2016-11-12
ALT-BU-2016-3139-1
Branch sisyphus update bulletin.
Package kernel-image-un-def updated to version 4.8.7-alt1 for branch sisyphus in task 172151.
Closed vulnerabilities
Published: 2016-11-28
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-8630
The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.
Severity: MEDIUM (4.9)
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Severity: MEDIUM (5.5)
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e
- http://rhn.redhat.com/errata/RHSA-2017-0386.html
- http://rhn.redhat.com/errata/RHSA-2017-0387.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
- http://www.openwall.com/lists/oss-security/2016/11/22/3
- http://www.securityfocus.com/bid/94459
- https://bugzilla.redhat.com/show_bug.cgi?id=1393350
- https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d9092f52d7e61dd1557f2db2400ddb430e85937e
- http://rhn.redhat.com/errata/RHSA-2017-0386.html
- http://rhn.redhat.com/errata/RHSA-2017-0387.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
- http://www.openwall.com/lists/oss-security/2016/11/22/3
- http://www.securityfocus.com/bid/94459
- https://bugzilla.redhat.com/show_bug.cgi?id=1393350
- https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e
Published: 2016-11-28
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-8633
drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.
Severity: MEDIUM (6.2)
Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C
Severity: MEDIUM (6.8)
Vector: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
- http://www.openwall.com/lists/oss-security/2016/11/06/1
- http://www.securityfocus.com/bid/94149
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://bugzilla.redhat.com/show_bug.cgi?id=1391490
- https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
- https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=667121ace9dbafb368618dbabcf07901c962ddac
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
- http://www.openwall.com/lists/oss-security/2016/11/06/1
- http://www.securityfocus.com/bid/94149
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://bugzilla.redhat.com/show_bug.cgi?id=1391490
- https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
- https://github.com/torvalds/linux/commit/667121ace9dbafb368618dbabcf07901c962ddac
Published: 2016-11-28
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-9313
security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles unsuccessful crypto registration in conjunction with successful key-type registration, which allows local users to cause a denial of service (NULL pointer dereference and panic) or possibly have unspecified other impact via a crafted application that uses the big_key data type.
Severity: CRITICAL (9.3)
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
- http://www.openwall.com/lists/oss-security/2016/07/22/1
- http://www.securityfocus.com/bid/94546
- https://github.com/torvalds/linux/commit/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
- http://www.openwall.com/lists/oss-security/2016/07/22/1
- http://www.securityfocus.com/bid/94546
- https://github.com/torvalds/linux/commit/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb