Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:com.altx-soft.nix:def:34251
[Rus]
Version
7
Class
patch
ALTXid
204150
Language
English
Severity
Critical
Title
USN-3754-1 -- Linux kernel vulnerabilities
Description
Several security issues were fixed in the Linux kernel.
Family
unix
Platform
Linux Mint 17
Ubuntu 14.04
Product
linux
Reference
VENDOR: USN-3754-1
VENDOR: USN-3754-1
Id:
USN-3754-1
Reference:
https://usn.ubuntu.com/3754-1/
CVE: CVE-2016-10208
CVE: CVE-2016-10208
Id:
CVE-2016-10208
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10208
Comment
: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.9.8 does not properly validate meta block groups, which allows physically proximate attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
4.3
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1395190 (CONFIRM)
[oss-security] 20170204 Re: Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read (MLIST)
20161115 OS-S 2016-22 - Local DoS: Linux Kernel EXT4 Memory Corruption / SLAB-Out-of-Bounds Read (FULLDISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3a4b77cd47bb837b8557595ec7425f281f2ca1fe (CONFIRM)
94354 (BID)
RHSA-2017:1308 (REDHAT)
RHSA-2017:1298 (REDHAT)
RHSA-2017:1297 (REDHAT)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-11472
CVE: CVE-2017-11472
Id:
CVE-2017-11472
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11472
Comment
: The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
CVSSv2 Score:
3.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:N
CVSSv3 Score:
7.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CWE:
755 (Improper Handling of Exceptional Conditions)
References:
https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f (CONFIRM)
https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6 (CONFIRM)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f (CONFIRM)
USN-3619-1 (UBUNTU)
USN-3619-2 (UBUNTU)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-11473
CVE: CVE-2017-11473
Id:
CVE-2017-11473
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11473
Comment
: Buffer overflow in the mp_override_legacy_irq() function in arch/x86/kernel/acpi/boot.c in the Linux kernel through 3.2 allows local users to gain privileges via a crafted ACPI table.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
120 (Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'))
References:
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=70ac67826602edf8c0ccb413e5ba7eacf597a60c (CONFIRM)
100010 (BID)
https://source.android.com/security/bulletin/pixel/2018-01-01 (CONFIRM)
RHSA-2018:0654 (REDHAT)
USN-3754-1 (UBUNTU)
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=dad5ab0db8deac535d03e3fe3d8f2892173fa6a4 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=96301209473afd3f2f274b91cb7082d161b9be65 (CONFIRM)
CVE: CVE-2017-14991
CVE: CVE-2017-14991
Id:
CVE-2017-14991
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14991
Comment
: The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://github.com/torvalds/linux/commit/3e0097499839e0fe3af380410eababe5a47c4cf9 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4 (CONFIRM)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e0097499839e0fe3af380410eababe5a47c4cf9 (CONFIRM)
101187 (BID)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-15649
CVE: CVE-2017-15649
Id:
CVE-2017-15649
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15649
Comment
: net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e (MISC)
https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110 (MISC)
https://blogs.securiteam.com/index.php/archives/3484 (MISC)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6 (MISC)
http://patchwork.ozlabs.org/patch/818726/ (MISC)
http://patchwork.ozlabs.org/patch/813945/ (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110 (MISC)
101573 (BID)
RHSA-2018:0181 (REDHAT)
RHSA-2018:0152 (REDHAT)
RHSA-2018:0151 (REDHAT)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16526
CVE: CVE-2017-16526
Id:
CVE-2017-16526
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16526
Comment
: drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://groups.google.com/d/msg/syzkaller/zROBxKXzHDk/5I6aZ3O2AgAJ (MISC)
https://github.com/torvalds/linux/commit/bbf26183b7a6236ba602f4d6a2f7cade35bba043 (MISC)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16527
CVE: CVE-2017-16527
Id:
CVE-2017-16527
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16527
Comment
: sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (snd_usb_mixer_interrupt use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://groups.google.com/d/msg/syzkaller/jf7GTr_g2CU/iVlLhMciCQAJ (MISC)
https://github.com/torvalds/linux/commit/124751d5e63c823092060074bd0abaae61aaa9c4 (MISC)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16529
CVE: CVE-2017-16529
Id:
CVE-2017-16529
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16529
Comment
: The snd_usb_create_streams function in sound/usb/card.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://groups.google.com/d/msg/syzkaller/rDzv5RP_f2M/M5au06qmAwAJ (MISC)
https://github.com/torvalds/linux/commit/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991 (MISC)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
103284 (BID)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16531
CVE: CVE-2017-16531
Id:
CVE-2017-16531
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16531
Comment
: drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device, related to the USB_DT_INTERFACE_ASSOCIATION descriptor.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://groups.google.com/d/msg/syzkaller/hP6L-m59m_8/Co2ouWeFAwAJ (MISC)
https://github.com/torvalds/linux/commit/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb (MISC)
102025 (BID)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html (MISC)
CVE: CVE-2017-16532
CVE: CVE-2017-16532
Id:
CVE-2017-16532
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16532
Comment
: The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://groups.google.com/d/msg/syzkaller/l3870gs3LhA/y79DYQdFBAAJ (MISC)
https://github.com/torvalds/linux/commit/7c80f9e4a588f1925b07134bb2e3689335f6c6d8 (MISC)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
USN-3617-2 (UBUNTU)
USN-3617-1 (UBUNTU)
USN-3619-1 (UBUNTU)
USN-3617-3 (UBUNTU)
USN-3619-2 (UBUNTU)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16533
CVE: CVE-2017-16533
Id:
CVE-2017-16533
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16533
Comment
: The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux kernel before 4.13.8 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://groups.google.com/d/msg/syzkaller/CxkJ9QZgwlM/O3IOvAaGAwAJ (MISC)
https://github.com/torvalds/linux/commit/f043bfc98c193c284e2cd768fefabe18ac2fed9b (MISC)
102026 (BID)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16535
CVE: CVE-2017-16535
Id:
CVE-2017-16535
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16535
Comment
: The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://groups.google.com/d/msg/syzkaller/tzdz2fTB1K0/OvjIgLSTAgAJ (MISC)
https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e (MISC)
102022 (BID)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16536
CVE: CVE-2017-16536
Id:
CVE-2017-16536
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16536
Comment
: The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://patchwork.kernel.org/patch/9963527/ (MISC)
https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ (MISC)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
USN-3619-1 (UBUNTU)
USN-3619-2 (UBUNTU)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16537
CVE: CVE-2017-16537
Id:
CVE-2017-16537
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16537
Comment
: The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://patchwork.kernel.org/patch/9994017/ (MISC)
https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ (MISC)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
USN-3617-2 (UBUNTU)
USN-3617-1 (UBUNTU)
USN-3619-1 (UBUNTU)
USN-3617-3 (UBUNTU)
USN-3619-2 (UBUNTU)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16538
CVE: CVE-2017-16538
Id:
CVE-2017-16538
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16538
Comment
: drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
https://patchwork.linuxtv.org/patch/44567/ (MISC)
https://patchwork.linuxtv.org/patch/44566/ (MISC)
https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ (MISC)
DSA-4073 (DEBIAN)
SUSE-SU-2018:0011 (SUSE)
DSA-4082 (DEBIAN)
USN-3631-2 (UBUNTU)
USN-3631-1 (UBUNTU)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16643
CVE: CVE-2017-16643
Id:
CVE-2017-16643
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16643
Comment
: The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://groups.google.com/d/msg/syzkaller/McWFcOsA47Y/3bjtBBgaBAAJ (MISC)
https://github.com/torvalds/linux/commit/a50829479f58416a013a4ccca791336af3c584c7 (MISC)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11 (MISC)
101769 (BID)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16644
CVE: CVE-2017-16644
Id:
CVE-2017-16644
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16644
Comment
: The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
388 (Error Handling)
References:
https://patchwork.kernel.org/patch/9966135/ (MISC)
https://groups.google.com/d/msg/syzkaller/ngC5SLvxPm4/gduhCARhAwAJ (MISC)
101842 (BID)
DSA-4073 (DEBIAN)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16645
CVE: CVE-2017-16645
Id:
CVE-2017-16645
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16645
Comment
: The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ (MISC)
https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a (MISC)
101768 (BID)
USN-3617-2 (UBUNTU)
USN-3617-1 (UBUNTU)
USN-3619-1 (UBUNTU)
USN-3617-3 (UBUNTU)
USN-3619-2 (UBUNTU)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16650
CVE: CVE-2017-16650
Id:
CVE-2017-16650
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16650
Comment
: The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
369 (Divide By Zero)
References:
https://patchwork.ozlabs.org/patch/834770/ (MISC)
https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ (MISC)
101791 (BID)
USN-3617-2 (UBUNTU)
USN-3617-1 (UBUNTU)
USN-3619-1 (UBUNTU)
USN-3617-3 (UBUNTU)
USN-3619-2 (UBUNTU)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16911
CVE: CVE-2017-16911
Id:
CVE-2017-16911
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16911
Comment
: The vhci_hcd driver in the Linux Kernel before version 4.14.8 and 4.4.114 allows allows local attackers to disclose kernel memory addresses. Successful exploitation requires that a USB device is attached over IP.
CVSSv2 Score:
1.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:P/I:N/A:N
CVSSv3 Score:
4.7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
200 (Information Exposure)
References:
https://www.spinics.net/lists/linux-usb/msg163480.html (MISC)
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-20/ (MISC)
https://secuniaresearch.flexerasoftware.com/advisories/80454/ (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=2f2d0088eb93db5c649d2a5e34a3800a8a935fc5 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 (MISC)
102156 (BID)
USN-3619-1 (UBUNTU)
USN-3619-2 (UBUNTU)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16912
CVE: CVE-2017-16912
Id:
CVE-2017-16912
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16912
Comment
: The "get_pipe()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 allows attackers to cause a denial of service (out-of-bounds read) via a specially crafted USB over IP packet.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.9
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://www.spinics.net/lists/linux-usb/msg163480.html (MISC)
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/ (MISC)
https://secuniaresearch.flexerasoftware.com/advisories/77000/ (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=635f545a7e8be7596b9b2b6a43cab6bbd5a88e43 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 (MISC)
102150 (BID)
USN-3619-1 (UBUNTU)
USN-3619-2 (UBUNTU)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16913
CVE: CVE-2017-16913
Id:
CVE-2017-16913
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16913
Comment
: The "stub_recv_cmd_submit()" function (drivers/usb/usbip/stub_rx.c) in the Linux Kernel before version 4.14.8, 4.9.71, and 4.4.114 when handling CMD_SUBMIT packets allows attackers to cause a denial of service (arbitrary memory allocation) via a specially crafted USB over IP packet.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.9
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://www.spinics.net/lists/linux-usb/msg163480.html (MISC)
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/ (MISC)
https://secuniaresearch.flexerasoftware.com/advisories/80601/ (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=c6688ef9f29762e65bce325ef4acd6c675806366 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.114 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 (MISC)
102150 (BID)
USN-3619-1 (UBUNTU)
USN-3619-2 (UBUNTU)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-16914
CVE: CVE-2017-16914
Id:
CVE-2017-16914
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16914
Comment
: The "stub_send_ret_submit()" function (drivers/usb/usbip/stub_tx.c) in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial of service (NULL pointer dereference) via a specially crafted USB over IP packet.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.9
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://www.spinics.net/lists/linux-usb/msg163480.html (MISC)
https://secuniaresearch.flexerasoftware.com/secunia_research/2017-21/ (MISC)
https://secuniaresearch.flexerasoftware.com/advisories/80722/ (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/drivers/usb/usbip?id=be6123df1ea8f01ee2f896a16c2b7be3e4557a5a (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.71 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.107 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.49 (MISC)
102150 (BID)
USN-3619-1 (UBUNTU)
USN-3619-2 (UBUNTU)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-17558
CVE: CVE-2017-17558
Id:
CVE-2017-17558
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17558
Comment
: The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.6
Attack vector:
PHYSICAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://www.spinics.net/lists/linux-usb/msg163644.html (MISC)
http://openwall.com/lists/oss-security/2017/12/12/7 (MISC)
DSA-4073 (DEBIAN)
SUSE-SU-2018:0011 (SUSE)
DSA-4082 (DEBIAN)
[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update (MLIST)
USN-3619-1 (UBUNTU)
USN-3619-2 (UBUNTU)
RHSA-2018:1062 (REDHAT)
RHSA-2018:0676 (REDHAT)
USN-3754-1 (UBUNTU)
RHSA-2019:1170 (REDHAT)
RHSA-2019:1190 (REDHAT)
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html (MISC)
CVE: CVE-2017-18255
CVE: CVE-2017-18255
Id:
CVE-2017-18255
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18255
Comment
: The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d (MISC)
USN-3696-2 (UBUNTU)
USN-3696-1 (UBUNTU)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3754-1 (UBUNTU)
103607 (BID)
CVE: CVE-2017-18270
CVE: CVE-2017-18270
Id:
CVE-2017-18270
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18270
Comment
: In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
CVSSv2 Score:
3.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:P/A:P
CVSSv3 Score:
7.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
References:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5 (CONFIRM)
https://github.com/torvalds/linux/commit/237bbd29f7a049d310d907f4b2716a7feef9abf3 (CONFIRM)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3 (CONFIRM)
104254 (BID)
USN-3754-1 (UBUNTU)
https://bugzilla.redhat.com/show_bug.cgi?id=1856774#c11 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=1856774#c9 (MISC)
https://support.f5.com/csp/article/K37301725 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1580979 (MISC)
CVE: CVE-2017-2583
CVE: CVE-2017-2583
Id:
CVE-2017-2583
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2583
Comment
: The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a "MOV SS, NULL selector" instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
8.4
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
https://github.com/torvalds/linux/commit/33ab91103b3415e12457e3104f0e4517ce12d0f3 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1414735 (CONFIRM)
[oss-security] 20170119 CVE-2017-2583 Kernel: Kvm: vmx/svm potential privilege escalation inside guest (MLIST)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5 (CONFIRM)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=33ab91103b3415e12457e3104f0e4517ce12d0f3 (CONFIRM)
95673 (BID)
DSA-3791 (DEBIAN)
RHSA-2017:1616 (REDHAT)
RHSA-2017:1615 (REDHAT)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-2584
CVE: CVE-2017-2584
Id:
CVE-2017-2584
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2584
Comment
: arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local users to obtain sensitive information from kernel memory or cause a denial of service (use-after-free) via a crafted application that leverages instruction emulation for fxrstor, fxsave, sgdt, and sidt.
CVSSv2 Score:
3.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:P
CVSSv3 Score:
7.1
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CWE:
200 (Information Exposure)
References:
https://github.com/torvalds/linux/commit/129a72a0d3c8e139a04512325384fe5ac119e74d (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1413001 (CONFIRM)
[oss-security] 20170113 CVE-2017-2584 Kernel: kvm: use after free in complete_emulated_mmio (MLIST)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=129a72a0d3c8e139a04512325384fe5ac119e74d (CONFIRM)
95430 (BID)
1037603 (SECTRACK)
DSA-3791 (DEBIAN)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-5549
CVE: CVE-2017-5549
Id:
CVE-2017-5549
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5549
Comment
: The klsi_105_get_line_state function in drivers/usb/serial/kl5kusb105.c in the Linux kernel before 4.9.5 places uninitialized heap-memory contents into a log entry upon a failure to read the line status, which allows local users to obtain sensitive information by reading the log.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
532 (Information Exposure Through Log Files)
References:
https://github.com/torvalds/linux/commit/146cc8a17a3b4996f6805ee5c080e7101277c410 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1416114 (CONFIRM)
[oss-security] 20170120 Re: CVE REQUEST: linux kernel: process with pgid zero able to crash kernel (MLIST)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.5 (CONFIRM)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=146cc8a17a3b4996f6805ee5c080e7101277c410 (CONFIRM)
95715 (BID)
DSA-3791 (DEBIAN)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-5897
CVE: CVE-2017-5897
Id:
CVE-2017-5897
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5897
Comment
: The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel allows remote attackers to have unspecified impact via vectors involving GRE flags in an IPv6 packet, which trigger an out-of-bounds access.
CVSSv2 Score:
7.5
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
9.8
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756 (CONFIRM)
1037794 (SECTRACK)
96037 (BID)
[oss-security] 20170207 Re: CVE Request: Linux: ip6_gre: invalid reads in ip6gre_err() (MLIST)
https://source.android.com/security/bulletin/2017-09-01 (CONFIRM)
DSA-3791 (DEBIAN)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-6345
CVE: CVE-2017-6345
Id:
CVE-2017-6345
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6345
Comment
: The LLC subsystem in the Linux kernel before 4.9.13 does not ensure that a certain destructor exists in required circumstances, which allows local users to cause a denial of service (BUG_ON) or possibly have unspecified other impact via crafted system calls.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
https://github.com/torvalds/linux/commit/8b74d439e1697110c5e5c600643e823eb1dd0762 (CONFIRM)
[oss-security] 20170228 Linux: net/llc: avoid BUG_ON() in skb_orphan() (CVE-2017-6345) (MLIST)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13 (CONFIRM)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b74d439e1697110c5e5c600643e823eb1dd0762 (CONFIRM)
96510 (BID)
DSA-3804 (DEBIAN)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-6348
CVE: CVE-2017-6348
Id:
CVE-2017-6348
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6348
Comment
: The hashbin_delete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of service (deadlock) via crafted operations on IrDA devices.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
https://github.com/torvalds/linux/commit/4c03b862b12f980456f9de92db6d508a4999b788 (CONFIRM)
[oss-security] 20170228 Linux: irda: Fix lockdep annotations in hashbin_delete() (CVE-2017-6348) (MLIST)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.13 (CONFIRM)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c03b862b12f980456f9de92db6d508a4999b788 (CONFIRM)
96483 (BID)
DSA-3804 (DEBIAN)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-7518
CVE: CVE-2017-7518
Id:
CVE-2017-7518
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7518
Comment
: A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
755 (Improper Handling of Exceptional Conditions)
References:
[kvm] 20170622 [PATCH] KVM: x86: fix singlestepping over syscall (MLIST)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518 (CONFIRM)
https://access.redhat.com/articles/3290921 (CONFIRM)
[oss-security] 20170623 CVE-2017-7518 Kernel: KVM: debug exception via syscall emulation (MLIST)
DSA-3981 (DEBIAN)
USN-3619-2 (UBUNTU)
USN-3619-1 (UBUNTU)
RHSA-2018:0412 (REDHAT)
RHSA-2018:0395 (REDHAT)
1038782 (SECTRACK)
99263 (BID)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-7645
CVE: CVE-2017-7645
Id:
CVE-2017-7645
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7645
Comment
: The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel through 4.10.11 allows remote attackers to cause a denial of service (system crash) via a long RPC reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
20 (Improper Input Validation)
References:
https://marc.info/?l=linux-nfs&m=149247516212924&w=2 (MISC)
https://marc.info/?l=linux-nfs&m=149218228327497&w=2 (MISC)
97950 (BID)
https://github.com/torvalds/linux/commit/e6838a29ecb484c97e4efef9429643b9851fba6e (CONFIRM)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e6838a29ecb484c97e4efef9429643b9851fba6e (CONFIRM)
DSA-3886 (DEBIAN)
RHSA-2017:1647 (REDHAT)
RHSA-2017:1616 (REDHAT)
RHSA-2017:1615 (REDHAT)
RHSA-2018:1319 (REDHAT)
USN-3754-1 (UBUNTU)
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 (CONFIRM)
CVE: CVE-2017-8831
CVE: CVE-2017-8831
Id:
CVE-2017-8831
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8831
Comment
: The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability.
CVSSv2 Score:
6.9
Access vector:
LOCAL
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSSv3 Score:
6.4
Attack vector:
PHYSICAL
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.kernel.org/show_bug.cgi?id=195559 (MISC)
https://github.com/stoth68000/media-tree/commit/354dd3924a2e43806774953de536257548b5002c (CONFIRM)
http://www.securityfocus.com/archive/1/540770/30/0/threaded (MISC)
99619 (BID)
[debian-lts-announce] 20171210 [SECURITY] [DLA 1200-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-9984
CVE: CVE-2017-9984
Id:
CVE-2017-9984
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9984
Comment
: The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.kernel.org/show_bug.cgi?id=196131 (MISC)
99314 (BID)
https://github.com/torvalds/linux/commit/20e2b791796bd68816fa115f12be5320de2b8021 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e2b791796bd68816fa115f12be5320de2b8021 (MISC)
USN-3754-1 (UBUNTU)
CVE: CVE-2017-9985
CVE: CVE-2017-9985
Id:
CVE-2017-9985
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9985
Comment
: The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.kernel.org/show_bug.cgi?id=196133 (MISC)
99335 (BID)
https://github.com/torvalds/linux/commit/20e2b791796bd68816fa115f12be5320de2b8021 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e2b791796bd68816fa115f12be5320de2b8021 (MISC)
USN-3754-1 (UBUNTU)
CVE: CVE-2018-10087
CVE: CVE-2018-10087
Id:
CVE-2018-10087
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10087
Comment
: The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
20 (Improper Input Validation)
References:
https://news.ycombinator.com/item?id=2972021 (MISC)
https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4 (MISC)
103774 (BID)
USN-3696-2 (UBUNTU)
USN-3696-1 (UBUNTU)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2018-10124
CVE: CVE-2018-10124
Id:
CVE-2018-10124
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10124
Comment
: The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://news.ycombinator.com/item?id=2972021 (MISC)
https://github.com/torvalds/linux/commit/4ea77014af0d6205b05503d1c7aac6eace11d473 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea77014af0d6205b05503d1c7aac6eace11d473 (MISC)
1040684 (SECTRACK)
USN-3696-2 (UBUNTU)
USN-3696-1 (UBUNTU)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3754-1 (UBUNTU)
CVE: CVE-2018-10323
CVE: CVE-2018-10323
Id:
CVE-2018-10323
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10323
Comment
: The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_bmapi_write NULL pointer dereference) via a crafted xfs image.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://www.spinics.net/lists/linux-xfs/msg17254.html (MISC)
https://bugzilla.kernel.org/show_bug.cgi?id=199423 (MISC)
103959 (BID)
DSA-4188 (DEBIAN)
USN-3754-1 (UBUNTU)
USN-3752-2 (UBUNTU)
USN-3752-1 (UBUNTU)
USN-3752-3 (UBUNTU)
USN-4486-1 (UBUNTU)
CVE: CVE-2018-10675
CVE: CVE-2018-10675
Id:
CVE-2018-10675
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10675
Comment
: The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel before 4.12.9 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted system calls.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9 (MISC)
https://github.com/torvalds/linux/commit/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 (MISC)
104093 (BID)
RHSA-2018:2164 (REDHAT)
RHSA-2018:2395 (REDHAT)
RHSA-2018:2384 (REDHAT)
USN-3754-1 (UBUNTU)
RHSA-2018:2791 (REDHAT)
RHSA-2018:2785 (REDHAT)
RHSA-2018:2933 (REDHAT)
RHSA-2018:2925 (REDHAT)
RHSA-2018:2924 (REDHAT)
RHSA-2018:3590 (REDHAT)
RHSA-2018:3586 (REDHAT)
RHSA-2018:3540 (REDHAT)
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 (CONFIRM)
https://www.oracle.com/security-alerts/cpujul2020.html (MISC)
CVE: CVE-2018-10877
CVE: CVE-2018-10877
Id:
CVE-2018-10877
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10877
Comment
: Linux kernel ext4 filesystem is vulnerable to an out-of-bound access in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
6.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
HIGH
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10877 (CONFIRM)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3754-1 (UBUNTU)
USN-3753-2 (UBUNTU)
USN-3753-1 (UBUNTU)
RHSA-2018:2948 (REDHAT)
106503 (BID)
USN-3871-1 (UBUNTU)
USN-3871-4 (UBUNTU)
USN-3871-3 (UBUNTU)
USN-3871-5 (UBUNTU)
104878 (BID)
CVE: CVE-2018-10881
CVE: CVE-2018-10881
Id:
CVE-2018-10881
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10881
Comment
: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881 (CONFIRM)
https://bugzilla.kernel.org/show_bug.cgi?id=200015 (CONFIRM)
http://patchwork.ozlabs.org/patch/929792/ (CONFIRM)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
104901 (BID)
USN-3754-1 (UBUNTU)
USN-3753-2 (UBUNTU)
USN-3753-1 (UBUNTU)
USN-3752-2 (UBUNTU)
USN-3752-1 (UBUNTU)
USN-3752-3 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
CVE: CVE-2018-1092
CVE: CVE-2018-1092
Id:
CVE-2018-1092
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1092
Comment
: The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=1560777 (MISC)
https://bugzilla.kernel.org/show_bug.cgi?id=199179 (MISC)
http://openwall.com/lists/oss-security/2018/03/29/1 (MISC)
https://bugzilla.kernel.org/show_bug.cgi?id=199275 (MISC)
DSA-4188 (DEBIAN)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
USN-3678-2 (UBUNTU)
USN-3678-1 (UBUNTU)
USN-3677-2 (UBUNTU)
USN-3677-1 (UBUNTU)
USN-3676-2 (UBUNTU)
USN-3676-1 (UBUNTU)
USN-3678-3 (UBUNTU)
USN-3678-4 (UBUNTU)
USN-3754-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
CVE: CVE-2018-1093
CVE: CVE-2018-1093
Id:
CVE-2018-1093
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1093
Comment
: The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux kernel through 4.15.15 allows attackers to cause a denial of service (out-of-bounds read and system crash) via a crafted ext4 image because balloc.c and ialloc.c do not validate bitmap block numbers.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
125 (Out-of-bounds Read)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=7dac4a1726a9c64a517d595c40e95e2d0d135f6f (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=1560782 (MISC)
https://bugzilla.kernel.org/show_bug.cgi?id=199181 (MISC)
http://openwall.com/lists/oss-security/2018/03/29/1 (MISC)
DSA-4188 (DEBIAN)
[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update (MLIST)
USN-3676-2 (UBUNTU)
USN-3676-1 (UBUNTU)
[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update (MLIST)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update (MLIST)
USN-3754-1 (UBUNTU)
USN-3752-2 (UBUNTU)
USN-3752-1 (UBUNTU)
USN-3752-3 (UBUNTU)
CVE: CVE-2018-10940
CVE: CVE-2018-10940
Id:
CVE-2018-10940
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10940
Comment
: The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6 (MISC)
https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 (MISC)
104154 (BID)
[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update (MLIST)
USN-3676-2 (UBUNTU)
USN-3676-1 (UBUNTU)
USN-3695-2 (UBUNTU)
USN-3695-1 (UBUNTU)
[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update (MLIST)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update (MLIST)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3754-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
CVE: CVE-2018-12233
CVE: CVE-2018-12233
Id:
CVE-2018-12233
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12233
Comment
: In the ea_get function in fs/jfs/xattr.c in the Linux kernel through 4.17.1, a memory corruption bug in JFS can be triggered by calling setxattr twice with two different extended attribute names on the same file. This vulnerability can be triggered by an unprivileged user with the ability to create files and execute programs. A kmalloc call is incorrect, leading to slab-out-of-bounds in jfs_xattr.
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://lkml.org/lkml/2018/6/2/2 (MISC)
https://marc.info/?l=linux-kernel&m=152814391530549&w=2 (MISC)
104452 (BID)
[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update (MLIST)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update (MLIST)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3754-1 (UBUNTU)
USN-3753-2 (UBUNTU)
USN-3753-1 (UBUNTU)
USN-3752-2 (UBUNTU)
USN-3752-1 (UBUNTU)
USN-3752-3 (UBUNTU)
CVE: CVE-2018-13094
CVE: CVE-2018-13094
Id:
CVE-2018-13094
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13094
Comment
: An issue was discovered in fs/xfs/libxfs/xfs_attr_leaf.c in the Linux kernel through 4.17.3. An OOPS may occur for a corrupted xfs image after xfs_da_shrink_inode() is called with a NULL bp.
CVSSv2 Score:
4.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://github.com/torvalds/linux/commit/bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a (MISC)
https://bugzilla.kernel.org/show_bug.cgi?id=199969 (MISC)
https://git.kernel.org/pub/scm/fs/xfs/xfs-linux.git/commit/?h=for-next&id=bb3d48dcf86a97dc25fe9fc2c11938e19cb4399a (MISC)
USN-3754-1 (UBUNTU)
USN-3753-2 (UBUNTU)
USN-3753-1 (UBUNTU)
USN-3752-2 (UBUNTU)
USN-3752-1 (UBUNTU)
USN-3752-3 (UBUNTU)
RHSA-2019:0831 (REDHAT)
RHSA-2019:2043 (REDHAT)
RHSA-2019:2029 (REDHAT)
[debian-lts-announce] 20200302 [SECURITY] [DLA 2114-1] linux-4.9 security update (MLIST)
CVE: CVE-2018-13405
CVE: CVE-2018-13405
Id:
CVE-2018-13405
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13405
Comment
: The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
269 (Improper Privilege Management)
References:
https://twitter.com/grsecurity/status/1015082951204327425 (MISC)
https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 (MISC)
http://openwall.com/lists/oss-security/2018/07/13/2 (MISC)
45033 (EXPLOIT-DB)
DSA-4266 (DEBIAN)
[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update (MLIST)
USN-3754-1 (UBUNTU)
USN-3753-2 (UBUNTU)
USN-3753-1 (UBUNTU)
USN-3752-2 (UBUNTU)
USN-3752-1 (UBUNTU)
USN-3752-3 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
106503 (BID)
RHSA-2019:0717 (REDHAT)
https://support.f5.com/csp/article/K00854051 (CONFIRM)
RHSA-2019:2476 (REDHAT)
RHSA-2019:2566 (REDHAT)
RHSA-2019:2696 (REDHAT)
RHSA-2019:2730 (REDHAT)
RHSA-2019:4164 (REDHAT)
RHSA-2019:4159 (REDHAT)
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406 (CONFIRM)
FEDORA-2022-3a60c34473 ()
FEDORA-2022-5d0676b098 ()
CVE: CVE-2018-13406
CVE: CVE-2018-13406
Id:
CVE-2018-13406
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13406
Comment
: An integer overflow in the uvesafb_setcmap function in drivers/video/fbdev/uvesafb.c in the Linux kernel before 4.17.4 could result in local attackers being able to crash the kernel or potentially elevate privileges because kmalloc_array is not used.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://github.com/torvalds/linux/commit/9f645bcc566a1e9f921bdae7528a01ced5bc3713 (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.17.4 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f645bcc566a1e9f921bdae7528a01ced5bc3713 (MISC)
104685 (BID)
1041355 (SECTRACK)
USN-3754-1 (UBUNTU)
USN-3753-2 (UBUNTU)
USN-3753-1 (UBUNTU)
USN-3752-2 (UBUNTU)
USN-3752-1 (UBUNTU)
USN-3752-3 (UBUNTU)
[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update (MLIST)
CVE: CVE-2017-2671
CVE: CVE-2017-2671
Id:
CVE-2017-2671
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2671
Comment
: The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
https://twitter.com/danieljiang0415/status/845116665184497664 (MISC)
https://github.com/torvalds/linux/commit/43a6684519ab0a6c52024b5e25322476cabad893 (CONFIRM)
https://github.com/danieljiang0415/android_kernel_crash_poc (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6684519ab0a6c52024b5e25322476cabad893 (CONFIRM)
[oss-security] 20170404 Re: Linux kernel ping socket / AF_LLC connect() sin_family race (MLIST)
97407 (BID)
42135 (EXPLOIT-DB)
RHSA-2017:2669 (REDHAT)
RHSA-2017:2077 (REDHAT)
RHSA-2017:1842 (REDHAT)
RHSA-2018:1854 (REDHAT)
USN-3754-1 (UBUNTU)
CVE: CVE-2018-1000204
CVE: CVE-2018-1000204
Id:
CVE-2018-1000204
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000204
Comment
: ** DISPUTED ** Linux Kernel version 3.18 to 4.16 incorrectly handles an SG_IO ioctl on /dev/sg0 with dxfer_direction=SG_DXFER_FROM_DEV and an empty 6-byte cmdp. This may lead to copying up to 1000 kernel heap pages to the userspace. This has been fixed upstream in https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 already. The problem has limited scope, as users don't usually have permissions to access SCSI devices. On the other hand, e.g. the Nero user manual suggests doing `chmod o+r+w /dev/sg*` to make the devices accessible. NOTE: third parties dispute the relevance of this report, noting that the requirement for an attacker to have both the CAP_SYS_ADMIN and CAP_SYS_RAWIO capabilities makes it "virtually impossible to exploit."
CVSSv2 Score:
6.3
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE_INSTANCE
Confidentiality impact:
COMPLETE
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:N/AC:M/Au: /C:C/I:N/A:N
References:
openSUSE-SU-2019:1407 (SUSE)
http://www.openwall.com/lists/oss-security/2018/06/26/3 (MISC)
RHSA-2018:2948 (REDHAT)
https://github.com/torvalds/linux/commit/a45b599ad808c3c982fdcdc12b0b8611c2f92824 (CONFIRM)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update (MLIST)
[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update (MLIST)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3696-1 (UBUNTU)
USN-3696-2 (UBUNTU)
USN-3752-1 (UBUNTU)
USN-3752-2 (UBUNTU)
USN-3752-3 (UBUNTU)
USN-3754-1 (UBUNTU)
CVE: CVE-2018-10021
CVE: CVE-2018-10021
Id:
CVE-2018-10021
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10021
Comment
: drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel before 4.16 allows local users to cause a denial of service (ata qc leak) by triggering certain failure conditions. NOTE: a third party disputes the relevance of this report because the failure can only occur for physically proximate attackers who unplug SAS Host Bus Adapter cables
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
https://github.com/torvalds/linux/commit/318aaf34f1179b39fa9c30fa0f3288b645beee39 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=318aaf34f1179b39fa9c30fa0f3288b645beee39 (MISC)
https://bugzilla.suse.com/show_bug.cgi?id=1089281 (MISC)
USN-3678-2 (UBUNTU)
USN-3678-1 (UBUNTU)
USN-3678-3 (UBUNTU)
USN-3678-4 (UBUNTU)
USN-3696-2 (UBUNTU)
USN-3696-1 (UBUNTU)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3754-1 (UBUNTU)
Content available only for registered users!
ovaldb@altx-soft.com