- Home
- CVEs with nessus.description==According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5,
when nested virtualisation is used, does not properly
traverse guest pagetable entries to resolve a guest
virtual address, which allows L1 guest OS users to
execute arbitrary code on the host OS or cause a denial
of service (incorrect index during page walking, and
host OS crash), aka an MMU potential stack buffer
overrun.(CVE-2017-12188)
- A vulnerability was found in the Key Management sub
component of the Linux kernel, where when trying to
issue a KEYTCL_READ on negative key would lead to a
NULL pointer dereference. A local attacker could use
this flaw to crash the kernel.(CVE-2017-12192)
- security/keys/keyctl.c in the Linux kernel before
4.11.5 does not consider the case of a NULL payload in
conjunction with a nonzero length value, which allows
local users to cause a denial of service (NULL pointer
dereference and OOPS) via a crafted add_key or keyctl
system call, a different vulnerability than
CVE-2017-12192.(CVE-2017-15274)
- Linux kernel: heap out-of-bounds in AF_PACKET sockets.
This new issue is analogous to previously disclosed
CVE-2016-8655. In both cases, a socket option that
changes socket state may race with safety checks in
packet_set_ring. Previously with PACKET_VERSION. This
time with PACKET_RESERVE. The solution is similar: lock
the socket for the update. This issue may be
exploitable, we did not investigate further. As this
issue affects PF_PACKET sockets, it requires
CAP_NET_RAW in the process namespace. But note that
with user namespaces enabled, any process can create a
namespace in which it has
CAP_NET_RAW.(CVE-2017-1000111)
- Use-after-free vulnerability in the Linux kernel before
4.14-rc5 allows local users to have unspecified impact
via vectors related to /dev/snd/seq.(CVE-2017-15265)
- net/packet/af_packet.c in the Linux kernel before
4.13.6 allows local users to gain privileges via
crafted system calls that trigger mishandling of
packet_fanout data structures, because of a race
condition (involving fanout_add and packet_do_bind)
that leads to a use-after-free, a different
vulnerability than CVE-2017-6346.(CVE-2017-15649)
- The sg_ioctl function in drivers/scsi/sg.c in the Linux
kernel before 4.13.4 allows local users to obtain
sensitive information from uninitialized kernel
heap-memory locations via an SG_GET_REQUEST_TABLE ioctl
call for /dev/sg0.(CVE-2017-14991)
- An exploitable memory corruption flaw was found in the
Linux kernel. The append path can be erroneously
switched from UFO to non-UFO in ip_ufo_append_data()
when building an UFO packet with MSG_MORE option. If
unprivileged user namespaces are available, this flaw
can be exploited to gain root
privileges.(CVE-2017-1000112)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top