openSUSE: 2017:2741-1: important: the Linux Kernel
Description
The openSUSE Leap 42.3 kernel was updated to 4.4.90 to receive various
security and bugfixes.
The following security bugs were fixed:
- CVE-2017-1000252: The KVM subsystem in the Linux kernel allowed guest OS
users to cause a denial of service (assertion failure, and hypervisor
hang or crash) via an out-of bounds guest_irq value, related to
arch/x86/kvm/vmx.c and virt/kvm/eventfd.c (bnc#1058038).
- CVE-2017-14489: The iscsi_if_rx function in
drivers/scsi/scsi_transport_iscsi.c in the Linux kernel allowed local
users to cause a denial of service (panic) by leveraging incorrect
length validation (bnc#1059051).
- CVE-2017-12153: A security flaw was discovered in the
nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux
kernel This function did not check whether the required attributes are
present in a Netlink request. This request can be issued by a user with
the CAP_NET_ADMIN capability and may result in a NULL pointer
dereference and system crash (bnc#1058410).
- CVE-2017-12154: The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the
Linux kernel did not ensure that the "CR8-load exiting" and "CR8-store
exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR
shadow" vmcs12 control, which allowed KVM L2 guest OS users to obtain
read and write access to the hardware CR8 register (bnc#1058507).
The following non-security bugs were fixed:
- arc: Re-enable MMU upon Machine Check exception (bnc#1012382).
- arm64: fault: Route pte translation faults via do_translation_fault
(bnc#1012382).
- arm64: Make sure SPsel is always set (bnc#1012382).
- arm: pxa: add the number of DMA requestor lines (bnc#1012382).
- arm: pxa: fix the number of DMA requestor lines (bnc#1012382).
- bcache: correct cache_dirty_target in __update_writeback_rate()
(bnc#1012382).
- bcache: Correct return value for sysfs attach errors (bnc#1012382).
- bcache: do not subtract sectors_to_gc for bypassed IO (bnc#1012382).
- bcache: fix bch_hprint crash and improve output (bnc#1012382).
- bcache: fix for gc and write-back race (bnc#1012382).
- bcache: Fix leak of bdev reference (bnc#1012382).
- bcache: initialize dirty stripes in flash_dev_run() (bnc#1012382).
- block: Relax a check in blk_start_queue() (bnc#1012382).
- bsg-lib: do not free job in bsg_prepare_job (bnc#1012382).
- btrfs: change how we decide to commit transactions during flushing
(bsc#1060197).
- btrfs: fix NULL pointer dereference from free_reloc_roots()
(bnc#1012382).
- btrfs: prevent to set invalid default subvolid (bnc#1012382).
- btrfs: propagate error to btrfs_cmp_data_prepare caller (bnc#1012382).
- btrfs: qgroup: move noisy underflow warning to debugging build
(bsc#1055755).
- cifs: Fix SMB3.1.1 guest authentication to Samba (bnc#1012382).
- cifs: release auth_key.response for reconnect (bnc#1012382).
- crypto: AF_ALG - remove SGL terminator indicator when chaining
(bnc#1012382).
- crypto: talitos - Do not provide setkey for non hmac hashing algs
(bnc#1012382).
- crypto: talitos - fix sha224 (bnc#1012382).
- cxl: Fix driver use count (bnc#1012382).
- dmaengine: mmp-pdma: add number of requestors (bnc#1012382).
- drivers: net: phy: xgene: Fix mdio write (bsc#1057383).
- drm: Add driver-private objects to atomic state (bsc#1055493).
- drm/dp: Introduce MST topology state to track available link bandwidth
(bsc#1055493).
- efi/fb: Avoid reconfiguration of BAR that covers the framebuffer
(bsc#1051987).
- efi/fb: Correct PCI_STD_RESOURCE_END usage (bsc#1051987).
- ext4: fix incorrect quotaoff if the quota feature is enabled
(bnc#1012382).
- ext4: fix quota inconsistency during orphan cleanup for read-only mounts
(bnc#1012382).
- f2fs: check hot_data for roll-forward recovery (bnc#1012382).
- fix xen_swiotlb_dma_mmap prototype (bnc#1012382).
- ftrace: Fix memleak when unregistering dynamic ops when tracing disabled
(bnc#1012382).
- ftrace: Fix selftest goto location on error (bnc#1012382).
- genirq: Fix for_each_action_of_desc() macro (bsc#1061064).
- getcwd: Close race with d_move called by lustre (bsc#1052593).
- gfs2: Fix debugfs glocks dump (bnc#1012382).
- gianfar: Fix Tx flow control deactivation (bnc#1012382).
- hid: usbhid: Add HID_QUIRK_NOGET for Aten CS-1758 KVM switch
(bnc#1022967).
- input: i8042 - add Gigabyte P57 to the keyboard reset table
(bnc#1012382).
- iommu/vt-d: Avoid calling virt_to_phys() on null pointer (bsc#1061067).
- ipv6: accept 64k - 1 packet length in ip6_find_1stfragopt()
(bnc#1012382).
- ipv6: add rcu grace period before freeing fib6_node (bnc#1012382).
- ipv6: fix memory leak with multiple tables during netns destruction
(bnc#1012382).
- ipv6: fix sparse warning on rt6i_node (bnc#1012382).
- ipv6: fix typo in fib6_net_exit() (bnc#1012382).
- iw_cxgb4: put ep reference in pass_accept_req() (fate#321658 bsc#1005778
fate#321660 bsc#1005780 fate#321661 bsc#1005781).
- KABI fix drivers/nvme/target/nvmet.h (bsc#1058550).
- kabi/severities: ignore nfs_pgio_data_destroy
- kABI: Workaround kABI breakage of AMD-AVIC fixes (bsc#1044503).
- keys: fix writing past end of user-supplied buffer in keyring_read()
(bnc#1012382).
- keys: prevent creating a different user's keyrings (bnc#1012382).
- keys: prevent KEYCTL_READ on negative key (bnc#1012382).
- kvm: Add struct kvm_vcpu pointer parameter to get_enable_apicv()
(bsc#1044503).
- kvm: async_pf: Fix #DF due to inject "Page not Present" and "Page Ready"
exceptions simultaneously (bsc#1061017).
- kvm: PPC: Book3S: Fix race and leak in kvm_vm_ioctl_create_spapr_tce()
(bnc#1012382).
- kvm: SVM: Add a missing 'break' statement (bsc#1061017).
- kvm: SVM: Add irqchip_split() checks before enabling AVIC (bsc#1044503).
- kvm: SVM: delete avic_vm_id_bitmap (2 megabyte static array)
(bsc#1059500).
- kvm: SVM: Refactor AVIC vcpu initialization into avic_init_vcpu()
(bsc#1044503).
- kvm: VMX: do not change SN bit in vmx_update_pi_irte() (bsc#1061017).
- kvm: VMX: remove WARN_ON_ONCE in kvm_vcpu_trigger_posted_interrupt
(bsc#1061017).
- kvm: VMX: use cmpxchg64 (bnc#1012382).
- mac80211: flush hw_roc_start work before cancelling the ROC
(bnc#1012382).
- md/bitmap: disable bitmap_resize for file-backed bitmaps (bsc#1061172).
- md/raid5: preserve STRIPE_ON_UNPLUG_LIST in break_stripe_batch_list
(bnc#1012382).
- md/raid5: release/flush io in raid5_do_work() (bnc#1012382).
- media: uvcvideo: Prevent heap overflow when accessing mapped controls
(bnc#1012382).
- media: v4l2-compat-ioctl32: Fix timespec conversion (bnc#1012382).
- mips: math-emu:
Patch
Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1160=1 To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.3 (noarch): kernel-devel-4.4.90-28.1 kernel-docs-4.4.90-28.2 kernel-docs-html-4.4.90-28.2 kernel-docs-pdf-4.4.90-28.2 kernel-macros-4.4.90-28.1 kernel-source-4.4.90-28.1 kernel-source-vanilla-4.4.90-28.1 - openSUSE Leap 42.3 (x86_64): kernel-debug-4.4.90-28.1 kernel-debug-base-4.4.90-28.1 kernel-debug-base-debuginfo-4.4.90-28.1 kernel-debug-debuginfo-4.4.90-28.1 kernel-debug-debugsource-4.4.90-28.1 kernel-debug-devel-4.4.90-28.1 kernel-debug-devel-debuginfo-4.4.90-28.1 kernel-default-4.4.90-28.1 kernel-default-base-4.4.90-28.1 kernel-default-base-debuginfo-4.4.90-28.1 kernel-default-debuginfo-4.4.90-28.1 kernel-default-debugsource-4.4.90-28.1 kernel-default-devel-4.4.90-28.1 kernel-obs-build-4.4.90-28.1 kernel-obs-build-debugsource-4.4.90-28.1 kernel-obs-qa-4.4.90-28.1 kernel-syms-4.4.90-28.1 kernel-vanilla-4.4.90-28.1 kernel-vanilla-base-4.4.90-28.1 kernel-vanilla-base-debuginfo-4.4.90-28.1 kernel-vanilla-debuginfo-4.4.90-28.1 kernel-vanilla-debugsource-4.4.90-28.1 kernel-vanilla-devel-4.4.90-28.1
References
https://www.suse.com/security/cve/CVE-2017-1000252.html https://www.suse.com/security/cve/CVE-2017-12153.html https://www.suse.com/security/cve/CVE-2017-12154.html https://www.suse.com/security/cve/CVE-2017-14489.html https://bugzilla.suse.com/1005778 https://bugzilla.suse.com/1005780 https://bugzilla.suse.com/1005781 https://bugzilla.suse.com/1012382 https://bugzilla.suse.com/1022967 https://bugzilla.suse.com/1036215 https://bugzilla.suse.com/1036737 https://bugzilla.suse.com/1037579 https://bugzilla.suse.com/1037890 https://bugzilla.suse.com/1043598 https://bugzilla.suse.com/1044503 https://bugzilla.suse.com/1047238 https://bugzilla.suse.com/1051987 https://bugzilla.suse.com/1052593 https://bugzilla.suse.com/1053043 https://bugzilla.suse.com/1055493 https://bugzilla.suse.com/1055755 https://bugzilla.suse.com/1056686 https://bugzilla.suse.com/1057383 https://bugzilla.suse.com/1057498 https://bugzilla.suse.com/1058038 https://bugzilla.suse.com/1058410 https://bugzilla.suse.com/1058507 https://bugzilla.suse.com/1058512 https://bugzilla.suse.com/1058550 https://bugzilla.suse.com/1059051 https://bugzilla.suse.com/1059465 https://bugzilla.suse.com/1059500 https://bugzilla.suse.com/1060197 https://bugzilla.suse.com/1060229 https://bugzilla.suse.com/1061017 https://bugzilla.suse.com/1061046 https://bugzilla.suse.com/1061064 https://bugzilla.suse.com/1061067 https://bugzilla.suse.com/1061172 https://bugzilla.suse.com/1061831 https://bugzilla.suse.com/1061872--