ID CVE-2017-7533
Summary Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.
References
Vulnerable Configurations
  • Linux Kernel 4.12.4
    cpe:2.3:o:linux:linux_kernel:4.12.4
CVSS
Base: 6.9
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
exploit-db via4
description Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation. CVE-2017-7533. Local exploit for Linux platform
id EDB-ID:44302
last seen 2018-05-24
modified 2017-10-16
published 2017-10-16
reporter Exploit-DB
source https://www.exploit-db.com/download/44302/
title Linux Kernel < 3.16.39 (Debian 8 x64) - 'inotfiy' Local Privilege Escalation
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2090-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102309
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102309
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2090-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2091-1.NASL
    description This update for the Linux Kernel 3.12.69-60_64_35 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102310
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102310
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2091-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2286-1.NASL
    description The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.82 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000111: Fixed a race condition in net-packet code that could be exploited to cause out-of-bounds memory access (bsc#1052365). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability (bnc#1037994). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bnc#1049483 bnc#1050677). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102838
    published 2017-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102838
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2286-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3378-1.NASL
    description Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) Li Qiang discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) Shi Lei discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-01-31
    modified 2018-01-30
    plugin id 102197
    published 2017-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102197
    title Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3378-1) (Stack Clash)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2473.NASL
    description From Red Hat Security Advisory 2017:2473 : An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data. (CVE-2017-7533, Important) Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting this issue. Bug Fix(es) : * Previously, direct I/O read operations going past EOF returned an invalid error number, instead of reading 0 bytes and returning success, if these operations were in same XFS block with EOF. Consequently, creating multiple VMs from a Red Hat Enterprise Linux 7.4 template caused all the VMs to become unresponsive in the 'Image Locked' state. This update fixes the direct I/O feature of the file system, and VMs created from a Red Hat Enterprise Linux 7.4 template now work as expected. (BZ#1475669)
    last seen 2018-02-02
    modified 2018-02-01
    plugin id 102513
    published 2017-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102513
    title Oracle Linux 7 : kernel (ELSA-2017-2473)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3392-1.NASL
    description USN-3378-1 fixed vulnerabilities in the Linux kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. We apologize for the inconvenience. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) Li Qiang discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) Shi Lei discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-01-31
    modified 2018-01-30
    plugin id 102524
    published 2017-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102524
    title Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon regression (USN-3392-1) (Stack Clash)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2585.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. (CVE-2017-7533, Important) Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting this issue. Bug Fix(es) : * The kernel-rt packages have been upgraded to the 3.10.0-693.2.1 source tree, which provides a number of bug fixes over the previous version. (BZ# 1473393) (BZ#1473393)
    last seen 2018-01-26
    modified 2018-01-25
    plugin id 102971
    published 2017-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102971
    title RHEL 7 : kernel-rt (RHSA-2017:2585)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2073-1.NASL
    description This update for the Linux Kernel 3.12.67-60_64_24 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102254
    published 2017-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102254
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2073-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2061-1.NASL
    description This update for the Linux Kernel 3.12.67-60_64_18 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102252
    published 2017-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102252
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2061-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-73F71456D7.NASL
    description The 4.12.8 stable kernel update contains a number of important fixes across the tree. ---- The 4.12.5 kernel rebase contains new features and many bug fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 102718
    published 2017-08-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102718
    title Fedora 25 : kernel (2017-73f71456d7)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2017-ADC7D95627.NASL
    description The 4.12.5 stable kernel update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-04
    modified 2018-02-02
    plugin id 102488
    published 2017-08-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102488
    title Fedora 26 : kernel (2017-adc7d95627)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3945.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2014-9940 A use-after-free flaw in the voltage and current regulator driver could allow a local user to cause a denial of service or potentially escalate privileges. - CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioctl() functions for upper limits. A local user can take advantage of this flaw to cause a denial of service. - CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code. - CVE-2017-7533 Fan Wu and Shixiong Zhao discovered a race condition between inotify events and VFS rename operations allowing an unprivileged local attacker to cause a denial of service or escalate privileges. - CVE-2017-7541 A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN driver could allow a local user to cause kernel memory corruption, leading to a denial of service or potentially privilege escalation. - CVE-2017-7542 An integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service. - CVE-2017-7889 Tommi Rantala and Brad Spengler reported that the mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, allowing a local attacker with access to /dev/mem to obtain sensitive information or potentially execute arbitrary code. - CVE-2017-9605 Murray McAllister discovered that the DRM driver for VMware virtual GPUs does not properly initialize memory, potentially allowing a local attacker to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. - CVE-2017-10911 / XSA-216 Anthony Perard of Citrix discovered an information leak flaw in Xen blkif response handling, allowing a malicious unprivileged guest to obtain sensitive information from the host or other guests. - CVE-2017-11176 It was discovered that the mq_notify() function does not set the sock pointer to NULL upon entry into the retry logic. An attacker can take advantage of this flaw during a userspace close of a Netlink socket to cause a denial of service or potentially cause other impact. - CVE-2017-1000363 Roee Hay reported that the lp driver does not properly bounds-check passed arguments, allowing a local attacker with write access to the kernel command line arguments to execute arbitrary code. - CVE-2017-1000365 It was discovered that argument and environment pointers are not taken properly into account to the imposed size restrictions on arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of this flaw in conjunction with other flaws to execute arbitrary code.
    last seen 2018-01-30
    modified 2018-01-29
    plugin id 102550
    published 2017-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102550
    title Debian DSA-3945-1 : linux - security update (Stack Clash)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2093-1.NASL
    description This update for the Linux Kernel 3.12.60-52_60 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-08-16
    plugin id 102312
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102312
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2093-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3378-2.NASL
    description USN-3378-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) Li Qiang discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) Shi Lei discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-01-31
    modified 2018-01-30
    plugin id 102198
    published 2017-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102198
    title Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3378-2) (Stack Clash)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2089-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102308
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102308
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2089-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2060-1.NASL
    description This update for the Linux Kernel 3.12.62-60_62 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102251
    published 2017-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102251
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2060-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2017-870.NASL
    description Buffer overflow in mp_override_legacy_irq() : Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 4.12.2 allows local users to gain privileges via a crafted ACPI table. (CVE-2017-11473) A race between inotify_handle_event() and sys_rename() : A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. (CVE-2017-7533) Integer overflow in ip6_find_1stfragopt() causes infinite loop : An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function.(CVE-2017-7542) Double fetch vulnerability in saa7164_bus_get function The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.10.14 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability. Please note, the saa7164 driver is not enabled in the Amazon Linux AMI kernel (CVE-2017-8831)
    last seen 2018-04-19
    modified 2018-04-18
    plugin id 102544
    published 2017-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102544
    title Amazon Linux AMI : kernel (ALAS-2017-870)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2072-1.NASL
    description This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102253
    published 2017-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102253
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2072-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2096-1.NASL
    description This update for the Linux Kernel 3.12.61-52_66 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-08-16
    plugin id 102315
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102315
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2096-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2095-1.NASL
    description This update for the Linux Kernel 3.12.60-52_63 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-08-16
    plugin id 102314
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102314
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2095-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2099-1.NASL
    description This update for the Linux Kernel 3.12.60-52_57 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2017-10-29
    modified 2017-08-16
    plugin id 102317
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102317
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2099-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2103-1.NASL
    description This update for the Linux Kernel 3.12.61-52_69 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102320
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102320
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2103-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2098-1.NASL
    description This update for the Linux Kernel 3.12.61-52_80 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102316
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102316
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2098-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-891.NASL
    description The openSUSE Leap 42.2 kernel was updated to 4.4.79 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bnc#1049483). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). - CVE-2017-10810: Memory leak in the virtio_gpu_object_create function in drivers/gpu/drm/virtio/virtgpu_object.c in the Linux kernel allowed attackers to cause a denial of service (memory consumption) by triggering object-initialization failures (bnc#1047277). The following non-security bugs were fixed : - acpi / processor: Avoid reserving IO regions too early (bsc#1051478). - af_key: Add lock to key dump (bsc#1047653). - af_key: Fix slab-out-of-bounds in pfkey_compile_policy (bsc#1047354). - alsa: fm801: Initialize chip after IRQ handler is registered (bsc#1031717). - alsa: hda - Fix endless loop of codec configure (bsc#1031717). - alsa: hda - set input_path bitmap to zero after moving it to new place (bsc#1031717). - b43: Add missing MODULE_FIRMWARE() (bsc#1037344). - bcache: force trigger gc (bsc#1038078). - bcache: only recovery I/O error for writethrough mode (bsc#1043652). - bdi: Fix use-after-free in wb_congested_put() (bsc#1040307). - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb() - blacklist.conf : - blacklist.conf: 1151f838cb62 is high-risk and we're not aware of any systems that might need it in SP2. - blacklist.conf: 8b8642af15ed not a supported driver - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061) - blacklist.conf: add inapplicable commits for wifi (bsc#1031717) - blacklist.conf: add unapplicable/cosmetic iwlwifi fixes (bsc#1031717). - blacklist.conf: add unapplicable drm fixes (bsc#1031717). - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI dependency') (bsc#1051478) This commit just removes an include and does not fix a real issue. - blacklist.conf: blacklist 7b73305160f1, unneeded cleanup - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning. - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478). - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478). - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI capability for all architectures') This only fixes machines not supported by our kernels. - blacklist.conf: build time cleanup our kernel compiles. No need to shut up warnings nobody looks at - blacklist.conf: cleanup, no bugs fixed - blacklist.conf: cxgb4 commit does not fit for SP2 - blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be # FRV not applicable to SLE - blacklist.conf: Do not need 55d728a40d36, we do it differently in SLE - blacklist.conf: kABI breakage This touches struct device. - blacklist.conf: lp8788 is not compiled - blacklist.conf: unneeded Fixing debug statements on BE systems for IrDA - blkfront: add uevent for size change (bnc#1036632). - block: Allow bdi re-registration (bsc#1040307). - block: Fix front merge check (bsc#1051239). - block: Make del_gendisk() safer for disks without queues (bsc#1040307). - block: Move bdi_unregister() to del_gendisk() (bsc#1040307). - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717). - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286). - btrfs: Add WARN_ON for qgroup reserved underflow (bsc#1031515). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682). - btrfs: incremental send, fix invalid path for link commands (bsc#1051479). - btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479). - btrfs: resume qgroup rescan on rw remount (bsc#1047152). - btrfs: send, fix invalid path after renaming and linking file (bsc#1051479). - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476). - crypto: s5p-sss - fix incorrect usage of scatterlists api (bsc#1048317). - cx82310_eth: use skb_cow_head() to deal with cloned skbs (bsc# 1045154). - cxl: Unlock on error in probe (bsc#1034762, Pending SUSE Kernel Fixes). - dentry name snapshots (bsc#1049483). - dm: fix second blk_delay_queue() parameter to be in msec units not (bsc#1047670). - drivers: hv: Fix the bug in generating the guest ID (fate#320485). - drivers: hv: util: Fix a typo (fate#320485). - drivers: hv: vmbus: Get the current time from the current clocksource (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - drivers: hv: vmbus: Increase the time between retries in vmbus_post_msg() (fate#320485, bnc#1044112). - drivers: hv: vmbus: Move the code to signal end of message (fate#320485). - drivers: hv: vmbus: Move the definition of generate_guest_id() (fate#320485). - drivers: hv: vmbus: Move the definition of hv_x64_msr_hypercall_contents (fate#320485). - drivers: hv: vmbus: Restructure the clockevents code (fate#320485). - drm/amdgpu: Fix overflow of watermark calcs at > 4k resolutions (bsc#1031717). - drm/bochs: Implement nomodeset (bsc#1047096). - drm/i915/fbdev: Stop repeating tile configuration on stagnation (bsc#1031717). - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717). - drm/virtio: do not leak bo on drm_gem_object_init failure (bsc#1047277). - drm/vmwgfx: Fix large topology crash (bsc#1048155). - drm/vmwgfx: Support topology greater than texture size (bsc#1048155). - drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state' - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829). - Fix kABI breakage by KVM CVE fix (bsc#1045922). - fs/fcntl: f_setown, avoid undefined behaviour (bnc#1006180). - gcov: add support for gcc version >= 6 (bsc#1051663). - gcov: support GCC 7.1 (bsc#1051663). - gfs2: fix flock panic issue (bsc#1012829). - hrtimer: Catch invalid clockids again (bsc#1047651). - hrtimer: Revert CLOCK_MONOTONIC_RAW support (bsc#1047651). - hv_utils: drop .getcrosststamp() support from PTP driver (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - hv_utils: fix TimeSync work on pre-TimeSync-v4 hosts (fate#320485, bnc#1044112, bnc#1042778, bnc#1029693). - hv_util: switch to using timespec64 (fate#320485). - i2c: designware-baytrail: fix potential NULL pointer dereference on dev (bsc#1011913). - i40e: add hw struct local variable (bsc#1039915). - i40e: add private flag to control source pruning (bsc#1034075). - i40e: add VSI info to macaddr messages (bsc#1039915). - i40e: avoid looping to check whether we're in VLAN mode (bsc#1039915). - i40e: avoid O(n^2) loop when deleting all filters (bsc#1039915). - i40e: delete filter after adding its replacement when converting (bsc#1039915). - i40e: do not add broadcast filter for VFs (bsc#1039915). - i40e: do not allow i40e_vsi_(add|kill)_vlan to operate when VID<1 (bsc#1039915). - i40e: drop is_vf and is_netdev fields in struct i40e_mac_filter (bsc#1039915). - i40e: enable VSI broadcast promiscuous mode instead of adding broadcast filter (bsc#1039915). - i40e: factor out addition/deletion of VLAN per each MAC address (bsc#1039915). - i40e: fix MAC filters when removing VLANs (bsc#1039915). - i40e: fold the i40e_is_vsi_in_vlan check into i40e_put_mac_in_vlan (bsc#1039915). - i40e: implement __i40e_del_filter and use where applicable (bsc#1039915). - i40e: make use of __dev_uc_sync and __dev_mc_sync (bsc#1039915). - i40e: move all updates for VLAN mode into i40e_sync_vsi_filters (bsc#1039915). - i40e: move i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: no need to check is_vsi_in_vlan before calling i40e_del_mac_all_vlan (bsc#1039915). - i40e: properly cleanup on allocation failure in i40e_sync_vsi_filters (bsc#1039915). - i40e: recalculate vsi->active_filters from hash contents (bsc#1039915). - i40e: refactor i40e_put_mac_in_vlan to avoid changing f->vlan (bsc#1039915). - i40e: refactor i40e_update_filter_state to avoid passing aq_err (bsc#1039915). - i40e: refactor Rx filter handling (bsc#1039915). - i40e: Removal of workaround for simple MAC address filter deletion (bsc#1039915). - i40e: remove code to handle dev_addr specially (bsc#1039915). - i40e: removed unreachable code (bsc#1039915). - i40e: remove duplicate add/delete adminq command code for filters (bsc#1039915). - i40e: remove second check of VLAN_N_VID in i40e_vlan_rx_add_vid (bsc#1039915). - i40e: rename i40e_put_mac_in_vlan and i40e_del_mac_all_vlan (bsc#1039915). - i40e: restore workaround for removing default MAC filter (bsc#1039915). - i40e: set broadcast promiscuous mode for each active VLAN (bsc#1039915). - i40e: store MAC/VLAN filters in a hash with the MAC Address as key (bsc#1039915). - i40e: use (add|rm)_vlan_all_mac helper functions when changing PVID (bsc#1039915). - i40e: when adding or removing MAC filters, correctly handle VLANs (bsc#1039915). - i40e: When searching all MAC/VLAN filters, ignore removed filters (bsc#1039915). - i40e: write HENA for VFs (bsc#1039915). - iio: hid-sensor: fix return of -EINVAL on invalid values in ret or value (bsc#1031717). - Input: gpio-keys - fix check for disabling unsupported keys (bsc#1031717). - introduce the walk_process_tree() helper (bnc#1022476). - ipv4: Should use consistent conditional judgement for ip fragment in __ip_append_data and ip_finish_output (bsc#1041958). - ipv6: Should use consistent conditional judgement for ip6 fragment between __ip6_append_data and ip6_finish_output (bsc#1041958). - iwlwifi: mvm: compare full command ID (FATE#321353, FATE#323335). - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717). - iwlwifi: mvm: synchronize firmware DMA paging memory (FATE#321353, FATE#323335). - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717). - iwlwifi: mvm: unmap the paging memory before freeing it (FATE#321353, FATE#323335). - iwlwifi: pcie: fix command completion name debug (bsc#1031717). - kABI-fix for 'x86/panic: replace smp_send_stop() with kdump friendly version in panic path' (bsc#1051478). - kABI: protect lwtunnel include in ip6_route.h (kabi). - kABI: protect struct iscsi_tpg_attrib (kabi). - kABI: protect struct tpm_chip (kabi). - kABI: protect struct xfrm_dst (kabi). - kABI: protect struct xfrm_dst (kabi). - kvm: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478). - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478). - kvm: nVMX: Fix nested VPID vmx exec control (bsc#1051478). - kvm: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478). - mac80211_hwsim: Replace bogus hrtimer clockid (bsc#1047651). - md: fix sleep in atomic (bsc#1040351). - mm: adaptive hash table scaling (bnc#1036303). - mm-adaptive-hash-table-scaling-v5 (bnc#1036303). - mm: call page_ext_init() after all struct pages are initialized (VM Debugging Functionality, bsc#1047048). - mm: drop HASH_ADAPT (bnc#1036303). - mm: fix classzone_idx underflow in shrink_zones() (VM Functionality, bsc#1042314). - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891). - More Git-commit header fixups No functional change intended. - mwifiex: do not update MCS set from hostapd (bsc#1031717). - net: account for current skb length when deciding about UFO (bsc#1041958). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - net: handle NAPI_GRO_FREE_STOLEN_HEAD case also in napi_frags_finish() (bsc#1042286). - net/mlx5: Fix driver load error flow when firmware is stuck (git-fixes). - net: phy: Do not perform software reset for Generic PHY (bsc#1042286). - nfs: Cache aggressively when file is open for writing (bsc#1033587). - nfs: Do not flush caches for a getattr that races with writeback (bsc#1033587). - nfs: invalidate file size when taking a lock (git-fixes). - nfs: only invalidate dentrys that are clearly invalid (bsc#1047118). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829). - ocfs2: Make ocfs2_set_acl() static (bsc#1030552). - pci: Add Mellanox device IDs (bsc#1051478). - pci: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478). - pci: Correct PCI_STD_RESOURCE_END usage (bsc#1051478). - pci: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478). - pci: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478). - pci: Enable ECRC only if device supports it (bsc#1051478). - PCI / PM: Fix native PME handling during system suspend/resume (bsc#1051478). - pci: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478). - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478). - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478). - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478). - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022). - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022). - Pm / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059). - prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476). - README.BRANCH: Add Oliver as openSUSE-42.2 branch co-maintainer - Refresh patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix a stupid bug where the VCPU_REGS_TF shift was used as a mask. - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - Revert 'ACPI / video: Add force_native quirk for HP Pavilion dv6' (bsc#1031717). - Revert 'Add 'shutdown' to 'struct class'.' (kabi). - Revert 'kvm: x86: fix emulation of RSM and IRET instructions' (kabi). - Revert 'mm/list_lru.c: fix list_lru_count_node() to be race free' (kabi). - Revert 'powerpc/numa: Fix percpu allocations to be NUMA aware' (bsc#1048914). - Revert 'tpm: Issue a TPM2_Shutdown for TPM2 devices.' (kabi). - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063). - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476). - sched/debug: Print the scheduler topology group mask (bnc#1022476). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476). - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476). - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476). - sched/topology: Add sched_group_capacity debugging (bnc#1022476). - sched/topology: Fix building of overlapping sched-groups (bnc#1022476). - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476). - sched/topology: Move comment about asymmetric node setups (bnc#1022476). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476). - sched/topology: Small cleanup (bnc#1022476). - sched/topology: Verify the first group matches the child domain (bnc#1022476). - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887). - scsi: bnx2i: missing error code in bnx2i_ep_connect() (bsc#1048221). - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887). - scsi: storvsc: Workaround for virtual DVD SCSI version (fate#320485, bnc#1044636). - smsc75xx: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - sr9700: use skb_cow_head() to deal with cloned skbs (bsc#1045154). - sysctl: do not print negative flag for proc_douintvec (bnc#1046985). - timers: Plug locking race vs. timer migration (bnc#1022476). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829). - udf: Fix races with i_size changes during readpage (bsc#1012829). - x86/LDT: Print the real LDT base address (bsc#1051478). - x86/mce: Make timer handling more robust (bsc#1042422). - x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478). - xen: allocate page for shared info page from low memory (bnc#1038616). - xen/balloon: do not online new memory initially (bnc#1028173). - xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422). - xen-netfront: Rework the fix for Rx stall during OOM and network stress (git-fixes). - xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563). - xfrm: NULL dereference on allocation failure (bsc#1047343). - xfrm: Oops on error in pfkey_msg2xfrm_state() (bsc#1047653). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188). - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552).
    last seen 2018-01-27
    modified 2018-01-26
    plugin id 102333
    published 2017-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102333
    title openSUSE Security Update : the Linux Kernel (openSUSE-2017-891)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3392-2.NASL
    description USN-3392-1 fixed a regression in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS. USN-3378-2 fixed vulnerabilities in the Linux Hardware Enablement kernel. Unfortunately, a regression was introduced that prevented conntrack from working correctly in some situations. This update fixes the problem. We apologize for the inconvenience. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) Li Qiang discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) Shi Lei discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-01-31
    modified 2018-01-30
    plugin id 102525
    published 2017-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102525
    title Ubuntu 14.04 LTS : linux-lts-xenial regression (USN-3392-2) (Stack Clash)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2094-1.NASL
    description This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102313
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102313
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2094-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2869.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. (CVE-2017-7533, Important) Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting this issue. Bug Fix(es) : * Previously, the 'stack:TID' annotation was applied to correctly mark the thread stack in a /proc//maps file and it required processing the entire thread list to find the task of a stack Virtual Memory Area (VMA). Consequently, rendering and accessing /proc//maps took a long time on systems with a large number of threads running. This update removes the annotation to make the /proc//maps and /proc//numa_maps files usable for higher thread counts. As a result, the system performance while rendering and accessing /proc//maps has improved significantly. (BZ#1481722)
    last seen 2018-01-26
    modified 2018-01-25
    plugin id 103766
    published 2017-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103766
    title RHEL 7 : kernel (RHSA-2017:2869)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2770.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7.3 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. (CVE-2017-7533, Important) Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting this issue. Bug Fix(es) : * Previously, the sha1-avx2 optimized hashing, which is used on processors supporting avx2, under certain conditions miscalculated an offset. Consequently, a kernel crash occasionally occurred on the NFS clients or servers using the krb5 security. With this update, the optimized hashing path for sha1-avx2 has been disabled, and the NFS clients and servers with krb5 security no longer experience the miscalculation and subsequent crash. (BZ#1446230) * When virt boundary limit was set, lots of small bios could not be merged even though they were contiguous physically. In some workload, such as mkfs.ntfs, system performance could be ten times degraded. The proposed patch fixes the bug by allowing to merge these small bios, which improves performance of mkfs.ntfs on devices significantly. (BZ#1472674) * When executing the mkfs.btrfs command to create a btrfs file system over Non-Volatile Memory Express (NVMe), kernel panic was previously triggered. The underlying code has been patched to fix this regression, and btrfs is now created successfully in the described scenario. (BZ#1472675) * As a side effect of BZ#147263, the system previously crashed when creating a container device. The provided patch transforms the resched_task() function into resched_curr(), and the chance of kernel crash is thus reduced in the aforementioned situation. (BZ#1473742) * Due to incorrectly used memory in VXLAN driver (a use-after-free bug and list corruption), the kernel could previously panic under some circumstances while bringing the VXLAN interfaces down. The provided patch fixes the memory corruptions, and the panic no longer occurs in this situation. (BZ#1474263) * A race condition could cause the in-flight asynchronous buffers count (bt_io_count) to become negative. This caused the umount operation to hang in the xfs_wait_buftarg() function. The provided patch fixes the buffer I/O accounting release race, and XFS umount no longer hangs. (BZ#1478253) * Kernel version 3.10.0-498.el7 separated CPU and TSC frequency and introduced the x86_platform.calibrate_cpu function pointer which points by default to the native_calibrate_cpu() function. As a consequence, time synchronization bugs appeared on Red Hat Enterprise Linux 7.3 ESXi guest causing a time offset shortly after boot. An upstream patch has been applied, which sets x86_platform.calibrate_cpu pointer on ESXi guests to the proper function, thus fixing this bug. (BZ#1479245) * A system having more than 128 CPUs could previously experience a crash during shutdown after the Intelligent Platform Management Interface (IPMI) service was stopped. The provided patch fixes a race condition in the IPMI smi_timeout() function, allowing the system to shut down as expected. (BZ# 1479760)
    last seen 2018-01-26
    modified 2018-01-25
    plugin id 103351
    published 2017-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103351
    title RHEL 7 : kernel (RHSA-2017:2770)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2049-1.NASL
    description This update for the Linux Kernel 3.12.69-60_64_29 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102219
    published 2017-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102219
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2049-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0174.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0174 for details.
    last seen 2018-01-30
    modified 2018-01-29
    plugin id 105248
    published 2017-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105248
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2017-2473.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data. (CVE-2017-7533, Important) Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting this issue. Bug Fix(es) : * Previously, direct I/O read operations going past EOF returned an invalid error number, instead of reading 0 bytes and returning success, if these operations were in same XFS block with EOF. Consequently, creating multiple VMs from a Red Hat Enterprise Linux 7.4 template caused all the VMs to become unresponsive in the 'Image Locked' state. This update fixes the direct I/O feature of the file system, and VMs created from a Red Hat Enterprise Linux 7.4 template now work as expected. (BZ#1475669)
    last seen 2018-01-26
    modified 2018-01-25
    plugin id 102766
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102766
    title CentOS 7 : kernel (CESA-2017:2473)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2102-1.NASL
    description This update for the Linux Kernel 3.12.61-52_77 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102319
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102319
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2102-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20170815_KERNEL_ON_SL7_X.NASL
    description Security Fix(es) : - A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data. (CVE-2017-7533, Important) Bug Fix(es) : - Previously, direct I/O read operations going past EOF returned an invalid error number, instead of reading 0 bytes and returning success, if these operations were in same XFS block with EOF. Consequently, creating multiple VMs from a Scientific Linux 7.4 template caused all the VMs to become unresponsive in the 'Image Locked' state. This update fixes the direct I/O feature of the file system, and VMs created from a Scientific Linux 7.4 template now work as expected. - This kernel is signed with the new Secure Boot key.
    last seen 2018-01-27
    modified 2018-01-26
    plugin id 102669
    published 2017-08-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102669
    title Scientific Linux Security Update : kernel on SL7.x x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2088-1.NASL
    description This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102307
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102307
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2088-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2100-1.NASL
    description This update for the Linux Kernel 3.12.61-52_72 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102318
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102318
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2100-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2074-1.NASL
    description The SUSE Linux Enterprise 12 kernel was updated to 3.12.61 to receive the following security update : - CVE-2017-7533: Bug in inotify code allowed privilege escalation (bnc#1049483). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102255
    published 2017-08-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102255
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2074-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0143.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - dentry name snapshots (Al Viro) [Orabug: 26630936] (CVE-2017-7533) - scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin) - mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug: 26621191] - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26621179] (CVE-2016-9604) (CVE-2016-9604) - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip[,6]_bind (Guillaume Nault) [Orabug: 26621176] (CVE-2016-10200) - mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26621171] (CVE-2016-6213) (CVE-2016-6213) - ipv6: fix out of bound writes in __ip6_append_data (Eric Dumazet) [Orabug: 26621163] (CVE-2017-9242)
    last seen 2018-01-30
    modified 2018-01-29
    plugin id 102573
    published 2017-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102573
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0143)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2669.NASL
    description An update for kernel-rt is now available for Red Hat Enterprise MRG 2. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements. Security Fix(es) : * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. (CVE-2017-7533, Important) * It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important) This update also fixes multiple Moderate and Low impact security issues : CVE-2017-8797 CVE-2015-8839 CVE-2016-9576 CVE-2016-7042 CVE-2016-7097 CVE-2016-8645 CVE-2016-9576 CVE-2016-9806 CVE-2016-10088 CVE-2017-2671 CVE-2017-5970 CVE-2017-6001 CVE-2017-6951 CVE-2017-7187 CVE-2017-7889 CVE-2017-8890 CVE-2017-9074 CVE-2017-8890 CVE-2017-9075 CVE-2017-8890 CVE-2017-9076 CVE-2017-8890 CVE-2017-9077 CVE-2016-9604 CVE-2016-9685 Documentation for these issues are available from the Technical Notes document linked to in the References section. Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting CVE-2017-7533 and Marco Grassi for reporting CVE-2016-8645. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-9604 issue was discovered by David Howells (Red Hat); and the CVE-2016-9685 issue was discovered by Qian Cai (Red Hat).
    last seen 2018-01-26
    modified 2018-01-25
    plugin id 103046
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103046
    title RHEL 6 : MRG (RHSA-2017:2669)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3609.NASL
    description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen 2018-05-19
    modified 2018-05-18
    plugin id 102773
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102773
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3609) (Stack Clash)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2041-1.NASL
    description The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.74 to receive the following security update : - CVE-2017-7533: Bug in inotify code allowed privilege escalation (bnc#1049483). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102194
    published 2017-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102194
    title SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:2041-1)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2017-890.NASL
    description The openSUSE Leap 42.3 kernel was updated to 4.4.79 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bnc#1049483). - CVE-2017-7541: The brcmf_cfg80211_mgmt_tx function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg8021 1.c in the Linux kernel allowed local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted NL80211_CMD_FRAME Netlink packet (bnc#1049645). The following non-security bugs were fixed : - ACPI / processor: Avoid reserving IO regions too early (bsc#1051478). - ALSA: fm801: Initialize chip after IRQ handler is registered (bsc#1031717). - Added sbitmap patch to blacklist.conf Add a patch 'sbitmap: fix wakeup hang after sbq resize' to the blacklist.conf file because it is not needed in SLE 12 SP2. - Btrfs: incremental send, fix invalid path for link commands (bsc#1051479). - Btrfs: incremental send, fix invalid path for unlink commands (bsc#1051479). - Btrfs: send, fix invalid path after renaming and linking file (bsc#1051479). - Delete patches.drivers/0004-iommu-amd-reduce-delay-waiting-for- command-buffer-space. Remove the patch because it caused problems for users. See bsc#1048348. - Drop patches; obsoleted by 'scsi: Add STARGET_CREATE_REMOVE state' - Fix kABI breakage by KVM CVE fix (bsc#1045922). - IB/rxe: Fix kernel panic from skb destructor (bsc#1049361). - KVM: nVMX: Fix nested VPID vmx exec control (bsc#1051478). - KVM: nVMX: fix msr bitmaps to prevent L2 from accessing L0 x2APIC (bsc#1051478). - KVM: x86: avoid simultaneous queueing of both IRQ and SMI (bsc#1051478). - NFS: Cache aggressively when file is open for writing (bsc#1033587). - NFS: Do not flush caches for a getattr that races with writeback (bsc#1033587). - NFS: invalidate file size when taking a lock (git-fixes). - PCI / PM: Fix native PME handling during system suspend/resume (bsc#1051478). - PCI: Add Mellanox device IDs (bsc#1051478). - PCI: Convert Mellanox broken INTx quirks to be for listed devices only (bsc#1051478). - PCI: Correct PCI_STD_RESOURCE_END usage (bsc#1051478). - PCI: Enable ECRC only if device supports it (bsc#1051478). - PCI: Support INTx masking on ConnectX-4 with firmware x.14.1100+ (bsc#1051478). - PCI: dwc: Fix uninitialized variable in dw_handle_msi_irq() (bsc#1051478). - PCI: dwc: dra7xx: Use RW1C for IRQSTATUS_MSI and IRQSTATUS_MAIN (bsc#1051478). - PM / Hibernate: Fix scheduling while atomic during hibernation (bsc#1051059). - RDMA/qedr: Prevent memory overrun in verbs' user responses (bsc#1022604 FATE#321747). - README.BRANCH: Add Oliver as openSUSE-42.3 branch co-maintainer - Refresh patches.kabi/Fix-kABI-breakage-by-KVM-CVE-fix.patch. Fix a stupid bug where the VCPU_REGS_TF shift was used as a mask. - Revert 'Add 'shutdown' to 'struct class'.' (kabi). - Revert 'mm/list_lru.c: fix list_lru_count_node() to be race free' (kabi). - Revert 'powerpc/numa: Fix percpu allocations to be NUMA aware' (bsc#1048914). - Revert 'powerpc/numa: Fix percpu allocations to be NUMA aware' (bsc#1048914). - Revert 'tpm: Issue a TPM2_Shutdown for TPM2 devices.' (kabi). - Update patches.drivers/0011-hpsa-remove-abort-handler.patch (bsc#1022600 fate#321928 bsc#1016119). - Update patches.fixes/xfs-refactor-log-record-unpack-and-data-pr ocessing.patch (bsc#1043598, bsc#1036215). - apply mainline tags to some hyperv patches - arm64: kernel: restrict /dev/mem read() calls to linear region (bsc#1046651).++ kernel-source.spec (revision 3)%define patchversion 4.4.79Version: 4.4.79Release: .g4dc78e3 - arm64: mm: remove page_mapping check in __sync_icache_dcache (bsc#1040347). - blacklist 2400fd822f46 powerpc/asm: Mark cr0 as clobbered in mftb() - blacklist.conf: 9eeacd3a2f17 not a bug fix (bnc#1050061) - blacklist.conf: Blacklist 4e201566402c ('genirq/msi: Drop artificial PCI dependency') (bsc#1051478) This commit just removes an include and does not fix a real issue. - blacklist.conf: Blacklist aa2369f11ff7 ('mm/gup.c: fix access_ok() argument type') (bsc#1051478) Fixes only a compile-warning. - blacklist.conf: Blacklist c133c7615751 ('x86/nmi: Fix timeout test in test_nmi_ipi()') It only fixes a self-test (bsc#1051478). - blacklist.conf: Blacklist c9525a3fab63 ('x86/watchdog: Fix Kconfig help text file path reference to lockup watchdog documentation') Updates only kconfig help-text (bsc#1051478). - blacklist.conf: Blacklist e80e7edc55ba ('PCI/MSI: Initialize MSI capability for all architectures') This only fixes machines not supported by our kernels. - blacklist.conf: Do not need 55d728a40d36, we do it differently in SLE - blacklist.conf: add inapplicable commits for wifi (bsc#1031717) - blacklist.conf: blacklist 7b73305160f1, unneeded cleanup - blacklist.conf: da0510c47519fe0999cffe316e1d370e29f952be # FRV not applicable to SLE - blkfront: add uevent for size change (bnc#1036632). - block: Fix front merge check (bsc#1051239). - brcmfmac: Fix glom_skb leak in brcmf_sdiod_recv_chain (bsc#1031717). - btrfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - btrfs: add cond_resched to btrfs_qgroup_trace_leaf_items (bsc#1028286). - btrfs: fix lockup in find_free_extent with read-only block groups (bsc#1046682). - cpuidle: dt: Add missing 'of_node_put()' (bnc#1022476). - cxgb4: fix BUG() on interrupt deallocating path of ULD (bsc#1005778). - cxgb4: fix a NULL dereference (bsc#1005778). - cxgb4: fix memory leak in init_one() (bsc#1005778). - dentry name snapshots (bsc#1049483). - device-dax: fix sysfs attribute deadlock (bsc#1048919). - drm/i915: Fix scaler init during CRTC HW state readout (bsc#1031717). - drm/vmwgfx: Fix large topology crash (bsc#1048155). - drm/vmwgfx: Support topology greater than texture size (bsc#1048155). - efi/libstub: Skip GOP with PIXEL_BLT_ONLY format (bnc#974215). - ext2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: Do not clear SGID when inheriting ACLs (bsc#1030552). - ext4: avoid unnecessary stalls in ext4_evict_inode() (bsc#1049486). - ext4: handle the rest of ext4_mb_load_buddy() ENOMEM errors (bsc#1012829). - gcov: add support for gcc version >= 6 (bsc#1051663). - gcov: support GCC 7.1 (bsc#1051663). - gfs2: fix flock panic issue (bsc#1012829). - hv: print extra debug in kvp_on_msg in error paths (bnc#1039153). - hv_netvsc: Exclude non-TCP port numbers from vRSS hashing (bsc#1048421). - hv_netvsc: Fix the queue index computation in forwarding case (bsc#1048421). - i2c: designware-baytrail: fix potential NULL pointer dereference on dev (bsc#1011913). - introduce the walk_process_tree() helper (bnc#1022476). - iommu/amd: Fix interrupt remapping when disable guest_mode (bsc#1051471). - iwlwifi: mvm: reset the fw_dump_desc pointer after ASSERT (bsc#1031717). - iwlwifi: mvm: unconditionally stop device after init (bsc#1031717). - iwlwifi: pcie: fix command completion name debug (bsc#1031717). - kABI-fix for 'x86/panic: replace smp_send_stop() with kdump friendly version in panic path' (bsc#1051478). - kABI: protect lwtunnel include in ip6_route.h (kabi). - kABI: protect struct iscsi_tpg_attrib (kabi). - kABI: protect struct tpm_chip (kabi). - kABI: protect struct xfrm_dst (kabi). - kvm: nVMX: Fix nested_vmx_check_msr_bitmap_controls (bsc#1051478). - libnvdimm, pmem: fix a NULL pointer BUG in nd_pmem_notify (bsc#1048919). - libnvdimm, region: fix flush hint detection crash (bsc#1048919). - libnvdimm: fix badblock range handling of ARS range (bsc#1051048). - lightnvm: fix 'warning: ‘ret’ may be used uninitialized' (FATE#319466). - md-cluster: Fix a memleak in an error handling path (bsc#1049289). - mm: make PR_SET_THP_DISABLE immediately active (bnc#1048891). - mwifiex: do not update MCS set from hostapd (bsc#1031717). - net/ena: switch to pci_alloc_irq_vectors (bsc#1047121). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add hardware hints capability to the driver (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing return when ena_com_get_io_handlers() fails (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add missing unmap bars on device removal (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add reset reason for each device FLR (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: add support for out of order rx buffers refill (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: allow the driver to work with small number of msix vectors (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: bug fix in lost tx packets detection mechanism (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change return value for unsupported features unsupported return value (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: change sizeof() argument to be the type pointer (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: disable admin msix while working in polling mode (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix bug that might cause hang after consecutive open/close interface (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix race condition between submit and completion admin command (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix rare uncompleted admin command false alarm (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: fix theoretical Rx hang on low memory systems (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: separate skb allocation to dedicated function (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update driver's rx drop statistics (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.1.7 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: update ena driver to version 1.2.0 (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use lower_32_bits()/upper_32_bits() to split dma address (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - net: ena: use napi_schedule_irqoff when possible (bsc#1047121). - net: hns: Bugfix for Tx timeout handling in hns driver (bsc#1048451). - net: phy: Do not perform software reset for Generic PHY (bsc#1042286). - nvme: also provide a UUID in the WWID sysfs attribute (bsc#1048146). - nvme: wwid_show: strip trailing 0-bytes (bsc#1048146). - nvmet: identify controller: improve standard compliance (bsc#1048146). - ocfs2: Do not clear SGID when inheriting ACLs (bsc#1030552). - ocfs2: Make ocfs2_set_acl() static (bsc#1030552). - ocfs2: fix deadlock caused by recursive locking in xattr (bsc#1012829). - perf/x86/intel: Cure bogus unwind from PEBS entries (bsc#1051478). - perf/x86/intel: Fix PEBSv3 record drain (bsc#1051478). - perf/x86: Fix spurious NMI with PEBS Load Latency event (bsc#1051478). - platform/x86: ideapad-laptop: Add IdeaPad 310-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V310-15ISK to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add IdeaPad V510-15IKB to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Lenovo Yoga 910-13IKB to no_hw_rfkill dmi list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y520-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add Y700 15-ACZ to no_hw_rfkill DMI list (bsc#1051022). - platform/x86: ideapad-laptop: Add Y720-15IKBN to no_hw_rfkill (bsc#1051022). - platform/x86: ideapad-laptop: Add several models to no_hw_rfkill (bsc#1051022). - powerpc/fadump: Add a warning when 'fadump_reserve_mem=' is used (bsc#1049231). - powerpc: Add POWER9 architected mode to cputable (bsc#1048916, fate#321439). - powerpc: Support POWER9 in architected mode (bsc#1048916, fate#321439). - prctl: propagate has_child_subreaper flag to every descendant (bnc#1022476). - qed: Add missing static/local dcbx info (bsc#1019695). - qed: Correct print in iscsi error-flow (bsc#1019695). - reiserfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - reorder upstream commit d0c2c9973ecd net: use core MTU range checking in virt drivers - rpm/kernel-binary.spec.in: find-debuginfo.sh should not touch build-id This needs rpm-4.14+ (bsc#964063). - s390/crash: Remove unused KEXEC_NOTE_BYTES (bsc#1049706). - s390/kdump: remove code to create ELF notes in the crashed system (bsc#1049706). - sched/core: Allow __sched_setscheduler() in interrupts when PI is not used (bnc#1022476). - sched/debug: Print the scheduler topology group mask (bnc#1022476). - sched/fair, cpumask: Export for_each_cpu_wrap() (bnc#1022476). - sched/fair: Fix O(nr_cgroups) in load balance path (bnc#1022476). - sched/fair: Use task_groups instead of leaf_cfs_rq_list to walk all cfs_rqs (bnc#1022476). - sched/topology: Add sched_group_capacity debugging (bnc#1022476). - sched/topology: Fix building of overlapping sched-groups (bnc#1022476). - sched/topology: Fix overlapping sched_group_capacity (bnc#1022476). - sched/topology: Move comment about asymmetric node setups (bnc#1022476). - sched/topology: Refactor function build_overlap_sched_groups() (bnc#1022476). - sched/topology: Remove FORCE_SD_OVERLAP (bnc#1022476). - sched/topology: Simplify build_overlap_sched_groups() (bnc#1022476). - sched/topology: Small cleanup (bnc#1022476). - sched/topology: Verify the first group matches the child domain (bnc#1022476). - scsi: Add STARGET_CREATE_REMOVE state to scsi_target_state (bsc#1013887). - scsi: aacraid: Do not copy uninitialized stack memory to userspace (bsc#1048912). - scsi: aacraid: fix leak of data from stack back to userspace (bsc#1048912). - scsi: kABI fix for new state STARGET_CREATED_REMOVE (bsc#1013887). - scsi: lpfc: Add MDS Diagnostic support (bsc#1037838). - scsi: lpfc: Add auto EQ delay logic (bsc#1042257). - scsi: lpfc: Added recovery logic for running out of NVMET IO context resources (bsc#1037838). - scsi: lpfc: Adding additional stats counters for nvme (bsc#1037838). - scsi: lpfc: Cleanup entry_repost settings on SLI4 queues (bsc#1037838). - scsi: lpfc: Driver responds LS_RJT to Beacon Off ELS - Linux (bsc#1044623). - scsi: lpfc: Fix NMI watchdog assertions when running nvmet IOPS tests (bsc#1037838). - scsi: lpfc: Fix NVME I+T not registering NVME as a supported FC4 type (bsc#1037838). - scsi: lpfc: Fix NVMEI driver not decrementing counter causing bad rport state (bsc#1037838). - scsi: lpfc: Fix NVMEI's handling of NVMET's PRLI response attributes (bsc#1037838). - scsi: lpfc: Fix SLI3 drivers attempting NVME ELS commands (bsc#1044623). - scsi: lpfc: Fix crash after firmware flash when IO is running (bsc#1044623). - scsi: lpfc: Fix crash doing IO with resets (bsc#1044623). - scsi: lpfc: Fix crash in lpfc_sli_ringtxcmpl_put when nvmet gets an abort request (bsc#1044623). - scsi: lpfc: Fix debugfs root inode 'lpfc' not getting deleted on driver unload (bsc#1037838). - scsi: lpfc: Fix defects reported by Coverity Scan (bsc#1042257). - scsi: lpfc: Fix nvme io stoppage after link bounce (bsc#1045404). - scsi: lpfc: Fix nvmet RQ resource needs for large block writes (bsc#1037838). - scsi: lpfc: Fix system crash when port is reset (bsc#1037838). - scsi: lpfc: Fix system panic when express lane enabled (bsc#1044623). - scsi: lpfc: Fix used-RPI accounting problem (bsc#1037838). - scsi: lpfc: Reduce time spent in IRQ for received NVME commands (bsc#1044623). - scsi: lpfc: Separate NVMET RQ buffer posting from IO resources SGL/iocbq/context (bsc#1037838). - scsi: lpfc: Separate NVMET data buffer pool fir ELS/CT (bsc#1037838). - scsi: lpfc: Vport creation is failing with 'Link Down' error (bsc#1044623). - scsi: lpfc: fix refcount error on node list (bsc#1045404). - scsi: lpfc: update to revision to 11.4.0.1 (bsc#1044623). - scsi: lpfc: update version to 11.2.0.14 (bsc#1037838). - scsi: qedf: Fix a return value in case of error in 'qedf_alloc_global_queues' (bsc#1048912). - scsi: qedi: Remove WARN_ON for untracked cleanup (bsc#1044443). - scsi: qedi: Remove WARN_ON from clear task context (bsc#1044443). - sfc: Add ethtool -m support for QSFP modules (bsc#1049619). - string.h: add memcpy_and_pad() (bsc#1048146). - timers: Plug locking race vs. timer migration (bnc#1022476). - udf: Fix deadlock between writeback and udf_setsize() (bsc#1012829). - udf: Fix races with i_size changes during readpage (bsc#1012829). - x86/LDT: Print the real LDT base address (bsc#1051478). - x86/mce: Make timer handling more robust (bsc#1042422). - x86/panic: replace smp_send_stop() with kdump friendly version in panic path (bsc#1051478). - x86/platform/uv/BAU: Disable BAU on single hub configurations (bsc#1050320). - x86/platform/uv/BAU: Fix congested_response_us not taking effect (bsc#1050322). - xen/pvh*: Support > 32 VCPUs at domain restore (bnc#1045563). - xen: hold lock_device_hotplug throughout vcpu hotplug operations (bsc#1042422). - xfs: Do not clear SGID when inheriting ACLs (bsc#1030552). - xfs: detect and handle invalid iclog size set by mkfs (bsc#1043598). - xfs: detect and trim torn writes during log recovery (bsc#1036215). - xfs: do not BUG() on mixed direct and mapped I/O (bsc#1050188). - xfs: refactor and open code log record crc check (bsc#1036215). - xfs: refactor log record start detection into a new helper (bsc#1036215). - xfs: return start block of first bad log record during recovery (bsc#1036215). - xfs: support a crc verification only log record pass (bsc#1036215). - xgene: Do not fail probe, if there is no clk resource for SGMII interfaces (bsc#1048501).
    last seen 2018-01-27
    modified 2018-01-26
    plugin id 102332
    published 2017-08-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102332
    title openSUSE Security Update : the Linux Kernel (openSUSE-2017-890)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3927.NASL
    description Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks. - CVE-2017-7346 Li Qiang discovered that the DRM driver for VMware virtual GPUs does not properly check user-controlled values in the vmw_surface_define_ioctl() functions for upper limits. A local user can take advantage of this flaw to cause a denial of service. - CVE-2017-7482 Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does not properly verify metadata, leading to information disclosure, denial of service or potentially execution of arbitrary code. - CVE-2017-7533 Fan Wu and Shixiong Zhao discovered a race condition between inotify events and VFS rename operations allowing an unprivileged local attacker to cause a denial of service or escalate privileges. - CVE-2017-7541 A buffer overflow flaw in the Broadcom IEEE802.11n PCIe SoftMAC WLAN driver could allow a local user to cause kernel memory corruption, leading to a denial of service or potentially privilege escalation. - CVE-2017-7542 An integer overflow vulnerability in the ip6_find_1stfragopt() function was found allowing a local attacker with privileges to open raw sockets to cause a denial of service. - CVE-2017-9605 Murray McAllister discovered that the DRM driver for VMware virtual GPUs does not properly initialize memory, potentially allowing a local attacker to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call. - CVE-2017-10810 Li Qiang discovered a memory leak flaw within the VirtIO GPU driver resulting in denial of service (memory consumption). - CVE-2017-10911 / XSA-216 Anthony Perard of Citrix discovered an information leak flaw in Xen blkif response handling, allowing a malicious unprivileged guest to obtain sensitive information from the host or other guests. - CVE-2017-11176 It was discovered that the mq_notify() function does not set the sock pointer to NULL upon entry into the retry logic. An attacker can take advantage of this flaw during a user-space close of a Netlink socket to cause a denial of service or potentially cause other impact. - CVE-2017-1000365 It was discovered that argument and environment pointers are not taken properly into account to the imposed size restrictions on arguments and environmental strings passed through RLIMIT_STACK/RLIMIT_INFINITY. A local attacker can take advantage of this flaw in conjunction with other flaws to execute arbitrary code.
    last seen 2018-02-09
    modified 2018-02-07
    plugin id 102211
    published 2017-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102211
    title Debian DSA-3927-1 : linux - security update (Stack Clash)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-2473-1.NASL
    description Description of changes: [3.10.0-693.1.1.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)(alexey.petrenko at oracle.com) - Update x509.genkey [bug 24817676] [3.10.0-693.1.1] - [fs] dentry name snapshots (Miklos Szeredi) [1471131 1470403] {CVE-2017-7533} - [fs] fix the regression from 'direct-io: Fix negative return from dio read beyond eof' (Eric Sandeen) [1475669 1473549] - [fs] direct-io: Fix negative return from dio read beyond eof (Eric Sandeen) [1475669 1473549]
    last seen 2017-10-29
    modified 2017-08-21
    plugin id 102533
    published 2017-08-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102533
    title Oracle Linux 7 : kernel (ELSA-2017-2473-1)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2018-0015.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0015 for details.
    last seen 2018-05-30
    modified 2018-05-25
    plugin id 106469
    published 2018-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=106469
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3659.NASL
    description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen 2018-02-02
    modified 2018-02-01
    plugin id 105247
    published 2017-12-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=105247
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2092-1.NASL
    description This update for the Linux Kernel 3.12.69-60_64_32 fixes several issues. The following security bugs were fixed : - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102311
    published 2017-08-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102311
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2092-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3377-1.NASL
    description Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) Li Qiang discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) Shi Lei discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-01-31
    modified 2018-01-30
    plugin id 102195
    published 2017-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102195
    title Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3377-1) (Stack Clash)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2017-3605.NASL
    description Description of changes: kernel-uek [4.1.12-94.5.9.el7uek] - dentry name snapshots (Al Viro) [Orabug: 26630936] {CVE-2017-7533} [4.1.12-94.5.8.el7uek] - scsi: libiscsi: use kvzalloc for iscsi_pool_init (Kyle Fortin) [Orabug: 26621191] - mm: introduce kv[mz]alloc helpers (Kyle Fortin) [Orabug: 26621191] - KEYS: Disallow keyrings beginning with '.' to be joined as session keyrings (David Howells) [Orabug: 26621179] {CVE-2016-9604} {CVE-2016-9604} - l2tp: fix racy SOCK_ZAPPED flag check in l2tp_ip{,6}_bind() (Guillaume Nault) [Orabug: 26621176] {CVE-2016-10200} - mnt: Add a per mount namespace limit on the number of mounts (Eric W. Biederman) [Orabug: 26621171] {CVE-2016-6213} {CVE-2016-6213} - ipv6: fix out of bound writes in __ip6_append_data() (Eric Dumazet) [Orabug: 26621163] {CVE-2017-9242}
    last seen 2018-02-02
    modified 2018-02-01
    plugin id 102572
    published 2017-08-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102572
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3605)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2525-1.NASL
    description The SUSE Linux Enterprise 11 SP3 LTSS kernel was updated receive various security and bugfixes. The following security bugs were fixed : - CVE-2016-5243: The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in the Linux kernel did not properly copy a certain string, which allowed local users to obtain sensitive information from kernel stack memory by reading a Netlink message (bnc#983212) - CVE-2016-10200: Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel allowed local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c (bnc#1028415) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bsc#1030593). - CVE-2017-2671: The ping_unhash function in net/ipv4/ping.c in the Linux kernel was too late in obtaining a certain lock and consequently could not ensure that disconnect function calls are safe, which allowed local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call (bnc#1031003) - CVE-2017-5669: The do_shmat function in ipc/shm.c in the Linux kernel did not restrict the address calculated by a certain rounding operation, which allowed local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context (bnc#1026914) - CVE-2017-5970: The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the Linux kernel allowed attackers to cause a denial of service (system crash) via (1) an application that made crafted system calls or possibly (2) IPv4 traffic with invalid IP options (bsc#1024938) - CVE-2017-5986: Race condition in the sctp_wait_for_sndbuf function in net/sctp/socket.c in the Linux kernel allowed local users to cause a denial of service (assertion failure and panic) via a multithreaded application that peels off an association in a certain buffer-full state (bsc#1025235) - CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel mishandled DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allowed local users to obtain root privileges or cause a denial of service (double free) via an application that made an IPV6_RECVPKTINFO setsockopt system call (bnc#1026024) - CVE-2017-6214: The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel allowed remote attackers to cause a denial of service (infinite loop and soft lockup) via vectors involving a TCP packet with the URG flag (bnc#1026722) - CVE-2017-6348: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel improperly managed lock dropping, which allowed local users to cause a denial of service (deadlock) via crafted operations on IrDA devices (bnc#1027178) - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did not properly restrict association peel-off operations during certain wait states, which allowed local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986 (bnc#1027066) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bsc#1029850). - CVE-2017-7184: The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the Linux kernel did not validate certain size data after an XFRM_MSG_NEWAE update, which allowed local users to obtain root privileges or cause a denial of service (heap-based out-of-bounds access) by leveraging the CAP_NET_ADMIN capability (bsc#1030573) - CVE-2017-7187: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel allowed local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified other impact via a large command size in an SG_NEXT_CMD_LEN ioctl call, leading to out-of-bounds write access in the sg_write function (bnc#1030213) - CVE-2017-7261: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not check for a zero value of certain levels data, which allowed local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031052) - CVE-2017-7294: The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel did not validate addition of certain levels data, which allowed local users to trigger an integer overflow and out-of-bounds write, and cause a denial of service (system hang or crash) or possibly gain privileges, via a crafted ioctl call for a /dev/dri/renderD* device (bnc#1031440) - CVE-2017-7308: The packet_set_ring function in net/packet/af_packet.c in the Linux kernel did not properly validate certain block-size data, which allowed local users to cause a denial of service (overflow) or possibly have unspecified other impact via crafted system calls (bnc#1031579) - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bsc#1038879). - CVE-2017-7533: Race condition in the fsnotify implementation in the Linux kernel allowed local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions (bnc#1049483 1050677 ). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bnc#1049882). - CVE-2017-7616: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel allowed local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation (bsc#1033336) - CVE-2017-8831: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a 'double fetch' vulnerability. This requires a malicious PCI Card. (bnc#1037994). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038544). - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1037182). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882). - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1039883). - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885). - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1040069). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431). - CVE-2017-10661: Race condition in fs/timerfd.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bnc#1053152). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bnc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-12762: In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied into a local buffer of constant size using strcpy without a length check which can cause a buffer overflow. (bnc#1053148). - CVE-2017-14051: An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel allowed local users to cause a denial of service (memory corruption and system crash) by leveraging root access (bnc#1056588). - CVE-2017-1000112: Fixed a race condition in net-packet code that could have been exploited by unprivileged users to gain root access. (bsc#1052311). - CVE-2017-1000363: Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds check, and the fact that parport_ptr integer is static, a 'secure boot' kernel command line adversary could have overflowed the parport_nr array in the following code (bnc#1039456). - CVE-2017-1000365: The Linux Kernel imposes a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation (bnc#1039354). - CVE-2017-1000380: sound/core/timer.c in the Linux kernel was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time (bnc#1044125). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-05-19
    modified 2018-05-18
    plugin id 103354
    published 2017-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103354
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2525-1) (Stack Clash)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2042-1.NASL
    description The SUSE Linux Enterprise 12 SP1 kernel was updated to 3.12.74 to receive the following security fix : - CVE-2017-7533: Bug in inotify code allowed privilege escalation (bnc#1049483). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 102218
    published 2017-08-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102218
    title SUSE SLES12 Security Update : kernel (SUSE-SU-2017:2042-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2017-2473.NASL
    description An update for kernel is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix(es) : * A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data. (CVE-2017-7533, Important) Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting this issue. Bug Fix(es) : * Previously, direct I/O read operations going past EOF returned an invalid error number, instead of reading 0 bytes and returning success, if these operations were in same XFS block with EOF. Consequently, creating multiple VMs from a Red Hat Enterprise Linux 7.4 template caused all the VMs to become unresponsive in the 'Image Locked' state. This update fixes the direct I/O feature of the file system, and VMs created from a Red Hat Enterprise Linux 7.4 template now work as expected. (BZ#1475669)
    last seen 2018-01-26
    modified 2018-01-25
    plugin id 102518
    published 2017-08-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102518
    title RHEL 7 : kernel (RHSA-2017:2473)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3377-2.NASL
    description USN-3377-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS. Fan Wu and Shixiong Zhao discovered a race condition between inotify events and vfs rename operations in the Linux kernel. An unprivileged local attacker could use this to cause a denial of service (system crash) or execute arbitrary code. (CVE-2017-7533) It was discovered that the Linux kernel did not properly restrict RLIMIT_STACK size. A local attacker could use this in conjunction with another vulnerability to possibly execute arbitrary code. (CVE-2017-1000365) Li Qiang discovered that the Virtio GPU driver in the Linux kernel did not properly free memory in some situations. A local attacker could use this to cause a denial of service (memory consumption). (CVE-2017-10810) Shi Lei discovered that the RxRPC Kerberos 5 ticket handling code in the Linux kernel did not properly verify metadata. A remote attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-7482). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-01-31
    modified 2018-01-30
    plugin id 102196
    published 2017-08-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102196
    title Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3377-2) (Stack Clash)
  • NASL family Virtuozzo Local Security Checks
    NASL id VIRTUOZZO_VZA-2017-070.NASL
    description According to the version of the vzkernel package and the readykernel-patch installed, the Virtuozzo installation on the remote host is affected by the following vulnerability : - A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data. Note that Tenable Network Security has extracted the preceding description block directly from the Virtuozzo security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-06-14
    modified 2018-06-13
    plugin id 102436
    published 2017-08-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102436
    title Virtuozzo 7 : readykernel-patch (VZA-2017-070)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0145.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0145 for details.
    last seen 2018-05-19
    modified 2018-05-18
    plugin id 102774
    published 2017-08-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102774
    title OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0145) (Stack Clash)
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1160.NASL
    description According to the version of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data. (CVE-2017-7533) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-06-14
    modified 2018-06-13
    plugin id 102998
    published 2017-09-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102998
    title EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1160)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2389-1.NASL
    description The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-7482: Several missing length checks ticket decode allowing for information leak or potentially code execution (bsc#1046107). - CVE-2016-10277: Potential privilege escalation due to a missing bounds check in the lp driver. A kernel command-line adversary can overflow the parport_nr array to execute code (bsc#1039456). - CVE-2017-7542: The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket (bsc#1049882). - CVE-2017-7533: Bug in inotify code allowing privilege escalation (bsc#1049483). - CVE-2017-11176: The mq_notify function in the Linux kernel did not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allowed attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact (bsc#1048275). - CVE-2017-11473: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel allowed local users to gain privileges via a crafted ACPI table (bnc#1049603). - CVE-2017-1000365: The Linux Kernel imposed a size restriction on the arguments and environmental strings passed through RLIMIT_STACK/RLIM_INFINITY (1/4 of the size), but did not take the argument and environment pointers into account, which allowed attackers to bypass this limitation. (bnc#1039354) - CVE-2014-9922: The eCryptfs subsystem in the Linux kernel allowed local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c (bnc#1032340) - CVE-2017-8924: The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel allowed local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow (bnc#1038982). - CVE-2017-8925: The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel allowed local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling (bnc#1038981). - CVE-2017-1000380: sound/core/timer.c was vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents could have bene disclosed when a read and an ioctl happen at the same time (bnc#1044125) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c was too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bnc#1041431) - CVE-2017-1000363: A buffer overflow in kernel commandline handling of the 'lp' parameter could be used by local console attackers to bypass certain secure boot settings. (bnc#1039456) - CVE-2017-9076: The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039885) - CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1040069) - CVE-2017-9075: The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bnc#1039883) - CVE-2017-9074: The IPv6 fragmentation implementation in the Linux kernel did not consider that the nexthdr field may be associated with an invalid option, which allowed local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls (bnc#1039882) - CVE-2017-7487: The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel mishandled reference counts, which allowed local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a failed SIOCGIFADDR ioctl call for an IPX interface (bnc#1038879) - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bnc#1038544) - CVE-2017-2647: The KEYS subsystem in the Linux kernel allowed local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving a NULL value for a certain match field, related to the keyring_search_iterator function in keyring.c (bnc#1030593) - CVE-2017-6951: The keyring_search_aux function in security/keys/keyring.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and OOPS) via a request_key system call for the 'dead' type (bnc#1029850) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-02-01
    modified 2018-01-31
    plugin id 103110
    published 2017-09-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=103110
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2017:2389-1) (Stack Clash)
redhat via4
advisories
  • bugzilla
    id 1468283
    title CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename()
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473013
        • comment kernel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842006
      • AND
        • comment kernel-abi-whitelists is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473007
        • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20131645028
      • AND
        • comment kernel-bootwrapper is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473031
        • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842010
      • AND
        • comment kernel-debug is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473011
        • comment kernel-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842012
      • AND
        • comment kernel-debug-devel is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473021
        • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842014
      • AND
        • comment kernel-devel is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473025
        • comment kernel-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842016
      • AND
        • comment kernel-doc is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473005
        • comment kernel-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842024
      • AND
        • comment kernel-headers is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473017
        • comment kernel-headers is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842008
      • AND
        • comment kernel-kdump is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473023
        • comment kernel-kdump is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842018
      • AND
        • comment kernel-kdump-devel is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473015
        • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842020
      • AND
        • comment kernel-tools is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473027
        • comment kernel-tools is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678010
      • AND
        • comment kernel-tools-libs is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473033
        • comment kernel-tools-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678012
      • AND
        • comment kernel-tools-libs-devel is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473029
        • comment kernel-tools-libs-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140678020
      • AND
        • comment perf is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473019
        • comment perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100842022
      • AND
        • comment python-perf is earlier than 0:3.10.0-693.1.1.el7
          oval oval:com.redhat.rhsa:tst:20172473009
        • comment python-perf is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111849018
    rhsa
    id RHSA-2017:2473
    released 2017-08-15
    severity Important
    title RHSA-2017:2473: kernel security and bug fix update (Important)
  • bugzilla
    id 1473393
    title kernel-rt: update to the RHEL7.4.z batch#1 source tree
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 7 Client is installed
        oval oval:com.redhat.rhsa:tst:20140675001
      • comment Red Hat Enterprise Linux 7 Server is installed
        oval oval:com.redhat.rhsa:tst:20140675002
      • comment Red Hat Enterprise Linux 7 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20140675003
      • comment Red Hat Enterprise Linux 7 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20140675004
    • OR
      • AND
        • comment kernel-rt is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585007
        • comment kernel-rt is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727006
      • AND
        • comment kernel-rt-debug is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585009
        • comment kernel-rt-debug is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727014
      • AND
        • comment kernel-rt-debug-devel is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585013
        • comment kernel-rt-debug-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727016
      • AND
        • comment kernel-rt-debug-kvm is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585017
        • comment kernel-rt-debug-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411008
      • AND
        • comment kernel-rt-devel is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585021
        • comment kernel-rt-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727012
      • AND
        • comment kernel-rt-doc is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585005
        • comment kernel-rt-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727022
      • AND
        • comment kernel-rt-kvm is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585023
        • comment kernel-rt-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411024
      • AND
        • comment kernel-rt-trace is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585019
        • comment kernel-rt-trace is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727008
      • AND
        • comment kernel-rt-trace-devel is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585011
        • comment kernel-rt-trace-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20150727010
      • AND
        • comment kernel-rt-trace-kvm is earlier than 0:3.10.0-693.2.1.rt56.620.el7
          oval oval:com.redhat.rhsa:tst:20172585015
        • comment kernel-rt-trace-kvm is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20152411014
    rhsa
    id RHSA-2017:2585
    released 2017-09-05
    severity Important
    title RHSA-2017:2585: kernel-rt security and bug fix update (Important)
  • rhsa
    id RHSA-2017:2669
  • rhsa
    id RHSA-2017:2770
  • rhsa
    id RHSA-2017:2869
rpms
  • kernel-0:3.10.0-693.1.1.el7
  • kernel-abi-whitelists-0:3.10.0-693.1.1.el7
  • kernel-bootwrapper-0:3.10.0-693.1.1.el7
  • kernel-debug-0:3.10.0-693.1.1.el7
  • kernel-debug-devel-0:3.10.0-693.1.1.el7
  • kernel-devel-0:3.10.0-693.1.1.el7
  • kernel-doc-0:3.10.0-693.1.1.el7
  • kernel-headers-0:3.10.0-693.1.1.el7
  • kernel-kdump-0:3.10.0-693.1.1.el7
  • kernel-kdump-devel-0:3.10.0-693.1.1.el7
  • kernel-tools-0:3.10.0-693.1.1.el7
  • kernel-tools-libs-0:3.10.0-693.1.1.el7
  • kernel-tools-libs-devel-0:3.10.0-693.1.1.el7
  • perf-0:3.10.0-693.1.1.el7
  • python-perf-0:3.10.0-693.1.1.el7
  • kernel-rt-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-debug-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-debug-devel-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-debug-kvm-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-devel-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-doc-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-kvm-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-trace-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-trace-devel-0:3.10.0-693.2.1.rt56.620.el7
  • kernel-rt-trace-kvm-0:3.10.0-693.2.1.rt56.620.el7
refmap via4
bid 100123
confirm https://source.android.com/security/bulletin/2017-12-01
debian
  • DSA-3927
  • DSA-3945
misc
sectrack 1039075
Last major update 05-08-2017 - 12:29
Published 05-08-2017 - 12:29
Last modified 04-01-2018 - 21:31
Back to Top