- Home
- CVEs with nessus.description==According+to+the+versions+of+the+parallels-server-bm-release+%2F+vzkernel+%2F+etc+packages+installed%2C+the+Virtuozzo+installation+on+the+remote+host+is+affected+by+the+following+vulnerabilities+%3A%0A%0A++-+The+tcp_v6_syn_recv_sock+function+in+++++net%2Fipv6%2Ftcp_ipv6.c+in+the+Linux+kernel+mishandles+++++inheritance%2C+which+allows+local+users+to+cause+a+denial+++++of+service+or+possibly+have+unspecified+other+impact+++++via+crafted+system+calls%2C+a+related+issue+to+++++CVE-2017-8890.+An+unprivileged+local+user+could+use+++++this+flaw+to+induce+kernel+memory+corruption+on+the+++++system%2C+leading+to+a+crash.+Due+to+the+nature+of+the+++++flaw%2C+privilege+escalation+cannot+be+fully+ruled+out%2C+++++although+we+believe+it+is+unlikely.%0A%0A++-+The+IPv6+DCCP+implementation+in+the+Linux+kernel+++++mishandles+inheritance%2C+which+allows+local+users+to+++++cause+a+denial+of+service+or+possibly+have+unspecified+++++other+impact+via+crafted+system+calls%2C+a+related+issue+++++to+CVE-2017-8890.+An+unprivileged+local+user+could+use+++++this+flaw+to+induce+kernel+memory+corruption+on+the+++++system%2C+leading+to+a+crash.+Due+to+the+nature+of+the+++++flaw%2C+privilege+escalation+cannot+be+fully+ruled+out%2C+++++although+we+believe+it+is+unlikely.%0A%0A++-+The+sctp_v6_create_accept_sk+function+in+++++net%2Fsctp%2Fipv6.c+in+the+Linux+kernel+mishandles+++++inheritance%2C+which+allows+local+users+to+cause+a+denial+++++of+service+or+possibly+have+unspecified+other+impact+++++via+crafted+system+calls%2C+a+related+issue+to+++++CVE-2017-8890.+An+unprivileged+local+user+could+use+++++this+flaw+to+induce+kernel+memory+corruption+on+the+++++system%2C+leading+to+a+crash.+Due+to+the+nature+of+the+++++flaw%2C+privilege+escalation+cannot+be+fully+ruled+out%2C+++++although+we+believe+it+is+unlikely.%0A%0A++-+The+IPv6+fragmentation+implementation+in+the+Linux+++++kernel+through+4.11.1+does+not+consider+that+the+++++nexthdr+field+may+be+associated+with+an+invalid+option%2C+++++which+allows+local+users+to+cause+a+denial+of+service+++++%28out-of-bounds+read+and+BUG%29+or+possibly+have+++++unspecified+other+impact+via+crafted+socket+and+send+++++system+calls.%0A%0A++-+The+inet_csk_clone_lock+function+in+++++net%2Fipv4%2Finet_connection_sock.c+in+the+Linux+kernel+++++allows+attackers+to+cause+a+denial+of+service+%28double+++++free%29+or+possibly+have+unspecified+other+impact+by+++++leveraging+use+of+the+accept+system+call.+An+++++unprivileged+local+user+could+use+this+flaw+to+induce+++++kernel+memory+corruption+on+the+system%2C+leading+to+a+++++crash.+Due+to+the+nature+of+the+flaw%2C+privilege+++++escalation+cannot+be+fully+ruled+out%2C+although+we+++++believe+it+is+unlikely.%0A%0A++-+Improved+isolation+for+neighbor+table+settings.+%28The+++++fix+added+to+the+042stab120.19+kernel+was+incomplete.%29%0A%0ANote+that+Tenable+Network+Security+has+extracted+the+preceding+description+block+directly+from+the+Virtuozzo+security+advisory.%0ATenable+has+attempted+to+automatically+clean+and+format+it+as+much+as+possible+without+introducing+additional+issues
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top