Vulnerability-Lookup

CVE-2017-7533 (GCVE-0-2017-7533)

Vulnerability from cvelistv5 – Published: 2017-08-05 16:00 – Updated: 2024-08-05 16:04

Summary

Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.

Severity

No CVSS data available.

CWE

race condition

Assigner

redhat

References

20 references

URL	Tags
http://www.debian.org/security/2017/dsa-3927	vendor-advisoryx_refsource_DEBIAN
https://patchwork.kernel.org/patch/9755757/	x_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1468283	x_refsource_MISC
http://www.securityfocus.com/bid/100123	vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2669	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:2473	vendor-advisoryx_refsource_REDHAT
http://openwall.com/lists/oss-security/2017/08/03/2	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:2585	vendor-advisoryx_refsource_REDHAT
https://patchwork.kernel.org/patch/9755753/	x_refsource_MISC
https://github.com/torvalds/linux/commit/49d31c2f…	x_refsource_MISC
https://www.mail-archive.com/linux-kernel%40vger.…	x_refsource_MISC
http://www.debian.org/security/2017/dsa-3945	vendor-advisoryx_refsource_DEBIAN
https://source.android.com/security/bulletin/2017-12-01	x_refsource_CONFIRM
http://www.securitytracker.com/id/1039075	vdb-entryx_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2017:2770	vendor-advisoryx_refsource_REDHAT
http://git.kernel.org/cgit/linux/kernel/git/torva…	x_refsource_MISC
https://access.redhat.com/errata/RHSA-2017:2869	vendor-advisoryx_refsource_REDHAT
http://www.openwall.com/lists/oss-security/2019/06/27/7	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/06/28/1	mailing-listx_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/06/28/2	mailing-listx_refsource_MLIST

Impacted products

1 product

Vendor	Product	Version
n/a	Linux kernel through 4.12.4	Affected: Linux kernel through 4.12.4

Date Public

2017-08-05 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T16:04:11.899Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3927",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3927"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.kernel.org/patch/9755757/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283"
          },
          {
            "name": "100123",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/100123"
          },
          {
            "name": "RHSA-2017:2669",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2669"
          },
          {
            "name": "RHSA-2017:2473",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2473"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://openwall.com/lists/oss-security/2017/08/03/2"
          },
          {
            "name": "RHSA-2017:2585",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2585"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://patchwork.kernel.org/patch/9755753/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html"
          },
          {
            "name": "DSA-3945",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3945"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://source.android.com/security/bulletin/2017-12-01"
          },
          {
            "name": "1039075",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039075"
          },
          {
            "name": "RHSA-2017:2770",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2770"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"
          },
          {
            "name": "RHSA-2017:2869",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2869"
          },
          {
            "name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
          },
          {
            "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel through 4.12.4",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel through 4.12.4"
            }
          ]
        }
      ],
      "datePublic": "2017-08-05T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "race condition",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-06-28T20:06:05.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-3927",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3927"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.kernel.org/patch/9755757/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468283"
        },
        {
          "name": "100123",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/100123"
        },
        {
          "name": "RHSA-2017:2669",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2669"
        },
        {
          "name": "RHSA-2017:2473",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2473"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://openwall.com/lists/oss-security/2017/08/03/2"
        },
        {
          "name": "RHSA-2017:2585",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2585"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://patchwork.kernel.org/patch/9755753/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html"
        },
        {
          "name": "DSA-3945",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3945"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://source.android.com/security/bulletin/2017-12-01"
        },
        {
          "name": "1039075",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039075"
        },
        {
          "name": "RHSA-2017:2770",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2770"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e"
        },
        {
          "name": "RHSA-2017:2869",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2869"
        },
        {
          "name": "[oss-security] 20190627 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/27/7"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/1"
        },
        {
          "name": "[oss-security] 20190628 Re: linux-distros membership application - Microsoft",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/28/2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-7533",
    "datePublished": "2017-08-05T16:00:00.000Z",
    "dateReserved": "2017-04-05T00:00:00.000Z",
    "dateUpdated": "2024-08-05T16:04:11.899Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-7533",
      "date": "2026-05-27",
      "epss": "0.09416",
      "percentile": "0.92909"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-7533\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-08-05T16:29:00.180\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.\"},{\"lang\":\"es\",\"value\":\"Una condici\u00f3n de carrera en la implementaci\u00f3n de fsnotify en el kernel de Linux hasta la versi\u00f3n 4.12.4, permite a los usuarios locales alcanzar privilegios o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) por medio de una aplicaci\u00f3n creada que aprovecha la ejecuci\u00f3n simult\u00e1nea de las funciones inotify_handle_event y vfs_rename.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-362\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.14\",\"versionEndExcluding\":\"3.16.47\",\"matchCriteriaId\":\"92869CCB-E9ED-4079-8754-0E8BFFC7A607\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.17\",\"versionEndExcluding\":\"3.18.64\",\"matchCriteriaId\":\"226BE74E-0154-4F65-B5DC-E4C7AA03D270\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.19\",\"versionEndExcluding\":\"4.4.80\",\"matchCriteriaId\":\"13528C00-9A5F-4D0D-9BA4-FE4613F5C0AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5\",\"versionEndExcluding\":\"4.9.41\",\"matchCriteriaId\":\"26275761-EE66-4513-A2C7-DEB0432414CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.12.5\",\"matchCriteriaId\":\"17029DFF-1DBB-4776-BC98-7B7D48008881\"}]}]}],\"references\":[{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2017/08/03/2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3927\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3945\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/27/7\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/28/1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/28/2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100123\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039075\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2473\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2585\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2669\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2770\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2869\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1468283\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://patchwork.kernel.org/patch/9755753/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://patchwork.kernel.org/patch/9755757/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://source.android.com/security/bulletin/2017-12-01\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=49d31c2f389acfe83417083e1208422b4091cd9e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2017/08/03/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3927\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3945\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/27/7\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/28/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2019/06/28/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100123\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2473\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2585\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2669\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2770\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2017:2869\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1468283\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/torvalds/linux/commit/49d31c2f389acfe83417083e1208422b4091cd9e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://patchwork.kernel.org/patch/9755753/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://patchwork.kernel.org/patch/9755757/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://source.android.com/security/bulletin/2017-12-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1408967.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

SUSE-SU-2017:2088-1

Vulnerability from csaf_suse - Published: 2017-08-08 07:27 - Updated: 2017-08-08 07:27

Summary

Security update for Linux Kernel Live Patch 8 for SLE 12 SP1

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 8 for SLE 12 SP1

Description of the patch: This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).

Patchnames: SUSE-SLE-SAP-12-SP1-2017-1295,SUSE-SLE-SERVER-12-SP1-2017-1295

CVE-2017-2636

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-7533

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7645

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-8890

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-9242

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

41 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1027575	self
https://bugzilla.suse.com/1038564	self
https://bugzilla.suse.com/1042892	self
https://bugzilla.suse.com/1046191	self
https://bugzilla.suse.com/1050751	self
https://www.suse.com/security/cve/CVE-2017-2636/	self
https://www.suse.com/security/cve/CVE-2017-7533/	self
https://www.suse.com/security/cve/CVE-2017-7645/	self
https://www.suse.com/security/cve/CVE-2017-8890/	self
https://www.suse.com/security/cve/CVE-2017-9242/	self
https://www.suse.com/security/cve/CVE-2017-2636	external
https://bugzilla.suse.com/1027565	external
https://bugzilla.suse.com/1027575	external
https://bugzilla.suse.com/1028372	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-7533	external
https://bugzilla.suse.com/1049483	external
https://bugzilla.suse.com/1050677	external
https://bugzilla.suse.com/1050751	external
https://bugzilla.suse.com/1053919	external
https://www.suse.com/security/cve/CVE-2017-7645	external
https://bugzilla.suse.com/1034670	external
https://bugzilla.suse.com/1036741	external
https://bugzilla.suse.com/1046191	external
https://bugzilla.suse.com/1087082	external
https://www.suse.com/security/cve/CVE-2017-8890	external
https://bugzilla.suse.com/1038544	external
https://bugzilla.suse.com/1038564	external
https://bugzilla.suse.com/1039883	external
https://bugzilla.suse.com/1039885	external
https://bugzilla.suse.com/1040069	external
https://bugzilla.suse.com/1042364	external
https://bugzilla.suse.com/1051906	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-9242	external
https://bugzilla.suse.com/1041431	external
https://bugzilla.suse.com/1042892	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 8 for SLE 12 SP1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.62-60_64_8 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-SP1-2017-1295,SUSE-SLE-SERVER-12-SP1-2017-1295",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2088-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2088-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172088-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2088-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003107.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1027575",
        "url": "https://bugzilla.suse.com/1027575"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1038564",
        "url": "https://bugzilla.suse.com/1038564"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042892",
        "url": "https://bugzilla.suse.com/1042892"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1046191",
        "url": "https://bugzilla.suse.com/1046191"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050751",
        "url": "https://bugzilla.suse.com/1050751"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-2636 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-2636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7533 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7645 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7645/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-8890 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-8890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9242 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9242/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 8 for SLE 12 SP1",
    "tracking": {
      "current_release_date": "2017-08-08T07:27:40Z",
      "generator": {
        "date": "2017-08-08T07:27:40Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2088-1",
      "initial_release_date": "2017-08-08T07:27:40Z",
      "revision_history": [
        {
          "date": "2017-08-08T07:27:40Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-2636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-2636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-2636",
          "url": "https://www.suse.com/security/cve/CVE-2017-2636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1027565 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1027565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1027575 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1027575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1028372 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1028372"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:40Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-2636"
    },
    {
      "cve": "CVE-2017-7533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7533",
          "url": "https://www.suse.com/security/cve/CVE-2017-7533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049483 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1049483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050677 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050751 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053919 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1053919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7533"
    },
    {
      "cve": "CVE-2017-7645",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7645"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7645",
          "url": "https://www.suse.com/security/cve/CVE-2017-7645"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034670 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1034670"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1036741 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1036741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1046191 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1046191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1087082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7645"
    },
    {
      "cve": "CVE-2017-8890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-8890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-8890",
          "url": "https://www.suse.com/security/cve/CVE-2017-8890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038544 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038544"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038564 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038564"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039883 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039883"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039885 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039885"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040069 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1040069"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042364 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1042364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1051906 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1051906"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-8890"
    },
    {
      "cve": "CVE-2017-9242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9242",
          "url": "https://www.suse.com/security/cve/CVE-2017-9242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1041431 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1041431"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042892 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1042892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-default-10-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_62-60_64_8-xen-10-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:40Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-9242"
    }
  ]
}

SUSE-SU-2017:2089-1

Vulnerability from csaf_suse - Published: 2017-08-08 07:26 - Updated: 2017-08-08 07:26

Summary

Security update for Linux Kernel Live Patch 17 for SLE 12 SP1

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 17 for SLE 12 SP1

Description of the patch: This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).

Patchnames: SUSE-SLE-SAP-12-SP1-2017-1290,SUSE-SLE-SERVER-12-SP1-2017-1290

CVE-2017-7533

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-8890

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-9242

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

27 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1038564	self
https://bugzilla.suse.com/1042892	self
https://bugzilla.suse.com/1050751	self
https://www.suse.com/security/cve/CVE-2017-7533/	self
https://www.suse.com/security/cve/CVE-2017-8890/	self
https://www.suse.com/security/cve/CVE-2017-9242/	self
https://www.suse.com/security/cve/CVE-2017-7533	external
https://bugzilla.suse.com/1049483	external
https://bugzilla.suse.com/1050677	external
https://bugzilla.suse.com/1050751	external
https://bugzilla.suse.com/1053919	external
https://www.suse.com/security/cve/CVE-2017-8890	external
https://bugzilla.suse.com/1038544	external
https://bugzilla.suse.com/1038564	external
https://bugzilla.suse.com/1039883	external
https://bugzilla.suse.com/1039885	external
https://bugzilla.suse.com/1040069	external
https://bugzilla.suse.com/1042364	external
https://bugzilla.suse.com/1051906	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-9242	external
https://bugzilla.suse.com/1041431	external
https://bugzilla.suse.com/1042892	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 17 for SLE 12 SP1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.74-60_64_48 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-SP1-2017-1290,SUSE-SLE-SERVER-12-SP1-2017-1290",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2089-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2089-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172089-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2089-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003108.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1038564",
        "url": "https://bugzilla.suse.com/1038564"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042892",
        "url": "https://bugzilla.suse.com/1042892"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050751",
        "url": "https://bugzilla.suse.com/1050751"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7533 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-8890 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-8890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9242 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9242/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 17 for SLE 12 SP1",
    "tracking": {
      "current_release_date": "2017-08-08T07:26:54Z",
      "generator": {
        "date": "2017-08-08T07:26:54Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2089-1",
      "initial_release_date": "2017-08-08T07:26:54Z",
      "revision_history": [
        {
          "date": "2017-08-08T07:26:54Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-7533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7533",
          "url": "https://www.suse.com/security/cve/CVE-2017-7533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049483 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1049483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050677 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050751 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053919 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1053919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:26:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7533"
    },
    {
      "cve": "CVE-2017-8890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-8890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-8890",
          "url": "https://www.suse.com/security/cve/CVE-2017-8890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038544 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038544"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038564 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038564"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039883 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039883"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039885 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039885"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040069 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1040069"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042364 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1042364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1051906 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1051906"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:26:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-8890"
    },
    {
      "cve": "CVE-2017-9242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9242",
          "url": "https://www.suse.com/security/cve/CVE-2017-9242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1041431 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1041431"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042892 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1042892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_48-xen-2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:26:54Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-9242"
    }
  ]
}

SUSE-SU-2017:2090-1

Vulnerability from csaf_suse - Published: 2017-08-08 07:27 - Updated: 2017-08-08 07:27

Summary

Security update for Linux Kernel Live Patch 16 for SLE 12 SP1

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 16 for SLE 12 SP1

Description of the patch: This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).

Patchnames: SUSE-SLE-SAP-12-SP1-2017-1292,SUSE-SLE-SERVER-12-SP1-2017-1292

CVE-2017-7533

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-8890

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-9242

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

27 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1038564	self
https://bugzilla.suse.com/1042892	self
https://bugzilla.suse.com/1050751	self
https://www.suse.com/security/cve/CVE-2017-7533/	self
https://www.suse.com/security/cve/CVE-2017-8890/	self
https://www.suse.com/security/cve/CVE-2017-9242/	self
https://www.suse.com/security/cve/CVE-2017-7533	external
https://bugzilla.suse.com/1049483	external
https://bugzilla.suse.com/1050677	external
https://bugzilla.suse.com/1050751	external
https://bugzilla.suse.com/1053919	external
https://www.suse.com/security/cve/CVE-2017-8890	external
https://bugzilla.suse.com/1038544	external
https://bugzilla.suse.com/1038564	external
https://bugzilla.suse.com/1039883	external
https://bugzilla.suse.com/1039885	external
https://bugzilla.suse.com/1040069	external
https://bugzilla.suse.com/1042364	external
https://bugzilla.suse.com/1051906	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-9242	external
https://bugzilla.suse.com/1041431	external
https://bugzilla.suse.com/1042892	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 16 for SLE 12 SP1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-SP1-2017-1292,SUSE-SLE-SERVER-12-SP1-2017-1292",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2090-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2090-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172090-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2090-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003109.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1038564",
        "url": "https://bugzilla.suse.com/1038564"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042892",
        "url": "https://bugzilla.suse.com/1042892"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050751",
        "url": "https://bugzilla.suse.com/1050751"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7533 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-8890 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-8890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9242 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9242/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 16 for SLE 12 SP1",
    "tracking": {
      "current_release_date": "2017-08-08T07:27:15Z",
      "generator": {
        "date": "2017-08-08T07:27:15Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2090-1",
      "initial_release_date": "2017-08-08T07:27:15Z",
      "revision_history": [
        {
          "date": "2017-08-08T07:27:15Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-7533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7533",
          "url": "https://www.suse.com/security/cve/CVE-2017-7533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049483 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1049483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050677 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050751 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053919 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1053919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:15Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7533"
    },
    {
      "cve": "CVE-2017-8890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-8890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-8890",
          "url": "https://www.suse.com/security/cve/CVE-2017-8890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038544 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038544"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038564 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038564"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039883 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039883"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039885 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039885"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040069 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1040069"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042364 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1042364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1051906 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1051906"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:15Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-8890"
    },
    {
      "cve": "CVE-2017-9242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9242",
          "url": "https://www.suse.com/security/cve/CVE-2017-9242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1041431 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1041431"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042892 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1042892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:15Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-9242"
    }
  ]
}

SUSE-SU-2017:2091-1

Vulnerability from csaf_suse - Published: 2017-08-08 07:27 - Updated: 2017-08-08 07:27

Summary

Security update for Linux Kernel Live Patch 14 for SLE 12 SP1

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 14 for SLE 12 SP1

Description of the patch: This update for the Linux Kernel 3.12.69-60_64_35 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).

Patchnames: SUSE-SLE-SAP-12-SP1-2017-1294,SUSE-SLE-SERVER-12-SP1-2017-1294

CVE-2017-7533

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7645

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-8890

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-9242

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

34 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1038564	self
https://bugzilla.suse.com/1042892	self
https://bugzilla.suse.com/1046191	self
https://bugzilla.suse.com/1050751	self
https://www.suse.com/security/cve/CVE-2017-7533/	self
https://www.suse.com/security/cve/CVE-2017-7645/	self
https://www.suse.com/security/cve/CVE-2017-8890/	self
https://www.suse.com/security/cve/CVE-2017-9242/	self
https://www.suse.com/security/cve/CVE-2017-7533	external
https://bugzilla.suse.com/1049483	external
https://bugzilla.suse.com/1050677	external
https://bugzilla.suse.com/1050751	external
https://bugzilla.suse.com/1053919	external
https://www.suse.com/security/cve/CVE-2017-7645	external
https://bugzilla.suse.com/1034670	external
https://bugzilla.suse.com/1036741	external
https://bugzilla.suse.com/1046191	external
https://bugzilla.suse.com/1087082	external
https://www.suse.com/security/cve/CVE-2017-8890	external
https://bugzilla.suse.com/1038544	external
https://bugzilla.suse.com/1038564	external
https://bugzilla.suse.com/1039883	external
https://bugzilla.suse.com/1039885	external
https://bugzilla.suse.com/1040069	external
https://bugzilla.suse.com/1042364	external
https://bugzilla.suse.com/1051906	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-9242	external
https://bugzilla.suse.com/1041431	external
https://bugzilla.suse.com/1042892	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 14 for SLE 12 SP1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.69-60_64_35 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-SP1-2017-1294,SUSE-SLE-SERVER-12-SP1-2017-1294",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2091-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2091-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172091-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2091-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003110.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1038564",
        "url": "https://bugzilla.suse.com/1038564"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042892",
        "url": "https://bugzilla.suse.com/1042892"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1046191",
        "url": "https://bugzilla.suse.com/1046191"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050751",
        "url": "https://bugzilla.suse.com/1050751"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7533 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7645 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7645/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-8890 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-8890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9242 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9242/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 14 for SLE 12 SP1",
    "tracking": {
      "current_release_date": "2017-08-08T07:27:31Z",
      "generator": {
        "date": "2017-08-08T07:27:31Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2091-1",
      "initial_release_date": "2017-08-08T07:27:31Z",
      "revision_history": [
        {
          "date": "2017-08-08T07:27:31Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-7533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7533",
          "url": "https://www.suse.com/security/cve/CVE-2017-7533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049483 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1049483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050677 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050751 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053919 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1053919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7533"
    },
    {
      "cve": "CVE-2017-7645",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7645"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7645",
          "url": "https://www.suse.com/security/cve/CVE-2017-7645"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034670 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1034670"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1036741 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1036741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1046191 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1046191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1087082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7645"
    },
    {
      "cve": "CVE-2017-8890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-8890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-8890",
          "url": "https://www.suse.com/security/cve/CVE-2017-8890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038544 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038544"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038564 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038564"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039883 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039883"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039885 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039885"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040069 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1040069"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042364 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1042364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1051906 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1051906"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-8890"
    },
    {
      "cve": "CVE-2017-9242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9242",
          "url": "https://www.suse.com/security/cve/CVE-2017-9242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1041431 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1041431"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042892 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1042892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-default-4-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_35-xen-4-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:31Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-9242"
    }
  ]
}

SUSE-SU-2017:2092-1

Vulnerability from csaf_suse - Published: 2017-08-08 07:27 - Updated: 2017-08-08 07:27

Summary

Security update for Linux Kernel Live Patch 13 for SLE 12 SP1

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 13 for SLE 12 SP1

Description of the patch: This update for the Linux Kernel 3.12.69-60_64_32 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).

Patchnames: SUSE-SLE-SAP-12-SP1-2017-1293,SUSE-SLE-SERVER-12-SP1-2017-1293

CVE-2017-2636

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-7533

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7645

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-8890

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-9242

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

41 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1027575	self
https://bugzilla.suse.com/1038564	self
https://bugzilla.suse.com/1042892	self
https://bugzilla.suse.com/1046191	self
https://bugzilla.suse.com/1050751	self
https://www.suse.com/security/cve/CVE-2017-2636/	self
https://www.suse.com/security/cve/CVE-2017-7533/	self
https://www.suse.com/security/cve/CVE-2017-7645/	self
https://www.suse.com/security/cve/CVE-2017-8890/	self
https://www.suse.com/security/cve/CVE-2017-9242/	self
https://www.suse.com/security/cve/CVE-2017-2636	external
https://bugzilla.suse.com/1027565	external
https://bugzilla.suse.com/1027575	external
https://bugzilla.suse.com/1028372	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-7533	external
https://bugzilla.suse.com/1049483	external
https://bugzilla.suse.com/1050677	external
https://bugzilla.suse.com/1050751	external
https://bugzilla.suse.com/1053919	external
https://www.suse.com/security/cve/CVE-2017-7645	external
https://bugzilla.suse.com/1034670	external
https://bugzilla.suse.com/1036741	external
https://bugzilla.suse.com/1046191	external
https://bugzilla.suse.com/1087082	external
https://www.suse.com/security/cve/CVE-2017-8890	external
https://bugzilla.suse.com/1038544	external
https://bugzilla.suse.com/1038564	external
https://bugzilla.suse.com/1039883	external
https://bugzilla.suse.com/1039885	external
https://bugzilla.suse.com/1040069	external
https://bugzilla.suse.com/1042364	external
https://bugzilla.suse.com/1051906	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-9242	external
https://bugzilla.suse.com/1041431	external
https://bugzilla.suse.com/1042892	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 13 for SLE 12 SP1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.69-60_64_32 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-SP1-2017-1293,SUSE-SLE-SERVER-12-SP1-2017-1293",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2092-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2092-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172092-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2092-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003111.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1027575",
        "url": "https://bugzilla.suse.com/1027575"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1038564",
        "url": "https://bugzilla.suse.com/1038564"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042892",
        "url": "https://bugzilla.suse.com/1042892"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1046191",
        "url": "https://bugzilla.suse.com/1046191"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050751",
        "url": "https://bugzilla.suse.com/1050751"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-2636 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-2636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7533 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7645 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7645/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-8890 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-8890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9242 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9242/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 13 for SLE 12 SP1",
    "tracking": {
      "current_release_date": "2017-08-08T07:27:24Z",
      "generator": {
        "date": "2017-08-08T07:27:24Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2092-1",
      "initial_release_date": "2017-08-08T07:27:24Z",
      "revision_history": [
        {
          "date": "2017-08-08T07:27:24Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-2636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-2636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-2636",
          "url": "https://www.suse.com/security/cve/CVE-2017-2636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1027565 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1027565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1027575 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1027575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1028372 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1028372"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:24Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-2636"
    },
    {
      "cve": "CVE-2017-7533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7533",
          "url": "https://www.suse.com/security/cve/CVE-2017-7533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049483 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1049483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050677 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050751 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053919 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1053919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:24Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7533"
    },
    {
      "cve": "CVE-2017-7645",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7645"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7645",
          "url": "https://www.suse.com/security/cve/CVE-2017-7645"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034670 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1034670"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1036741 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1036741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1046191 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1046191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1087082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:24Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7645"
    },
    {
      "cve": "CVE-2017-8890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-8890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-8890",
          "url": "https://www.suse.com/security/cve/CVE-2017-8890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038544 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038544"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038564 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038564"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039883 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039883"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039885 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039885"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040069 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1040069"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042364 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1042364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1051906 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1051906"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:24Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-8890"
    },
    {
      "cve": "CVE-2017-9242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9242",
          "url": "https://www.suse.com/security/cve/CVE-2017-9242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1041431 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1041431"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042892 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1042892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-default-5-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_32-xen-5-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:24Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-9242"
    }
  ]
}

SUSE-SU-2017:2093-1

Vulnerability from csaf_suse - Published: 2017-08-08 09:29 - Updated: 2017-08-08 09:29

Summary

Security update for Linux Kernel Live Patch 17 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 17 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.60-52_60 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).

Patchnames: SUSE-SLE-SAP-12-2017-1296,SUSE-SLE-SERVER-12-2017-1296

CVE-2017-2636

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-7533

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7645

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-9242

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

30 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1027575	self
https://bugzilla.suse.com/1042892	self
https://bugzilla.suse.com/1046191	self
https://bugzilla.suse.com/1050751	self
https://www.suse.com/security/cve/CVE-2017-2636/	self
https://www.suse.com/security/cve/CVE-2017-7533/	self
https://www.suse.com/security/cve/CVE-2017-7645/	self
https://www.suse.com/security/cve/CVE-2017-9242/	self
https://www.suse.com/security/cve/CVE-2017-2636	external
https://bugzilla.suse.com/1027565	external
https://bugzilla.suse.com/1027575	external
https://bugzilla.suse.com/1028372	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-7533	external
https://bugzilla.suse.com/1049483	external
https://bugzilla.suse.com/1050677	external
https://bugzilla.suse.com/1050751	external
https://bugzilla.suse.com/1053919	external
https://www.suse.com/security/cve/CVE-2017-7645	external
https://bugzilla.suse.com/1034670	external
https://bugzilla.suse.com/1036741	external
https://bugzilla.suse.com/1046191	external
https://bugzilla.suse.com/1087082	external
https://www.suse.com/security/cve/CVE-2017-9242	external
https://bugzilla.suse.com/1041431	external
https://bugzilla.suse.com/1042892	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 17 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.60-52_60 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-2017-1296,SUSE-SLE-SERVER-12-2017-1296",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2093-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2093-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172093-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2093-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003112.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1027575",
        "url": "https://bugzilla.suse.com/1027575"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042892",
        "url": "https://bugzilla.suse.com/1042892"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1046191",
        "url": "https://bugzilla.suse.com/1046191"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050751",
        "url": "https://bugzilla.suse.com/1050751"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-2636 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-2636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7533 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7645 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7645/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9242 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9242/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 17 for SLE 12",
    "tracking": {
      "current_release_date": "2017-08-08T09:29:06Z",
      "generator": {
        "date": "2017-08-08T09:29:06Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2093-1",
      "initial_release_date": "2017-08-08T09:29:06Z",
      "revision_history": [
        {
          "date": "2017-08-08T09:29:06Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-2636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-2636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-2636",
          "url": "https://www.suse.com/security/cve/CVE-2017-2636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1027565 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1027565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1027575 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1027575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1028372 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1028372"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:06Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-2636"
    },
    {
      "cve": "CVE-2017-7533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7533",
          "url": "https://www.suse.com/security/cve/CVE-2017-7533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049483 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1049483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050677 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050751 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053919 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1053919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7533"
    },
    {
      "cve": "CVE-2017-7645",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7645"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7645",
          "url": "https://www.suse.com/security/cve/CVE-2017-7645"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034670 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1034670"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1036741 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1036741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1046191 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1046191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1087082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7645"
    },
    {
      "cve": "CVE-2017-9242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9242",
          "url": "https://www.suse.com/security/cve/CVE-2017-9242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1041431 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1041431"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042892 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1042892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_60-xen-7-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:06Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-9242"
    }
  ]
}

SUSE-SU-2017:2094-1

Vulnerability from csaf_suse - Published: 2017-08-08 07:27 - Updated: 2017-08-08 07:27

Summary

Security update for Linux Kernel Live Patch 15 for SLE 12 SP1

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 15 for SLE 12 SP1

Description of the patch: This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892). - CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564). The following non-security bug was fixed: - A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878)

Patchnames: SUSE-SLE-SAP-12-SP1-2017-1291,SUSE-SLE-SERVER-12-SP1-2017-1291

CVE-2017-7533

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-8890

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-9242

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

28 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1038564	self
https://bugzilla.suse.com/1042892	self
https://bugzilla.suse.com/1044878	self
https://bugzilla.suse.com/1050751	self
https://www.suse.com/security/cve/CVE-2017-7533/	self
https://www.suse.com/security/cve/CVE-2017-8890/	self
https://www.suse.com/security/cve/CVE-2017-9242/	self
https://www.suse.com/security/cve/CVE-2017-7533	external
https://bugzilla.suse.com/1049483	external
https://bugzilla.suse.com/1050677	external
https://bugzilla.suse.com/1050751	external
https://bugzilla.suse.com/1053919	external
https://www.suse.com/security/cve/CVE-2017-8890	external
https://bugzilla.suse.com/1038544	external
https://bugzilla.suse.com/1038564	external
https://bugzilla.suse.com/1039883	external
https://bugzilla.suse.com/1039885	external
https://bugzilla.suse.com/1040069	external
https://bugzilla.suse.com/1042364	external
https://bugzilla.suse.com/1051906	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-9242	external
https://bugzilla.suse.com/1041431	external
https://bugzilla.suse.com/1042892	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 15 for SLE 12 SP1",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.74-60_64_40 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n- CVE-2017-8890: The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allowed attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call (bsc#1038564).\n\nThe following non-security bug was fixed:\n\n- A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-SP1-2017-1291,SUSE-SLE-SERVER-12-SP1-2017-1291",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2094-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2094-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172094-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2094-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003113.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1038564",
        "url": "https://bugzilla.suse.com/1038564"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042892",
        "url": "https://bugzilla.suse.com/1042892"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1044878",
        "url": "https://bugzilla.suse.com/1044878"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050751",
        "url": "https://bugzilla.suse.com/1050751"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7533 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-8890 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-8890/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9242 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9242/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 15 for SLE 12 SP1",
    "tracking": {
      "current_release_date": "2017-08-08T07:27:07Z",
      "generator": {
        "date": "2017-08-08T07:27:07Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2094-1",
      "initial_release_date": "2017-08-08T07:27:07Z",
      "revision_history": [
        {
          "date": "2017-08-08T07:27:07Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12:sp1"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-7533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7533",
          "url": "https://www.suse.com/security/cve/CVE-2017-7533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049483 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1049483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050677 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050751 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053919 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1053919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:07Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7533"
    },
    {
      "cve": "CVE-2017-8890",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-8890"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-8890",
          "url": "https://www.suse.com/security/cve/CVE-2017-8890"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038544 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038544"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1038564 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1038564"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039883 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039883"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1039885 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1039885"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1040069 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1040069"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042364 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1042364"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1051906 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1051906"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-8890",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:07Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-8890"
    },
    {
      "cve": "CVE-2017-9242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9242",
          "url": "https://www.suse.com/security/cve/CVE-2017-9242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1041431 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1041431"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042892 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1042892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-default-3-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_40-xen-3-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T07:27:07Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-9242"
    }
  ]
}

SUSE-SU-2017:2095-1

Vulnerability from csaf_suse - Published: 2017-08-08 09:29 - Updated: 2017-08-08 09:29

Summary

Security update for Linux Kernel Live Patch 18 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 18 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.60-52_63 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).

Patchnames: SUSE-SLE-SAP-12-2017-1297,SUSE-SLE-SERVER-12-2017-1297

CVE-2017-2636

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-7533

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7645

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-9242

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

30 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1027575	self
https://bugzilla.suse.com/1042892	self
https://bugzilla.suse.com/1046191	self
https://bugzilla.suse.com/1050751	self
https://www.suse.com/security/cve/CVE-2017-2636/	self
https://www.suse.com/security/cve/CVE-2017-7533/	self
https://www.suse.com/security/cve/CVE-2017-7645/	self
https://www.suse.com/security/cve/CVE-2017-9242/	self
https://www.suse.com/security/cve/CVE-2017-2636	external
https://bugzilla.suse.com/1027565	external
https://bugzilla.suse.com/1027575	external
https://bugzilla.suse.com/1028372	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-7533	external
https://bugzilla.suse.com/1049483	external
https://bugzilla.suse.com/1050677	external
https://bugzilla.suse.com/1050751	external
https://bugzilla.suse.com/1053919	external
https://www.suse.com/security/cve/CVE-2017-7645	external
https://bugzilla.suse.com/1034670	external
https://bugzilla.suse.com/1036741	external
https://bugzilla.suse.com/1046191	external
https://bugzilla.suse.com/1087082	external
https://www.suse.com/security/cve/CVE-2017-9242	external
https://bugzilla.suse.com/1041431	external
https://bugzilla.suse.com/1042892	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 18 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.60-52_63 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-2017-1297,SUSE-SLE-SERVER-12-2017-1297",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2095-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2095-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172095-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2095-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003114.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1027575",
        "url": "https://bugzilla.suse.com/1027575"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042892",
        "url": "https://bugzilla.suse.com/1042892"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1046191",
        "url": "https://bugzilla.suse.com/1046191"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050751",
        "url": "https://bugzilla.suse.com/1050751"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-2636 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-2636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7533 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7645 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7645/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9242 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9242/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 18 for SLE 12",
    "tracking": {
      "current_release_date": "2017-08-08T09:29:14Z",
      "generator": {
        "date": "2017-08-08T09:29:14Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2095-1",
      "initial_release_date": "2017-08-08T09:29:14Z",
      "revision_history": [
        {
          "date": "2017-08-08T09:29:14Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-2636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-2636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-2636",
          "url": "https://www.suse.com/security/cve/CVE-2017-2636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1027565 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1027565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1027575 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1027575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1028372 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1028372"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:14Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-2636"
    },
    {
      "cve": "CVE-2017-7533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7533",
          "url": "https://www.suse.com/security/cve/CVE-2017-7533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049483 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1049483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050677 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050751 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053919 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1053919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:14Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7533"
    },
    {
      "cve": "CVE-2017-7645",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7645"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7645",
          "url": "https://www.suse.com/security/cve/CVE-2017-7645"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034670 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1034670"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1036741 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1036741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1046191 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1046191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1087082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:14Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7645"
    },
    {
      "cve": "CVE-2017-9242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9242",
          "url": "https://www.suse.com/security/cve/CVE-2017-9242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1041431 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1041431"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042892 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1042892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-default-7-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_60-52_63-xen-7-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:14Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-9242"
    }
  ]
}

SUSE-SU-2017:2096-1

Vulnerability from csaf_suse - Published: 2017-08-08 09:29 - Updated: 2017-08-08 09:29

Summary

Security update for Linux Kernel Live Patch 19 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 19 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.61-52_66 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575). - A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878) - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).

Patchnames: SUSE-SLE-SAP-12-2017-1298,SUSE-SLE-SERVER-12-2017-1298

CVE-2017-2636

7 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-7533

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7645

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-9242

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

31 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1027575	self
https://bugzilla.suse.com/1042892	self
https://bugzilla.suse.com/1044878	self
https://bugzilla.suse.com/1046191	self
https://bugzilla.suse.com/1050751	self
https://www.suse.com/security/cve/CVE-2017-2636/	self
https://www.suse.com/security/cve/CVE-2017-7533/	self
https://www.suse.com/security/cve/CVE-2017-7645/	self
https://www.suse.com/security/cve/CVE-2017-9242/	self
https://www.suse.com/security/cve/CVE-2017-2636	external
https://bugzilla.suse.com/1027565	external
https://bugzilla.suse.com/1027575	external
https://bugzilla.suse.com/1028372	external
https://bugzilla.suse.com/1115893	external
https://www.suse.com/security/cve/CVE-2017-7533	external
https://bugzilla.suse.com/1049483	external
https://bugzilla.suse.com/1050677	external
https://bugzilla.suse.com/1050751	external
https://bugzilla.suse.com/1053919	external
https://www.suse.com/security/cve/CVE-2017-7645	external
https://bugzilla.suse.com/1034670	external
https://bugzilla.suse.com/1036741	external
https://bugzilla.suse.com/1046191	external
https://bugzilla.suse.com/1087082	external
https://www.suse.com/security/cve/CVE-2017-9242	external
https://bugzilla.suse.com/1041431	external
https://bugzilla.suse.com/1042892	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 19 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.61-52_66 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-2636: Race condition in drivers/tty/n_hdlc.c in the Linux kernel allowed local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline (bsc#1027575).\n- A SUSE Linux Enterprise specific regression in tearing down network namespaces was fixed (bsc#1044878)\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-2017-1298,SUSE-SLE-SERVER-12-2017-1298",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2096-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2096-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172096-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2096-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003115.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1027575",
        "url": "https://bugzilla.suse.com/1027575"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042892",
        "url": "https://bugzilla.suse.com/1042892"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1044878",
        "url": "https://bugzilla.suse.com/1044878"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1046191",
        "url": "https://bugzilla.suse.com/1046191"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050751",
        "url": "https://bugzilla.suse.com/1050751"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-2636 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-2636/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7533 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7645 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7645/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9242 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9242/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 19 for SLE 12",
    "tracking": {
      "current_release_date": "2017-08-08T09:29:22Z",
      "generator": {
        "date": "2017-08-08T09:29:22Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2096-1",
      "initial_release_date": "2017-08-08T09:29:22Z",
      "revision_history": [
        {
          "date": "2017-08-08T09:29:22Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-2636",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-2636"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in drivers/tty/n_hdlc.c in the Linux kernel through 4.10.1 allows local users to gain privileges or cause a denial of service (double free) by setting the HDLC line discipline.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-2636",
          "url": "https://www.suse.com/security/cve/CVE-2017-2636"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1027565 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1027565"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1027575 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1027575"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1028372 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1028372"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1115893 for CVE-2017-2636",
          "url": "https://bugzilla.suse.com/1115893"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:22Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-2636"
    },
    {
      "cve": "CVE-2017-7533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7533",
          "url": "https://www.suse.com/security/cve/CVE-2017-7533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049483 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1049483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050677 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050751 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053919 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1053919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:22Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7533"
    },
    {
      "cve": "CVE-2017-7645",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7645"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7645",
          "url": "https://www.suse.com/security/cve/CVE-2017-7645"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034670 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1034670"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1036741 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1036741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1046191 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1046191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1087082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:22Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7645"
    },
    {
      "cve": "CVE-2017-9242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9242",
          "url": "https://www.suse.com/security/cve/CVE-2017-9242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1041431 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1041431"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042892 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1042892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-default-6-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_66-xen-6-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T09:29:22Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-9242"
    }
  ]
}

SUSE-SU-2017:2098-1

Vulnerability from csaf_suse - Published: 2017-08-08 11:31 - Updated: 2017-08-08 11:31

Summary

Security update for Linux Kernel Live Patch 23 for SLE 12

Severity

Important

Notes

Title of the patch: Security update for Linux Kernel Live Patch 23 for SLE 12

Description of the patch: This update for the Linux Kernel 3.12.61-52_80 fixes several issues. The following security bugs were fixed: - CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751). - CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191). - CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).

Patchnames: SUSE-SLE-SAP-12-2017-1300,SUSE-SLE-SERVER-12-2017-1300

CVE-2017-7533

7.4 (High)


                        
                          CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7645

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-9242

7.8 (High)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64	—	Vendor Fix

Threats

Impact important

References

23 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1042892	self
https://bugzilla.suse.com/1046191	self
https://bugzilla.suse.com/1050751	self
https://www.suse.com/security/cve/CVE-2017-7533/	self
https://www.suse.com/security/cve/CVE-2017-7645/	self
https://www.suse.com/security/cve/CVE-2017-9242/	self
https://www.suse.com/security/cve/CVE-2017-7533	external
https://bugzilla.suse.com/1049483	external
https://bugzilla.suse.com/1050677	external
https://bugzilla.suse.com/1050751	external
https://bugzilla.suse.com/1053919	external
https://www.suse.com/security/cve/CVE-2017-7645	external
https://bugzilla.suse.com/1034670	external
https://bugzilla.suse.com/1036741	external
https://bugzilla.suse.com/1046191	external
https://bugzilla.suse.com/1087082	external
https://www.suse.com/security/cve/CVE-2017-9242	external
https://bugzilla.suse.com/1041431	external
https://bugzilla.suse.com/1042892	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for Linux Kernel Live Patch 23 for SLE 12",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 3.12.61-52_80 fixes several issues.\n\nThe following security bugs were fixed:\n\n- CVE-2017-7533: A bug in inotify code allowed local users to escalate privilege (bsc#1050751).\n- CVE-2017-7645: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c (bsc#1046191).\n- CVE-2017-9242: The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel is too late in checking whether an overwrite of an skb data structure may occur, which allowed local users to cause a denial of service (system crash) via crafted system calls (bsc#1042892).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SAP-12-2017-1300,SUSE-SLE-SERVER-12-2017-1300",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2098-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2017:2098-1",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172098-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2017:2098-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2017-August/003116.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1042892",
        "url": "https://bugzilla.suse.com/1042892"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1046191",
        "url": "https://bugzilla.suse.com/1046191"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1050751",
        "url": "https://bugzilla.suse.com/1050751"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7533 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7533/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7645 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7645/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-9242 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-9242/"
      }
    ],
    "title": "Security update for Linux Kernel Live Patch 23 for SLE 12",
    "tracking": {
      "current_release_date": "2017-08-08T11:31:30Z",
      "generator": {
        "date": "2017-08-08T11:31:30Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2017:2098-1",
      "initial_release_date": "2017-08-08T11:31:30Z",
      "revision_history": [
        {
          "date": "2017-08-08T11:31:30Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
                "product": {
                  "name": "kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
                  "product_id": "kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:12"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12-LTSS",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_id": "SUSE Linux Enterprise Server 12-LTSS",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-ltss:12"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
          "product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
        },
        "product_reference": "kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-7533",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7533"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Race condition in the fsnotify implementation in the Linux kernel through 4.12.4 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that leverages simultaneous execution of the inotify_handle_event and vfs_rename functions.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7533",
          "url": "https://www.suse.com/security/cve/CVE-2017-7533"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1049483 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1049483"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050677 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050677"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1050751 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1050751"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1053919 for CVE-2017-7533",
          "url": "https://bugzilla.suse.com/1053919"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T11:31:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7533"
    },
    {
      "cve": "CVE-2017-7645",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7645"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7645",
          "url": "https://www.suse.com/security/cve/CVE-2017-7645"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034670 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1034670"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1036741 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1036741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1046191 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1046191"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1087082 for CVE-2017-7645",
          "url": "https://bugzilla.suse.com/1087082"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T11:31:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7645"
    },
    {
      "cve": "CVE-2017-9242",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-9242"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-9242",
          "url": "https://www.suse.com/security/cve/CVE-2017-9242"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1041431 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1041431"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1042892 for CVE-2017-9242",
          "url": "https://bugzilla.suse.com/1042892"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-default-2-2.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 12:kgraft-patch-3_12_61-52_80-xen-2-2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2017-08-08T11:31:30Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-9242"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-7533 (GCVE-0-2017-7533)

Tags

Sightings

Nomenclature