Bug 1069702 (CVE-2017-16939) - VUL-0: CVE-2017-16939: kernel-source: local privilege escalation with XFRM sockets
Summary: VUL-0: CVE-2017-16939: kernel-source: local privilege escalation with XFRM so...
Status: RESOLVED FIXED
Alias: CVE-2017-16939
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/195627/
Whiteboard: CVSSv2:SUSE:CVE-2017-16939:6.9:(AV:L/...
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-24 08:32 UTC by Marcus Meissner
Modified: 2019-08-15 13:43 UTC (History)
5 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
SSD_Advisory_Linux_Kernel_XFRM_Privilege_Escalation.pdf (119.17 KB, application/pdf)
2017-11-24 08:34 UTC, Marcus Meissner
Details
xx.c (1.88 KB, text/plain)
2017-11-24 08:49 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-11-24 08:32:35 UTC
via bugtraq

SSD Advisory – Linux Kernel XFRM Privilege Escalation


Full report: https://blogs.securiteam.com/index.php/archives/3535
Twitter: @SecuriTeam_SSD
Weibo: SecuriTeam_SSD

Vulnerability Summary
The following advisory describes a Use-after-free vulnerability found in
Linux kernel that can lead to privilege escalation. The vulnerability found
in Netlink socket subsystem – XFRM.

Netlink is used to transfer information between the kernel and user-space
processes. It consists of a standard sockets-based interface for user space
processes and an internal kernel API for kernel modules.

Credit
An independent security researcher, Mohamed Ghannam, has reported this
vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
The vulnerability has been addressed as part of 1137b5e (“ipsec: Fix
aborted xfrm policy dump crash”)

Vulnerability details
An unprivileged user can change Netlink socket subsystem – XFRM value
sk->sk_rcvbuf (sk == struct sock object).

The value can be changed into specific range via setsockopt(SO_RCVBUF).
sk_rcvbuf is the total number of bytes of a buffer receiving data via
recvmsg/recv/read.

The sk_rcvbuf value is how many bytes the kernel should allocate for the
skb (struct sk_buff objects).

skb->trusize is a variable which keep track of how many bytes of memory are
consumed, in order to not wasting and manage memory, the kernel can handle
the skb size at run time.

For example, if we allocate a large socket buffer (skb) and we only
received 1-byte packet size, the kernel will adjust this by calling
skb_set_owner_r.

By calling skb_set_owner_r the sk->sk_rmem_alloc (refers to an atomic
variable sk->sk_backlog.rmem_alloc) is modified.

When we create a XFRM netlink socket, xfrm_dump_policy is called, when we
close the socket xfrm_dump_policy_done is called.


xfrm_dump_policy_done is called whenever cb_running for netlink_sock object
is true.

The xfrm_dump_policy_done tries to clean-up a xfrm walk entry which is
managed by netlink_callback object.

When netlink_skb_set_owner_r is called (like skb_set_owner_r) it updates
the sk_rmem_alloc.

netlink_dump():

In above snippet we can see that netlink_dump() check fails when
sk->sk_rcvbuf is smaller than sk_rmem_alloc (notice that we can control
sk->sk_rcvbuf via stockpot).

When this condition fails, it jumps to the end of a function and quit with
failure and the value of cb_running doesn’t changed to false.

nlk->cb_running is true, thus xfrm_dump_policy_done() is being called.

nlk->cb.done points to xfrm_dump_policy_done, it worth noting that this
function handles a doubly linked list, so if we can tweak this
vulnerability to reference a controlled buffer, we could have a read/write
what/where primitive.



--
Thanks
Maor Shwartz
Beyond Security
GPG Key ID: 6D273779F52A9FC2
Comment 1 Marcus Meissner 2017-11-24 08:34:06 UTC
Created attachment 749985 [details]
SSD_Advisory_Linux_Kernel_XFRM_Privilege_Escalation.pdf

SSD_Advisory_Linux_Kernel_XFRM_Privilege_Escalation.pdf

attached to email
Comment 2 Marcus Meissner 2017-11-24 08:40:43 UTC
CVE requested
Comment 3 Marcus Meissner 2017-11-24 08:49:43 UTC
Created attachment 749986 [details]
xx.c

QA REPRODUCER:

gcc -o xx xx.c
./xx
Comment 5 Michal Kubeček 2017-11-24 15:41:46 UTC
Commit 12a169e7d8f4 referenced by "Fixes:" is from v2.6.28 and it indeed seems
2.6.16 shouldn't be affected. Moreover, any xfrm netlink operation requires
CAP_NET_ADMIN so that the security aspect (privilege escalation) only applies
to branches based on kernel >= 3.12 (3.8 or 3.9 in upstream). For SLE kernels
based on 3.0 and older, this is "only" a regular bug.

The fix has been also backported into 4.13.11 stable update (not 4.4.y, AFAICS).

  introduced              12a169e7d8f4    v2.6.28-rc1
  fixed                   1137b5e2529a    v4.14-rc7

Branches to fix as an urgent security issue:
  SLE12-SP3
  SLE12-SP2
  cve/linux-3.12

Branches to fix as a regular bug:
  SLE15
  cve/linux-3.0
  cve/linux-2.6.32
Comment 6 Michal Kubeček 2017-11-24 18:21:31 UTC
The backport is not going to be as straightforward as I thought. The fix uses
start member of struct netlink_dump_control for context initialization but
this was added (together with changes than make it work) by commit

  fc9e50f5a5a4  netlink: add a start callback for starting a netlink dump

in v4.5-rc1 and we don't have it in SLE12-SP2/3 (or older). Backporting this
commit would break kABI in a way that would be hard to work around. I'll have
to check if we can do the initialization without it.
Comment 7 Bernhard Wiedemann 2017-11-30 09:40:53 UTC
This is an autogenerated message for OBS integration:
This bug (1069702) was mentioned in
https://build.opensuse.org/request/show/546599 42.2 / kernel-source
Comment 8 Swamp Workflow Management 2017-12-06 20:09:10 UTC
SUSE-SU-2017:3225-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1069496,1069702,1070805
CVE References: CVE-2017-1000405,CVE-2017-16939
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.92-6.30.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.92-6.30.2, kernel-obs-build-4.4.92-6.30.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.92-6.30.1, kernel-source-4.4.92-6.30.1, kernel-syms-4.4.92-6.30.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_5-1-6.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.92-6.30.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.92-6.30.1, kernel-source-4.4.92-6.30.1, kernel-syms-4.4.92-6.30.1
SUSE Container as a Service Platform ALL (src):    kernel-default-4.4.92-6.30.1
Comment 9 Swamp Workflow Management 2017-12-06 20:10:01 UTC
SUSE-SU-2017:3226-1: An update that solves two vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1069496,1069702,1070805
CVE References: CVE-2017-1000405,CVE-2017-16939
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    kernel-default-4.4.90-92.50.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    kernel-docs-4.4.90-92.50.3, kernel-obs-build-4.4.90-92.50.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-default-4.4.90-92.50.1, kernel-source-4.4.90-92.50.1, kernel-syms-4.4.90-92.50.1
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-default-4.4.90-92.50.1, kernel-source-4.4.90-92.50.1, kernel-syms-4.4.90-92.50.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_15-1-4.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.90-92.50.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-default-4.4.90-92.50.1, kernel-source-4.4.90-92.50.1, kernel-syms-4.4.90-92.50.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.90-92.50.1
Comment 10 Swamp Workflow Management 2017-12-08 17:14:37 UTC
SUSE-SU-2017:3249-1: An update that solves 14 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 1043652,1047626,1066192,1066471,1066472,1066573,1066606,1066618,1066625,1066650,1066671,1066700,1066705,1067085,1067086,1067997,1069496,1069702,1069708,1070307,1070781,860993
CVE References: CVE-2014-0038,CVE-2017-1000405,CVE-2017-12193,CVE-2017-15102,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16649,CVE-2017-16650,CVE-2017-16939
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.106.1, kernel-source-3.12.61-52.106.1, kernel-syms-3.12.61-52.106.1, kernel-xen-3.12.61-52.106.1, kgraft-patch-SLE12_Update_29-1-5.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.106.1
Comment 11 Michal Kubeček 2017-12-13 08:16:55 UTC
The fix is now present in or submitted to (*) all relevant branches:

  stable                  4.13.11
  SLE15                   14230165a33c
  SLE12-SP3               72e3847b4ff9
  SLE12-SP2               a19419eb44bf
  cve/linux-3.12          9814546baade
  cve/linux-3.0           c5a3566c52fe *
  cve/linux-2.6.32        4c0f491bc59c *

Reassigning to security team.
Comment 12 Swamp Workflow Management 2017-12-18 11:17:05 UTC
openSUSE-SU-2017:3358-1: An update that solves 16 vulnerabilities and has 67 fixes is now available.

Category: security (important)
Bug References: 1010201,1012382,1012829,1017461,1021424,1022595,1022914,1024412,1027301,1030061,1031717,1037890,1046107,1050060,1050231,1053919,1056003,1056365,1056427,1056979,1057199,1058135,1060333,1060682,1061756,1062941,1063026,1063516,1064701,1064926,1065180,1065600,1065639,1065692,1065717,1065866,1066045,1066192,1066213,1066223,1066285,1066382,1066470,1066471,1066472,1066573,1066606,1066629,1067105,1067132,1067494,1067888,1068671,1068978,1068980,1068982,1069270,1069496,1069702,1069793,1069942,1069996,1070006,1070145,1070535,1070767,1070771,1070805,1070825,1070964,1071231,1071693,1071694,1071695,1071833,963575,964944,966170,966172,974590,979928,989261,996376
CVE References: CVE-2017-1000405,CVE-2017-1000410,CVE-2017-11600,CVE-2017-12193,CVE-2017-15115,CVE-2017-16528,CVE-2017-16536,CVE-2017-16537,CVE-2017-16646,CVE-2017-16939,CVE-2017-16994,CVE-2017-17448,CVE-2017-17449,CVE-2017-17450,CVE-2017-7482,CVE-2017-8824
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.103-18.41.1, kernel-default-4.4.103-18.41.1, kernel-docs-4.4.103-18.41.1, kernel-obs-build-4.4.103-18.41.1, kernel-obs-qa-4.4.103-18.41.1, kernel-source-4.4.103-18.41.1, kernel-syms-4.4.103-18.41.1, kernel-vanilla-4.4.103-18.41.1
Comment 13 Swamp Workflow Management 2017-12-18 11:36:38 UTC
openSUSE-SU-2017:3359-1: An update that solves 17 vulnerabilities and has 136 fixes is now available.

Category: security (important)
Bug References: 1010201,1012382,1012523,1015336,1015337,1015340,1015342,1015343,1019675,1020412,1020645,1022595,1022607,1024346,1024373,1024376,1024412,1031717,1032150,1036489,1036800,1037404,1037838,1038299,1039542,1040073,1041873,1042268,1042957,1042977,1042978,1043017,1045404,1046054,1046107,1047901,1047989,1048317,1048327,1048356,1050060,1050231,1051406,1051635,1051987,1052384,1053309,1053919,1055272,1056003,1056365,1056427,1056587,1056596,1056652,1056979,1057079,1057199,1057820,1058413,1059639,1060333,1061756,1062496,1062835,1062941,1063026,1063349,1063516,1064206,1064320,1064591,1064597,1064606,1064701,1064926,1065101,1065180,1065600,1065639,1065692,1065717,1065866,1065959,1066045,1066175,1066192,1066213,1066223,1066285,1066382,1066470,1066471,1066472,1066573,1066606,1066629,1066660,1066696,1066767,1066812,1066974,1067105,1067132,1067225,1067494,1067734,1067735,1067888,1067906,1068671,1068978,1068980,1068982,1069152,1069250,1069270,1069277,1069484,1069496,1069583,1069702,1069721,1069793,1069879,1069916,1069942,1069996,1070001,1070006,1070145,1070169,1070404,1070535,1070767,1070771,1070805,1070825,1070964,1071693,1071694,1071695,1071833,1072589,744692,789311,964944,966170,966172,969470,979928,989261,996376
CVE References: CVE-2017-1000405,CVE-2017-1000410,CVE-2017-11600,CVE-2017-12193,CVE-2017-15115,CVE-2017-16528,CVE-2017-16536,CVE-2017-16537,CVE-2017-16645,CVE-2017-16646,CVE-2017-16939,CVE-2017-16994,CVE-2017-17448,CVE-2017-17449,CVE-2017-17450,CVE-2017-7482,CVE-2017-8824
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.103-36.1, kernel-default-4.4.103-36.1, kernel-docs-4.4.103-36.1, kernel-obs-build-4.4.103-36.1, kernel-obs-qa-4.4.103-36.1, kernel-source-4.4.103-36.1, kernel-syms-4.4.103-36.1, kernel-vanilla-4.4.103-36.1
Comment 14 Swamp Workflow Management 2018-01-04 10:30:44 UTC
This is an autogenerated message for OBS integration:
This bug (1069702) was mentioned in
https://build.opensuse.org/request/show/561571 42.2 / kernel-source
Comment 15 Swamp Workflow Management 2018-01-04 11:17:49 UTC
SUSE-SU-2018:0011-1: An update that solves 17 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1013018,1024612,1034862,1045479,1045538,1047487,1048185,1050231,1050431,1056982,1063043,1065180,1065600,1066569,1066693,1066973,1068032,1068671,1068984,1069702,1070771,1070964,1071074,1071470,1071695,1072457,1072561,1072876,1073792,1073874
CVE References: CVE-2017-11600,CVE-2017-13167,CVE-2017-14106,CVE-2017-15115,CVE-2017-15868,CVE-2017-16534,CVE-2017-16538,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.21.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.21.1, kernel-default-3.0.101-108.21.1, kernel-ec2-3.0.101-108.21.1, kernel-pae-3.0.101-108.21.1, kernel-ppc64-3.0.101-108.21.1, kernel-source-3.0.101-108.21.1, kernel-syms-3.0.101-108.21.1, kernel-trace-3.0.101-108.21.1, kernel-xen-3.0.101-108.21.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.21.1, kernel-pae-3.0.101-108.21.1, kernel-ppc64-3.0.101-108.21.1, kernel-trace-3.0.101-108.21.1, kernel-xen-3.0.101-108.21.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.21.1, kernel-default-3.0.101-108.21.1, kernel-ec2-3.0.101-108.21.1, kernel-pae-3.0.101-108.21.1, kernel-ppc64-3.0.101-108.21.1, kernel-trace-3.0.101-108.21.1, kernel-xen-3.0.101-108.21.1
Comment 16 Swamp Workflow Management 2018-01-08 20:10:54 UTC
SUSE-SU-2018:0040-1: An update that solves 32 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1010175,1034862,1045327,1050231,1052593,1056982,1057179,1057389,1058524,1062520,1063544,1063667,1066295,1066472,1066569,1066573,1066606,1066618,1066625,1066650,1066671,1066693,1066700,1066705,1067085,1068032,1068671,1069702,1069708,1070771,1071074,1071470,1071695,1072561,1072876,1073792,1073874,1074033,999245
CVE References: CVE-2017-1000251,CVE-2017-11600,CVE-2017-13080,CVE-2017-13167,CVE-2017-14106,CVE-2017-14140,CVE-2017-14340,CVE-2017-15102,CVE-2017-15115,CVE-2017-15265,CVE-2017-15274,CVE-2017-15868,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16534,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16538,CVE-2017-16649,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-ppc64-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
Comment 17 Swamp Workflow Management 2018-01-23 17:17:07 UTC
SUSE-SU-2018:0180-1: An update that solves 26 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1012917,1013018,1024612,1034862,1045205,1045479,1045538,1047487,1048185,1050231,1050431,1051133,1054305,1056982,1063043,1064803,1064861,1065180,1065600,1066471,1066472,1066569,1066573,1066606,1066618,1066625,1066650,1066671,1066693,1066700,1066705,1066973,1067085,1067816,1067888,1068032,1068671,1068984,1069702,1070771,1070964,1071074,1071470,1071695,1072457,1072561,1072876,1073792,1073874,1074709
CVE References: CVE-2017-11600,CVE-2017-13167,CVE-2017-14106,CVE-2017-15102,CVE-2017-15115,CVE-2017-15868,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16534,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16538,CVE-2017-16649,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.14.1, kernel-rt_trace-3.0.101.rt130-69.14.1, kernel-source-rt-3.0.101.rt130-69.14.1, kernel-syms-rt-3.0.101.rt130-69.14.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.14.1, kernel-rt_debug-3.0.101.rt130-69.14.1, kernel-rt_trace-3.0.101.rt130-69.14.1
Comment 18 Swamp Workflow Management 2018-01-25 14:19:12 UTC
SUSE-SU-2018:0213-1: An update that solves 22 vulnerabilities and has 72 fixes is now available.

Category: security (important)
Bug References: 1010201,1012382,1012829,1012917,1021424,1022476,1022595,1024412,1027301,1031717,1039616,1046107,1047487,1050060,1050231,1056003,1056365,1056427,1056979,1057199,1060333,1060682,1061756,1062941,1063026,1063043,1063516,1064311,1064926,1065180,1065600,1065639,1065692,1065717,1065866,1066045,1066192,1066213,1066223,1066285,1066382,1066470,1066471,1066472,1066573,1066606,1066629,1067105,1067132,1067494,1067888,1068032,1068671,1068951,1068978,1068980,1068982,1069270,1069496,1069702,1069793,1069942,1069996,1070006,1070145,1070535,1070767,1070771,1070805,1070825,1070964,1071009,1071231,1071693,1071694,1071695,1071833,1072556,1072962,1073090,1073792,1073809,1073874,1073912,1074392,1074709,963575,964063,964944,966170,966172,969470,979928,989261
CVE References: CVE-2017-1000405,CVE-2017-1000410,CVE-2017-11600,CVE-2017-12193,CVE-2017-15115,CVE-2017-16528,CVE-2017-16536,CVE-2017-16537,CVE-2017-16645,CVE-2017-16646,CVE-2017-16939,CVE-2017-16994,CVE-2017-17448,CVE-2017-17449,CVE-2017-17450,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7482,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP2 (src):    kernel-rt-4.4.104-24.1, kernel-rt_debug-4.4.104-24.1, kernel-source-rt-4.4.104-24.1, kernel-syms-rt-4.4.104-24.1
Comment 19 Marcus Meissner 2018-02-09 07:52:32 UTC
released
Comment 26 Swamp Workflow Management 2019-01-18 20:31:59 UTC
This is an autogenerated message for OBS integration:
This bug (1069702) was mentioned in
https://build.opensuse.org/request/show/667052 42.3 / kernel-source
Comment 27 Swamp Workflow Management 2019-01-23 23:52:31 UTC
SUSE-SU-2019:0148-1: An update that solves 10 vulnerabilities and has 94 fixes is now available.

Category: security (important)
Bug References: 1012382,1015336,1015337,1015340,1019683,1019695,1020645,1027260,1027457,1042286,1043083,1046264,1047487,1048916,1065600,1066223,1068032,1069702,1070805,1079935,1087082,1091405,1093158,1094244,1094973,1096242,1096281,1099523,1100105,1101557,1102439,1102660,1103156,1103257,1103624,1104098,1104731,1105412,1106105,1106237,1106240,1106929,1107385,1108145,1108240,1109272,1109330,1109806,1110286,1111062,1111809,1112246,1112963,1113412,1114190,1114417,1114475,1114648,1114763,1114839,1114871,1115431,1115433,1115440,1115587,1115709,1116027,1116183,1116285,1116336,1116345,1116497,1116841,1116924,1116950,1117162,1117165,1117186,1117562,1118152,1118316,1118319,1118505,1118790,1118798,1118915,1118922,1118926,1118930,1118936,1119204,1119714,1119877,1119946,1119967,1119970,1120046,1120743,1121239,1121240,1121241,1121242,1121275,1121621
CVE References: CVE-2017-16939,CVE-2018-1120,CVE-2018-16862,CVE-2018-16884,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-3639,CVE-2018-9568
Sources used:
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-azure-4.4.170-4.22.1, kernel-source-azure-4.4.170-4.22.1, kernel-syms-azure-4.4.170-4.22.1
Comment 31 Swamp Workflow Management 2019-02-01 19:31:59 UTC
This is an autogenerated message for OBS integration:
This bug (1069702) was mentioned in
https://build.opensuse.org/request/show/670625 42.3 / kernel-source
Comment 33 Swamp Workflow Management 2019-02-11 20:12:16 UTC
SUSE-SU-2019:0320-1: An update that solves 9 vulnerabilities and has 113 fixes is now available.

Category: security (important)
Bug References: 1012382,1015336,1015337,1015340,1019683,1019695,1020645,1023175,1027260,1027457,1031492,1042286,1043083,1046264,1047487,1048916,1065600,1066223,1068032,1069702,1070805,1079935,1086423,1087082,1091405,1092100,1093158,1093641,1093649,1093653,1093655,1093657,1093663,1094244,1094973,1096242,1096281,1099523,1100105,1101557,1102439,1102660,1103156,1103257,1103624,1104098,1104731,1106105,1106237,1106240,1106929,1107385,1108145,1108240,1109168,1109272,1109330,1109806,1110286,1111062,1111174,1111809,1112246,1112963,1113412,1113766,1114190,1114417,1114475,1114648,1114763,1114839,1114871,1115431,1115433,1115440,1115482,1115587,1115709,1116027,1116183,1116285,1116336,1116345,1116497,1116841,1116924,1116950,1116962,1117162,1117165,1117186,1117562,1118152,1118316,1118319,1118505,1118790,1118798,1118915,1118922,1118926,1118930,1118936,1119204,1119445,1119714,1119877,1119946,1119967,1119970,1120046,1120260,1120743,1120950,1121239,1121240,1121241,1121242,1121275,1121621,985031
CVE References: CVE-2017-16939,CVE-2018-1120,CVE-2018-16862,CVE-2018-16884,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.170-3.32.2, kernel-rt_debug-4.4.170-3.32.2, kernel-source-rt-4.4.170-3.32.1, kernel-syms-rt-4.4.170-3.32.1