Bug 1030573 (CVE-2017-7184)

Summary: VUL-0: CVE-2017-7184: kernel-source: xfrm kernel heap out-of-bounds access
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P2 - High CC: alnovak, jkosina, jsegitz, mbenes, meissner, mgalbraith, mhocko, mkubecek, mmarek, smash_bz, tiwai
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/182021/
Whiteboard: CVSSv2:SUSE:CVE-2017-7184:6.6:(AV:L/AC:M/Au:S/C:C/I:C/A:C) CVSSv2:NVD:CVE-2017-7184:7.2:(AV:L/AC:L/Au:N/C:C/I:C/A:C) CVSSv2:ZDI:CVE-2017-7184:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:NVD:CVE-2017-7184:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) CVSSv3:RedHat:CVE-2017-7184:7.8:(AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) maint:released:oes11-sp2:63780
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 4 Michal Kubeček 2017-03-23 07:33:39 UTC 
It's probably not obvious form the description so let's state it explicitely:
the bug is in code processing netlink XFRM_* messages ("ip xfrm" command) and
all of these require CAP_NET_ADMIN. What makes this a security issue and local
privilege escallation is (once again) the unprivileged user namespace feature.

In other words, while the bug as such may affect even older kernels (I haven't
checked yet), the local privilege escallation is only possible  in branches
with kernel 3.9 and newer.
Comment 11 Michal Kubeček 2017-03-24 08:54:08 UTC 
Looks like things have settled down a bit. Branches

  users/mkubecek/stable/1030573_EMBARGO (based on f3fbfc6e0759)
  users/mkubecek/SLE12-SP2/1030573_EMBARGO (based on rpm-4.4.49-92.11)
  users/mkubecek/openSUSE-42.1/1030573_EMBARGO (based on 13a840eee7ab)
  users/mkubecek/cve/linux-3.12/1030573_EMBARGO (based on f3dae60ecb79)

with both patches are available for fast path submissions. Branches for stable
and 42.1 are based on current heads of respective branches as of yesterday.
Comment 12 Bernhard Wiedemann 2017-03-26 17:58:32 UTC 
would
find /lib/modules/ -name xfrm_user.ko|xargs rm
be sufficient to prevent being exploitable?
Comment 13 Swamp Workflow Management 2017-03-30 04:09:41 UTC 
SUSE-SU-2017:0864-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1027565,1028372,1030573
CVE References: CVE-2017-2636,CVE-2017-7184
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    kernel-default-4.4.49-92.14.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    kernel-docs-4.4.49-92.14.3, kernel-obs-build-4.4.49-92.14.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-default-4.4.49-92.14.1, kernel-source-4.4.49-92.14.1, kernel-syms-4.4.49-92.14.1
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-default-4.4.49-92.14.1, kernel-source-4.4.49-92.14.1, kernel-syms-4.4.49-92.14.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_6-1-2.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.49-92.14.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-default-4.4.49-92.14.1, kernel-source-4.4.49-92.14.1, kernel-syms-4.4.49-92.14.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.49-92.14.1
Comment 14 Swamp Workflow Management 2017-03-30 04:10:29 UTC 
SUSE-SU-2017:0865-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1027565,1028372,1030573
CVE References: CVE-2017-2636,CVE-2017-7184
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.69-60.64.35.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.69-60.64.35.3, kernel-obs-build-3.12.69-60.64.35.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.69-60.64.35.1, kernel-source-3.12.69-60.64.35.1, kernel-syms-3.12.69-60.64.35.1, kernel-xen-3.12.69-60.64.35.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.69-60.64.35.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_14-1-2.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.69-60.64.35.1, kernel-source-3.12.69-60.64.35.1, kernel-syms-3.12.69-60.64.35.1, kernel-xen-3.12.69-60.64.35.1
Comment 15 Swamp Workflow Management 2017-03-30 04:11:14 UTC 
SUSE-SU-2017:0866-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1027565,1028372,1030573
CVE References: CVE-2017-2636,CVE-2017-7184
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kernel-default-3.12.61-52.69.2, kernel-source-3.12.61-52.69.2, kernel-syms-3.12.61-52.69.1, kernel-xen-3.12.61-52.69.2, kgraft-patch-SLE12_Update_20-1-2.3
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.69.2, kernel-source-3.12.61-52.69.2, kernel-syms-3.12.61-52.69.1, kernel-xen-3.12.61-52.69.2, kgraft-patch-SLE12_Update_20-1-2.3
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.69.2
Comment 16 Marcus Meissner 2017-03-30 04:55:55 UTC 
Subject: [oss-security] CVE-2017-7184: kernel: Local privilege escalation in XFRM framework
Date: Wed, 29 Mar 2017 16:43:28 -0500
From: Tyler Hicks <tyhicks@canonical.com>

A security issue was reported by ZDI, on behalf of Chaitin Security
Research Lab, against the Linux kernel in Ubuntu. It also affected the
upstream kernel.

Chaitin Security Research Lab discovered that xfrm_replay_verify_len(),
as called by xfrm_new_ae(), did not verify that the user-specified
replay_window was within the replay state buffer.

This allowed for out-of-bounds reads and writes of kernel memory.
Chaitin Security showed that this can lead to local privilege escalation
by using user namespaces in order to configure XFRM. XFRM configuration
requires CAP_NET_ADMIN so this issue is mitigated in kernels which do
not enable user namespaces by default.

Fixes:
- https://git.kernel.org/linus/677e806da4d916052585301785d847c3b3e6186a
- https://git.kernel.org/linus/f843ee6dd019bcece3e74e76ad9df0155655d0df

Tyler
Comment 17 Marcus Meissner 2017-03-30 05:19:15 UTC 
Takashi, can you sbumit openSUSE Leap kernels?
Comment 18 Michal Kubeček 2017-03-30 06:28:43 UTC 
I overlooked this:

(In reply to Bernhard Wiedemann from comment #12)
> would
> find /lib/modules/ -name xfrm_user.ko|xargs rm
> be sufficient to prevent being exploitable?

It certainly would - as long as the module isn't already loaded, of course.
However, the price would be breaking any tool using the interface, e.g.
"ip xfrm", ipsec-tools, *swan, perhaps also some others.
Comment 19 Takashi Iwai 2017-03-30 06:53:40 UTC 
(In reply to Marcus Meissner from comment #17)
> Takashi, can you sbumit openSUSE Leap kernels?

Done.

MR#483728 => openSUSE-42.2
MR#483729 => openSUSE-42.1

Also EMBARGO git branches have been merged to the main branches, too.
Comment 20 Takashi Iwai 2017-03-30 07:59:42 UTC 
(In reply to Takashi Iwai from comment #19)
> (In reply to Marcus Meissner from comment #17)
> > Takashi, can you sbumit openSUSE Leap kernels?
> 
> Done.
> 
> MR#483728 => openSUSE-42.2
> MR#483729 => openSUSE-42.1

Note that these are submissions from non-devel projects.
Comment 21 Bernhard Wiedemann 2017-03-30 08:02:55 UTC 
This is an autogenerated message for OBS integration:
This bug (1030573) was mentioned in
https://build.opensuse.org/request/show/483729 42.1 / kernel-source
Comment 22 Swamp Workflow Management 2017-04-01 13:10:56 UTC 
openSUSE-SU-2017:0906-1: An update that solves 15 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1019851,1020602,1022785,1023377,1025235,1026722,1026914,1027066,1027178,1027179,1027189,1027190,1027565,1028415,1029986,1030118,1030573,968697
CVE References: CVE-2016-10200,CVE-2016-10208,CVE-2016-2117,CVE-2017-2583,CVE-2017-2584,CVE-2017-2596,CVE-2017-2636,CVE-2017-5669,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6348,CVE-2017-6353,CVE-2017-7184
Sources used:
openSUSE Leap 42.1 (src):    kernel-debug-4.1.39-53.1, kernel-default-4.1.39-53.1, kernel-docs-4.1.39-53.2, kernel-ec2-4.1.39-53.1, kernel-obs-build-4.1.39-53.1, kernel-obs-qa-4.1.39-53.1, kernel-pae-4.1.39-53.1, kernel-pv-4.1.39-53.1, kernel-source-4.1.39-53.1, kernel-syms-4.1.39-53.1, kernel-vanilla-4.1.39-53.1, kernel-xen-4.1.39-53.1
Comment 23 Swamp Workflow Management 2017-04-01 13:21:39 UTC 
openSUSE-SU-2017:0907-1: An update that solves 11 vulnerabilities and has 41 fixes is now available.

Category: security (important)
Bug References: 1007959,1007962,1008842,1011913,1012910,1013994,1015609,1017461,1017641,1018263,1018419,1019163,1019618,1020048,1022785,1023866,1024015,1025235,1025683,1026405,1026462,1026505,1026509,1026692,1026722,1027054,1027066,1027179,1027189,1027190,1027195,1027273,1027565,1027575,1028017,1028041,1028158,1028217,1028325,1028372,1028415,1028819,1028895,1029220,1029986,1030573,1030575,951844,968697,969755,982783,998106
CVE References: CVE-2016-10200,CVE-2016-2117,CVE-2016-9191,CVE-2017-2596,CVE-2017-2636,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6353,CVE-2017-7184
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.57-18.3.1, kernel-default-4.4.57-18.3.1, kernel-docs-4.4.57-18.3.2, kernel-obs-build-4.4.57-18.3.1, kernel-obs-qa-4.4.57-18.3.1, kernel-source-4.4.57-18.3.1, kernel-syms-4.4.57-18.3.1, kernel-vanilla-4.4.57-18.3.1
Comment 24 Michal Kubeček 2017-04-12 12:35:00 UTC 
The two fixes are present in

  stable                  4.10.8
  SLE12-SP2               4.4.59
  openSUSE-42.1           256b6b458755
  cve/linux-3.12          4f002d54841a
  cve/linux-3.0           cce15254d208 

Function xfrm_replay_verify_len() was introduced by commit e2b19125e941 in
v2.6.39-rc1 as part of a series implementing extended sequence numbers. While
there might be some other kind of missing consistency check in pre-2.6.39
code, absence of unprivileged user namespaces would make such problem only
exploitable by a privileged process so I decided to leave cve/linux-2.6.32
and cve/linux-2.6.16 untouched.

Reassigning back to the security team.
Comment 25 Swamp Workflow Management 2017-05-15 19:40:21 UTC 
SUSE-SU-2017:1301-1: An update that solves 18 vulnerabilities and has 41 fixes is now available.

Category: security (important)
Bug References: 1005651,1008374,1008893,1013018,1013070,1013800,1013862,1016489,1017143,1018263,1018446,1019168,1020229,1021256,1021913,1022971,1023014,1023163,1023888,1024508,1024788,1024938,1025235,1025702,1026024,1026260,1026722,1026914,1027066,1027101,1027178,1028415,1028880,1029212,1029770,1030213,1030573,1031003,1031052,1031440,1031579,1032141,1033336,1033771,1033794,1033804,1033816,1034026,909486,911105,931620,979021,982783,983212,985561,988065,989056,995542,999245
CVE References: CVE-2015-3288,CVE-2015-8970,CVE-2016-10200,CVE-2016-5243,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7616
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-100.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-100.1, kernel-default-3.0.101-100.1, kernel-ec2-3.0.101-100.1, kernel-pae-3.0.101-100.1, kernel-ppc64-3.0.101-100.1, kernel-source-3.0.101-100.1, kernel-syms-3.0.101-100.1, kernel-trace-3.0.101-100.1, kernel-xen-3.0.101-100.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-100.1, kernel-pae-3.0.101-100.1, kernel-ppc64-3.0.101-100.1, kernel-trace-3.0.101-100.1, kernel-xen-3.0.101-100.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-100.1, kernel-default-3.0.101-100.1, kernel-ec2-3.0.101-100.1, kernel-pae-3.0.101-100.1, kernel-ppc64-3.0.101-100.1, kernel-trace-3.0.101-100.1, kernel-xen-3.0.101-100.1
Comment 26 Marcus Meissner 2017-07-06 06:59:44 UTC 
released almost all updates (11-sp3-ltss coming)
Comment 27 Swamp Workflow Management 2017-07-28 13:36:51 UTC 
SUSE-SU-2017:1990-1: An update that solves 43 vulnerabilities and has 282 fixes is now available.

Category: security (important)
Bug References: 1000092,1003077,1003581,1004003,1007729,1007959,1007962,1008842,1009674,1009718,1010032,1010612,1010690,1011044,1011176,1011913,1012060,1012382,1012422,1012452,1012829,1012910,1012985,1013001,1013561,1013792,1013887,1013994,1014120,1014136,1015342,1015367,1015452,1015609,1016403,1017164,1017170,1017410,1017461,1017641,1018100,1018263,1018358,1018385,1018419,1018446,1018813,1018885,1018913,1019061,1019148,1019163,1019168,1019260,1019351,1019594,1019614,1019618,1019630,1019631,1019784,1019851,1020048,1020214,1020412,1020488,1020602,1020685,1020817,1020945,1020975,1021082,1021248,1021251,1021258,1021260,1021294,1021424,1021455,1021474,1021762,1022181,1022266,1022304,1022340,1022429,1022476,1022547,1022559,1022595,1022785,1022971,1023101,1023175,1023287,1023762,1023866,1023884,1023888,1024015,1024081,1024234,1024508,1024938,1025039,1025235,1025461,1025683,1026024,1026405,1026462,1026505,1026509,1026570,1026692,1026722,1027054,1027066,1027101,1027153,1027179,1027189,1027190,1027195,1027273,1027512,1027565,1027616,1027974,1028017,1028027,1028041,1028158,1028217,1028310,1028325,1028340,1028372,1028415,1028819,1028883,1028895,1029220,1029514,1029607,1029634,1029986,1030057,1030070,1030118,1030213,1030573,1031003,1031040,1031052,1031142,1031147,1031200,1031206,1031208,1031440,1031470,1031500,1031512,1031555,1031579,1031662,1031717,1031796,1031831,1032006,1032141,1032339,1032345,1032400,1032581,1032673,1032681,1032803,1033117,1033281,1033287,1033336,1033340,1033885,1034048,1034419,1034635,1034670,1034671,1034762,1034902,1034995,1035024,1035866,1035887,1035920,1035922,1036214,1036638,1036752,1036763,1037177,1037186,1037384,1037483,1037669,1037840,1037871,1037969,1038033,1038043,1038085,1038142,1038143,1038297,1038458,1038544,1038842,1038843,1038846,1038847,1038848,1038879,1038981,1038982,1039348,1039354,1039700,1039864,1039882,1039883,1039885,1039900,1040069,1040125,1040182,1040279,1040351,1040364,1040395,1040425,1040463,1040567,1040609,1040855,1040929,1040941,1041087,1041160,1041168,1041242,1041431,1041810,1042200,1042286,1042356,1042421,1042517,1042535,1042536,1042863,1042886,1043014,1043231,1043236,1043347,1043371,1043467,1043488,1043598,1043912,1043935,1043990,1044015,1044082,1044120,1044125,1044532,1044767,1044772,1044854,1044880,1044912,1045154,1045235,1045286,1045307,1045340,1045467,1045568,1046105,1046434,1046589,799133,863764,870618,922871,951844,966170,966172,966191,966321,966339,968697,969479,969755,970083,971975,982783,985561,986362,986365,987192,987576,988065,989056,989311,990058,990682,991273,993832,995542,995968,998106
CVE References: CVE-2016-10200,CVE-2016-2117,CVE-2016-4997,CVE-2016-4998,CVE-2016-7117,CVE-2016-9191,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-2583,CVE-2017-2584,CVE-2017-2596,CVE-2017-2636,CVE-2017-2671,CVE-2017-5551,CVE-2017-5576,CVE-2017-5577,CVE-2017-5897,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6345,CVE-2017-6346,CVE-2017-6347,CVE-2017-6353,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7346,CVE-2017-7374,CVE-2017-7487,CVE-2017-7616,CVE-2017-7618,CVE-2017-8890,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9150,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP2 (src):    kernel-rt-4.4.74-7.10.1, kernel-rt_debug-4.4.74-7.10.1, kernel-source-rt-4.4.74-7.10.1, kernel-syms-rt-4.4.74-7.10.1
Comment 28 Swamp Workflow Management 2017-09-04 19:19:20 UTC 
SUSE-SU-2017:2342-1: An update that solves 44 vulnerabilities and has 135 fixes is now available.

Category: security (important)
Bug References: 1003077,1005651,1008374,1008850,1008893,1012422,1013018,1013070,1013800,1013862,1016489,1017143,1018074,1018263,1018446,1019168,1020229,1021256,1021913,1022971,1023014,1023051,1023163,1023888,1024508,1024788,1024938,1025235,1025702,1026024,1026260,1026722,1026914,1027066,1027101,1027178,1027565,1028372,1028415,1028880,1029140,1029212,1029770,1029850,1030213,1030552,1030573,1030593,1030814,1031003,1031052,1031440,1031579,1032141,1032340,1032471,1033287,1033336,1033771,1033794,1033804,1033816,1034026,1034670,1035576,1035777,1035920,1036056,1036288,1036629,1037182,1037183,1037191,1037193,1037227,1037232,1037233,1037356,1037358,1037359,1037441,1038544,1038879,1038981,1038982,1039258,1039348,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1040351,1041160,1041431,1041762,1041975,1042045,1042200,1042615,1042633,1042687,1042832,1043014,1043234,1043935,1044015,1044125,1044216,1044230,1044854,1044882,1044913,1044985,1045154,1045340,1045356,1045406,1045416,1045525,1045538,1045547,1045615,1046107,1046122,1046192,1046715,1047027,1047053,1047343,1047354,1047487,1047523,1047653,1048185,1048221,1048232,1048275,1049483,1049603,1049688,1049882,1050154,1050431,1051478,1051515,1051770,784815,792863,799133,870618,909486,909618,911105,919382,928138,931620,938352,943786,948562,962257,970956,971975,972891,979021,982783,983212,985561,986362,986365,986924,988065,989056,990682,991651,995542,999245
CVE References: CVE-2014-9922,CVE-2015-3288,CVE-2015-8970,CVE-2016-10200,CVE-2016-2188,CVE-2016-4997,CVE-2016-4998,CVE-2016-5243,CVE-2016-7117,CVE-2017-1000363,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-11176,CVE-2017-11473,CVE-2017-2636,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-7616,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1, kernel-source-rt-3.0.101.rt130-69.5.1, kernel-syms-rt-3.0.101.rt130-69.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_debug-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1
Comment 29 Swamp Workflow Management 2017-09-19 13:12:19 UTC 
SUSE-SU-2017:2525-1: An update that solves 40 vulnerabilities and has 44 fixes is now available.

Category: security (important)
Bug References: 1006919,1012422,1013862,1017143,1020229,1021256,1023051,1024938,1025013,1025235,1026024,1026722,1026914,1027066,1027101,1027178,1027179,1027406,1028415,1028880,1029212,1029850,1030213,1030573,1030575,1030593,1031003,1031052,1031440,1031481,1031579,1031660,1033287,1033336,1034670,1034838,1035576,1037182,1037183,1037994,1038544,1038564,1038879,1038883,1038981,1038982,1039349,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1041431,1042364,1042863,1042892,1044125,1045416,1045487,1046107,1048232,1048275,1049483,1049603,1049882,1050677,1052311,1053148,1053152,1053760,1056588,870618,948562,957988,957990,963655,972891,979681,983212,986924,989896,999245
CVE References: CVE-2016-10200,CVE-2016-5243,CVE-2017-1000112,CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-11473,CVE-2017-12762,CVE-2017-14051,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-7616,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.5.1, kernel-default-3.0.101-0.47.106.5.1, kernel-ec2-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-source-3.0.101-0.47.106.5.1, kernel-syms-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.5.1, kernel-default-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.5.1, kernel-ec2-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-source-3.0.101-0.47.106.5.1, kernel-syms-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.5.1, kernel-default-3.0.101-0.47.106.5.1, kernel-ec2-3.0.101-0.47.106.5.1, kernel-pae-3.0.101-0.47.106.5.1, kernel-trace-3.0.101-0.47.106.5.1, kernel-xen-3.0.101-0.47.106.5.1