Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-10661 (GCVE-0-2017-10661)
Vulnerability from cvelistv5 – Published: 2017-08-19 18:00 – Updated: 2024-08-05 17:41
VLAI
EPSS
Summary
Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:3083 | vendor-advisoryx_refsource_REDHAT |
| http://www.securityfocus.com/bid/100215 | vdb-entryx_refsource_BID |
| https://bugzilla.redhat.com/show_bug.cgi?id=1481136 | x_refsource_CONFIRM |
| http://www.kernel.org/pub/linux/kernel/v4.x/Chang… | x_refsource_CONFIRM |
| http://www.debian.org/security/2017/dsa-3981 | vendor-advisoryx_refsource_DEBIAN |
| https://source.android.com/security/bulletin/2017-08-01 | x_refsource_CONFIRM |
| https://github.com/torvalds/linux/commit/1e38da30… | x_refsource_CONFIRM |
| https://www.exploit-db.com/exploits/43345/ | exploitx_refsource_EXPLOIT-DB |
| http://git.kernel.org/cgit/linux/kernel/git/torva… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:3096 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:4058 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2019:4057 | vendor-advisoryx_refsource_REDHAT |
| https://access.redhat.com/errata/RHSA-2020:0036 | vendor-advisoryx_refsource_REDHAT |
Date Public
2017-05-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:41:55.518Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:3083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "100215",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100215"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1481136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15"
},
{
"name": "DSA-3981",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3981"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-08-01"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6"
},
{
"name": "43345",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/43345/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6"
},
{
"name": "RHSA-2018:3096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2020:0036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0036"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-05-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-01-07T15:06:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:3083",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "100215",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100215"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1481136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15"
},
{
"name": "DSA-3981",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3981"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-08-01"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6"
},
{
"name": "43345",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/43345/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6"
},
{
"name": "RHSA-2018:3096",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "RHSA-2019:4058",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2020:0036",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2020:0036"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-10661",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:3083",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3083"
},
{
"name": "100215",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100215"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1481136",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1481136"
},
{
"name": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15",
"refsource": "CONFIRM",
"url": "http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15"
},
{
"name": "DSA-3981",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3981"
},
{
"name": "https://source.android.com/security/bulletin/2017-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-08-01"
},
{
"name": "https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6",
"refsource": "CONFIRM",
"url": "https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6"
},
{
"name": "43345",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43345/"
},
{
"name": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6",
"refsource": "CONFIRM",
"url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6"
},
{
"name": "RHSA-2018:3096",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3096"
},
{
"name": "RHSA-2019:4058",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4058"
},
{
"name": "RHSA-2019:4057",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:4057"
},
{
"name": "RHSA-2020:0036",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2020:0036"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-10661",
"datePublished": "2017-08-19T18:00:00.000Z",
"dateReserved": "2017-06-28T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:41:55.518Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-10661",
"date": "2026-05-30",
"epss": "0.25699",
"percentile": "0.96338"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-10661\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-08-19T18:29:00.257\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.\"},{\"lang\":\"es\",\"value\":\"Una condici\u00f3n de carrera en fs/timerfd.c en el kernel Linux en versiones anteriores a la 4.10.15 permite que usuarios locales obtengan privilegios o provoquen una denegaci\u00f3n de servicio (corrupci\u00f3n de lista o use-after-free) mediante operaciones simult\u00e1neas de descriptor de archivo que aprovechan la cola inadecuada might_cancel.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:H/Au:N/C:C/I:C/A:C\",\"baseScore\":7.6,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":4.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.2.92\",\"matchCriteriaId\":\"21888989-B8CA-4696-9FE4-9CDA1B3B92AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.3\",\"versionEndExcluding\":\"3.16.47\",\"matchCriteriaId\":\"18369FD7-D135-4C78-BA5E-8FF5F4573485\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.17\",\"versionEndExcluding\":\"3.18.52\",\"matchCriteriaId\":\"8104AAC1-9700-4372-8E11-37B09309A76F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.19\",\"versionEndExcluding\":\"4.1.41\",\"matchCriteriaId\":\"9019BEC9-FE77-4506-A019-B8B4D8BCEBAE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.2\",\"versionEndExcluding\":\"4.4.67\",\"matchCriteriaId\":\"168D3A9F-B199-4E02-B791-291B29317EF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.5\",\"versionEndExcluding\":\"4.9.27\",\"matchCriteriaId\":\"922869C5-7B17-4B57-9E84-B746C7ABCFA6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.10\",\"versionEndExcluding\":\"4.10.15\",\"matchCriteriaId\":\"85F68625-69D9-4FD0-A41C-40383EB29CF1\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_aus:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB33390A-F51F-4451-8FEA-7FC31F1AA51C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C81C5D4E-3CAD-43CE-82BC-B0619CA3A74A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3981\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100215\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3083\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3096\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4057\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4058\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0036\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1481136\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://source.android.com/security/bulletin/2017-08-01\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/43345/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2017/dsa-3981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3083\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3096\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4057\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:4058\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2020:0036\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1481136\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://source.android.com/security/bulletin/2017-08-01\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://www.exploit-db.com/exploits/43345/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
SUSE-SU-2017:3306-1
Vulnerability from csaf_suse - Published: 2017-12-14 10:47 - Updated: 2017-12-14 10:47Summary
Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP2)
Description of the patch: This update for the Linux Kernel 4.4.21-90 fixes several issues.
The following security issues were fixed:
- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).
This non-security issue was fixed:
- bsc#1062847: Enable proper shut down if NIC teaming is enabled
Patchnames: SUSE-SLE-Live-Patching-12-2017-2048
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-90-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-90-default-11-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
19 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.21-90 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).\n\nThis non-security issue was fixed:\n\n- bsc#1062847: Enable proper shut down if NIC teaming is enabled\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-2017-2048",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3306-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3306-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173306-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3306-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-December/003514.html"
},
{
"category": "self",
"summary": "SUSE Bug 1053153",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "self",
"summary": "SUSE Bug 1055567",
"url": "https://bugzilla.suse.com/1055567"
},
{
"category": "self",
"summary": "SUSE Bug 1062847",
"url": "https://bugzilla.suse.com/1062847"
},
{
"category": "self",
"summary": "SUSE Bug 1069708",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10661 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16939 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16939/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 3 for SLE 12 SP2)",
"tracking": {
"current_release_date": "2017-12-14T10:47:59Z",
"generator": {
"date": "2017-12-14T10:47:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3306-1",
"initial_release_date": "2017-12-14T10:47:59Z",
"revision_history": [
{
"date": "2017-12-14T10:47:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_21-90-default-11-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_21-90-default-11-2.1.x86_64",
"product_id": "kgraft-patch-4_4_21-90-default-11-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_21-90-default-11-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-90-default-11-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_21-90-default-11-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10661"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-90-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10661",
"url": "https://www.suse.com/security/cve/CVE-2017-10661"
},
{
"category": "external",
"summary": "SUSE Bug 1053152 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053152"
},
{
"category": "external",
"summary": "SUSE Bug 1053153 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-90-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-90-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T10:47:59Z",
"details": "important"
}
],
"title": "CVE-2017-10661"
},
{
"cve": "CVE-2017-16939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16939"
}
],
"notes": [
{
"category": "general",
"text": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-90-default-11-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16939",
"url": "https://www.suse.com/security/cve/CVE-2017-16939"
},
{
"category": "external",
"summary": "SUSE Bug 1069702 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069702"
},
{
"category": "external",
"summary": "SUSE Bug 1069708 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1120260 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1120260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-90-default-11-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-90-default-11-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T10:47:59Z",
"details": "moderate"
}
],
"title": "CVE-2017-16939"
}
]
}
SUSE-SU-2017:3308-1
Vulnerability from csaf_suse - Published: 2017-12-14 10:49 - Updated: 2017-12-14 10:49Summary
Security update for the Linux Kernel (Live Patch 19 for SLE 12)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 19 for SLE 12)
Description of the patch: This update for the Linux Kernel 3.12.61-52_66 fixes several issues.
The following security issues were fixed:
- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).
Patchnames: SUSE-SLE-SERVER-12-2017-2059
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 19 for SLE 12)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.61-52_66 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-2017-2059",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3308-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3308-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173308-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3308-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-December/003516.html"
},
{
"category": "self",
"summary": "SUSE Bug 1053153",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "self",
"summary": "SUSE Bug 1069708",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10661 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16939 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16939/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 19 for SLE 12)",
"tracking": {
"current_release_date": "2017-12-14T10:49:46Z",
"generator": {
"date": "2017-12-14T10:49:46Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3308-1",
"initial_release_date": "2017-12-14T10:49:46Z",
"revision_history": [
{
"date": "2017-12-14T10:49:46Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64",
"product_id": "kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64",
"product_id": "kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10661"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10661",
"url": "https://www.suse.com/security/cve/CVE-2017-10661"
},
{
"category": "external",
"summary": "SUSE Bug 1053152 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053152"
},
{
"category": "external",
"summary": "SUSE Bug 1053153 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T10:49:46Z",
"details": "important"
}
],
"title": "CVE-2017-10661"
},
{
"cve": "CVE-2017-16939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16939"
}
],
"notes": [
{
"category": "general",
"text": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16939",
"url": "https://www.suse.com/security/cve/CVE-2017-16939"
},
{
"category": "external",
"summary": "SUSE Bug 1069702 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069702"
},
{
"category": "external",
"summary": "SUSE Bug 1069708 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1120260 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1120260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_66-xen-10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T10:49:46Z",
"details": "moderate"
}
],
"title": "CVE-2017-16939"
}
]
}
SUSE-SU-2017:3309-1
Vulnerability from csaf_suse - Published: 2017-12-14 10:50 - Updated: 2017-12-14 10:50Summary
Security update for the Linux Kernel (Live Patch 23 for SLE 12)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 23 for SLE 12)
Description of the patch: This update for the Linux Kernel 3.12.61-52_80 fixes several issues.
The following security issues were fixed:
- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).
Patchnames: SUSE-SLE-SERVER-12-2017-2064
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 23 for SLE 12)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.61-52_80 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SERVER-12-2017-2064",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3309-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3309-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173309-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3309-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-December/003517.html"
},
{
"category": "self",
"summary": "SUSE Bug 1053153",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "self",
"summary": "SUSE Bug 1069708",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10661 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16939 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16939/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 23 for SLE 12)",
"tracking": {
"current_release_date": "2017-12-14T10:50:43Z",
"generator": {
"date": "2017-12-14T10:50:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3309-1",
"initial_release_date": "2017-12-14T10:50:43Z",
"revision_history": [
{
"date": "2017-12-14T10:50:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64",
"product_id": "kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64",
"product_id": "kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64 as component of SUSE Linux Enterprise Server 12-LTSS",
"product_id": "SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10661"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10661",
"url": "https://www.suse.com/security/cve/CVE-2017-10661"
},
{
"category": "external",
"summary": "SUSE Bug 1053152 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053152"
},
{
"category": "external",
"summary": "SUSE Bug 1053153 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T10:50:43Z",
"details": "important"
}
],
"title": "CVE-2017-10661"
},
{
"cve": "CVE-2017-16939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16939"
}
],
"notes": [
{
"category": "general",
"text": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16939",
"url": "https://www.suse.com/security/cve/CVE-2017-16939"
},
{
"category": "external",
"summary": "SUSE Bug 1069702 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069702"
},
{
"category": "external",
"summary": "SUSE Bug 1069708 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1120260 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1120260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-default-6-2.1.x86_64",
"SUSE Linux Enterprise Server 12-LTSS:kgraft-patch-3_12_61-52_80-xen-6-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T10:50:43Z",
"details": "moderate"
}
],
"title": "CVE-2017-16939"
}
]
}
SUSE-SU-2017:3310-1
Vulnerability from csaf_suse - Published: 2017-12-14 10:48 - Updated: 2017-12-14 10:48Summary
Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2)
Description of the patch: This update for the Linux Kernel 4.4.59-92_17 fixes several issues.
The following security issues were fixed:
- CVE-2017-1000405: Problematic use of pmd_mkdirty() in the touch_pmd() function allowed users to overwrite read-only huge pages (e.g. the zero huge page and sealed shmem files) (bsc#1070307).
- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).
This non-security issue was fixed:
- bsc#1062847: Enable proper shut down if NIC teaming is enabled
Patchnames: SUSE-SLE-Live-Patching-12-2017-2051
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.7 (Medium)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.4 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 4.4.59-92_17 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2017-1000405: Problematic use of pmd_mkdirty() in the touch_pmd() function allowed users to overwrite read-only huge pages (e.g. the zero huge page and sealed shmem files) (bsc#1070307).\n- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c kernel allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).\n\nThis non-security issue was fixed:\n\n- bsc#1062847: Enable proper shut down if NIC teaming is enabled\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-Live-Patching-12-2017-2051",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3310-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3310-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173310-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3310-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-December/003518.html"
},
{
"category": "self",
"summary": "SUSE Bug 1053153",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "self",
"summary": "SUSE Bug 1055567",
"url": "https://bugzilla.suse.com/1055567"
},
{
"category": "self",
"summary": "SUSE Bug 1062847",
"url": "https://bugzilla.suse.com/1062847"
},
{
"category": "self",
"summary": "SUSE Bug 1069708",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "self",
"summary": "SUSE Bug 1070307",
"url": "https://bugzilla.suse.com/1070307"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000405 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000405/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10661 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16939 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16939/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 7 for SLE 12 SP2)",
"tracking": {
"current_release_date": "2017-12-14T10:48:26Z",
"generator": {
"date": "2017-12-14T10:48:26Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3310-1",
"initial_release_date": "2017-12-14T10:48:26Z",
"revision_history": [
{
"date": "2017-12-14T10:48:26Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64",
"product": {
"name": "kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64",
"product_id": "kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Live Patching 12",
"product": {
"name": "SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-live-patching:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 12",
"product_id": "SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64"
},
"product_reference": "kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Live Patching 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-1000405",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000405"
}
],
"notes": [
{
"category": "general",
"text": "The Linux Kernel versions 2.6.38 through 4.14 have a problematic use of pmd_mkdirty() in the touch_pmd() function inside the THP implementation. touch_pmd() can be reached by get_user_pages(). In such case, the pmd will become dirty. This scenario breaks the new can_follow_write_pmd()\u0027s logic - pmd can become dirty without going through a COW cycle. This bug is not as severe as the original \"Dirty cow\" because an ext4 file (or any other regular file) cannot be mapped using THP. Nevertheless, it does allow us to overwrite read-only huge pages. For example, the zero huge page and sealed shmem files can be overwritten (since their mapping can be populated using THP). Note that after the first write page-fault to the zero page, it will be replaced with a new fresh (and zeroed) thp.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000405",
"url": "https://www.suse.com/security/cve/CVE-2017-1000405"
},
{
"category": "external",
"summary": "SUSE Bug 1069496 for CVE-2017-1000405",
"url": "https://bugzilla.suse.com/1069496"
},
{
"category": "external",
"summary": "SUSE Bug 1070307 for CVE-2017-1000405",
"url": "https://bugzilla.suse.com/1070307"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T10:48:26Z",
"details": "important"
}
],
"title": "CVE-2017-1000405"
},
{
"cve": "CVE-2017-10661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10661"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10661",
"url": "https://www.suse.com/security/cve/CVE-2017-10661"
},
{
"category": "external",
"summary": "SUSE Bug 1053152 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053152"
},
{
"category": "external",
"summary": "SUSE Bug 1053153 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T10:48:26Z",
"details": "important"
}
],
"title": "CVE-2017-10661"
},
{
"cve": "CVE-2017-16939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16939"
}
],
"notes": [
{
"category": "general",
"text": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16939",
"url": "https://www.suse.com/security/cve/CVE-2017-16939"
},
{
"category": "external",
"summary": "SUSE Bug 1069702 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069702"
},
{
"category": "external",
"summary": "SUSE Bug 1069708 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1120260 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1120260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_59-92_17-default-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T10:48:26Z",
"details": "moderate"
}
],
"title": "CVE-2017-16939"
}
]
}
SUSE-SU-2017:3312-1
Vulnerability from csaf_suse - Published: 2017-12-14 16:31 - Updated: 2017-12-14 16:31Summary
Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1)
Description of the patch: This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues.
The following security issues were fixed:
- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).
Patchnames: SUSE-SLE-SAP-12-SP1-2017-2083,SUSE-SLE-SERVER-12-SP1-2017-2083
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.74-60_64_45 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2017-2083,SUSE-SLE-SERVER-12-SP1-2017-2083",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3312-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3312-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173312-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3312-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-December/003520.html"
},
{
"category": "self",
"summary": "SUSE Bug 1053153",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "self",
"summary": "SUSE Bug 1069708",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10661 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16939 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16939/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 16 for SLE 12 SP1)",
"tracking": {
"current_release_date": "2017-12-14T16:31:55Z",
"generator": {
"date": "2017-12-14T16:31:55Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3312-1",
"initial_release_date": "2017-12-14T16:31:55Z",
"revision_history": [
{
"date": "2017-12-14T16:31:55Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10661"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10661",
"url": "https://www.suse.com/security/cve/CVE-2017-10661"
},
{
"category": "external",
"summary": "SUSE Bug 1053152 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053152"
},
{
"category": "external",
"summary": "SUSE Bug 1053153 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T16:31:55Z",
"details": "important"
}
],
"title": "CVE-2017-10661"
},
{
"cve": "CVE-2017-16939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16939"
}
],
"notes": [
{
"category": "general",
"text": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16939",
"url": "https://www.suse.com/security/cve/CVE-2017-16939"
},
{
"category": "external",
"summary": "SUSE Bug 1069702 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069702"
},
{
"category": "external",
"summary": "SUSE Bug 1069708 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1120260 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1120260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-default-7-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_45-xen-7-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T16:31:55Z",
"details": "moderate"
}
],
"title": "CVE-2017-16939"
}
]
}
SUSE-SU-2017:3313-1
Vulnerability from csaf_suse - Published: 2017-12-14 14:51 - Updated: 2017-12-14 14:51Summary
Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1)
Description of the patch: This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues.
The following security issues were fixed:
- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).
Patchnames: SUSE-SLE-SAP-12-SP1-2017-2078,SUSE-SLE-SERVER-12-SP1-2017-2078
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.74-60_64_51 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2017-2078,SUSE-SLE-SERVER-12-SP1-2017-2078",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3313-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3313-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173313-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3313-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-December/003521.html"
},
{
"category": "self",
"summary": "SUSE Bug 1053153",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "self",
"summary": "SUSE Bug 1069708",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10661 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16939 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16939/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 18 for SLE 12 SP1)",
"tracking": {
"current_release_date": "2017-12-14T14:51:53Z",
"generator": {
"date": "2017-12-14T14:51:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3313-1",
"initial_release_date": "2017-12-14T14:51:53Z",
"revision_history": [
{
"date": "2017-12-14T14:51:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10661"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10661",
"url": "https://www.suse.com/security/cve/CVE-2017-10661"
},
{
"category": "external",
"summary": "SUSE Bug 1053152 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053152"
},
{
"category": "external",
"summary": "SUSE Bug 1053153 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T14:51:53Z",
"details": "important"
}
],
"title": "CVE-2017-10661"
},
{
"cve": "CVE-2017-16939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16939"
}
],
"notes": [
{
"category": "general",
"text": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16939",
"url": "https://www.suse.com/security/cve/CVE-2017-16939"
},
{
"category": "external",
"summary": "SUSE Bug 1069702 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069702"
},
{
"category": "external",
"summary": "SUSE Bug 1069708 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1120260 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1120260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_51-xen-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T14:51:53Z",
"details": "moderate"
}
],
"title": "CVE-2017-16939"
}
]
}
SUSE-SU-2017:3316-1
Vulnerability from csaf_suse - Published: 2017-12-14 14:52 - Updated: 2017-12-14 14:52Summary
Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP1)
Description of the patch: This update for the Linux Kernel 3.12.69-60_64_29 fixes several issues.
The following security issues were fixed:
- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).
Patchnames: SUSE-SLE-SAP-12-SP1-2017-2080,SUSE-SLE-SERVER-12-SP1-2017-2080
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.69-60_64_29 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2017-2080,SUSE-SLE-SERVER-12-SP1-2017-2080",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3316-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3316-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173316-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3316-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-December/003524.html"
},
{
"category": "self",
"summary": "SUSE Bug 1053153",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "self",
"summary": "SUSE Bug 1069708",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10661 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16939 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16939/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 12 for SLE 12 SP1)",
"tracking": {
"current_release_date": "2017-12-14T14:52:15Z",
"generator": {
"date": "2017-12-14T14:52:15Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3316-1",
"initial_release_date": "2017-12-14T14:52:15Z",
"revision_history": [
{
"date": "2017-12-14T14:52:15Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"product_id": "kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64",
"product_id": "kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10661"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10661",
"url": "https://www.suse.com/security/cve/CVE-2017-10661"
},
{
"category": "external",
"summary": "SUSE Bug 1053152 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053152"
},
{
"category": "external",
"summary": "SUSE Bug 1053153 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T14:52:15Z",
"details": "important"
}
],
"title": "CVE-2017-10661"
},
{
"cve": "CVE-2017-16939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16939"
}
],
"notes": [
{
"category": "general",
"text": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16939",
"url": "https://www.suse.com/security/cve/CVE-2017-16939"
},
{
"category": "external",
"summary": "SUSE Bug 1069702 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069702"
},
{
"category": "external",
"summary": "SUSE Bug 1069708 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1120260 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1120260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-default-10-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_69-60_64_29-xen-10-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T14:52:15Z",
"details": "moderate"
}
],
"title": "CVE-2017-16939"
}
]
}
SUSE-SU-2017:3318-1
Vulnerability from csaf_suse - Published: 2017-12-14 16:32 - Updated: 2017-12-14 16:32Summary
Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)
Description of the patch: This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues.
The following security issues were fixed:
- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).
Patchnames: SUSE-SLE-SAP-12-SP1-2017-2084,SUSE-SLE-SERVER-12-SP1-2017-2084
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.74-60_64_57 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2017-2084,SUSE-SLE-SERVER-12-SP1-2017-2084",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3318-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3318-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173318-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3318-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-December/003526.html"
},
{
"category": "self",
"summary": "SUSE Bug 1053153",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "self",
"summary": "SUSE Bug 1069708",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10661 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16939 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16939/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP1)",
"tracking": {
"current_release_date": "2017-12-14T16:32:14Z",
"generator": {
"date": "2017-12-14T16:32:14Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3318-1",
"initial_release_date": "2017-12-14T16:32:14Z",
"revision_history": [
{
"date": "2017-12-14T16:32:14Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10661"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10661",
"url": "https://www.suse.com/security/cve/CVE-2017-10661"
},
{
"category": "external",
"summary": "SUSE Bug 1053152 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053152"
},
{
"category": "external",
"summary": "SUSE Bug 1053153 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T16:32:14Z",
"details": "important"
}
],
"title": "CVE-2017-10661"
},
{
"cve": "CVE-2017-16939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16939"
}
],
"notes": [
{
"category": "general",
"text": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16939",
"url": "https://www.suse.com/security/cve/CVE-2017-16939"
},
{
"category": "external",
"summary": "SUSE Bug 1069702 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069702"
},
{
"category": "external",
"summary": "SUSE Bug 1069708 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1120260 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1120260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_57-xen-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T16:32:14Z",
"details": "moderate"
}
],
"title": "CVE-2017-16939"
}
]
}
SUSE-SU-2017:3320-1
Vulnerability from csaf_suse - Published: 2017-12-14 14:51 - Updated: 2017-12-14 14:51Summary
Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1)
Description of the patch: This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues.
The following security issues were fixed:
- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).
Patchnames: SUSE-SLE-SAP-12-SP1-2017-2077,SUSE-SLE-SERVER-12-SP1-2017-2077
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.74-60_64_54 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2017-2077,SUSE-SLE-SERVER-12-SP1-2017-2077",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3320-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3320-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173320-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3320-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-December/003528.html"
},
{
"category": "self",
"summary": "SUSE Bug 1053153",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "self",
"summary": "SUSE Bug 1069708",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10661 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16939 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16939/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 19 for SLE 12 SP1)",
"tracking": {
"current_release_date": "2017-12-14T14:51:43Z",
"generator": {
"date": "2017-12-14T14:51:43Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3320-1",
"initial_release_date": "2017-12-14T14:51:43Z",
"revision_history": [
{
"date": "2017-12-14T14:51:43Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64",
"product_id": "kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10661"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10661",
"url": "https://www.suse.com/security/cve/CVE-2017-10661"
},
{
"category": "external",
"summary": "SUSE Bug 1053152 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053152"
},
{
"category": "external",
"summary": "SUSE Bug 1053153 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T14:51:43Z",
"details": "important"
}
],
"title": "CVE-2017-10661"
},
{
"cve": "CVE-2017-16939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16939"
}
],
"notes": [
{
"category": "general",
"text": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16939",
"url": "https://www.suse.com/security/cve/CVE-2017-16939"
},
{
"category": "external",
"summary": "SUSE Bug 1069702 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069702"
},
{
"category": "external",
"summary": "SUSE Bug 1069708 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1120260 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1120260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-default-5-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_74-60_64_54-xen-5-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T14:51:43Z",
"details": "moderate"
}
],
"title": "CVE-2017-16939"
}
]
}
SUSE-SU-2017:3321-1
Vulnerability from csaf_suse - Published: 2017-12-14 14:52 - Updated: 2017-12-14 14:52Summary
Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP1)
Severity
Important
Notes
Title of the patch: Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP1)
Description of the patch: This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues.
The following security issues were fixed:
- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).
- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).
Patchnames: SUSE-SLE-SAP-12-SP1-2017-2079,SUSE-SLE-SERVER-12-SP1-2017-2079
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.4 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.8 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
17 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP1)",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for the Linux Kernel 3.12.67-60_64_21 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2017-16939: The XFRM dump policy implementation in net/xfrm/xfrm_user.c allowed local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages (bsc#1069708).\n- CVE-2017-10661: Race condition in fs/timerfd.c allowed local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing (bsc#1053153).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-SAP-12-SP1-2017-2079,SUSE-SLE-SERVER-12-SP1-2017-2079",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_3321-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:3321-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20173321-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:3321-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-December/003529.html"
},
{
"category": "self",
"summary": "SUSE Bug 1053153",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "self",
"summary": "SUSE Bug 1069708",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-10661 page",
"url": "https://www.suse.com/security/cve/CVE-2017-10661/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-16939 page",
"url": "https://www.suse.com/security/cve/CVE-2017-16939/"
}
],
"title": "Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP1)",
"tracking": {
"current_release_date": "2017-12-14T14:52:03Z",
"generator": {
"date": "2017-12-14T14:52:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:3321-1",
"initial_release_date": "2017-12-14T14:52:03Z",
"revision_history": [
{
"date": "2017-12-14T14:52:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"product_id": "kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64"
}
},
{
"category": "product_version",
"name": "kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64",
"product": {
"name": "kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64",
"product_id": "kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64"
},
"product_reference": "kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP1-LTSS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-10661",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-10661"
}
],
"notes": [
{
"category": "general",
"text": "Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-10661",
"url": "https://www.suse.com/security/cve/CVE-2017-10661"
},
{
"category": "external",
"summary": "SUSE Bug 1053152 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053152"
},
{
"category": "external",
"summary": "SUSE Bug 1053153 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1053153"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-10661",
"url": "https://bugzilla.suse.com/1115893"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.4,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T14:52:03Z",
"details": "important"
}
],
"title": "CVE-2017-10661"
},
{
"cve": "CVE-2017-16939",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-16939"
}
],
"notes": [
{
"category": "general",
"text": "The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the Linux kernel before 4.13.11 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted SO_RCVBUF setsockopt system call in conjunction with XFRM_MSG_GETPOLICY Netlink messages.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-16939",
"url": "https://www.suse.com/security/cve/CVE-2017-16939"
},
{
"category": "external",
"summary": "SUSE Bug 1069702 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069702"
},
{
"category": "external",
"summary": "SUSE Bug 1069708 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1069708"
},
{
"category": "external",
"summary": "SUSE Bug 1115893 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1115893"
},
{
"category": "external",
"summary": "SUSE Bug 1120260 for CVE-2017-16939",
"url": "https://bugzilla.suse.com/1120260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server 12 SP1-LTSS:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-default-12-2.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP1:kgraft-patch-3_12_67-60_64_21-xen-12-2.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-12-14T14:52:03Z",
"details": "moderate"
}
],
"title": "CVE-2017-16939"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…