MGASA-2017-0467
- Source
- https://advisories.mageia.org/MGASA-2017-0467.html
- Import Source
- https://advisories.mageia.org/MGASA-2017-0467.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2017-0467
- Related
- Published
- 2017-12-22T10:31:08Z
- Modified
- 2022-02-17T18:21:47Z
- Summary
- Updated kernel-linus packages fix security vulnerabilities
- Details
-
This kernel-linus update is based on upstream 4.4.105 and fixes at least the following security issues:
A security flaw was discovered in nl80211setrekeydata() function in the Linux kernel since v3.1-rc1 through v4.13. This function does not check whether the required attributes are present in a netlink request. This request can be issued by a user with CAPNET_ADMIN privilege and may result in NULL dereference and a system crash (CVE-2017-12153).
Linux kernel built with the KVM visualization support (CONFIG_KVM), with nested visualization (nVMX) feature enabled (nested=1), is vulnerable to a crash due to disabled external interrupts. As L2 guest could acce s (r/w) hardware CR8 register of the host(L0). In a nested visualization setup, L2 guest user could use this flaw to potentially crash the host(L0) resulting in DoS (CVE-2017-12154).
The tcpdisconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (tcpselectwindow divide-by-zero error and system crash) by triggering a disconnect within a certain tcprecvmsg code path (CVE-2017-14106).
The atyfbioctl function in drivers/video/fbdev/aty/atyfbbase.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes (CVE-2017-14156).
It was found that the iscsiifrx() function in scsitransportiscsi.c in the Linux kernel since v2.6.24-rc1 through 4.13.2 allows local users to cause a denial of service (a system panic) by making a number of certain syscalls by leveraging incorrect length validation in the kernel code (CVE-2017-14489).
The sgioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SGGETREQUESTTABLE ioctl call for /dev/sg0 (CVE-2017-14991).
A reachable assertion failure flaw was found in the Linux kernel built with KVM virtualisation(CONFIGKVM) support with Virtual Function I/O feature (CONFIGVFIO) enabled. This failure could occur if a malicious guest device sent a virtual interrupt (guest IRQ) with a larger (>1024) index value (CVE-2017-1000252).
For other upstream fixes in this update, read the referenced changelogs.
- References
-
- https://advisories.mageia.org/MGASA-2017-0467.html
- https://bugs.mageia.org/show_bug.cgi?id=22180
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.93
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.94
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.95
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.96
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.97
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.98
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.99
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.100
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.101
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.102
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.103
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.104
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.105
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / kernel-linus
Package
- Name
- kernel-linus
- Purl
- pkg:rpm/mageia/kernel-linus?distro=mageia-5