2018-09-07
ALT-BU-2018-3448-1
Branch c8 update bulletin.
Package kernel-image-std-def updated to version 4.4.153-alt0.M80C.1 for branch c8 in task 212053.
Closed vulnerabilities
Published: 2017-11-29
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2017-17053
The init_new_context function in arch/x86/include/asm/mmu_context.h in the Linux kernel before 4.12.10 does not correctly handle errors from LDT table allocation when forking a new process, allowing a local attacker to achieve a use-after-free or possibly have unspecified other impact by running a specially crafted program. This vulnerability only affected kernels built with CONFIG_MODIFY_LDT_SYSCALL=y.
Severity: HIGH (7.0)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccd5b3235180eef3cfec337df1c8554ab151b5cc
- 102010
- 102010
- RHSA-2018:0676
- RHSA-2018:0676
- https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc
- https://github.com/torvalds/linux/commit/ccd5b3235180eef3cfec337df1c8554ab151b5cc
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.10