology: Move comment about asymmetric node setups (bnc#1013018).\n - sched/topology: Optimize build_group_mask() (bnc#1013018).\n - sched/topology: Refactor function build_overlap_sched_groups()\n (bnc#1013018).\n - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1013018).\n - sched/topology: Simplify build_overlap_sched_groups() (bnc#1013018).\n - sched/topology: Verify the first group matches the child domain\n (bnc#1013018).\n - sched: Always initialize cpu-power (bnc#1013018).\n - sched: Avoid cputime scaling overflow (bnc#938352).\n - sched: Avoid prev->stime underflow (bnc#938352).\n - sched: Do not account bogus utime (bnc#938352).\n - sched: Fix SD_OVERLAP (bnc#1013018).\n - sched: Fix domain iteration (bnc#1013018).\n - sched: Lower chances of cputime scaling overflow (bnc#938352).\n - sched: Move nr_cpus_allowed out of 'struct sched_rt_entity'\n (bnc#1013018). Prep for b60205c7c558 sched/fair: Fix min_vruntime\n tracking\n - sched: Rename a misleading variable in build_overlap_sched_groups()\n (bnc#1013018).\n - sched: Use swap() macro in scale_stime() (bnc#938352).\n - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221).\n - scsi: fix race between simultaneous decrements of ->host_failed\n (bsc#1050154).\n - scsi: fnic: Correcting rport check location in fnic_queuecommand_lck\n (bsc#1035920).\n - scsi: mvsas: fix command_active typo (bsc#1050154).\n - scsi: qla2xxx: Fix scsi scan hang triggered if adapter fails during init\n (bsc#1050154).\n - sfc: do not device_attach if a reset is pending (bsc#909618).\n - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154).\n - splice: Stub splice_write_to_file (bsc#1043234).\n - svcrdma: Fix send_reply() scatter/gather set-up (git-fixes).\n - target/iscsi: Fix double free in lio_target_tiqn_addtpg() (bsc#1050154).\n - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1013018).\n - tracing: Fix syscall_*regfunc() vs copy_process() race (bnc#1042687).\n - udf: Fix deadlock between writeback and udf_setsize() (bsc#1013018).\n - udf: Fix races with i_size changes during readpage (bsc#1013018).\n - usbtmc: remove redundant braces (bsc#1036288).\n - usbtmc: remove trailing spaces (bsc#1036288).\n - usbvision: fix NULL-deref at probe (bsc#1050431).\n - uwb: hwa-rc: fix NULL-deref at probe (bsc#1037233).\n - uwb: i1480-dfu: fix NULL-deref at probe (bsc#1036629).\n - vb2: Fix an off by one error in 'vb2_plane_vaddr' (bsc#1050431).\n - vmxnet3: avoid calling pskb_may_pull with interrupts disabled\n (bsc#1045356).\n - vmxnet3: fix checks for dma mapping errors (bsc#1045356).\n - vmxnet3: fix lock imbalance in vmxnet3_tq_xmit() (bsc#1045356).\n - x86, mm, paravirt: Fix vmalloc_fault oops during lazy MMU updates\n (bsc#948562).\n - x86/pci-calgary: Fix iommu_free() comparison of unsigned expression\n greater than 0 (bsc#1051478).\n - xen: avoid deadlock in xenbus (bnc#1047523).\n - xfrm: NULL dereference on allocation failure (bsc#1047343).\n - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653).\n - xfrm: dst_entries_init() per-net dst_ops (bsc#1030814).\n - xfs: Synchronize xfs_buf disposal routines (bsc#1041160).\n - xfs: use ->b_state to fix buffer I/O accounting release race\n (bsc#1041160).\n - xprtrdma: Free the pd if ib_query_qp() fails (git-fixes).\n\n", "edition": 1, "modified": "2017-09-08T18:09:08", "published": "2017-09-08T18:09:08", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-09/msg00017.html", "id": "SUSE-SU-2017:2389-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-10-30T22:32:06", "bulletinFamily": "unix", "cvelist": ["CVE-2016-10277", "CVE-2017-11176", "CVE-2017-14051", "CVE-2017-1000380", "CVE-2017-13080", "CVE-2017-15274", "CVE-2017-12762", "CVE-2017-15265", "CVE-2017-7889", "CVE-2017-9074", "CVE-2017-7518", "CVE-2017-15649", "CVE-2017-9242", "CVE-2017-8831", "CVE-2017-14106", "CVE-2017-9075", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-8924", "CVE-2017-12192", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-12153", "CVE-2017-8925", "CVE-2017-6346", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-12154", "CVE-2017-1000365", "CVE-2017-8890"], "description": "The SUSE Linux Enterprise 12 SP1 LTS kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local\n users to gain privileges via crafted system calls that trigger\n mishandling of packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that leads to a\n use-after-free, a different vulnerability than CVE-2017-6346\n (bnc#1064388).\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed\n reinstallation of the Group Temporal Key (GTK) during the group key\n handshake, allowing an attacker within radio range to replay frames from\n access points to clients (bnc#1063667).\n - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not\n consider the case of a NULL payload in conjunction with a nonzero length\n value, which allowed local users to cause a denial of service (NULL\n pointer dereference and OOPS) via a crafted add_key or keyctl system\n call, a different vulnerability than CVE-2017-12192 (bnc#1045327).\n - CVE-2017-15265: Use-after-free vulnerability in the Linux kernel allowed\n local users to have unspecified impact via vectors related to\n /dev/snd/seq (bnc#1062520).\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation. (bnc#1039354).\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410).\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the\n Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store\n exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR\n shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain\n read and write access to the hardware CR8 register (bnc#1058507).\n - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the\n Linux kernel allowed local users to cause a denial of service\n (__tcp_select_window divide-by-zero error and system crash) by\n triggering a disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux\n kernel doesn't check the effective uid of the target process, enabling a\n local attacker to learn the memory layout of a setuid executable despite\n ASLR (bnc#1057179).\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users\n to cause a denial of service (memory corruption and system crash) by\n leveraging root access (bnc#1056588).\n - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel\n allowed local users to gain privileges or cause a denial of service\n (list corruption or use-after-free) via simultaneous file-descriptor\n operations that leverage improper might_cancel queueing (bnc#1053152).\n - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled\n buffer is copied into a local buffer of constant size using strcpy\n without a length check which can cause a buffer overflow. (bnc#1053148).\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed\n local users to cause a denial of service (out-of-bounds array access) or\n possibly have unspecified other impact by changing a certain\n sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).\n - CVE-2017-7482: A potential memory corruption was fixed in decoding of\n krb5 principals in the kernels kerberos handling. (bnc#1046107).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set\n the sock pointer to NULL upon entry into the retry logic. During a\n user-space close of a Netlink socket, it allowed attackers to cause a\n denial of service (use-after-free) or possibly have unspecified other\n impact (bnc#1048275).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n - CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug\n exception(#DB) error. It could occur while emulating a syscall\n instruction and potentially lead to guest privilege escalation.\n (bsc#1045922).\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to\n obtain sensitive information (in the dmesg ringbuffer and syslog) from\n uninitialized kernel memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer underflow (bnc#1037182\n bsc#1038982).\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c\n in the Linux kernel allowed local users to cause a denial of service\n (tty exhaustion) by leveraging reference count mishandling (bnc#1037183\n bsc#1038981).\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel was vulnerable\n to a data race in the ALSA /dev/snd/timer driver resulting in local\n users being able to read information belonging to other users, i.e.,\n uninitialized memory contents might have been disclosed when a read and\n an ioctl happen at the same time (bnc#1044125).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bnc#1041431).\n - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a\n missing bounds check, and the fact that parport_ptr integer is static, a\n 'secure boot' kernel command line adversary (could happen due to\n bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a\n vulnerability the adversary has partial control over the command line)\n could overflow the parport_nr array in the following code, by appending\n many (>LP_NO) 'lp=none' arguments to the command line (bnc#1039456).\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544).\n - CVE-2017-7889: The mm subsystem in the Linux kernel did not properly\n enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allowed\n local users to read or write to kernel memory locations in the first\n megabyte (and bypass slab-allocation access restrictions) via an\n application that opens the /dev/mem file, related to arch/x86/mm/init.c\n and drivers/char/mem.c (bnc#1034405).\n\n The following new features were implemented:\n - the r8152 network driver was updated to support Realtek RTL8152/RTL8153\n Based USB Ethernet Adapters (fate#321482)\n\n The following non-security bugs were fixed:\n\n - blkback/blktap: do not leak stack data via response ring (bsc#1042863\n XSA-216).\n - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515).\n - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - btrfs: Check qgroup level in kernel qgroup assign (bsc#1001459).\n - btrfs: qgroup: allow to remove qgroup which has parent but no child\n (bsc#1001459).\n - btrfs: quota: Automatically update related qgroups or mark INCONSISTENT\n flags when assigning/deleting a qgroup relations (bsc#1001459).\n - ceph: Correctly return NXIO errors from ceph_llseek (git-fixes).\n - ceph: fix file open flags on ppc64 (git-fixes).\n - ceph: check i_nlink while converting a file handle to dentry\n (bsc#1039864).\n - drivers/net: delete non-required instances of include\n &lt;linux/init.h&gt; (bsc#993099).\n - drivers/net/usb: add device id for NVIDIA Tegra USB 3.0 Ethernet\n (bsc#993099).\n - drivers/net/usb: Add support for 'Lenovo OneLink Pro Dock' (bsc#993099).\n - enic: set skb-&gt;hash type properly (bsc#922871).\n - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - firmware: dmi_scan: Fix ordering of product_uuid (bsc#1030531).\n - fm10k: correctly check if interface is removed (bsc#922855).\n - fs/block_dev: always invalidate cleancache in invalidate_bdev()\n (git-fixes).\n - fs: fix data invalidation in the cleancache during direct IO (git-fixes).\n - fs/xattr.c: zero out memory copied to userspace in getxattr (git-fixes).\n - hv: vmbus: Raise retry/wait limits in vmbus_post_msg() (bsc#1023287,\n bsc#1028217, bsc#1048788).\n - jhash: Update jhash_[321]words functions to use correct initval\n (git-fixes).\n - kABI: mask an include (bsc#994364).\n - md: ensure md devices are freed before module is unloaded (git-fixes).\n - md/raid0: apply base queue limits *before* disk_stack_limits (git-fixes).\n - md/raid0: update queue parameter in a safer location (git-fixes).\n - md/raid1: do not clear bitmap bit when bad-block-list write fails\n (git-fixes).\n - md/raid10: do not clear bitmap bit when bad-block-list write fails\n (git-fixes).\n - md/raid10: ensure device failure recorded before write request returns\n (git-fixes).\n - mlock: fix mlock count can not decrease in race condition (VM\n Functionality, bsc#1042696).\n - mlx: Revert the mlx5e_tx_notify_hw() changes.(bsc#1033960)\n - mm/huge_memory: replace VM_NO_THP VM_BUG_ON with actual VMA check (VM\n Functionality, bsc#1042832).\n - mm: hugetlb: call huge_pte_alloc() only if ptep is null (VM\n Functionality, bsc#1042832).\n - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack\n (bnc#1039348).\n - netfilter: bridge: Fix the build when IPV6 is disabled (bsc#1027149).\n - net: get rid of SET_ETHTOOL_OPS (bsc#993099).\n - net/usb/r8152: add device id for Lenovo TP USB 3.0 Ethernet (bsc#993099).\n - netvsc: get rid of completion timeouts (bsc#1048788).\n - nfs v4.1: Fix Oopsable condition in server callback races (git-fixes).\n - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - pid_ns: Sleep in TASK_INTERRUPTIBLE in zap_pid_ns_processes\n (bnc#1012985).\n - powerpc: Add missing error check to prom_find_boot_cpu() (bnc#856774).\n - powerpc/book3s: Fix MCE console messages for unrecoverable MCE\n (bnc#878240).\n - powerpc/bpf/jit: Disable classic BPF JIT on ppc64le (bsc#1041429,\n [2017-05-29] Pending SUSE Kernel Fixes).\n - powerpc: Fix bad inline asm constraint in create_zero_mask()\n (bnc#856774).\n - powerpc/64: Fix flush_(d|i)cache_range() called from modules\n (bnc#863764).\n - printk: prevent userland from spoofing kernel messages (bsc#1039721).\n - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552).\n - rtl8152: correct speed testing (bsc#993099).\n - r8152: add functions to set EEE (bsc#993099).\n - r8152: add MODULE_VERSION (bsc#993099).\n - r8152: add mutex for hw settings (bsc#993099).\n - r8152: add pre_reset and post_reset (bsc#993099).\n - r8152: add reset_resume function (bsc#993099).\n - r8152: add rtl_ops (bsc#993099).\n - r8152: add skb_cow_head (bsc#993099).\n - r8152: add three functions (bsc#993099).\n - r8152: adjust ALDPS function (bsc#993099).\n - r8152: adjust lpm timer (bsc#993099).\n - r8152: adjust rtl_start_rx (bsc#993099).\n - r8152: adjust rx_bottom (bsc#993099).\n - r8152: adjust r8152_submit_rx (bsc#993099).\n - r8152: adjust the line feed for hw_features (bsc#993099).\n - r8152: adjust usb_autopm_xxx (bsc#993099).\n - r8152: autoresume before setting feature (bsc#993099).\n - r8152: autoresume before setting MAC address (bsc#993099).\n - r8152: calculate the dropped packets for rx (bsc#993099).\n - r8152: call rtl_start_rx after netif_carrier_on (bsc#993099).\n - r8152: clear BMCR_PDOWN (bsc#993099).\n - r8152: clear LINK_OFF_WAKE_EN after autoresume (bsc#993099).\n - r8152: clear SELECTIVE_SUSPEND when autoresuming (bsc#993099).\n - r8152: clear the flag of SCHEDULE_TASKLET in tasklet (bsc#993099).\n - r8152: combine PHY reset with set_speed (bsc#993099).\n - r8152: constify ethtool_ops structures (bsc#993099).\n - r8152: correct some messages (bsc#993099).\n - r8152: correct the rx early size (bsc#993099).\n - r8152: deal with the empty line and space (bsc#993099).\n - r8152: disable ALDPS and EEE before setting PHY (bsc#993099).\n - r8152: disable ALDPS (bsc#993099).\n - r8152: disable MAC clock speed down (bsc#993099).\n - r8152: disable power cut for RTL8153 (bsc#993099).\n - r8152: disable teredo for RTL8152 (bsc#993099).\n - r8152: disable the capability of zero length (bsc#993099).\n - r8152: disable the ECM mode (bsc#993099).\n - r8152: disable the tasklet by default (bsc#993099).\n - r8152: do not enable napi before rx ready (bsc#993099).\n - r8152: ecm and vendor modes coexist (bsc#993099).\n - r8152: fix incorrect type in assignment (bsc#993099).\n - r8152: fix lockup when runtime PM is enabled (bsc#993099).\n - r8152: fix runtime function for RTL8152 (bsc#993099).\n - r8152: fix r8152_csum_workaround function (bsc#993099).\n - r8152: fix setting RTL8152_UNPLUG (bsc#993099).\n - r8152: fix the carrier off when autoresuming (bsc#993099).\n - r8152: fix the checking of the usb speed (bsc#993099).\n - r8152: fix the issue about U1/U2 (bsc#993099).\n - r8152: fix the runtime suspend issues (bsc#993099).\n - r8152: fix the submission of the interrupt transfer (bsc#993099).\n - r8152: fix the wake event (bsc#993099).\n - r8152: fix the warnings and a error from checkpatch.pl (bsc#993099).\n - r8152: fix the wrong return value (bsc#993099).\n - r8152: fix tx/rx memory overflow (bsc#993099).\n - r8152: fix wakeup settings (bsc#993099).\n - r8152: change rx early size when the mtu is changed (bsc#993099).\n - r8152: change some definitions (bsc#993099).\n - r8152: change the descriptor (bsc#993099).\n - r8152: change the EEE definition (bsc#993099).\n - r8152: change the location of rtl8152_set_mac_address (bsc#993099).\n - r8152: check code with checkpatch.pl (bsc#993099).\n - r8152: check linking status with netif_carrier_ok (bsc#993099).\n - r8152: check RTL8152_UNPLUG and netif_running before autoresume\n (bsc#993099).\n - r8152: check RTL8152_UNPLUG (bsc#993099).\n - r8152: check RTL8152_UNPLUG for rtl8152_close (bsc#993099).\n - r8152: check the status before submitting rx (bsc#993099).\n - r8152: check tx agg list before spin lock (bsc#993099).\n - r8152: check WORK_ENABLE in suspend function (bsc#993099).\n - r8152: increase the tx timeout (bsc#993099).\n - r8152: load the default MAC address (bsc#993099).\n - r8152: modify rtl_ops_init (bsc#993099).\n - r8152: modify the check of the flag of PHY_RESET in set_speed function\n (bsc#993099).\n - r8152: modify the method of accessing PHY (bsc#993099).\n - r8152: modify the tx flow (bsc#993099).\n - r8152: move enabling PHY (bsc#993099).\n - r8152: move PHY settings to hw_phy_cfg (bsc#993099).\n - r8152: move rtl8152_unload and ocp_reg_write (bsc#993099).\n - r8152: move r8152b_get_version (bsc#993099).\n - r8152: move some functions (bsc#993099).\n - r8152: move some functions (bsc#993099).\n - r8152: move some functions from probe to open (bsc#993099).\n - r8152: move the actions of saving the information of the device\n (bsc#993099).\n - r8152: move the setting for the default speed (bsc#993099).\n - r8152: move the settings of PHY to a work queue (bsc#993099).\n - r8152: nway reset after setting eee (bsc#993099).\n - r8152: redefine REALTEK_USB_DEVICE (bsc#993099).\n - r8152: reduce the frequency of spin_lock (bsc#993099).\n - r8152: reduce the number of Tx (bsc#993099).\n - r8152: remove a netif_carrier_off in rtl8152_open function (bsc#993099).\n - r8152: remove cancel_delayed_work_sync in rtl8152_set_speed (bsc#993099).\n - r8152: remove clearing bp (bsc#993099).\n - r8152: remove generic_ocp_read before writing (bsc#993099).\n - r8152: remove rtl_phy_reset function (bsc#993099).\n - r8152: remove rtl8152_get_stats (bsc#993099).\n - r8152: remove r8153_enable_eee (bsc#993099).\n - r8152: remove sram_read (bsc#993099).\n - r8152: remove the definitions of the PID (bsc#993099).\n - r8152: remove the duplicate init for the list of rx_done (bsc#993099).\n - r8152: remove the setting of LAN_WAKE_EN (bsc#993099).\n - r8152: rename rx_buf_sz (bsc#993099).\n - r8152: rename tx_underun (bsc#993099).\n - r8152: replace get_protocol with vlan_get_protocol (bsc#993099).\n - r8152: replace netdev_alloc_skb_ip_align with napi_alloc_skb\n (bsc#993099).\n - r8152: replace netif_rx with netif_receive_skb (bsc#993099).\n - r8152: replace some tabs with spaces (bsc#993099).\n - r8152: replace some types from int to bool (bsc#993099).\n - r8152: replace spin_lock_irqsave and spin_unlock_irqrestore (bsc#993099).\n - r8152: replace strncpy with strlcpy (bsc#993099).\n - r8152: replace tasklet with NAPI (bsc#993099).\n - r8152: replace the return value of rtl_ops_init (bsc#993099).\n - r8152: replace tp-&gt;netdev with netdev (bsc#993099).\n - r8152: reset device when tx timeout (bsc#993099).\n - r8152: reset the bmu (bsc#993099).\n - r8152: reset tp-&gt;speed before autoresuming in open function\n (bsc#993099).\n - r8152: restore hw settings (bsc#993099).\n - r8152: return -EBUSY for runtime suspend (bsc#993099).\n - r8152: save the speed (bsc#993099).\n - r8152: separate USB_RX_EARLY_AGG (bsc#993099).\n - r8152: set disable_hub_initiated_lpm (bsc#993099).\n - r8152: set RTL8152_UNPLUG when finding -ENODEV (bsc#993099).\n - r8152: split DRIVER_VERSION (bsc#993099).\n - r8152: split rtl8152_enable (bsc#993099).\n - r8152: stop submitting intr for -EPROTO (bsc#993099).\n - r8152: support dumping the hw counters (bsc#993099).\n - r8152: support ethtool eee (bsc#993099).\n - r8152: support get_msglevel and set_msglevel (bsc#993099).\n - r8152: support IPv6 (bsc#993099).\n - r8152: support jumbo frame for RTL8153 (bsc#993099).\n - r8152: support nway_reset of ethtool (bsc#993099).\n - r8152: support RTL8153 (bsc#993099).\n - r8152: support runtime suspend (bsc#993099).\n - r8152: support rx checksum (bsc#993099).\n - r8152: support setting rx coalesce (bsc#993099).\n - r8152: support stopping/waking tx queue (bsc#993099).\n - r8152: support the new RTL8153 chip (bsc#993099).\n - r8152: support TSO (bsc#993099).\n - r8152: support VLAN (bsc#993099).\n - r8152: support WOL (bsc#993099).\n - r8152: up the priority of the transmission (bsc#993099).\n - r8152: use BIT macro (bsc#993099).\n - r8152: use eth_hw_addr_random (bsc#993099).\n - r8152: Use kmemdup instead of kmalloc + memcpy (bsc#993099).\n - r8152: use test_and_clear_bit (bsc#993099).\n - r8152: use usleep_range (bsc#993099).\n - r8152: wake up the device before dumping the hw counter (bsc#993099).\n - scsi: qla2xxx: Get mutex lock before checking optrom_state (bsc#1053317).\n - sched/fair: Fix min_vruntime tracking (bnc#1012985).\n - sched/loadavg: Fix loadavg artifacts on fully idle and on fully loaded\n systems (bnc#1012985).\n - sched/rt: Fix PI handling vs. sched_setscheduler() (bnc#1012985).\n - sunrpc: Update RPCBIND_MAXNETIDLEN (git-fixes).\n - syscall: fix dereferencing NULL payload with nonzero length\n (bsc#1045327, bsc#1062471).\n - tcp: do not inherit fastopen_req from parent (bsc#1038544).\n - timekeeping: Ignore the bogus sleep time if pm_trace is enabled\n (bsc#994364).\n - tracing/kprobes: Enforce kprobes teardown after testing (bnc#1012985).\n - usb: wusbcore: fix NULL-deref at probe (bsc#1045487).\n - xen: Linux 3.12.74.\n - xen/PCI-MSI: fix sysfs teardown in DomU (bsc#986924).\n - xfs: fix a couple error sequence jumps in xfs_mountfs() (bsc#1035531).\n - xfs: fix coccinelle warnings (bsc#1035531).\n - xfs: handle error if xfs_btree_get_bufs fails (bsc#1059863).\n - xfs: use -&gt;b_state to fix buffer I/O accounting release race\n (bsc#1041160) (bsc#1041160).\n - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present\n (bsc#1058524).\n\n", "edition": 1, "modified": "2017-10-30T19:23:22", "published": "2017-10-30T19:23:22", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00086.html", "id": "SUSE-SU-2017:2908-1", "title": "Security update for the Linux Kernel (important)", "type": "suse", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-11-02T20:32:20", "bulletinFamily": "unix", "cvelist": ["CVE-2016-9604", "CVE-2016-10277", "CVE-2017-11176", "CVE-2017-14051", "CVE-2017-1000380", "CVE-2017-13080", "CVE-2017-15274", "CVE-2017-12762", "CVE-2017-15265", "CVE-2017-7889", "CVE-2017-9074", "CVE-2017-7518", "CVE-2017-15649", "CVE-2017-9242", "CVE-2017-8831", "CVE-2017-14106", "CVE-2017-9075", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-8924", "CVE-2017-12192", "CVE-2017-7482", "CVE-2017-7541", "CVE-2015-9004", "CVE-2017-6951", "CVE-2017-2647", "CVE-2017-12153", "CVE-2017-8925", "CVE-2017-6346", "CVE-2016-10229", "CVE-2017-8106", "CVE-2017-7487", "CVE-2017-9076", "CVE-2017-1000363", "CVE-2017-9077", "CVE-2017-7542", "CVE-2017-12154", "CVE-2017-1000365", "CVE-2017-8890"], "description": "The SUSE Linux Enterprise 12 GA LTS kernel was updated to receive various\n security and bugfixes.\n\n The following security bugs were fixed:\n\n - CVE-2017-15649: net/packet/af_packet.c in the Linux kernel allowed local\n users to gain privileges via crafted system calls that trigger\n mishandling of packet_fanout data structures, because of a race\n condition (involving fanout_add and packet_do_bind) that leads to a\n use-after-free, a different vulnerability than CVE-2017-6346\n (bnc#1064388).\n - CVE-2015-9004: kernel/events/core.c in the Linux kernel mishandled\n counter grouping, which allowed local users to gain privileges via a\n crafted application, related to the perf_pmu_register and\n perf_event_open functions (bnc#1037306).\n - CVE-2016-10229: udp.c in the Linux kernel allowed remote attackers to\n execute arbitrary code via UDP traffic that triggers an unsafe second\n checksum calculation during execution of a recv system call with the\n MSG_PEEK flag (bnc#1032268).\n - CVE-2016-9604: The handling of keyrings starting with '.' in\n KEYCTL_JOIN_SESSION_KEYRING, which could have allowed local users to\n manipulate privileged keyrings, was fixed (bsc#1035576)\n - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a\n missing bounds check, and the fact that parport_ptr integer is static, a\n 'secure boot' kernel command line adversary (can happen due to\n bootloader vulns, e.g. Google Nexus 6's CVE-2016-10277, where due to a\n vulnerability the adversary has partial control over the command line)\n can overflow the parport_nr array in the following code, by appending\n many (>LP_NO) 'lp=none' arguments to the command line (bnc#1039456).\n - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the\n argument and environment pointers into account, which allowed attackers\n to bypass this limitation. (bnc#1039354).\n - CVE-2017-1000380: sound/core/timer.c in the Linux kernel is vulnerable\n to a data race in the ALSA /dev/snd/timer driver resulting in local\n users being able to read information belonging to other users, i.e.,\n uninitialized memory contents may be disclosed when a read and an ioctl\n happen at the same time (bnc#1044125).\n - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel\n allowed local users to gain privileges or cause a denial of service\n (list corruption or use-after-free) via simultaneous file-descriptor\n operations that leverage improper might_cancel queueing (bnc#1053152).\n - CVE-2017-11176: The mq_notify function in the Linux kernel did not set\n the sock pointer to NULL upon entry into the retry logic. During a\n user-space close of a Netlink socket, it allowed attackers to cause a\n denial of service (use-after-free) or possibly have unspecified other\n impact (bnc#1048275).\n - CVE-2017-12153: A security flaw was discovered in the\n nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux\n kernel This function did not check whether the required attributes are\n present in a Netlink request. This request can be issued by a user with\n the CAP_NET_ADMIN capability and may result in a NULL pointer\n dereference and system crash (bnc#1058410).\n - CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the\n Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store\n exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR\n shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain\n read and write access to the hardware CR8 register (bnc#1058507).\n - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled\n buffer is copied into a local buffer of constant size using strcpy\n without a length check which can cause a buffer overflow. (bnc#1053148).\n - CVE-2017-13080: Wi-Fi Protected Access (WPA and WPA2) allowed\n reinstallation of the Group Temporal Key (GTK) during the group key\n handshake, allowing an attacker within radio range to replay frames from\n access points to clients (bnc#1063667).\n - CVE-2017-14051: An integer overflow in the\n qla2x00_sysfs_write_optrom_ctl function in\n drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users\n to cause a denial of service (memory corruption and system crash) by\n leveraging root access (bnc#1056588).\n - CVE-2017-14106: The tcp_disconnect function in net/ipv4/tcp.c in the\n Linux kernel allowed local users to cause a denial of service\n (__tcp_select_window divide-by-zero error and system crash) by\n triggering a disconnect within a certain tcp_recvmsg code path\n (bnc#1056982).\n - CVE-2017-14140: The move_pages system call in mm/migrate.c in the Linux\n kernel doesn't check the effective uid of the target process, enabling a\n local attacker to learn the memory layout of a setuid executable despite\n ASLR (bnc#1057179).\n - CVE-2017-15265: Use-after-free vulnerability in the Linux kernel allowed\n local users to have unspecified impact via vectors related to\n /dev/snd/seq (bnc#1062520).\n - CVE-2017-15274: security/keys/keyctl.c in the Linux kernel did not\n consider the case of a NULL payload in conjunction with a nonzero length\n value, which allowed local users to cause a denial of service (NULL\n pointer dereference and OOPS) via a crafted add_key or keyctl system\n call, a different vulnerability than CVE-2017-12192 (bnc#1045327).\n - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local\n users to gain privileges or cause a denial of service (NULL pointer\n dereference and system crash) via vectors involving a NULL value for a\n certain match field, related to the keyring_search_iterator function in\n keyring.c (bnc#1030593).\n - CVE-2017-6951: The keyring_search_aux function in\n security/keys/keyring.c in the Linux kernel allowed local users to cause\n a denial of service (NULL pointer dereference and OOPS) via a\n request_key system call for the "dead" type (bnc#1029850).\n - CVE-2017-7482: A potential memory corruption was fixed in decoding of\n krb5 principals in the kernels kerberos handling. (bnc#1046107).\n - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the\n Linux kernel mishandled reference counts, which allowed local users to\n cause a denial of service (use-after-free) or possibly have unspecified\n other impact via a failed SIOCGIFADDR ioctl call for an IPX interface\n (bnc#1038879).\n - CVE-2017-7518: The Linux kernel was vulnerable to an incorrect debug\n exception(#DB) error. It could occur while emulating a syscall\n instruction and potentially lead to guest privilege escalation.\n (bsc#1045922).\n - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in\n drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux\n kernel allowed local users to cause a denial of service (buffer overflow\n and system crash) or possibly gain privileges via a crafted\n NL80211_CMD_FRAME Netlink packet (bnc#1049645).\n - CVE-2017-7542: The ip6_find_1stfragopt function in\n net/ipv6/output_core.c in the Linux kernel allowed local users to cause\n a denial of service (integer overflow and infinite loop) by leveraging\n the ability to open a raw socket (bnc#1049882).\n - CVE-2017-7889: The mm subsystem in the Linux kernel did not properly\n enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allowed\n local users to read or write to kernel memory locations in the first\n megabyte (and bypass slab-allocation access restrictions) via an\n application that opens the /dev/mem file, related to arch/x86/mm/init.c\n and drivers/char/mem.c (bnc#1034405).\n - CVE-2017-8106: The handle_invept function in arch/x86/kvm/vmx.c in the\n Linux kernel 3.12 allowed privileged KVM guest OS users to cause a\n denial of service (NULL pointer dereference and host OS crash) via a\n single-context INVEPT instruction with a NULL EPT pointer (bnc#1035877).\n - CVE-2017-8831: The saa7164_bus_get function in\n drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed\n local users to cause a denial of service (out-of-bounds array access) or\n possibly have unspecified other impact by changing a certain\n sequence-number value, aka a "double fetch" vulnerability (bnc#1037994).\n - CVE-2017-8890: The inet_csk_clone_lock function in\n net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to\n cause a denial of service (double free) or possibly have unspecified\n other impact by leveraging use of the accept system call (bnc#1038544).\n - CVE-2017-8924: The edge_bulk_in_callback function in\n drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to\n obtain sensitive information (in the dmesg ringbuffer and syslog) from\n uninitialized kernel memory by using a crafted USB device (posing as an\n io_ti USB serial device) to trigger an integer underflow (bnc#1037182\n bsc#1038982).\n - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c\n in the Linux kernel allowed local users to cause a denial of service\n (tty exhaustion) by leveraging reference count mishandling (bnc#1037183\n bsc#1038981).\n - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel\n did not consider that the nexthdr field may be associated with an\n invalid option, which allowed local users to cause a denial of service\n (out-of-bounds read and BUG) or possibly have unspecified other impact\n via crafted socket and send system calls (bnc#1039882).\n - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883).\n - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885).\n - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c\n in the Linux kernel mishandled inheritance, which allowed local users to\n cause a denial of service or possibly have unspecified other impact via\n crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069).\n - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c\n in the Linux kernel is too late in checking whether an overwrite of an\n skb data structure may occur, which allowed local users to cause a\n denial of service (system crash) via crafted system calls (bnc#1041431).\n\n The following non-security bugs were fixed:\n\n - btrfs: Fix a data space underflow warning (bsc#985562, bsc#975596,\n bsc#984779, bsc#1008353, bsc#1017941).\n - dm-mpath: always return reservation conflict. bsc#938162\n - getcwd: Close race with d_move called by lustre (bsc#1052593).\n - ipv4: Should use consistent conditional judgement for ip fragment in\n __ip_append_data and ip_finish_output (bsc#1041958).\n - ipv6: Should use consistent conditional judgement for ip6 fragment\n between __ip6_append_data and ip6_finish_output (bsc#1041958).\n - kabi: avoid bogus kabi errors in ip_output.c (bsc#1041958).\n - keys: Disallow keyrings beginning with '.' to be joined as session\n keyrings (bnc#1035576).\n - mm/mmap.c: do not blow on PROT_NONE MAP_FIXED holes in the stack\n (bnc#1039348).\n - net: account for current skb length when deciding about UFO\n (bsc#1041958).\n - nfsd4: minor NFSv2/v3 write decoding cleanup (bsc#1034670 CVE#2017-7645).\n - nfsd: check for oversized NFSv2/v3 arguments (bsc#1034670 CVE#2017-7645).\n - nfsd: stricter decoding of write-like NFSv2/v3 ops (bsc#1034670\n CVE#2017-7645).\n - printk: prevent userland from spoofing kernel messages (bsc#1039721).\n - reiserfs: do not preallocate blocks for extended attributes (bsc#990682).\n - tcp: do not inherit fastopen_req from parent (bsc#1038544).\n - udp: disallow UFO for sockets with SO_NO_CHECK option (bsc#1041958).\n - usb: wusbcore: fix NULL-deref at probe (bsc#1045487).\n - vsock: Detach QP check should filter out non matching QPs (bsc#1036752\n bsc#1047408).\n - vsock: Fix lockdep issue (bsc#977417 bsc#1047408).\n - vsock: sock_put wasn't safe to call in interrupt context (bsc#977417\n bsc#1047408).\n - xfs: XFS_IS_REALTIME_INODE() should be false if no rt device present\n (bsc#1058524).\n\n", "edition": 1, "modified": "2017-11-02T18:12:40", "published": "2017-11-02T18:12:40", "href": "http://lists.opensuse.org/opensuse-security-announce/2017-11/msg00001.html", "id": "SUSE-SU-2017:2920-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "debian": [{"lastseen": "2020-10-30T13:30:50", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-7346", "CVE-2017-10810", "CVE-2017-7533", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-7542", "CVE-2017-9605", "CVE-2017-1000365"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3927-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 07, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2017-7346 CVE-2017-7482 CVE-2017-7533 CVE-2017-7541\n CVE-2017-7542 CVE-2017-9605 CVE-2017-10810 CVE-2017-10911\n CVE-2017-11176 CVE-2017-1000365\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7346\n\n Li Qiang discovered that the DRM driver for VMware virtual GPUs does\n not properly check user-controlled values in the\n vmw_surface_define_ioctl() functions for upper limits. A local user\n can take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\n\n Fan Wu and Shixiong Zhao discovered a race condition between inotify\n events and VFS rename operations allowing an unprivileged local\n attacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\n\n A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\n driver could allow a local user to cause kernel memory corruption,\n leading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-9605\n\n Murray McAllister discovered that the DRM driver for VMware virtual\n GPUs does not properly initialize memory, potentially allowing a\n local attacker to obtain sensitive information from uninitialized\n kernel memory via a crafted ioctl call.\n\nCVE-2017-10810\n\n Li Qiang discovered a memory leak flaw within the VirtIO GPU driver\n resulting in denial of service (memory consumption).\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a user-space close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n taken properly into account to the imposed size restrictions on\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\n this flaw in conjunction with other flaws to execute arbitrary code.\n\nFor the oldstable distribution (jessie), these problems will be fixed in\na subsequent DSA.\n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 4.9.30-2+deb9u3.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 20, "modified": "2017-08-07T05:19:12", "published": "2017-08-07T05:19:12", "id": "DEBIAN:DSA-3927-1:A186E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00189.html", "title": "[SECURITY] [DSA 3927-1] linux security update", "type": "debian", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}}, {"lastseen": "2020-08-12T00:51:42", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-7889", "CVE-2017-7346", "CVE-2014-9940", "CVE-2017-7533", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-7541", "CVE-2017-1000363", "CVE-2017-7542", "CVE-2017-9605", "CVE-2017-1000365"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3945-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nAugust 17, 2017 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : linux\nCVE ID : CVE-2014-9940 CVE-2017-7346 CVE-2017-7482 CVE-2017-7533\n CVE-2017-7541 CVE-2017-7542 CVE-2017-7889 CVE-2017-9605\n CVE-2017-10911 CVE-2017-11176 CVE-2017-1000363\n CVE-2017-1000365\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2014-9940\n\n A use-after-free flaw in the voltage and current regulator driver\n could allow a local user to cause a denial of service or potentially\n escalate privileges.\n\nCVE-2017-7346\n\n Li Qiang discovered that the DRM driver for VMware virtual GPUs does\n not properly check user-controlled values in the\n vmw_surface_define_ioctl() functions for upper limits. A local user\n can take advantage of this flaw to cause a denial of service.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7533\n\n Fan Wu and Shixiong Zhao discovered a race condition between inotify\n events and VFS rename operations allowing an unprivileged local\n attacker to cause a denial of service or escalate privileges.\n\nCVE-2017-7541\n\n A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN\n driver could allow a local user to cause kernel memory corruption,\n leading to a denial of service or potentially privilege escalation.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-7889\n\n Tommi Rantala and Brad Spengler reported that the mm subsystem does\n not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\n allowing a local attacker with access to /dev/mem to obtain\n sensitive information or potentially execute arbitrary code.\n\nCVE-2017-9605\n\n Murray McAllister discovered that the DRM driver for VMware virtual\n GPUs does not properly initialize memory, potentially allowing a\n local attacker to obtain sensitive information from uninitialized\n kernel memory via a crafted ioctl call.\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a userspace close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-1000363\n\n Roee Hay reported that the lp driver does not properly bounds-check\n passed arguments, allowing a local attacker with write access to the\n kernel command line arguments to execute arbitrary code.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n taken properly into account to the imposed size restrictions on\n arguments and environmental strings passed through\n RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of\n this flaw in conjunction with other flaws to execute arbitrary code.\n\nFor the oldstable distribution (jessie), these problems have been fixed\nin version 3.16.43-2+deb8u3.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 18, "modified": "2017-08-17T18:40:23", "published": "2017-08-17T18:40:23", "id": "DEBIAN:DSA-3945-1:532A6", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2017/msg00207.html", "title": "[SECURITY] [DSA 3945-1] linux security update", "type": "debian", "cvss": {"score": 7.6, "vector": "AV:N/AC:H/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-08-12T01:03:06", "bulletinFamily": "unix", "cvelist": ["CVE-2017-11176", "CVE-2017-1000380", "CVE-2017-1000111", "CVE-2017-14489", "CVE-2017-7889", "CVE-2017-14106", "CVE-2017-14140", "CVE-2017-10661", "CVE-2017-1000251", "CVE-2017-10911", "CVE-2017-7482", "CVE-2017-14156", "CVE-2017-14340", "CVE-2017-12134", "CVE-2017-12153", "CVE-2017-1000363", "CVE-2017-7542", "CVE-2017-12154", "CVE-2017-11600", "CVE-2017-1000365"], "description": "Package : linux\nVersion : 3.2.93-1\nCVE ID : CVE-2017-7482 CVE-2017-7542 CVE-2017-7889 CVE-2017-10661 \n CVE-2017-10911 CVE-2017-11176 CVE-2017-11600 CVE-2017-12134 \n CVE-2017-12153 CVE-2017-12154 CVE-2017-14106 CVE-2017-14140 \n CVE-2017-14156 CVE-2017-14340 CVE-2017-14489 CVE-2017-1000111 \n CVE-2017-1000251 CVE-2017-1000363 CVE-2017-1000365\n\t\t CVE-2017-1000380\nDebian Bug : #866511 #875881\n\nSeveral vulnerabilities have been discovered in the Linux kernel that\nmay lead to a privilege escalation, denial of service or information\nleaks.\n\nCVE-2017-7482\n\n Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does\n not properly verify metadata, leading to information disclosure,\n denial of service or potentially execution of arbitrary code.\n\nCVE-2017-7542\n\n An integer overflow vulnerability in the ip6_find_1stfragopt()\n function was found allowing a local attacker with privileges to open\n raw sockets to cause a denial of service.\n\nCVE-2017-7889\n\n Tommi Rantala and Brad Spengler reported that the mm subsystem does\n not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,\n allowing a local attacker with access to /dev/mem to obtain\n sensitive information or potentially execute arbitrary code.\n\nCVE-2017-10661\n\n Dmitry Vyukov of Google reported that the timerfd facility does\n not properly handle certain concurrent operations on a single file\n descriptor. This allows a local attacker to cause a denial of\n service or potentially to execute arbitrary code.\n\nCVE-2017-10911 / XSA-216\n\n Anthony Perard of Citrix discovered an information leak flaw in Xen\n blkif response handling, allowing a malicious unprivileged guest to\n obtain sensitive information from the host or other guests.\n\nCVE-2017-11176\n\n It was discovered that the mq_notify() function does not set the\n sock pointer to NULL upon entry into the retry logic. An attacker\n can take advantage of this flaw during a userspace close of a\n Netlink socket to cause a denial of service or potentially cause\n other impact.\n\nCVE-2017-11600\n\n bo Zhang reported that the xfrm subsystem does not properly\n validate one of the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability can use this to cause a denial\n of service or potentially to execute arbitrary code.\n\nCVE-2017-12134 / #866511 / XSA-229\n\n Jan H. Sch\u00f6nherr of Amazon discovered that when Linux is running\n in a Xen PV domain on an x86 system, it may incorrectly merge\n block I/O requests. A buggy or malicious guest may trigger this\n bug in dom0 or a PV driver domain, causing a denial of service or\n potentially execution of arbitrary code.\n\n This issue can be mitigated by disabling merges on the underlying\n back-end block devices, e.g.:\n echo 2 > /sys/block/nvme0n1/queue/nomerges\n\nCVE-2017-12153\n\n bo Zhang reported that the cfg80211 (wifi) subsystem does not\n properly validate the parameters to a netlink message. Local users\n with the CAP_NET_ADMIN capability on a system with a wifi device\n can use this to cause a denial of service.\n\nCVE-2017-12154\n\n Jim Mattson of Google reported that the KVM implementation for\n Intel x86 processors did not correctly handle certain nested\n hypervisor configurations. A malicious guest (or nested guest in a\n suitable L1 hypervisor) could use this for denial of service.\n\nCVE-2017-14106\n\n Andrey Konovalov of Google reported that a specific sequence of\n operations on a TCP socket could lead to division by zero. A\n local user could use this for denial of service.\n\nCVE-2017-14140\n\n Otto Ebeling reported that the move_pages() system call permitted\n users to discover the memory layout of a set-UID process running\n under their real user-ID. This made it easier for local users to\n exploit vulnerabilities in programs installed with the set-UID\n permission bit set.\n\nCVE-2017-14156\n\n "sohu0106" reported an information leak in the atyfb video driver.\n A local user with access to a framebuffer device handled by this\n driver could use this to obtain sensitive information.\n\nCVE-2017-14340\n\n Richard Wareing discovered that the XFS implementation allows the\n creation of files with the "realtime" flag on a filesystem with no\n realtime device, which can result in a crash (oops). A local user\n with access to an XFS filesystem that does not have a realtime\n device can use this for denial of service.\n\nCVE-2017-14489\n\n ChunYu of Red Hat discovered that the iSCSI subsystem does not\n properly validate the length of a netlink message, leading to\n memory corruption. A local user with permission to manage iSCSI\n devices can use this for denial of service or possibly to\n execute arbitrary code.\n\nCVE-2017-1000111\n\n Andrey Konovalov of Google reported that a race condition in the\n raw packet (af_packet) feature. Local users with the CAP_NET_RAW\n capability can use this to cause a denial of service or possibly to\n execute arbitrary code.\n\nCVE-2017-1000251 / #875881\n\n Armis Labs discovered that the Bluetooth subsystem does not\n properly validate L2CAP configuration responses, leading to a\n stack buffer overflow. This is one of several vulnerabilities\n dubbed "Blueborne". A nearby attacker can use this to cause a\n denial of service or possibly to execute arbitrary code on a\n system with Bluetooth enabled.\n\nCVE-2017-1000363\n\n Roee Hay reported that the lp driver does not properly bounds-check\n passed arguments. This has no security impact in Debian.\n\nCVE-2017-1000365\n\n It was discovered that argument and environment pointers are not\n properly taken into account by the size restrictions on arguments\n and environmental strings passed through execve(). A local\n attacker can take advantage of this flaw in conjunction with other\n flaws to execute arbitrary code.\n\nCVE-2017-1000380\n\n Alexander Potapenko of Google reported a race condition in the ALSA\n (sound) timer driver, leading to an information leak. A local user\n with permission to access sound devices could use this to obtain\n sensitive information.\n\nFor Debian 7 "Wheezy", these problems have been fixed in version\n3.2.93-1. This version also includes bug fixes from upstream versions\nup to and including 3.2.93.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n3.16.43-2+deb8u4 or were fixed in an earlier version.\n\nFor Debian 9 "Stretch", these problems have been fixed in version\n4.9.30-2+deb9u4 or were fixed in an earlier version.\n\nWe recommend that you upgrade your linux packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n-- \nBen Hutchings - Debian developer, member of kernel, installer and LTS teams", "edition": 10, "modified": "2017-09-20T17:48:01", "published": "2017-09-20T17:48:01", "id": "DEBIAN:DLA-1099-1:57108", "href": "https://lists.debian.org/debian-lts-announce/2017/debian-lts-announce-201709/msg00017.html", "title": "[SECURITY] [DLA 1099-1] linux security update", "type": "debian", "cvss": {"score": 7.7, "vector": "AV:A/AC:L/Au:S/C:C/I:C/A:C"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:36", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-5754", "CVE-2017-17450", "CVE-2017-16525", "CVE-2017-14489", "CVE-2017-15274", "CVE-2018-5333", "CVE-2017-7889", "CVE-2017-0861", "CVE-2018-5344", "CVE-2017-15115", "CVE-2017-14140", "CVE-2017-8824", "CVE-2017-12192", "CVE-2017-1000407", "CVE-2017-15102", "CVE-2017-14156", "CVE-2017-5669", "CVE-2017-12153", "CVE-2017-15868", "CVE-2017-7542", "CVE-2017-18017", "CVE-2017-12190", "CVE-2017-0750", "CVE-2017-17806"], "description": "It was discovered that an out-of-bounds write vulnerability existed in the \nFlash-Friendly File System (f2fs) in the Linux kernel. An attacker could \nconstruct a malicious file system that, when mounted, could cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-0750)\n\nIt was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed \npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM \ncould use this to cause a denial of service (system crash) in the host OS. \n(CVE-2017-1000407)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nVitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel \ndid not properly track reference counts when merging buffers. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2017-12190)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly restrict key reads on negatively instantiated keys. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface \nfor the QLogic 24xx+ series SCSI driver in the Linux kernel. A local \nprivileged attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14051)\n\nOtto Ebeling discovered that the memory manager in the Linux kernel did not \nproperly check the effective UID in some situations. A local attacker could \nuse this to expose sensitive information. (CVE-2017-14140)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nJames Patrick-Evans discovered a race condition in the LEGO USB Infrared \nTower driver in the Linux kernel. A physically proximate attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-15102)\n\nChunYu Wang discovered that a use-after-free vulnerability existed in the \nSCTP protocol implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code, (CVE-2017-15115)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly handle NULL payloads with non-zero length values. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-15274)\n\nIt was discovered that the Bluebooth Network Encapsulation Protocol (BNEP) \nimplementation in the Linux kernel did not validate the type of socket \npassed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMIN \nprivilege could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15868)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the USB \nserial console driver in the Linux kernel. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-16525)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the system-wide OS fingerprint list. \n(CVE-2017-17450)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nDenys Fedoryshchenko discovered a use-after-free vulnerability in the \nnetfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-18017)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nIt was discovered that an integer overflow vulnerability existing in the \nIPv6 implementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (infinite loop). (CVE-2017-7542)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the \nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection \nmechanism. A local attacker with access to /dev/mem could use this to \nexpose sensitive information or possibly execute arbitrary code. \n(CVE-2017-7889)\n\nMohamed Ghannam discovered a use-after-free vulnerability in the DCCP \nprotocol implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-8824)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)\n\nUSN-3524-1 mitigated CVE-2017-5754 (Meltdown) for the amd64 \narchitecture in Ubuntu 14.04 LTS. This update provides the \ncorresponding mitigations for the ppc64el architecture. Original \nadvisory details:\n\nJann Horn discovered that microprocessors utilizing speculative execution \nand indirect branch prediction may allow unauthorized memory reads via \nsidechannel attacks. This flaw is known as Meltdown. A local attacker could \nuse this to expose sensitive information, including kernel memory. \n(CVE-2017-5754)", "edition": 5, "modified": "2018-02-23T00:00:00", "published": "2018-02-23T00:00:00", "id": "USN-3583-1", "href": "https://ubuntu.com/security/notices/USN-3583-1", "title": "Linux kernel vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-02T11:39:02", "bulletinFamily": "unix", "cvelist": ["CVE-2017-14051", "CVE-2017-17450", "CVE-2017-16525", "CVE-2017-14489", "CVE-2017-15274", "CVE-2018-5333", "CVE-2017-7889", "CVE-2017-0861", "CVE-2018-5344", "CVE-2017-15115", "CVE-2017-14140", "CVE-2017-8824", "CVE-2017-12192", "CVE-2017-1000407", "CVE-2017-15102", "CVE-2017-14156", "CVE-2017-5669", "CVE-2017-12153", "CVE-2017-15868", "CVE-2017-7542", "CVE-2017-18017", "CVE-2017-12190", "CVE-2017-0750", "CVE-2017-17806"], "description": "USN-3583-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 \nLTS. This update provides the corresponding updates for the Linux \nHardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu \n12.04 ESM.\n\nIt was discovered that an out-of-bounds write vulnerability existed in the \nFlash-Friendly File System (f2fs) in the Linux kernel. An attacker could \nconstruct a malicious file system that, when mounted, could cause a denial \nof service (system crash) or possibly execute arbitrary code. \n(CVE-2017-0750)\n\nIt was discovered that a race condition leading to a use-after-free \nvulnerability existed in the ALSA PCM subsystem of the Linux kernel. A \nlocal attacker could use this to cause a denial of service (system crash) \nor possibly execute arbitrary code. (CVE-2017-0861)\n\nIt was discovered that the KVM implementation in the Linux kernel allowed \npassthrough of the diagnostic I/O port 0x80. An attacker in a guest VM \ncould use this to cause a denial of service (system crash) in the host OS. \n(CVE-2017-1000407)\n\nBo Zhang discovered that the netlink wireless configuration interface in \nthe Linux kernel did not properly validate attributes when handling certain \nrequests. A local attacker with the CAP_NET_ADMIN could use this to cause a \ndenial of service (system crash). (CVE-2017-12153)\n\nVitaly Mayatskikh discovered that the SCSI subsystem in the Linux kernel \ndid not properly track reference counts when merging buffers. A local \nattacker could use this to cause a denial of service (memory exhaustion). \n(CVE-2017-12190)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly restrict key reads on negatively instantiated keys. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-12192)\n\nIt was discovered that an integer overflow existed in the sysfs interface \nfor the QLogic 24xx+ series SCSI driver in the Linux kernel. A local \nprivileged attacker could use this to cause a denial of service (system \ncrash). (CVE-2017-14051)\n\nOtto Ebeling discovered that the memory manager in the Linux kernel did not \nproperly check the effective UID in some situations. A local attacker could \nuse this to expose sensitive information. (CVE-2017-14140)\n\nIt was discovered that the ATI Radeon framebuffer driver in the Linux \nkernel did not properly initialize a data structure returned to user space. \nA local attacker could use this to expose sensitive information (kernel \nmemory). (CVE-2017-14156)\n\nChunYu Wang discovered that the iSCSI transport implementation in the Linux \nkernel did not properly validate data structures. A local attacker could \nuse this to cause a denial of service (system crash). (CVE-2017-14489)\n\nJames Patrick-Evans discovered a race condition in the LEGO USB Infrared \nTower driver in the Linux kernel. A physically proximate attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-15102)\n\nChunYu Wang discovered that a use-after-free vulnerability existed in the \nSCTP protocol implementation in the Linux kernel. A local attacker could \nuse this to cause a denial of service (system crash) or possibly execute \narbitrary code, (CVE-2017-15115)\n\nIt was discovered that the key management subsystem in the Linux kernel did \nnot properly handle NULL payloads with non-zero length values. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2017-15274)\n\nIt was discovered that the Bluebooth Network Encapsulation Protocol (BNEP) \nimplementation in the Linux kernel did not validate the type of socket \npassed in the BNEPCONNADD ioctl(). A local attacker with the CAP_NET_ADMIN \nprivilege could use this to cause a denial of service (system crash) or \npossibly execute arbitrary code. (CVE-2017-15868)\n\nAndrey Konovalov discovered a use-after-free vulnerability in the USB \nserial console driver in the Linux kernel. A physically proximate attacker \ncould use this to cause a denial of service (system crash) or possibly \nexecute arbitrary code. (CVE-2017-16525)\n\nIt was discovered that the netfilter passive OS fingerprinting (xt_osf) \nmodule did not properly perform access control checks. A local attacker \ncould improperly modify the systemwide OS fingerprint list. \n(CVE-2017-17450)\n\nIt was discovered that the HMAC implementation did not validate the state \nof the underlying cryptographic hash algorithm. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-17806)\n\nDenys Fedoryshchenko discovered a use-after-free vulnerability in the \nnetfilter xt_TCPMSS filter of the Linux kernel. A remote attacker could use \nthis to cause a denial of service (system crash). (CVE-2017-18017)\n\nGareth Evans discovered that the shm IPC subsystem in the Linux kernel did \nnot properly restrict mapping page zero. A local privileged attacker could \nuse this to execute arbitrary code. (CVE-2017-5669)\n\nIt was discovered that an integer overflow vulnerability existing in the \nIPv6 implementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (infinite loop). (CVE-2017-7542)\n\nTommi Rantala and Brad Spengler discovered that the memory manager in the \nLinux kernel did not properly enforce the CONFIG_STRICT_DEVMEM protection \nmechanism. A local attacker with access to /dev/mem could use this to \nexpose sensitive information or possibly execute arbitrary code. \n(CVE-2017-7889)\n\nMohamed Ghannam discovered a use-after-free vulnerability in the DCCP \nprotocol implementation in the Linux kernel. A local attacker could use \nthis to cause a denial of service (system crash) or possibly execute \narbitrary code. (CVE-2017-8824)\n\nMohamed Ghannam discovered a null pointer dereference in the RDS (Reliable \nDatagram Sockets) protocol implementation of the Linux kernel. A local \nattacker could use this to cause a denial of service (system crash). \n(CVE-2018-5333)\n\n\u8303\u9f99\u98de discovered that a race condition existed in loop block device \nimplementation in the Linux kernel. A local attacker could use this to \ncause a denial of service (system crash) or possibly execute arbitrary \ncode. (CVE-2018-5344)", "edition": 6, "modified": "2018-02-23T00:00:00", "published": "2018-02-23T00:00:00", "id": "USN-3583-2", "href": "https://ubuntu.com/security/notices/USN-3583-2", "title": "Linux kernel (Trusty HWE) vulnerabilities", "type": "ubuntu", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
