Professional OVAL Repository
[Eng]
[Rus]
[Sign-In]
OVAL
Search
Categories
RedCheck
About
OVAL Definitions
OVAL Items
FSTEC Data Bank Information Security Threats
NKCKI
EOL (End Of Life)
Linux Security Advisories
Mozilla Foundation Security Advisory
IBM
VMware
Cisco
Check Point Software Technologies
Apache
Solaris
FreeBSD
Development
GitHub Enterprise
Google Chrome Security Advisories
Oracle Security Advisories
Adobe Security Advisories
OpenSSL Security Advisories
Microsoft
CVE
CWE
CPE
Latest Updates
OS ROSA
ALT Linux
Astra Linux
RED OS
DSA (Debian Security Advisory) Patсh Statistics
DSA (Debian Security Advisory) Patсh Feed
DSA (Debian Security Advisory) Vulnerability Feed
DLA (Debian Security Advisory) Patсh Statistics
DLA (Debian Security Advisory) Patсh Feed
DLA (Debian Security Advisory) Vulnerability Feed
ALT Linux (Security Bulletins) Patсh Statistics
ALT Linux (Security Bulletins) Patсh Feed
ALT Linux (Security Bulletins) Vulnerability Feed
RED OS (Security Bulletins) Patсh Statistics
RED OS (Security Bulletins) Patсh Feed
RED OS (Security Bulletins) Vulnerability Feed
USN (Ubuntu Security Notice) Patсh Statistics
USN (Ubuntu Security Notice) Patсh Feed
USN (Ubuntu Security Notice) Vulnerability Feed
RHSA (RedHat Security Advisory) Patсh Statistics
RHSA (RedHat Security Advisory) Patсh Feed
RHSA (RedHat Security Advisory) Vulnerability Feed
ELSA (Oracle Linux Security Advisory) Patсh Statistics
ELSA (Oracle Linux Security Advisory) Patсh Feed
ELSA (Oracle Linux Security Advisory) Vulnerability Feed
SUSE (SUSE Security Advisories) Patсh Statistics
SUSE (SUSE Security Advisories) Patсh Feed
SUSE (SUSE Security Advisories) Vulnerability Feed
openSUSE (openSUSE Security Advisories) Patсh Statistics
openSUSE (openSUSE Security Advisories) Patсh Feed
openSUSE (openSUSE Security Advisories) Vulnerability Feed
Amazon Linux AMI (Security Bulletins) Patсh Statistics
Amazon Linux AMI (Security Bulletins) Patсh Feed
Amazon Linux AMI (Security Bulletins) Vulnerability Feed
Mageia Linux (Security Bulletins) Patсh Statistics
Mageia Linux (Security Bulletins) Patсh Feed
Mageia Linux (Security Bulletins) Vulnerability Feed
OS ROSA SX COBALT 1.0
OS ROSA DX COBALT 1.0
ROSA 7.3 (Security Advisories) Patсh Statistics
ROSA 7.3 (Security Advisories) Patсh Feed
ROSA 7.3 (Security Advisories) Vulnerability Feed
ALT Linux SPT 6.0
ALT Linux SPT 7.0
ALT 8 SP
ALT 9
Astra Linux SE 1.5
Astra Linux SE 1.6
Astra Linux SE 1.7
Astra Linux SE 1.8
RED OS Murom 7.1
RED OS Murom 7.2
IBM DB2
VMware Vulnerabilities Advisory (VMSA)
VMware vCenter Patch Advisories
VMware ESXi Patch Advisories
VMware NSX Patches
VMware NSX Vulnerabilities
VMware Photon OS 1.0 Patches
VMware Photon OS 1.0 Vulnerabilities
VMware Photon OS 2.0 Patches
VMware Photon OS 2.0 Vulnerabilities
Cisco ASA
Cisco IOS/NX-OS Advisory
Cisco NX-OS Vulnerabilities
Check Point Gaia
Apache Tomcat Advisories
Apache Tomcat Server
Apache HTTP Server
Python
Node.js
RubyGems
Qt
Microsoft Security Bulletin
Microsoft Knowledge Base Article
Microsoft SharePoint
Microsoft SharePoint Foundation 2013
Microsoft SharePoint Server 2013
Microsoft SharePoint Server 2016
About OVALdb
User manual
Pricing
Contact us
OVAL Definitions
>
OVAL Definition Details
Id
oval:ru.altx-soft.nix:def:90903
[Eng]
Version
7
Class
patch
ALTXid
265504
Language
Russian
Severity
High
Title
Обновление ELSA-2018-3083 : устранение уязвимостей, ошибок и различные доработки в kernel
Description
[3.10.0-957]
- [mm] mlock: avoid increase mm->locked_vm on mlock() when already mlock2(, MLOCK_ONFAULT) (Rafael Aquini) [1633059]
Family
unix
Platform
Oracle Linux 7
Product
kernel
Reference
VENDOR: ELSA-2018-3083
VENDOR: ELSA-2018-3083
Id:
ELSA-2018-3083
Reference:
http://linux.oracle.com/errata/ELSA-2018-3083.html
CVE: CVE-2016-4913
CVE: CVE-2016-4913
Id:
CVE-2016-4913
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4913
Comment
: The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux kernel before 4.5.5 mishandles NM (aka alternate name) entries containing \0 characters, which allows local users to obtain sensitive information from kernel memory or possibly have unspecified other impact via a crafted isofs filesystem.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
200 (Information Exposure)
References:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99d825822eade8d827a1817357cbf3f889a552d6 (CONFIRM)
[oss-security] 20160518 Re: CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c (MLIST)
https://github.com/torvalds/linux/commit/99d825822eade8d827a1817357cbf3f889a552d6 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1337528 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.5.5 (CONFIRM)
[oss-security] 20160518 CVE Request: Linux: information leak in Rock Ridge Extensions to iso9660 -- fs/isofs/rock.c (MLIST)
USN-3017-2 (UBUNTU)
USN-3018-2 (UBUNTU)
USN-3016-4 (UBUNTU)
USN-3016-1 (UBUNTU)
USN-3016-2 (UBUNTU)
USN-3016-3 (UBUNTU)
USN-3018-1 (UBUNTU)
USN-3019-1 (UBUNTU)
USN-3017-3 (UBUNTU)
USN-3020-1 (UBUNTU)
USN-3017-1 (UBUNTU)
USN-3021-1 (UBUNTU)
USN-3021-2 (UBUNTU)
SUSE-SU-2016:1672 (SUSE)
http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html (CONFIRM)
http://www.oracle.com/technetwork/topics/security/ovmbulletinoct2016-3090547.html (CONFIRM)
DSA-3607 (DEBIAN)
SUSE-SU-2016:1985 (SUSE)
90730 (BID)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
CVE: CVE-2017-0861
CVE: CVE-2017-0861
Id:
CVE-2017-0861
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0861
Comment
: Use-after-free vulnerability in the snd_pcm_info function in the ALSA subsystem in the Linux kernel allows attackers to gain privileges via unspecified vectors.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://source.android.com/security/bulletin/pixel/2017-11-01 (CONFIRM)
https://security-tracker.debian.org/tracker/CVE-2017-0861 (CONFIRM)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=362bca57f5d78220f8b5907b875961af9436e229 (CONFIRM)
[secure-testing-commits] 20171206 r58306 - data/CVE (MLIST)
USN-3583-2 (UBUNTU)
USN-3583-1 (UBUNTU)
USN-3617-2 (UBUNTU)
USN-3617-1 (UBUNTU)
USN-3619-1 (UBUNTU)
USN-3617-3 (UBUNTU)
USN-3619-2 (UBUNTU)
USN-3632-1 (UBUNTU)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
RHSA-2018:2390 (REDHAT)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0 (CONFIRM)
102329 (BID)
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html (MISC)
RHSA-2020:0036 (REDHAT)
https://www.oracle.com/security-alerts/cpujul2020.html (MISC)
CVE: CVE-2015-8830
CVE: CVE-2015-8830
Id:
CVE-2015-8830
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8830
Comment
: Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
CWE-Other ()
References:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4c185ce06dca14f5cea192f5a2c981ef50663f2b (CONFIRM)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c4f4b82694fe48b02f7a881a1797131a6dad1364 (CONFIRM)
DSA-3503 (DEBIAN)
[oss-security] 20160302 Re: CVE Request: Linux: aio write triggers integer overflow in some network protocols (MLIST)
USN-2968-1 (UBUNTU)
USN-2968-2 (UBUNTU)
USN-2969-1 (UBUNTU)
USN-2970-1 (UBUNTU)
RHSA-2018:1854 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:3096 (REDHAT)
https://bugzilla.redhat.com/show_bug.cgi?id=1314275 (CONFIRM)
https://github.com/torvalds/linux/commit/4c185ce06dca14f5cea192f5a2c981ef50663f2b (CONFIRM)
https://github.com/torvalds/linux/commit/c4f4b82694fe48b02f7a881a1797131a6dad1364 (CONFIRM)
CVE: CVE-2018-5803
CVE: CVE-2018-5803
Id:
CVE-2018-5803
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5803
Comment
: In the Linux Kernel before version 4.15.8, 4.14.25, 4.9.87, 4.4.121, 4.1.51, and 3.2.102, an error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP packets length can be exploited to cause a kernel crash.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
20 (Improper Input Validation)
References:
[netdev] 20180207 [Secunia Research] Linux Kernel Vulnerability - Sending information (MLIST)
[linux-sctp] 20180209 skb_over_panic on INIT/INIT_ACK packet sending (MLIST)
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-2/ (MISC)
81331 (SECUNIA)
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c (CONFIRM)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.87 (CONFIRM)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.121 (CONFIRM)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.15.8 (CONFIRM)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.25 (CONFIRM)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.51 (CONFIRM)
https://cdn.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.102 (CONFIRM)
DSA-4188 (DEBIAN)
DSA-4187 (DEBIAN)
USN-3656-1 (UBUNTU)
USN-3654-2 (UBUNTU)
USN-3654-1 (UBUNTU)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
RHSA-2018:1854 (REDHAT)
USN-3698-2 (UBUNTU)
USN-3697-2 (UBUNTU)
USN-3697-1 (UBUNTU)
USN-3698-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
RHSA-2019:0641 (REDHAT)
CVE: CVE-2018-1130
CVE: CVE-2018-1130
Id:
CVE-2018-1130
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1130
Comment
: Linux kernel before version 4.16-rc7 is vulnerable to a null pointer dereference in dccp_write_xmit() function in net/dccp/output.c in that allows a local user to cause a denial of service by a number of certain crafted system calls.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://syzkaller.appspot.com/bug?id=833568de043e0909b2aeaef7be136db39d21ba94 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=67f93df79aeefc3add4e4b31a752600f834236e2 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1130 (CONFIRM)
[linux-netdev] 20180306 [PATCH net] dccp: check sk for closed state in dccp_sendmsg() (MLIST)
USN-3654-2 (UBUNTU)
USN-3654-1 (UBUNTU)
USN-3656-1 (UBUNTU)
[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update (MLIST)
RHSA-2018:1854 (REDHAT)
USN-3698-2 (UBUNTU)
USN-3697-2 (UBUNTU)
USN-3697-1 (UBUNTU)
USN-3698-1 (UBUNTU)
[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update (MLIST)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update (MLIST)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
CVE: CVE-2017-10661
CVE: CVE-2017-10661
Id:
CVE-2017-10661
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10661
Comment
: Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 allows local users to gain privileges or cause a denial of service (list corruption or use-after-free) via simultaneous file-descriptor operations that leverage improper might_cancel queueing.
CVSSv2 Score:
7.6
Access vector:
NETWORK
Access complexity:
HIGH
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:H/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7
Attack vector:
LOCAL
Attack complexity:
HIGH
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://source.android.com/security/bulletin/2017-08-01 (CONFIRM)
https://github.com/torvalds/linux/commit/1e38da300e1e395a15048b0af1e5305bd91402f6 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=1481136 (CONFIRM)
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.15 (CONFIRM)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e38da300e1e395a15048b0af1e5305bd91402f6 (CONFIRM)
100215 (BID)
DSA-3981 (DEBIAN)
43345 (EXPLOIT-DB)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2019:4058 (REDHAT)
RHSA-2019:4057 (REDHAT)
RHSA-2020:0036 (REDHAT)
CVE: CVE-2018-8781
CVE: CVE-2018-8781
Id:
CVE-2018-8781
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8781
Comment
: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
190 (Integer Overflow or Wraparound)
References:
https://patchwork.freedesktop.org/patch/211845/ (MISC)
DSA-4188 (DEBIAN)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
USN-3654-2 (UBUNTU)
USN-3654-1 (UBUNTU)
USN-3656-1 (UBUNTU)
USN-3677-2 (UBUNTU)
USN-3677-1 (UBUNTU)
USN-3674-2 (UBUNTU)
USN-3674-1 (UBUNTU)
https://research.checkpoint.com/mmap-vulnerabilities-linux-kernel/ (MISC)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
CVE: CVE-2017-18344
CVE: CVE-2017-18344
Id:
CVE-2017-18344
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18344
Comment
: The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
125 (Out-of-bounds Read)
References:
https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe (MISC)
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 (MISC)
104909 (BID)
1041414 (SECTRACK)
45175 (EXPLOIT-DB)
USN-3742-2 (UBUNTU)
USN-3742-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
RHSA-2018:3459 (REDHAT)
RHSA-2018:3591 (REDHAT)
RHSA-2018:3590 (REDHAT)
RHSA-2018:3586 (REDHAT)
RHSA-2018:3540 (REDHAT)
CVE: CVE-2018-5391
CVE: CVE-2018-5391
Id:
CVE-2018-5391
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5391
Comment
: The Linux kernel, versions 3.9+, is vulnerable to a denial of service attack with low rates of specially modified packets targeting IP fragment re-assembly. An attacker may cause a denial of service condition by sending specially crafted IP fragments. Various vulnerabilities in IP fragmentation have been discovered and fixed over the years. The current vulnerability (CVE-2018-5391) became exploitable in the Linux kernel with the increase of the IP fragment reassembly queue size.
CVSSv2 Score:
7.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
7.5
Attack vector:
NETWORK
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE:
20 (Improper Input Validation)
References:
VU#641765 (CERT-VN)
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next.git/commit/?id=c30f1fc041b74ecdb072dd44f858750414b8b19f (MISC)
DSA-4272 (DEBIAN)
USN-3742-2 (UBUNTU)
USN-3742-1 (UBUNTU)
USN-3741-2 (UBUNTU)
USN-3741-1 (UBUNTU)
USN-3740-2 (UBUNTU)
USN-3740-1 (UBUNTU)
[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update (MLIST)
1041476 (SECTRACK)
105108 (BID)
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-004.txt (CONFIRM)
1041637 (SECTRACK)
RHSA-2018:2791 (REDHAT)
RHSA-2018:2785 (REDHAT)
https://security.netapp.com/advisory/ntap-20181003-0002/ (CONFIRM)
RHSA-2018:2846 (REDHAT)
RHSA-2018:2933 (REDHAT)
RHSA-2018:2925 (REDHAT)
RHSA-2018:2924 (REDHAT)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
RHSA-2018:3459 (REDHAT)
RHSA-2018:3590 (REDHAT)
RHSA-2018:3586 (REDHAT)
RHSA-2018:3540 (REDHAT)
[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update (MLIST)
[oss-security] 20190628 Re: linux-distros membership application - Microsoft (MLIST)
[oss-security] 20190706 Re: linux-distros membership application - Microsoft (MLIST)
[oss-security] 20190706 Re: linux-distros membership application - Microsoft (MLIST)
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20200115-01-linux-en (CONFIRM)
https://cert-portal.siemens.com/productcert/pdf/ssa-377115.pdf (CONFIRM)
https://support.f5.com/csp/article/K74374841?utm_source=f5support&%3Butm_medium=RSS ()
CVE: CVE-2018-13405
CVE: CVE-2018-13405
Id:
CVE-2018-13405
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13405
Comment
: The inode_init_owner function in fs/inode.c in the Linux kernel through 3.16 allows local users to create files with an unintended group ownership, in a scenario where a directory is SGID to a certain group and is writable by a user who is not a member of that group. Here, the non-member can trigger creation of a plain file whose group ownership is that group. The intended behavior was that the non-member can trigger creation of a directory (but not a plain file) whose group ownership is that group. The non-member can escalate privileges by making the plain file executable and SGID.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
269 (Improper Privilege Management)
References:
https://twitter.com/grsecurity/status/1015082951204327425 (MISC)
https://github.com/torvalds/linux/commit/0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0fa3ecd87848c9c93c2c828ef4c3a8ca36ce46c7 (MISC)
http://openwall.com/lists/oss-security/2018/07/13/2 (MISC)
45033 (EXPLOIT-DB)
DSA-4266 (DEBIAN)
[debian-lts-announce] 20180815 [SECURITY] [DLA 1466-1] linux-4.9 security update (MLIST)
USN-3754-1 (UBUNTU)
USN-3753-2 (UBUNTU)
USN-3753-1 (UBUNTU)
USN-3752-2 (UBUNTU)
USN-3752-1 (UBUNTU)
USN-3752-3 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
106503 (BID)
RHSA-2019:0717 (REDHAT)
https://support.f5.com/csp/article/K00854051 (CONFIRM)
RHSA-2019:2476 (REDHAT)
RHSA-2019:2566 (REDHAT)
RHSA-2019:2696 (REDHAT)
RHSA-2019:2730 (REDHAT)
RHSA-2019:4164 (REDHAT)
RHSA-2019:4159 (REDHAT)
https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=0b3369840cd61c23e2b9241093737b4c395cb406 (CONFIRM)
FEDORA-2022-3a60c34473 ()
FEDORA-2022-5d0676b098 ()
CVE: CVE-2017-17805
CVE: CVE-2017-17805
Id:
CVE-2017-17805
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17805
Comment
: The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does not correctly handle zero-length inputs, allowing a local attacker able to use the AF_ALG-based skcipher interface (CONFIG_CRYPTO_USER_API_SKCIPHER) to cause a denial of service (uninitialized-memory free and kernel crash) or have unspecified other impact by executing a crafted sequence of system calls that use the blkcipher_walk API. Both the generic implementation (crypto/salsa20_generic.c) and x86 implementation (arch/x86/crypto/salsa20_glue.c) of Salsa20 were vulnerable.
CVSSv2 Score:
7.2
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
COMPLETE
Integrity impact:
COMPLETE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
20 (Improper Input Validation)
References:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8 (CONFIRM)
https://github.com/torvalds/linux/commit/ecaaab5649781c5a0effdaf298a925063020500e (CONFIRM)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ecaaab5649781c5a0effdaf298a925063020500e (CONFIRM)
DSA-4073 (DEBIAN)
102291 (BID)
openSUSE-SU-2018:0023 (SUSE)
openSUSE-SU-2018:0022 (SUSE)
SUSE-SU-2018:0012 (SUSE)
SUSE-SU-2018:0011 (SUSE)
SUSE-SU-2018:0010 (SUSE)
DSA-4082 (DEBIAN)
[debian-lts-announce] 20180107 [SECURITY] [DLA 1232-1] linux security update (MLIST)
USN-3617-2 (UBUNTU)
USN-3617-1 (UBUNTU)
USN-3620-2 (UBUNTU)
USN-3620-1 (UBUNTU)
USN-3619-1 (UBUNTU)
USN-3617-3 (UBUNTU)
USN-3619-2 (UBUNTU)
USN-3632-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
RHSA-2019:2473 (REDHAT)
CVE: CVE-2017-18208
CVE: CVE-2017-18208
Id:
CVE-2017-18208
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18208
Comment
: The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
835 (Loop with Unreachable Exit Condition ('Infinite Loop'))
References:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4 (MISC)
https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91 (MISC)
USN-3619-1 (UBUNTU)
USN-3619-2 (UBUNTU)
USN-3655-2 (UBUNTU)
USN-3653-2 (UBUNTU)
USN-3653-1 (UBUNTU)
USN-3657-1 (UBUNTU)
USN-3655-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
RHSA-2019:3967 (REDHAT)
RHSA-2019:4058 (REDHAT)
RHSA-2019:4057 (REDHAT)
CVE: CVE-2017-18232
CVE: CVE-2017-18232
Id:
CVE-2017-18232
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18232
Comment
: The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-handling code.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
https://github.com/torvalds/linux/commit/0558f33c06bb910e2879e355192227a8e8f0219d (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0558f33c06bb910e2879e355192227a8e8f0219d (MISC)
103423 (BID)
DSA-4187 (DEBIAN)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
USN-4163-1 (UBUNTU)
USN-4163-2 (UBUNTU)
CVE: CVE-2018-1092
CVE: CVE-2018-1092
Id:
CVE-2018-1092
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1092
Comment
: The ext4_iget function in fs/ext4/inode.c in the Linux kernel through 4.15.15 mishandles the case of a root directory with a zero i_links_count, which allows attackers to cause a denial of service (ext4_process_freed_data NULL pointer dereference and OOPS) via a crafted ext4 image.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=1560777 (MISC)
https://bugzilla.kernel.org/show_bug.cgi?id=199179 (MISC)
http://openwall.com/lists/oss-security/2018/03/29/1 (MISC)
https://bugzilla.kernel.org/show_bug.cgi?id=199275 (MISC)
DSA-4188 (DEBIAN)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
USN-3678-2 (UBUNTU)
USN-3678-1 (UBUNTU)
USN-3677-2 (UBUNTU)
USN-3677-1 (UBUNTU)
USN-3676-2 (UBUNTU)
USN-3676-1 (UBUNTU)
USN-3678-3 (UBUNTU)
USN-3678-4 (UBUNTU)
USN-3754-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
CVE: CVE-2018-5848
CVE: CVE-2018-5848
Id:
CVE-2018-5848
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5848
Comment
: In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code-aurora-security-bulletin-2 (MISC)
MISC (MISC)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
[debian-lts-announce] 20190315 [SECURITY] [DLA 1715-1] linux-4.9 security update (MLIST)
[debian-lts-announce] 20190327 [SECURITY] [DLA 1731-1] linux security update (MLIST)
[debian-lts-announce] 20190401 [SECURITY] [DLA 1731-2] linux regression update (MLIST)
CVE: CVE-2018-7757
CVE: CVE-2018-7757
Id:
CVE-2018-7757
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7757
Comment
: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (memory consumption) via many read accesses to files in the /sys/class/sas_phy directory, as demonstrated by the /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
772 (Missing Release of Resource after Effective Lifetime)
References:
https://github.com/torvalds/linux/commit/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 (MISC)
103348 (BID)
DSA-4188 (DEBIAN)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
USN-3654-2 (UBUNTU)
USN-3654-1 (UBUNTU)
USN-3656-1 (UBUNTU)
USN-3698-2 (UBUNTU)
USN-3697-2 (UBUNTU)
USN-3697-1 (UBUNTU)
USN-3698-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
CVE: CVE-2018-10322
CVE: CVE-2018-10322
Id:
CVE-2018-10322
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10322
Comment
: The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a crafted xfs image.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://www.spinics.net/lists/linux-xfs/msg17215.html (MISC)
https://bugzilla.kernel.org/show_bug.cgi?id=199377 (MISC)
103960 (BID)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
USN-4578-1 (UBUNTU)
USN-4579-1 (UBUNTU)
CVE: CVE-2018-10878
CVE: CVE-2018-10878
Id:
CVE-2018-10878
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10878
Comment
: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.
CVSSv2 Score:
6.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=819b23f1c501b17b9694325471789e6b5cc2d0d2 (CONFIRM)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=77260807d1170a8cf35dbb06e07461a655f67eee (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10878 (CONFIRM)
https://bugzilla.kernel.org/show_bug.cgi?id=199865 (CONFIRM)
http://patchwork.ozlabs.org/patch/929238/ (CONFIRM)
http://patchwork.ozlabs.org/patch/929237/ (CONFIRM)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3753-2 (UBUNTU)
USN-3753-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
USN-3871-1 (UBUNTU)
USN-3871-4 (UBUNTU)
USN-3871-3 (UBUNTU)
USN-3871-5 (UBUNTU)
CVE: CVE-2018-1094
CVE: CVE-2018-1094
Id:
CVE-2018-1094
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1094
Comment
: The ext4_fill_super function in fs/ext4/super.c in the Linux kernel through 4.15.15 does not always initialize the crc32c checksum driver, which allows attackers to cause a denial of service (ext4_xattr_inode_hash NULL pointer dereference and system crash) via a crafted ext4 image.
CVSSv2 Score:
7.1
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
NONE
User interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CWE:
476 (NULL Pointer Dereference)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=a45403b51582a87872927a3e0fc0a389c26867f1 (MISC)
https://git.kernel.org/pub/scm/linux/kernel/git/tytso/ext4.git/commit/?id=18db4b4e6fc31eda838dd1c1296d67dbcb3dc957 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=1560788 (MISC)
https://bugzilla.kernel.org/show_bug.cgi?id=199183 (MISC)
http://openwall.com/lists/oss-security/2018/03/29/1 (MISC)
USN-3695-2 (UBUNTU)
USN-3695-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
CVE: CVE-2018-1120
CVE: CVE-2018-1120
Id:
CVE-2018-1120
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1120
Comment
: A flaw was found affecting the Linux kernel before version 4.17. By mmap()ing a FUSE-backed file onto a process's memory containing command line arguments (or environment strings), an attacker can cause utilities from psutils or procps (such as ps, w) or any other program which makes a read() call to the /proc/<pid>/cmdline (or /proc/<pid>/environ) files to block indefinitely (denial of service) or for some controlled time (as a synchronization primitive for other attacks).
CVSSv2 Score:
3.5
Access vector:
NETWORK
Access complexity:
MEDIUM
Authentication:
SINGLE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:N/AC:M/Au:S/C:N/I:N/A:P
CVSSv3 Score:
5.3
Attack vector:
NETWORK
Attack complexity:
HIGH
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7f7ccc2ccc2e70c6054685f5e3522efa81556830 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1120 (CONFIRM)
[oss-security] 20180517 Qualys Security Advisory - Procps-ng Audit Report (MLIST)
44806 (EXPLOIT-DB)
104229 (BID)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3752-2 (UBUNTU)
USN-3752-1 (UBUNTU)
USN-3752-3 (UBUNTU)
GLSA-201805-14 (GENTOO)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
USN-3910-2 (UBUNTU)
USN-3910-1 (UBUNTU)
CVE: CVE-2018-10879
CVE: CVE-2018-10879
Id:
CVE-2018-10879
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10879
Comment
: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.
CVSSv2 Score:
6.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:C
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5369a762c882c0b6e9599e4ebbb3a9ba9eee7e2d (CONFIRM)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=513f86d73855ce556ea9522b6bfd79f87356dc3a (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10879 (CONFIRM)
https://bugzilla.kernel.org/show_bug.cgi?id=200001 (CONFIRM)
http://patchwork.ozlabs.org/patch/928667/ (CONFIRM)
http://patchwork.ozlabs.org/patch/928666/ (CONFIRM)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
104902 (BID)
USN-3753-2 (UBUNTU)
USN-3753-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
USN-3871-1 (UBUNTU)
USN-3871-4 (UBUNTU)
USN-3871-3 (UBUNTU)
USN-3871-5 (UBUNTU)
CVE: CVE-2018-10883
CVE: CVE-2018-10883
Id:
CVE-2018-10883
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10883
Comment
: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e09463f220ca9a1a1ecfda84fcda658f99a1f12a (CONFIRM)
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8bc1379b82b8e809eef77a9fedbb75c6c297be19 (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10883 (CONFIRM)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
USN-3871-1 (UBUNTU)
USN-3879-2 (UBUNTU)
USN-3879-1 (UBUNTU)
USN-3871-4 (UBUNTU)
USN-3871-3 (UBUNTU)
USN-3871-5 (UBUNTU)
https://support.f5.com/csp/article/K94735334?utm_source=f5support&%3Butm_medium=RSS (MISC)
CVE: CVE-2018-1000026
CVE: CVE-2018-1000026
Id:
CVE-2018-1000026
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000026
Comment
: Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..
CVSSv2 Score:
6.8
Access vector:
NETWORK
Access complexity:
LOW
Authentication:
SINGLE_INSTANCE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:N/AC:L/Au: /C:N/I:N/A:C
CWE:
20 (Improper Input Validation)
References:
[netdev] 20180116 http://lists.openwall.net/netdev/2018/01/16/40 (MLIST)
[netdev] 20180118 http://lists.openwall.net/netdev/2018/01/18/96 (MLIST)
RHSA-2018:2948 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:3096 (REDHAT)
[debian-lts-announce] 20190503 [SECURITY] [DLA 1771-1] linux-4.9 security update (MLIST)
https://patchwork.ozlabs.org/patch/859410/ (MISC)
USN-3617-1 (UBUNTU)
USN-3617-2 (UBUNTU)
USN-3617-3 (UBUNTU)
USN-3619-1 (UBUNTU)
USN-3619-2 (UBUNTU)
USN-3620-1 (UBUNTU)
USN-3620-2 (UBUNTU)
USN-3632-1 (UBUNTU)
CVE: CVE-2018-1118
CVE: CVE-2018-1118
Id:
CVE-2018-1118
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1118
Comment
: Linux kernel vhost since version 4.8 does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file.
CVSSv2 Score:
2.1
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
NONE
Availability impact:
NONE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
NONE
Availability impact:
NONE
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE:
665 (Improper Initialization)
References:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1118 (CONFIRM)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3762-2 (UBUNTU)
USN-3762-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
CVE: CVE-2018-5344
CVE: CVE-2018-5344
Id:
CVE-2018-5344
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5344
Comment
: In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
362 (Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition'))
References:
https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5 (MISC)
102503 (BID)
USN-3583-2 (UBUNTU)
USN-3583-1 (UBUNTU)
USN-3617-2 (UBUNTU)
USN-3617-1 (UBUNTU)
USN-3619-1 (UBUNTU)
USN-3617-3 (UBUNTU)
USN-3619-2 (UBUNTU)
USN-3632-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
CVE: CVE-2018-7740
CVE: CVE-2018-7740
Id:
CVE-2018-7740
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7740
Comment
: The resv_map_release function in mm/hugetlb.c in the Linux kernel through 4.15.7 allows local users to cause a denial of service (BUG) via a crafted application that makes mmap system calls and has a large pgoff argument to the remap_file_pages system call.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://bugzilla.kernel.org/show_bug.cgi?id=199037 (CONFIRM)
103316 (BID)
DSA-4188 (DEBIAN)
DSA-4187 (DEBIAN)
[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update (MLIST)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
USN-3910-2 (UBUNTU)
USN-3910-1 (UBUNTU)
CVE: CVE-2018-10881
CVE: CVE-2018-10881
Id:
CVE-2018-10881
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10881
Comment
: A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
787 (Out-of-bounds Write)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=6e8ab72a812396996035a37e5ca4b3b99b5d214b (CONFIRM)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10881 (CONFIRM)
https://bugzilla.kernel.org/show_bug.cgi?id=200015 (CONFIRM)
http://patchwork.ozlabs.org/patch/929792/ (CONFIRM)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
104901 (BID)
USN-3754-1 (UBUNTU)
USN-3753-2 (UBUNTU)
USN-3753-1 (UBUNTU)
USN-3752-2 (UBUNTU)
USN-3752-1 (UBUNTU)
USN-3752-3 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
CVE: CVE-2018-10902
CVE: CVE-2018-10902
Id:
CVE-2018-10902
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10902
Comment
: It was found that the raw midi kernel driver does not protect against concurrent access which leads to a double realloc (double free) in snd_rawmidi_input_params() and snd_rawmidi_output_status() which are part of snd_rawmidi_ioctl() handler in rawmidi.c file. A malicious local attacker could possibly use this for privilege escalation.
CVSSv2 Score:
4.6
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
PARTIAL
Integrity impact:
PARTIAL
Availability impact:
PARTIAL
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSSv3 Score:
7.8
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
HIGH
Integrity impact:
HIGH
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE:
416 (Use After Free)
References:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=39675f7a7c7e7702f7d5341f1e0d01db746543a0 (MISC)
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10902 (CONFIRM)
1041529 (SECTRACK)
105119 (BID)
DSA-4308 (DEBIAN)
USN-3776-2 (UBUNTU)
USN-3776-1 (UBUNTU)
[debian-lts-announce] 20181003 [SECURITY] [DLA 1531-1] linux-4.9 security update (MLIST)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
USN-3849-2 (UBUNTU)
USN-3847-3 (UBUNTU)
USN-3847-2 (UBUNTU)
USN-3847-1 (UBUNTU)
USN-3849-1 (UBUNTU)
RHSA-2019:0415 (REDHAT)
RHSA-2019:0641 (REDHAT)
RHSA-2019:3217 (REDHAT)
RHSA-2019:3967 (REDHAT)
CVE: CVE-2018-10940
CVE: CVE-2018-10940
Id:
CVE-2018-10940
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10940
Comment
: The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the Linux kernel before 4.16.6 allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.
CVSSv2 Score:
4.9
Access vector:
LOCAL
Access complexity:
LOW
Authentication:
NONE
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
COMPLETE
CVSSv2 Vector:
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSSv3 Score:
5.5
Attack vector:
LOCAL
Attack complexity:
LOW
Privileges required:
LOW
User interaction:
NONE
Scope:
UNCHANGED
Confidentiality impact:
NONE
Integrity impact:
NONE
Availability impact:
HIGH
CVSSv3 Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE:
119 (Improper Restriction of Operations within the Bounds of a Memory Buffer)
References:
https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.6 (MISC)
https://github.com/torvalds/linux/commit/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 (MISC)
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de4ee40547fd315d4a0ed1dd15a2fa3559ad707 (MISC)
104154 (BID)
[debian-lts-announce] 20180601 [SECURITY] [DLA 1392-1] linux security update (MLIST)
USN-3676-2 (UBUNTU)
USN-3676-1 (UBUNTU)
USN-3695-2 (UBUNTU)
USN-3695-1 (UBUNTU)
[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update (MLIST)
[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update (MLIST)
[debian-lts-announce] 20180718 [SECURITY] [DLA 1423-1] linux-4.9 new package (MLIST)
USN-3754-1 (UBUNTU)
RHSA-2018:3096 (REDHAT)
RHSA-2018:3083 (REDHAT)
RHSA-2018:2948 (REDHAT)
Content available only for registered users!
ovaldb@altx-soft.com