Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-8797 (GCVE-0-2017-8797)
Vulnerability from cvelistv5 – Published: 2017-07-02 17:00 – Updated: 2024-08-05 16:48
VLAI
EPSS
Summary
The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2017/06/27/5 | x_refsource_MISC |
| http://www.securitytracker.com/id/1038790 | vdb-entryx_refsource_SECTRACK |
| https://access.redhat.com/errata/RHSA-2017:2437 | vendor-advisoryx_refsource_REDHAT |
| https://github.com/torvalds/linux/commit/f961e3f2… | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2017:2669 | vendor-advisoryx_refsource_REDHAT |
| https://bugzilla.redhat.com/show_bug.cgi?id=1466329 | x_refsource_MISC |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_MISC |
| https://github.com/torvalds/linux/commit/b550a32e… | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2017:2077 | vendor-advisoryx_refsource_REDHAT |
| http://www.kernel.org/pub/linux/kernel/v4.x/Chang… | x_refsource_MISC |
| https://access.redhat.com/errata/RHSA-2017:1842 | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/99298 | vdb-entryx_refsource_BID |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_MISC |
Date Public
2017-07-02 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:48:22.015Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/27/5"
},
{
"name": "1038790",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1038790"
},
{
"name": "RHSA-2017:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2437"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/f961e3f2acae94b727380c0b74e2d3954d0edf79"
},
{
"name": "RHSA-2017:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466329"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/b550a32e60a4941994b437a8d662432a486235a5"
},
{
"name": "RHSA-2017:2077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3"
},
{
"name": "RHSA-2017:1842",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name": "99298",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/99298"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-07-02T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-01-04T19:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.openwall.com/lists/oss-security/2017/06/27/5"
},
{
"name": "1038790",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1038790"
},
{
"name": "RHSA-2017:2437",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2437"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/f961e3f2acae94b727380c0b74e2d3954d0edf79"
},
{
"name": "RHSA-2017:2669",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466329"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/torvalds/linux/commit/b550a32e60a4941994b437a8d662432a486235a5"
},
{
"name": "RHSA-2017:2077",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3"
},
{
"name": "RHSA-2017:1842",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name": "99298",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/99298"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-8797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.openwall.com/lists/oss-security/2017/06/27/5",
"refsource": "MISC",
"url": "http://www.openwall.com/lists/oss-security/2017/06/27/5"
},
{
"name": "1038790",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1038790"
},
{
"name": "RHSA-2017:2437",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2437"
},
{
"name": "https://github.com/torvalds/linux/commit/f961e3f2acae94b727380c0b74e2d3954d0edf79",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/f961e3f2acae94b727380c0b74e2d3954d0edf79"
},
{
"name": "RHSA-2017:2669",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2669"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1466329",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466329"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79"
},
{
"name": "https://github.com/torvalds/linux/commit/b550a32e60a4941994b437a8d662432a486235a5",
"refsource": "MISC",
"url": "https://github.com/torvalds/linux/commit/b550a32e60a4941994b437a8d662432a486235a5"
},
{
"name": "RHSA-2017:2077",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:2077"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3",
"refsource": "MISC",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3"
},
{
"name": "RHSA-2017:1842",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2017:1842"
},
{
"name": "99298",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/99298"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5",
"refsource": "MISC",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-8797",
"datePublished": "2017-07-02T17:00:00.000Z",
"dateReserved": "2017-05-05T00:00:00.000Z",
"dateUpdated": "2024-08-05T16:48:22.015Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-8797",
"date": "2026-05-26",
"epss": "0.30423",
"percentile": "0.96769"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0\", \"versionEndExcluding\": \"4.1.40\", \"matchCriteriaId\": \"D666D375-98D5-46EA-BE3F-818730173F5C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.2\", \"versionEndExcluding\": \"4.4.70\", \"matchCriteriaId\": \"6B6B892D-2153-4B26-A53A-2757488ABBCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.5\", \"versionEndExcluding\": \"4.9.30\", \"matchCriteriaId\": \"05FA3C9C-F982-4407-89BC-F8936979C1D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.11\", \"versionEndExcluding\": \"4.11.3\", \"matchCriteriaId\": \"E99AAEA7-96AE-4F7C-9347-B81325B63989\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.\"}, {\"lang\": \"es\", \"value\": \"El servidor NFSv4 en el kernel de Linux en versiones anteriores a la 4.11.3 no valida correctamente el tipo de dise\\u00f1o al procesar los operandos NFSv4 pNFS GETDEVICEINFO o LAYOUTGET en un paquete UDP de un atacante remoto. Este valor de tipo no se inicializa al encontrarse ciertas condiciones de error. Este valor se emplea como \\u00edndice de arrays para desreferenciar, lo que conduce a un error OOPS y, finalmente, a una DoS de knfsd y a un bloqueo parcial de todo el sistema.\"}]",
"id": "CVE-2017-8797",
"lastModified": "2024-11-21T03:34:43.433",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": true, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-07-02T17:29:00.177",
"references": "[{\"url\": \"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2017/06/27/5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/99298\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038790\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1842\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2077\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2437\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2669\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1466329\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/torvalds/linux/commit/b550a32e60a4941994b437a8d662432a486235a5\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/torvalds/linux/commit/f961e3f2acae94b727380c0b74e2d3954d0edf79\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2017/06/27/5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"VDB Entry\"]}, {\"url\": \"http://www.securityfocus.com/bid/99298\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1038790\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:1842\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2077\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2437\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2017:2669\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1466329\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/torvalds/linux/commit/b550a32e60a4941994b437a8d662432a486235a5\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/torvalds/linux/commit/f961e3f2acae94b727380c0b74e2d3954d0edf79\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-129\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-8797\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-07-02T17:29:00.177\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.\"},{\"lang\":\"es\",\"value\":\"El servidor NFSv4 en el kernel de Linux en versiones anteriores a la 4.11.3 no valida correctamente el tipo de dise\u00f1o al procesar los operandos NFSv4 pNFS GETDEVICEINFO o LAYOUTGET en un paquete UDP de un atacante remoto. Este valor de tipo no se inicializa al encontrarse ciertas condiciones de error. Este valor se emplea como \u00edndice de arrays para desreferenciar, lo que conduce a un error OOPS y, finalmente, a una DoS de knfsd y a un bloqueo parcial de todo el sistema.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":true,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-129\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0\",\"versionEndExcluding\":\"4.1.40\",\"matchCriteriaId\":\"D666D375-98D5-46EA-BE3F-818730173F5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2\",\"versionEndExcluding\":\"4.4.70\",\"matchCriteriaId\":\"6B6B892D-2153-4B26-A53A-2757488ABBCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5\",\"versionEndExcluding\":\"4.9.30\",\"matchCriteriaId\":\"05FA3C9C-F982-4407-89BC-F8936979C1D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.11\",\"versionEndExcluding\":\"4.11.3\",\"matchCriteriaId\":\"E99AAEA7-96AE-4F7C-9347-B81325B63989\"}]}]}],\"references\":[{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2017/06/27/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/99298\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038790\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1842\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2077\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2437\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2669\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1466329\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/torvalds/linux/commit/b550a32e60a4941994b437a8d662432a486235a5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/f961e3f2acae94b727380c0b74e2d3954d0edf79\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b550a32e60a4941994b437a8d662432a486235a5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f961e3f2acae94b727380c0b74e2d3954d0edf79\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2017/06/27/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/99298\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1038790\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:1842\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2077\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2437\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1466329\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/torvalds/linux/commit/b550a32e60a4941994b437a8d662432a486235a5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/f961e3f2acae94b727380c0b74e2d3954d0edf79\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
SUSE-SU-2017:2046-1
Vulnerability from csaf_suse - Published: 2017-08-04 15:15 - Updated: 2017-08-04 15:15Summary
Security update for Linux Kernel Live Patch 8 for SLE 12 SP2
Severity
Important
Notes
Title of the patch: Security update for Linux Kernel Live Patch 8 for SLE 12 SP2
Description of the patch: This update for the Linux Kernel 4.4.59-92_20 fixes several issues.
The following security bugs were fixed:
- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).
- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)
- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).
- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).
The following non-security bug was fixed:
- Fix for a btrfs deadlock between btrfs-cleaner and user space thread regression, which could cause spurious WARN_ON's from fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups are enabled. (bsc#1047518)
Patchnames: SUSE-SLE-Live-Patching-12-2017-1258
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
48 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Linux Kernel Live Patch 8 for SLE 12 SP2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.59-92_20 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n\nThe following non-security bug was fixed:\n\n- Fix for a btrfs deadlock between btrfs-cleaner and user space thread regression, which could cause spurious WARN_ON\u0027s from fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups are enabled. (bsc#1047518)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-2017-1258",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2046-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2046-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172046-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2046-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003089.html"
},
{
"category": "self",
"summary": "SUSE Bug 1038564",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "self",
"summary": "SUSE Bug 1042364",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "self",
"summary": "SUSE Bug 1042892",
"url": "https://bugzilla.suse.com/1042892"
},
{
"category": "self",
"summary": "SUSE Bug 1046191",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "self",
"summary": "SUSE Bug 1046202",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "self",
"summary": "SUSE Bug 1046206",
"url": "https://bugzilla.suse.com/1046206"
},
{
"category": "self",
"summary": "SUSE Bug 1047518",
"url": "https://bugzilla.suse.com/1047518"
},
{
"category": "self",
"summary": "SUSE Bug 1050751",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7533 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7645 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8797 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8890 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9077 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9242 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9242/"
}
],
"title": "Security update for Linux Kernel Live Patch 8 for SLE 12 SP2",
"tracking": {
"current_release_date": "2017-08-04T15:15:44Z",
"generator": {
"date": "2017-08-04T15:15:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2046-1",
"initial_release_date": "2017-08-04T15:15:44Z",
"revision_history": [
{
"date": "2017-08-04T15:15:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64",
"product_id": "kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-7533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7533"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7533",
"url": "https://www.suse.com/security/cve/CVE-2017-7533"
},
{
"category": "external",
"summary": "SUSE Bug 1049483 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1049483"
},
{
"category": "external",
"summary": "SUSE Bug 1050677 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050677"
},
{
"category": "external",
"summary": "SUSE Bug 1050751 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1053919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-04T15:15:44Z",
"details": "important"
}
],
"title": "CVE-2017-7533"
},
{
"cve": "CVE-2017-7645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7645"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7645",
"url": "https://www.suse.com/security/cve/CVE-2017-7645"
},
{
"category": "external",
"summary": "SUSE Bug 1034670 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1034670"
},
{
"category": "external",
"summary": "SUSE Bug 1036741 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1036741"
},
{
"category": "external",
"summary": "SUSE Bug 1046191 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1087082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-04T15:15:44Z",
"details": "important"
}
],
"title": "CVE-2017-7645"
},
{
"cve": "CVE-2017-8797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8797"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8797",
"url": "https://www.suse.com/security/cve/CVE-2017-8797"
},
{
"category": "external",
"summary": "SUSE Bug 1046202 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "external",
"summary": "SUSE Bug 1046206 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-04T15:15:44Z",
"details": "important"
}
],
"title": "CVE-2017-8797"
},
{
"cve": "CVE-2017-8890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8890"
}
],
"notes": [
{
"category": "general",
"text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8890",
"url": "https://www.suse.com/security/cve/CVE-2017-8890"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1038564 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "external",
"summary": "SUSE Bug 1039883 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039883"
},
{
"category": "external",
"summary": "SUSE Bug 1039885 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039885"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1051906 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1051906"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-04T15:15:44Z",
"details": "important"
}
],
"title": "CVE-2017-8890"
},
{
"cve": "CVE-2017-9077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9077"
}
],
"notes": [
{
"category": "general",
"text": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9077",
"url": "https://www.suse.com/security/cve/CVE-2017-9077"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-04T15:15:44Z",
"details": "moderate"
}
],
"title": "CVE-2017-9077"
},
{
"cve": "CVE-2017-9242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9242"
}
],
"notes": [
{
"category": "general",
"text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9242",
"url": "https://www.suse.com/security/cve/CVE-2017-9242"
},
{
"category": "external",
"summary": "SUSE Bug 1041431 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1041431"
},
{
"category": "external",
"summary": "SUSE Bug 1042892 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1042892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_20-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-04T15:15:44Z",
"details": "important"
}
],
"title": "CVE-2017-9242"
}
]
}
SUSE-SU-2017:2062-1
Vulnerability from csaf_suse - Published: 2017-08-07 07:09 - Updated: 2017-08-07 07:09Summary
Security update for Linux Kernel Live Patch 0 for SLE 12 SP2
Severity
Important
Notes
Title of the patch: Security update for Linux Kernel Live Patch 0 for SLE 12 SP2
Description of the patch: This update for the Linux Kernel 4.4.21-69 fixes several issues.
The following security bugs were fixed:
- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).
- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)
- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).
- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).
Patchnames: SUSE-SLE-Live-Patching-12-2017-1263
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Linux Kernel Live Patch 0 for SLE 12 SP2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.21-69 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-2017-1263",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2062-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2062-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172062-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2062-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003093.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027575",
"url": "https://bugzilla.suse.com/1027575"
},
{
"category": "self",
"summary": "SUSE Bug 1038564",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "self",
"summary": "SUSE Bug 1042364",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "self",
"summary": "SUSE Bug 1042892",
"url": "https://bugzilla.suse.com/1042892"
},
{
"category": "self",
"summary": "SUSE Bug 1046191",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "self",
"summary": "SUSE Bug 1046202",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "self",
"summary": "SUSE Bug 1046206",
"url": "https://bugzilla.suse.com/1046206"
},
{
"category": "self",
"summary": "SUSE Bug 1050751",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2636 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7533 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7645 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8797 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8890 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9077 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9242 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9242/"
}
],
"title": "Security update for Linux Kernel Live Patch 0 for SLE 12 SP2",
"tracking": {
"current_release_date": "2017-08-07T07:09:03Z",
"generator": {
"date": "2017-08-07T07:09:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2062-1",
"initial_release_date": "2017-08-07T07:09:03Z",
"revision_history": [
{
"date": "2017-08-07T07:09:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64",
"product_id": "kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-2636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2636"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2636",
"url": "https://www.suse.com/security/cve/CVE-2017-2636"
},
{
"category": "external",
"summary": "SUSE Bug 1027565 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1027565"
},
{
"category": "external",
"summary": "SUSE Bug 1027575 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1027575"
},
{
"category": "external",
"summary": "SUSE Bug 1028372 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1028372"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T07:09:03Z",
"details": "moderate"
}
],
"title": "CVE-2017-2636"
},
{
"cve": "CVE-2017-7533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7533"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7533",
"url": "https://www.suse.com/security/cve/CVE-2017-7533"
},
{
"category": "external",
"summary": "SUSE Bug 1049483 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1049483"
},
{
"category": "external",
"summary": "SUSE Bug 1050677 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050677"
},
{
"category": "external",
"summary": "SUSE Bug 1050751 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1053919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T07:09:03Z",
"details": "important"
}
],
"title": "CVE-2017-7533"
},
{
"cve": "CVE-2017-7645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7645"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7645",
"url": "https://www.suse.com/security/cve/CVE-2017-7645"
},
{
"category": "external",
"summary": "SUSE Bug 1034670 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1034670"
},
{
"category": "external",
"summary": "SUSE Bug 1036741 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1036741"
},
{
"category": "external",
"summary": "SUSE Bug 1046191 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1087082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T07:09:03Z",
"details": "important"
}
],
"title": "CVE-2017-7645"
},
{
"cve": "CVE-2017-8797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8797"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8797",
"url": "https://www.suse.com/security/cve/CVE-2017-8797"
},
{
"category": "external",
"summary": "SUSE Bug 1046202 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "external",
"summary": "SUSE Bug 1046206 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T07:09:03Z",
"details": "important"
}
],
"title": "CVE-2017-8797"
},
{
"cve": "CVE-2017-8890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8890"
}
],
"notes": [
{
"category": "general",
"text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8890",
"url": "https://www.suse.com/security/cve/CVE-2017-8890"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1038564 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "external",
"summary": "SUSE Bug 1039883 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039883"
},
{
"category": "external",
"summary": "SUSE Bug 1039885 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039885"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1051906 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1051906"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T07:09:03Z",
"details": "important"
}
],
"title": "CVE-2017-8890"
},
{
"cve": "CVE-2017-9077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9077"
}
],
"notes": [
{
"category": "general",
"text": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9077",
"url": "https://www.suse.com/security/cve/CVE-2017-9077"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T07:09:03Z",
"details": "moderate"
}
],
"title": "CVE-2017-9077"
},
{
"cve": "CVE-2017-9242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9242"
}
],
"notes": [
{
"category": "general",
"text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9242",
"url": "https://www.suse.com/security/cve/CVE-2017-9242"
},
{
"category": "external",
"summary": "SUSE Bug 1041431 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1041431"
},
{
"category": "external",
"summary": "SUSE Bug 1042892 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1042892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-69-default-8-18.7.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T07:09:03Z",
"details": "important"
}
],
"title": "CVE-2017-9242"
}
]
}
SUSE-SU-2017:2063-1
Vulnerability from csaf_suse - Published: 2017-08-07 08:27 - Updated: 2017-08-07 08:27Summary
Security update for Linux Kernel Live Patch 5 for SLE 12 SP2
Severity
Important
Notes
Title of the patch: Security update for Linux Kernel Live Patch 5 for SLE 12 SP2
Description of the patch: This update for the Linux Kernel 4.4.49-92_11 fixes several issues.
The following security bugs were fixed:
- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).
- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)
- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).
- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).
Patchnames: SUSE-SLE-Live-Patching-12-2017-1269
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Linux Kernel Live Patch 5 for SLE 12 SP2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.49-92_11 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-2017-1269",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2063-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2063-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172063-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2063-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003094.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027575",
"url": "https://bugzilla.suse.com/1027575"
},
{
"category": "self",
"summary": "SUSE Bug 1038564",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "self",
"summary": "SUSE Bug 1042364",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "self",
"summary": "SUSE Bug 1042892",
"url": "https://bugzilla.suse.com/1042892"
},
{
"category": "self",
"summary": "SUSE Bug 1046191",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "self",
"summary": "SUSE Bug 1046202",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "self",
"summary": "SUSE Bug 1046206",
"url": "https://bugzilla.suse.com/1046206"
},
{
"category": "self",
"summary": "SUSE Bug 1050751",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2636 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7533 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7645 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8797 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8890 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9077 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9242 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9242/"
}
],
"title": "Security update for Linux Kernel Live Patch 5 for SLE 12 SP2",
"tracking": {
"current_release_date": "2017-08-07T08:27:33Z",
"generator": {
"date": "2017-08-07T08:27:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2063-1",
"initial_release_date": "2017-08-07T08:27:33Z",
"revision_history": [
{
"date": "2017-08-07T08:27:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64",
"product_id": "kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-2636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2636"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2636",
"url": "https://www.suse.com/security/cve/CVE-2017-2636"
},
{
"category": "external",
"summary": "SUSE Bug 1027565 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1027565"
},
{
"category": "external",
"summary": "SUSE Bug 1027575 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1027575"
},
{
"category": "external",
"summary": "SUSE Bug 1028372 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1028372"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2017-2636"
},
{
"cve": "CVE-2017-7533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7533"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7533",
"url": "https://www.suse.com/security/cve/CVE-2017-7533"
},
{
"category": "external",
"summary": "SUSE Bug 1049483 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1049483"
},
{
"category": "external",
"summary": "SUSE Bug 1050677 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050677"
},
{
"category": "external",
"summary": "SUSE Bug 1050751 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1053919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:27:33Z",
"details": "important"
}
],
"title": "CVE-2017-7533"
},
{
"cve": "CVE-2017-7645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7645"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7645",
"url": "https://www.suse.com/security/cve/CVE-2017-7645"
},
{
"category": "external",
"summary": "SUSE Bug 1034670 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1034670"
},
{
"category": "external",
"summary": "SUSE Bug 1036741 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1036741"
},
{
"category": "external",
"summary": "SUSE Bug 1046191 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1087082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:27:33Z",
"details": "important"
}
],
"title": "CVE-2017-7645"
},
{
"cve": "CVE-2017-8797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8797"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8797",
"url": "https://www.suse.com/security/cve/CVE-2017-8797"
},
{
"category": "external",
"summary": "SUSE Bug 1046202 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "external",
"summary": "SUSE Bug 1046206 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:27:33Z",
"details": "important"
}
],
"title": "CVE-2017-8797"
},
{
"cve": "CVE-2017-8890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8890"
}
],
"notes": [
{
"category": "general",
"text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8890",
"url": "https://www.suse.com/security/cve/CVE-2017-8890"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1038564 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "external",
"summary": "SUSE Bug 1039883 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039883"
},
{
"category": "external",
"summary": "SUSE Bug 1039885 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039885"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1051906 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1051906"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:27:33Z",
"details": "important"
}
],
"title": "CVE-2017-8890"
},
{
"cve": "CVE-2017-9077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9077"
}
],
"notes": [
{
"category": "general",
"text": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9077",
"url": "https://www.suse.com/security/cve/CVE-2017-9077"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:27:33Z",
"details": "moderate"
}
],
"title": "CVE-2017-9077"
},
{
"cve": "CVE-2017-9242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9242"
}
],
"notes": [
{
"category": "general",
"text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9242",
"url": "https://www.suse.com/security/cve/CVE-2017-9242"
},
{
"category": "external",
"summary": "SUSE Bug 1041431 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1041431"
},
{
"category": "external",
"summary": "SUSE Bug 1042892 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1042892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_11-default-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:27:33Z",
"details": "important"
}
],
"title": "CVE-2017-9242"
}
]
}
SUSE-SU-2017:2064-1
Vulnerability from csaf_suse - Published: 2017-08-07 08:08 - Updated: 2017-08-07 08:08Summary
Security update for Linux Kernel Live Patch 7 for SLE 12 SP2
Severity
Important
Notes
Title of the patch: Security update for Linux Kernel Live Patch 7 for SLE 12 SP2
Description of the patch: This update for the Linux Kernel 4.4.59-92_17 fixes several issues.
The following security bugs were fixed:
- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).
- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)
- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).
- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).
The following non-security bug was fixed:
- Fix for a btrfs deadlock between btrfs-cleaner and user space thread regression, which could cause spurious WARN_ON's from fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups are enabled. (bsc#1047518)
Patchnames: SUSE-SLE-Live-Patching-12-2017-1266
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
48 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Linux Kernel Live Patch 7 for SLE 12 SP2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.59-92_17 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n\nThe following non-security bug was fixed:\n\n- Fix for a btrfs deadlock between btrfs-cleaner and user space thread regression, which could cause spurious WARN_ON\u0027s from fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups are enabled. (bsc#1047518)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-2017-1266",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2064-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2064-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172064-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2064-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003095.html"
},
{
"category": "self",
"summary": "SUSE Bug 1038564",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "self",
"summary": "SUSE Bug 1042364",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "self",
"summary": "SUSE Bug 1042892",
"url": "https://bugzilla.suse.com/1042892"
},
{
"category": "self",
"summary": "SUSE Bug 1046191",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "self",
"summary": "SUSE Bug 1046202",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "self",
"summary": "SUSE Bug 1046206",
"url": "https://bugzilla.suse.com/1046206"
},
{
"category": "self",
"summary": "SUSE Bug 1047518",
"url": "https://bugzilla.suse.com/1047518"
},
{
"category": "self",
"summary": "SUSE Bug 1050751",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7533 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7645 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8797 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8890 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9077 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9242 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9242/"
}
],
"title": "Security update for Linux Kernel Live Patch 7 for SLE 12 SP2",
"tracking": {
"current_release_date": "2017-08-07T08:08:22Z",
"generator": {
"date": "2017-08-07T08:08:22Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2064-1",
"initial_release_date": "2017-08-07T08:08:22Z",
"revision_history": [
{
"date": "2017-08-07T08:08:22Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64",
"product_id": "kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-7533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7533"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7533",
"url": "https://www.suse.com/security/cve/CVE-2017-7533"
},
{
"category": "external",
"summary": "SUSE Bug 1049483 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1049483"
},
{
"category": "external",
"summary": "SUSE Bug 1050677 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050677"
},
{
"category": "external",
"summary": "SUSE Bug 1050751 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1053919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:22Z",
"details": "important"
}
],
"title": "CVE-2017-7533"
},
{
"cve": "CVE-2017-7645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7645"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7645",
"url": "https://www.suse.com/security/cve/CVE-2017-7645"
},
{
"category": "external",
"summary": "SUSE Bug 1034670 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1034670"
},
{
"category": "external",
"summary": "SUSE Bug 1036741 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1036741"
},
{
"category": "external",
"summary": "SUSE Bug 1046191 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1087082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:22Z",
"details": "important"
}
],
"title": "CVE-2017-7645"
},
{
"cve": "CVE-2017-8797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8797"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8797",
"url": "https://www.suse.com/security/cve/CVE-2017-8797"
},
{
"category": "external",
"summary": "SUSE Bug 1046202 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "external",
"summary": "SUSE Bug 1046206 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:22Z",
"details": "important"
}
],
"title": "CVE-2017-8797"
},
{
"cve": "CVE-2017-8890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8890"
}
],
"notes": [
{
"category": "general",
"text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8890",
"url": "https://www.suse.com/security/cve/CVE-2017-8890"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1038564 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "external",
"summary": "SUSE Bug 1039883 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039883"
},
{
"category": "external",
"summary": "SUSE Bug 1039885 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039885"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1051906 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1051906"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:22Z",
"details": "important"
}
],
"title": "CVE-2017-8890"
},
{
"cve": "CVE-2017-9077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9077"
}
],
"notes": [
{
"category": "general",
"text": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9077",
"url": "https://www.suse.com/security/cve/CVE-2017-9077"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:22Z",
"details": "moderate"
}
],
"title": "CVE-2017-9077"
},
{
"cve": "CVE-2017-9242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9242"
}
],
"notes": [
{
"category": "general",
"text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9242",
"url": "https://www.suse.com/security/cve/CVE-2017-9242"
},
{
"category": "external",
"summary": "SUSE Bug 1041431 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1041431"
},
{
"category": "external",
"summary": "SUSE Bug 1042892 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1042892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-3-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:22Z",
"details": "important"
}
],
"title": "CVE-2017-9242"
}
]
}
SUSE-SU-2017:2065-1
Vulnerability from csaf_suse - Published: 2017-08-07 08:08 - Updated: 2017-08-07 08:08Summary
Security update for Linux Kernel Live Patch 4 for SLE 12 SP2
Severity
Important
Notes
Title of the patch: Security update for Linux Kernel Live Patch 4 for SLE 12 SP2
Description of the patch: This update for the Linux Kernel 4.4.38-93 fixes several issues.
The following security bugs were fixed:
- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).
- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)
- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).
- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).
Patchnames: SUSE-SLE-Live-Patching-12-2017-1267
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Linux Kernel Live Patch 4 for SLE 12 SP2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.38-93 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-2017-1267",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2065-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2065-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172065-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2065-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003096.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027575",
"url": "https://bugzilla.suse.com/1027575"
},
{
"category": "self",
"summary": "SUSE Bug 1038564",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "self",
"summary": "SUSE Bug 1042364",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "self",
"summary": "SUSE Bug 1042892",
"url": "https://bugzilla.suse.com/1042892"
},
{
"category": "self",
"summary": "SUSE Bug 1046191",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "self",
"summary": "SUSE Bug 1046202",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "self",
"summary": "SUSE Bug 1046206",
"url": "https://bugzilla.suse.com/1046206"
},
{
"category": "self",
"summary": "SUSE Bug 1050751",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2636 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7533 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7645 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8797 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8890 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9077 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9242 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9242/"
}
],
"title": "Security update for Linux Kernel Live Patch 4 for SLE 12 SP2",
"tracking": {
"current_release_date": "2017-08-07T08:08:28Z",
"generator": {
"date": "2017-08-07T08:08:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2065-1",
"initial_release_date": "2017-08-07T08:08:28Z",
"revision_history": [
{
"date": "2017-08-07T08:08:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_38-93-default-7-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_38-93-default-7-2.1.x86_64",
"product_id": "kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_38-93-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_38-93-default-7-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-2636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2636"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2636",
"url": "https://www.suse.com/security/cve/CVE-2017-2636"
},
{
"category": "external",
"summary": "SUSE Bug 1027565 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1027565"
},
{
"category": "external",
"summary": "SUSE Bug 1027575 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1027575"
},
{
"category": "external",
"summary": "SUSE Bug 1028372 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1028372"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:28Z",
"details": "moderate"
}
],
"title": "CVE-2017-2636"
},
{
"cve": "CVE-2017-7533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7533"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7533",
"url": "https://www.suse.com/security/cve/CVE-2017-7533"
},
{
"category": "external",
"summary": "SUSE Bug 1049483 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1049483"
},
{
"category": "external",
"summary": "SUSE Bug 1050677 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050677"
},
{
"category": "external",
"summary": "SUSE Bug 1050751 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1053919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:28Z",
"details": "important"
}
],
"title": "CVE-2017-7533"
},
{
"cve": "CVE-2017-7645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7645"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7645",
"url": "https://www.suse.com/security/cve/CVE-2017-7645"
},
{
"category": "external",
"summary": "SUSE Bug 1034670 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1034670"
},
{
"category": "external",
"summary": "SUSE Bug 1036741 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1036741"
},
{
"category": "external",
"summary": "SUSE Bug 1046191 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1087082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:28Z",
"details": "important"
}
],
"title": "CVE-2017-7645"
},
{
"cve": "CVE-2017-8797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8797"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8797",
"url": "https://www.suse.com/security/cve/CVE-2017-8797"
},
{
"category": "external",
"summary": "SUSE Bug 1046202 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "external",
"summary": "SUSE Bug 1046206 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:28Z",
"details": "important"
}
],
"title": "CVE-2017-8797"
},
{
"cve": "CVE-2017-8890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8890"
}
],
"notes": [
{
"category": "general",
"text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8890",
"url": "https://www.suse.com/security/cve/CVE-2017-8890"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1038564 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "external",
"summary": "SUSE Bug 1039883 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039883"
},
{
"category": "external",
"summary": "SUSE Bug 1039885 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039885"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1051906 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1051906"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:28Z",
"details": "important"
}
],
"title": "CVE-2017-8890"
},
{
"cve": "CVE-2017-9077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9077"
}
],
"notes": [
{
"category": "general",
"text": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9077",
"url": "https://www.suse.com/security/cve/CVE-2017-9077"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:28Z",
"details": "moderate"
}
],
"title": "CVE-2017-9077"
},
{
"cve": "CVE-2017-9242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9242"
}
],
"notes": [
{
"category": "general",
"text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9242",
"url": "https://www.suse.com/security/cve/CVE-2017-9242"
},
{
"category": "external",
"summary": "SUSE Bug 1041431 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1041431"
},
{
"category": "external",
"summary": "SUSE Bug 1042892 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1042892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_38-93-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:28Z",
"details": "important"
}
],
"title": "CVE-2017-9242"
}
]
}
SUSE-SU-2017:2066-1
Vulnerability from csaf_suse - Published: 2017-08-07 08:08 - Updated: 2017-08-07 08:08Summary
Security update for Linux Kernel Live Patch 9 for SLE 12 SP2
Severity
Important
Notes
Title of the patch: Security update for Linux Kernel Live Patch 9 for SLE 12 SP2
Description of the patch: This update for the Linux Kernel 4.4.59-92_24 fixes several issues.
The following security bugs were fixed:
- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).
- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)
- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).
- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).
The following non-security bug was fixed:
- Fix for a btrfs deadlock between btrfs-cleaner and user space thread regression, which could cause spurious WARN_ON's from fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups are enabled. (bsc#1047518)
Patchnames: SUSE-SLE-Live-Patching-12-2017-1264
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
48 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Linux Kernel Live Patch 9 for SLE 12 SP2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.59-92_24 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n\nThe following non-security bug was fixed:\n\n- Fix for a btrfs deadlock between btrfs-cleaner and user space thread regression, which could cause spurious WARN_ON\u0027s from fs/btrfs/qgroup.c:1445 during patch application if BTRFS quota groups are enabled. (bsc#1047518)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-2017-1264",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2066-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2066-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172066-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2066-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003097.html"
},
{
"category": "self",
"summary": "SUSE Bug 1038564",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "self",
"summary": "SUSE Bug 1042364",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "self",
"summary": "SUSE Bug 1042892",
"url": "https://bugzilla.suse.com/1042892"
},
{
"category": "self",
"summary": "SUSE Bug 1046191",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "self",
"summary": "SUSE Bug 1046202",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "self",
"summary": "SUSE Bug 1046206",
"url": "https://bugzilla.suse.com/1046206"
},
{
"category": "self",
"summary": "SUSE Bug 1047518",
"url": "https://bugzilla.suse.com/1047518"
},
{
"category": "self",
"summary": "SUSE Bug 1050751",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7533 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7645 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8797 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8890 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9077 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9242 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9242/"
}
],
"title": "Security update for Linux Kernel Live Patch 9 for SLE 12 SP2",
"tracking": {
"current_release_date": "2017-08-07T08:08:06Z",
"generator": {
"date": "2017-08-07T08:08:06Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2066-1",
"initial_release_date": "2017-08-07T08:08:06Z",
"revision_history": [
{
"date": "2017-08-07T08:08:06Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64",
"product_id": "kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-7533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7533"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7533",
"url": "https://www.suse.com/security/cve/CVE-2017-7533"
},
{
"category": "external",
"summary": "SUSE Bug 1049483 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1049483"
},
{
"category": "external",
"summary": "SUSE Bug 1050677 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050677"
},
{
"category": "external",
"summary": "SUSE Bug 1050751 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1053919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:06Z",
"details": "important"
}
],
"title": "CVE-2017-7533"
},
{
"cve": "CVE-2017-7645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7645"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7645",
"url": "https://www.suse.com/security/cve/CVE-2017-7645"
},
{
"category": "external",
"summary": "SUSE Bug 1034670 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1034670"
},
{
"category": "external",
"summary": "SUSE Bug 1036741 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1036741"
},
{
"category": "external",
"summary": "SUSE Bug 1046191 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1087082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:06Z",
"details": "important"
}
],
"title": "CVE-2017-7645"
},
{
"cve": "CVE-2017-8797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8797"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8797",
"url": "https://www.suse.com/security/cve/CVE-2017-8797"
},
{
"category": "external",
"summary": "SUSE Bug 1046202 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "external",
"summary": "SUSE Bug 1046206 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:06Z",
"details": "important"
}
],
"title": "CVE-2017-8797"
},
{
"cve": "CVE-2017-8890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8890"
}
],
"notes": [
{
"category": "general",
"text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8890",
"url": "https://www.suse.com/security/cve/CVE-2017-8890"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1038564 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "external",
"summary": "SUSE Bug 1039883 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039883"
},
{
"category": "external",
"summary": "SUSE Bug 1039885 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039885"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1051906 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1051906"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:06Z",
"details": "important"
}
],
"title": "CVE-2017-8890"
},
{
"cve": "CVE-2017-9077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9077"
}
],
"notes": [
{
"category": "general",
"text": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9077",
"url": "https://www.suse.com/security/cve/CVE-2017-9077"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:06Z",
"details": "moderate"
}
],
"title": "CVE-2017-9077"
},
{
"cve": "CVE-2017-9242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9242"
}
],
"notes": [
{
"category": "general",
"text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9242",
"url": "https://www.suse.com/security/cve/CVE-2017-9242"
},
{
"category": "external",
"summary": "SUSE Bug 1041431 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1041431"
},
{
"category": "external",
"summary": "SUSE Bug 1042892 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1042892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_24-default-2-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:06Z",
"details": "important"
}
],
"title": "CVE-2017-9242"
}
]
}
SUSE-SU-2017:2067-1
Vulnerability from csaf_suse - Published: 2017-08-07 08:45 - Updated: 2017-08-07 08:45Summary
Security update for Linux Kernel Live Patch 1 for SLE 12 SP2
Severity
Important
Notes
Title of the patch: Security update for Linux Kernel Live Patch 1 for SLE 12 SP2
Description of the patch: This update for the Linux Kernel 4.4.21-81 fixes several issues.
The following security bugs were fixed:
- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).
- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)
- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).
- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).
Patchnames: SUSE-SLE-Live-Patching-12-2017-1270
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Linux Kernel Live Patch 1 for SLE 12 SP2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.21-81 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-2017-1270",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2067-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2067-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172067-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2067-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003098.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027575",
"url": "https://bugzilla.suse.com/1027575"
},
{
"category": "self",
"summary": "SUSE Bug 1038564",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "self",
"summary": "SUSE Bug 1042364",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "self",
"summary": "SUSE Bug 1042892",
"url": "https://bugzilla.suse.com/1042892"
},
{
"category": "self",
"summary": "SUSE Bug 1046191",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "self",
"summary": "SUSE Bug 1046202",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "self",
"summary": "SUSE Bug 1046206",
"url": "https://bugzilla.suse.com/1046206"
},
{
"category": "self",
"summary": "SUSE Bug 1050751",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2636 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7533 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7645 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8797 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8890 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9077 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9242 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9242/"
}
],
"title": "Security update for Linux Kernel Live Patch 1 for SLE 12 SP2",
"tracking": {
"current_release_date": "2017-08-07T08:45:30Z",
"generator": {
"date": "2017-08-07T08:45:30Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2067-1",
"initial_release_date": "2017-08-07T08:45:30Z",
"revision_history": [
{
"date": "2017-08-07T08:45:30Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_21-81-default-8-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_21-81-default-8-2.1.x86_64",
"product_id": "kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_21-81-default-8-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_21-81-default-8-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-2636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2636"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2636",
"url": "https://www.suse.com/security/cve/CVE-2017-2636"
},
{
"category": "external",
"summary": "SUSE Bug 1027565 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1027565"
},
{
"category": "external",
"summary": "SUSE Bug 1027575 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1027575"
},
{
"category": "external",
"summary": "SUSE Bug 1028372 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1028372"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:30Z",
"details": "moderate"
}
],
"title": "CVE-2017-2636"
},
{
"cve": "CVE-2017-7533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7533"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7533",
"url": "https://www.suse.com/security/cve/CVE-2017-7533"
},
{
"category": "external",
"summary": "SUSE Bug 1049483 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1049483"
},
{
"category": "external",
"summary": "SUSE Bug 1050677 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050677"
},
{
"category": "external",
"summary": "SUSE Bug 1050751 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1053919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:30Z",
"details": "important"
}
],
"title": "CVE-2017-7533"
},
{
"cve": "CVE-2017-7645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7645"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7645",
"url": "https://www.suse.com/security/cve/CVE-2017-7645"
},
{
"category": "external",
"summary": "SUSE Bug 1034670 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1034670"
},
{
"category": "external",
"summary": "SUSE Bug 1036741 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1036741"
},
{
"category": "external",
"summary": "SUSE Bug 1046191 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1087082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:30Z",
"details": "important"
}
],
"title": "CVE-2017-7645"
},
{
"cve": "CVE-2017-8797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8797"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8797",
"url": "https://www.suse.com/security/cve/CVE-2017-8797"
},
{
"category": "external",
"summary": "SUSE Bug 1046202 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "external",
"summary": "SUSE Bug 1046206 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:30Z",
"details": "important"
}
],
"title": "CVE-2017-8797"
},
{
"cve": "CVE-2017-8890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8890"
}
],
"notes": [
{
"category": "general",
"text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8890",
"url": "https://www.suse.com/security/cve/CVE-2017-8890"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1038564 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "external",
"summary": "SUSE Bug 1039883 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039883"
},
{
"category": "external",
"summary": "SUSE Bug 1039885 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039885"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1051906 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1051906"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:30Z",
"details": "important"
}
],
"title": "CVE-2017-8890"
},
{
"cve": "CVE-2017-9077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9077"
}
],
"notes": [
{
"category": "general",
"text": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9077",
"url": "https://www.suse.com/security/cve/CVE-2017-9077"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:30Z",
"details": "moderate"
}
],
"title": "CVE-2017-9077"
},
{
"cve": "CVE-2017-9242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9242"
}
],
"notes": [
{
"category": "general",
"text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9242",
"url": "https://www.suse.com/security/cve/CVE-2017-9242"
},
{
"category": "external",
"summary": "SUSE Bug 1041431 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1041431"
},
{
"category": "external",
"summary": "SUSE Bug 1042892 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1042892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-81-default-8-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:30Z",
"details": "important"
}
],
"title": "CVE-2017-9242"
}
]
}
SUSE-SU-2017:2068-1
Vulnerability from csaf_suse - Published: 2017-08-07 08:45 - Updated: 2017-08-07 08:45Summary
Security update for Linux Kernel Live Patch 2 for SLE 12 SP2
Severity
Important
Notes
Title of the patch: Security update for Linux Kernel Live Patch 2 for SLE 12 SP2
Description of the patch: This update for the Linux Kernel 4.4.21-84 fixes several issues.
The following security bugs were fixed:
- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).
- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)
- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).
- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).
Patchnames: SUSE-SLE-Live-Patching-12-2017-1271
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
54 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Linux Kernel Live Patch 2 for SLE 12 SP2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.21-84 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-2017-1271",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2068-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2068-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172068-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2068-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003099.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027575",
"url": "https://bugzilla.suse.com/1027575"
},
{
"category": "self",
"summary": "SUSE Bug 1038564",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "self",
"summary": "SUSE Bug 1042364",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "self",
"summary": "SUSE Bug 1042892",
"url": "https://bugzilla.suse.com/1042892"
},
{
"category": "self",
"summary": "SUSE Bug 1046191",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "self",
"summary": "SUSE Bug 1046202",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "self",
"summary": "SUSE Bug 1046206",
"url": "https://bugzilla.suse.com/1046206"
},
{
"category": "self",
"summary": "SUSE Bug 1050751",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2636 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2636/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7533 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7645 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8797 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8890 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9077 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9242 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9242/"
}
],
"title": "Security update for Linux Kernel Live Patch 2 for SLE 12 SP2",
"tracking": {
"current_release_date": "2017-08-07T08:45:39Z",
"generator": {
"date": "2017-08-07T08:45:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2068-1",
"initial_release_date": "2017-08-07T08:45:39Z",
"revision_history": [
{
"date": "2017-08-07T08:45:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_21-84-default-7-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_21-84-default-7-2.1.x86_64",
"product_id": "kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_21-84-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_21-84-default-7-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-2636",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2636"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2636",
"url": "https://www.suse.com/security/cve/CVE-2017-2636"
},
{
"category": "external",
"summary": "SUSE Bug 1027565 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1027565"
},
{
"category": "external",
"summary": "SUSE Bug 1027575 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1027575"
},
{
"category": "external",
"summary": "SUSE Bug 1028372 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1028372"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-2636",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:39Z",
"details": "moderate"
}
],
"title": "CVE-2017-2636"
},
{
"cve": "CVE-2017-7533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7533"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7533",
"url": "https://www.suse.com/security/cve/CVE-2017-7533"
},
{
"category": "external",
"summary": "SUSE Bug 1049483 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1049483"
},
{
"category": "external",
"summary": "SUSE Bug 1050677 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050677"
},
{
"category": "external",
"summary": "SUSE Bug 1050751 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1053919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:39Z",
"details": "important"
}
],
"title": "CVE-2017-7533"
},
{
"cve": "CVE-2017-7645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7645"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7645",
"url": "https://www.suse.com/security/cve/CVE-2017-7645"
},
{
"category": "external",
"summary": "SUSE Bug 1034670 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1034670"
},
{
"category": "external",
"summary": "SUSE Bug 1036741 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1036741"
},
{
"category": "external",
"summary": "SUSE Bug 1046191 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1087082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:39Z",
"details": "important"
}
],
"title": "CVE-2017-7645"
},
{
"cve": "CVE-2017-8797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8797"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8797",
"url": "https://www.suse.com/security/cve/CVE-2017-8797"
},
{
"category": "external",
"summary": "SUSE Bug 1046202 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "external",
"summary": "SUSE Bug 1046206 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:39Z",
"details": "important"
}
],
"title": "CVE-2017-8797"
},
{
"cve": "CVE-2017-8890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8890"
}
],
"notes": [
{
"category": "general",
"text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8890",
"url": "https://www.suse.com/security/cve/CVE-2017-8890"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1038564 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "external",
"summary": "SUSE Bug 1039883 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039883"
},
{
"category": "external",
"summary": "SUSE Bug 1039885 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039885"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1051906 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1051906"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:39Z",
"details": "important"
}
],
"title": "CVE-2017-8890"
},
{
"cve": "CVE-2017-9077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9077"
}
],
"notes": [
{
"category": "general",
"text": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9077",
"url": "https://www.suse.com/security/cve/CVE-2017-9077"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:39Z",
"details": "moderate"
}
],
"title": "CVE-2017-9077"
},
{
"cve": "CVE-2017-9242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9242"
}
],
"notes": [
{
"category": "general",
"text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9242",
"url": "https://www.suse.com/security/cve/CVE-2017-9242"
},
{
"category": "external",
"summary": "SUSE Bug 1041431 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1041431"
},
{
"category": "external",
"summary": "SUSE Bug 1042892 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1042892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-84-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:45:39Z",
"details": "important"
}
],
"title": "CVE-2017-9242"
}
]
}
SUSE-SU-2017:2070-1
Vulnerability from csaf_suse - Published: 2017-08-07 08:08 - Updated: 2017-08-07 08:08Summary
Security update for Linux Kernel Live Patch 6 for SLE 12 SP2
Severity
Important
Notes
Title of the patch: Security update for Linux Kernel Live Patch 6 for SLE 12 SP2
Description of the patch: This update for the Linux Kernel 4.4.49-92_14 fixes several issues.
The following security bugs were fixed:
- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).
- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)
- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).
- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).
- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).
- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).
Patchnames: SUSE-SLE-Live-Patching-12-2017-1265
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
47 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for Linux Kernel Live Patch 6 for SLE 12 SP2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.49-92_14 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-8797: The NFSv4 server in the Linux kernel did not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system (bsc#1046202)\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-9077: The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandled inheritance, which allowed local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 (bsc#1042364).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-2017-1265",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2070-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2070-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172070-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2070-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003101.html"
},
{
"category": "self",
"summary": "SUSE Bug 1038564",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "self",
"summary": "SUSE Bug 1042364",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "self",
"summary": "SUSE Bug 1042892",
"url": "https://bugzilla.suse.com/1042892"
},
{
"category": "self",
"summary": "SUSE Bug 1046191",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "self",
"summary": "SUSE Bug 1046202",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "self",
"summary": "SUSE Bug 1046206",
"url": "https://bugzilla.suse.com/1046206"
},
{
"category": "self",
"summary": "SUSE Bug 1050751",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7533 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7533/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7645 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7645/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8797 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8797/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8890 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9077 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9077/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9242 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9242/"
}
],
"title": "Security update for Linux Kernel Live Patch 6 for SLE 12 SP2",
"tracking": {
"current_release_date": "2017-08-07T08:08:15Z",
"generator": {
"date": "2017-08-07T08:08:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2070-1",
"initial_release_date": "2017-08-07T08:08:15Z",
"revision_history": [
{
"date": "2017-08-07T08:08:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64",
"product_id": "kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-7533",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7533"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7533",
"url": "https://www.suse.com/security/cve/CVE-2017-7533"
},
{
"category": "external",
"summary": "SUSE Bug 1049483 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1049483"
},
{
"category": "external",
"summary": "SUSE Bug 1050677 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050677"
},
{
"category": "external",
"summary": "SUSE Bug 1050751 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1050751"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-7533",
"url": "https://bugzilla.suse.com/1053919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:15Z",
"details": "important"
}
],
"title": "CVE-2017-7533"
},
{
"cve": "CVE-2017-7645",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7645"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7645",
"url": "https://www.suse.com/security/cve/CVE-2017-7645"
},
{
"category": "external",
"summary": "SUSE Bug 1034670 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1034670"
},
{
"category": "external",
"summary": "SUSE Bug 1036741 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1036741"
},
{
"category": "external",
"summary": "SUSE Bug 1046191 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1046191"
},
{
"category": "external",
"summary": "SUSE Bug 1087082 for CVE-2017-7645",
"url": "https://bugzilla.suse.com/1087082"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:15Z",
"details": "important"
}
],
"title": "CVE-2017-7645"
},
{
"cve": "CVE-2017-8797",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8797"
}
],
"notes": [
{
"category": "general",
"text": "The NFSv4 server in the Linux kernel before 4.11.3 does not properly validate the layout type when processing the NFSv4 pNFS GETDEVICEINFO or LAYOUTGET operand in a UDP packet from a remote attacker. This type value is uninitialized upon encountering certain error conditions. This value is used as an array index for dereferencing, which leads to an OOPS and eventually a DoS of knfsd and a soft-lockup of the whole system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8797",
"url": "https://www.suse.com/security/cve/CVE-2017-8797"
},
{
"category": "external",
"summary": "SUSE Bug 1046202 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046202"
},
{
"category": "external",
"summary": "SUSE Bug 1046206 for CVE-2017-8797",
"url": "https://bugzilla.suse.com/1046206"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:15Z",
"details": "important"
}
],
"title": "CVE-2017-8797"
},
{
"cve": "CVE-2017-8890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8890"
}
],
"notes": [
{
"category": "general",
"text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8890",
"url": "https://www.suse.com/security/cve/CVE-2017-8890"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1038564 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1038564"
},
{
"category": "external",
"summary": "SUSE Bug 1039883 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039883"
},
{
"category": "external",
"summary": "SUSE Bug 1039885 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1039885"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1051906 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1051906"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-8890",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:15Z",
"details": "important"
}
],
"title": "CVE-2017-8890"
},
{
"cve": "CVE-2017-9077",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9077"
}
],
"notes": [
{
"category": "general",
"text": "The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1 mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9077",
"url": "https://www.suse.com/security/cve/CVE-2017-9077"
},
{
"category": "external",
"summary": "SUSE Bug 1038544 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1038544"
},
{
"category": "external",
"summary": "SUSE Bug 1040069 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1040069"
},
{
"category": "external",
"summary": "SUSE Bug 1042364 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1042364"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-9077",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:15Z",
"details": "moderate"
}
],
"title": "CVE-2017-9077"
},
{
"cve": "CVE-2017-9242",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9242"
}
],
"notes": [
{
"category": "general",
"text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9242",
"url": "https://www.suse.com/security/cve/CVE-2017-9242"
},
{
"category": "external",
"summary": "SUSE Bug 1041431 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1041431"
},
{
"category": "external",
"summary": "SUSE Bug 1042892 for CVE-2017-9242",
"url": "https://bugzilla.suse.com/1042892"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_49-92_14-default-4-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-08-07T08:08:15Z",
"details": "important"
}
],
"title": "CVE-2017-9242"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…