Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2017:0232-1 Final 1 1 2017-01-20T12:30:33Z current 2017-01-20T12:30:33Z 2017-01-20T12:30:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for Linux Kernel Live Patch 3 for SLE 12 SP2 This update for the Linux Kernel 4.4.21-90 fixes several issues. The following security bugs were fixed: - CVE-2016-10088: The sg implementation in the Linux kernel did not properly restrict write operations in situations where the KERNEL_DS option is set, which allowed local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576 (bsc#1019079). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Live-Patching-12-2017-109 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2017/suse-su-20170232-1/ Link for SUSE-SU-2017:0232-1 https://lists.opensuse.org/opensuse-security-announce/2017-01/msg00043.html E-Mail link for SUSE-SU-2017:0232-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1019079 SUSE Bug 1019079 https://www.suse.com/security/cve/CVE-2016-10088/ SUSE CVE CVE-2016-10088 page SUSE Linux Enterprise Live Patching 12 kgraft-patch-4_4_21-90-default-2-2.1 kgraft-patch-4_4_21-90-default-2-2.1 as a component of SUSE Linux Enterprise Live Patching 12 The sg implementation in the Linux kernel through 4.9 does not properly restrict write operations in situations where the KERNEL_DS option is set, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device, related to block/bsg.c and drivers/scsi/sg.c. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-9576. CVE-2016-10088 SUSE Linux Enterprise Live Patching 12:kgraft-patch-4_4_21-90-default-2-2.1 important 6.2 AV:L/AC:H/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2017/suse-su-20170232-1/ https://www.suse.com/security/cve/CVE-2016-10088.html CVE-2016-10088 https://bugzilla.suse.com/1013604 SUSE Bug 1013604 https://bugzilla.suse.com/1014271 SUSE Bug 1014271 https://bugzilla.suse.com/1017710 SUSE Bug 1017710 https://bugzilla.suse.com/1019079 SUSE Bug 1019079 https://bugzilla.suse.com/1115893 SUSE Bug 1115893