- Home
- CVEs with nessus.description==An+update+for+kernel-rt+is+now+available+for+Red+Hat+Enterprise+Linux+7.%0A%0ARed+Hat+Product+Security+has+rated+this+update+as+having+a+security+impact+of+Important.+A+Common+Vulnerability+Scoring+System+%28CVSS%29+base+score%2C+which+gives+a+detailed+severity+rating%2C+is+available+for+each+vulnerability+from+the+CVE+link%28s%29+in+the+References+section.%0A%0AThe+kernel-rt+packages+provide+the+Real+Time+Linux+Kernel%2C+which+enables+fine-tuning+for+systems+with+extremely+high+determinism+requirements.%0A%0ASecurity+Fix%28es%29+%3A%0A%0A%2A+Out-of-bounds+kernel+heap+access+vulnerability+was+found+in+xfrm%2C+kernel%27s+IP+framework+for+transforming+packets.+An+error+dealing+with+netlink+messages+from+an+unprivileged+user+leads+to+arbitrary+read%2Fwrite+and+privilege+escalation.+%28CVE-2017-7184%2C+Important%29%0A%0A%2A+A+race+condition+issue+leading+to+a+use-after-free+flaw+was+found+in+the+way+the+raw+packet+sockets+are+implemented+in+the+Linux+kernel+networking+subsystem+handling+synchronization.+A+local+user+able+to+open+a+raw+packet+socket+%28requires+the+CAP_NET_RAW+capability%29+could+use+this+flaw+to+elevate+their+privileges+on+the+system.%0A%28CVE-2017-1000111%2C+Important%29%0A%0A%2A+An+exploitable+memory+corruption+flaw+was+found+in+the+Linux+kernel.%0AThe+append+path+can+be+erroneously+switched+from+UFO+to+non-UFO+in+ip_ufo_append_data%28%29+when+building+an+UFO+packet+with+MSG_MORE+option.%0AIf+unprivileged+user+namespaces+are+available%2C+this+flaw+can+be+exploited+to+gain+root+privileges.+%28CVE-2017-1000112%2C+Important%29%0A%0A%2A+A+flaw+was+found+in+the+Linux+networking+subsystem+where+a+local+attacker+with+CAP_NET_ADMIN+capabilities+could+cause+an+out-of-bounds+memory+access+by+creating+a+smaller-than-expected+ICMP+header+and+sending+to+its+destination+via+sendto%28%29.+%28CVE-2016-8399%2C+Moderate%29%0A%0A%2A+Kernel+memory+corruption+due+to+a+buffer+overflow+was+found+in+brcmf_cfg80211_mgmt_tx%28%29+function+in+Linux+kernels+from+v3.9-rc1+to+v4.13-rc1.+The+vulnerability+can+be+triggered+by+sending+a+crafted+NL80211_CMD_FRAME+packet+via+netlink.+This+flaw+is+unlikely+to+be+triggered+remotely+as+certain+userspace+code+is+needed+for+this.+An+unprivileged+local+user+could+use+this+flaw+to+induce+kernel+memory+corruption+on+the+system%2C+leading+to+a+crash.+Due+to+the+nature+of+the+flaw%2C+privilege+escalation+cannot+be+fully+ruled+out%2C+although+it+is+unlikely.+%28CVE-2017-7541%2C+Moderate%29%0A%0A%2A+An+integer+overflow+vulnerability+in+ip6_find_1stfragopt%28%29+function+was+found.+A+local+attacker+that+has+privileges+%28of+CAP_NET_RAW%29+to+open+raw+socket+can+cause+an+infinite+loop+inside+the+ip6_find_1stfragopt%28%29+function.+%28CVE-2017-7542%2C+Moderate%29%0A%0A%2A+A+kernel+data+leak+due+to+an+out-of-bound+read+was+found+in+the+Linux+kernel+in+inet_diag_msg_sctp%7B%2Cl%7Daddr_fill%28%29+and+sctp_get_sctp_info%28%29+functions+present+since+version+4.7-rc1+through+version+4.13.+A+data+leak+happens+when+these+functions+fill+in+sockaddr+data+structures+used+to+export+socket%27s+diagnostic+information.+As+a+result%2C+up+to+100+bytes+of+the+slab+data+could+be+leaked+to+a+userspace.+%28CVE-2017-7558%2C+Moderate%29%0A%0A%2A+The+mq_notify+function+in+the+Linux+kernel+through+4.11.9+does+not+set+the+sock+pointer+to+NULL+upon+entry+into+the+retry+logic.+During+a+user-space+close+of+a+Netlink+socket%2C+it+allows+attackers+to+possibly+cause+a+situation+where+a+value+may+be+used+after+being+freed+%28use-after-free%29+which+may+lead+to+memory+corruption+or+other+unspecified+other+impact.+%28CVE-2017-11176%2C+Moderate%29%0A%0A%2A+A+divide-by-zero+vulnerability+was+found+in+the+__tcp_select_window+function+in+the+Linux+kernel.+This+can+result+in+a+kernel+panic+causing+a+local+denial+of+service.+%28CVE-2017-14106%2C+Moderate%29%0A%0ARed+Hat+would+like+to+thank+Chaitin+Security+Research+Lab+for+reporting+CVE-2017-7184%3B+Willem+de+Bruijn+for+reporting+CVE-2017-1000111%3B+and+Andrey+Konovalov+for+reporting+CVE-2017-1000112.%0AThe+CVE-2017-7558+issue+was+discovered+by+Stefano+Brivio+%28Red+Hat%29.%0A%0ABug+Fix%28es%29+%3A%0A%0A%2A+The+kernel-rt+packages+have+been+upgraded+to+the+3.10.0-693.5.2+source+tree%2C+which+provides+number+of+bug+fixes+over+the+previous+version.+%28BZ%23+1489084%29
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top