ALT-PU-2016-2437-1
Package kernel-image-un-def updated to version 4.8.14-alt1 for branch sisyphus in task 174278.
Closed vulnerabilities
Published: 2016-12-02
BDU:2016-02353
Уязвимость компонента net/packet/af_packet.c ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: HIGH (7.8)
Vector: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH (7.2)
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2016-12-01
BDU:2017-01274
Уязвимость функции kvm_ioctl_create_device операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или повысить свои привилегии
Severity: CRITICAL (9.8)
Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
References:
Published: 2017-02-06
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10150
Use-after-free vulnerability in the kvm_ioctl_create_device function in virt/kvm/kvm_main.c in the Linux kernel before 4.8.13 allows host OS users to cause a denial of service (host OS crash) or possibly gain privileges via crafted ioctl calls on the /dev/kvm device.
Severity: CRITICAL (10.0)
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Severity: CRITICAL (9.8)
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13
- http://www.openwall.com/lists/oss-security/2017/01/18/10
- http://www.securityfocus.com/bid/95672
- https://bugzilla.redhat.com/show_bug.cgi?id=1414506
- https://github.com/torvalds/linux/commit/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0f1d21c1ccb1da66629627a74059dd7f5ac9c61
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.13
- http://www.openwall.com/lists/oss-security/2017/01/18/10
- http://www.securityfocus.com/bid/95672
- https://bugzilla.redhat.com/show_bug.cgi?id=1414506
- https://github.com/torvalds/linux/commit/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61
Published: 2017-03-07
Modified: 2025-04-20
Modified: 2025-04-20
CVE-2016-10200
Race condition in the L2TPv3 IP Encapsulation feature in the Linux kernel before 4.8.14 allows local users to gain privileges or cause a denial of service (use-after-free) by making multiple bind system calls without properly ascertaining whether a socket has the SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and net/l2tp/l2tp_ip6.c.
Severity: MEDIUM (6.9)
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Severity: HIGH (7.0)
Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=32c231164b762dddefa13af5a0101032c70b50ef
- http://source.android.com/security/bulletin/2017-03-01.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
- http://www.securityfocus.com/bid/101783
- http://www.securitytracker.com/id/1037965
- http://www.securitytracker.com/id/1037968
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://access.redhat.com/errata/RHSA-2017:2437
- https://access.redhat.com/errata/RHSA-2017:2444
- https://github.com/torvalds/linux/commit/32c231164b762dddefa13af5a0101032c70b50ef
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=32c231164b762dddefa13af5a0101032c70b50ef
- http://source.android.com/security/bulletin/2017-03-01.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
- http://www.securityfocus.com/bid/101783
- http://www.securitytracker.com/id/1037965
- http://www.securitytracker.com/id/1037968
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://access.redhat.com/errata/RHSA-2017:2437
- https://access.redhat.com/errata/RHSA-2017:2444
- https://github.com/torvalds/linux/commit/32c231164b762dddefa13af5a0101032c70b50ef
Published: 2016-11-28
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-8632
The tipc_msg_build function in net/tipc/msg.c in the Linux kernel through 4.8.11 does not validate the relationship between the minimum fragment length and the maximum packet size, which allows local users to gain privileges or cause a denial of service (heap-based buffer overflow) by leveraging the CAP_NET_ADMIN capability.
Severity: HIGH (7.2)
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://www.openwall.com/lists/oss-security/2016/11/08/5
- http://www.securityfocus.com/bid/94211
- https://bugzilla.redhat.com/show_bug.cgi?id=1390832
- https://www.mail-archive.com/netdev%40vger.kernel.org/msg133205.html
- http://www.openwall.com/lists/oss-security/2016/11/08/5
- http://www.securityfocus.com/bid/94211
- https://bugzilla.redhat.com/show_bug.cgi?id=1390832
- https://www.mail-archive.com/netdev%40vger.kernel.org/msg133205.html
Published: 2016-12-08
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-8655
Race condition in net/packet/af_packet.c in the Linux kernel through 4.8.12 allows local users to gain privileges or cause a denial of service (use-after-free) by leveraging the CAP_NET_RAW capability to change a socket version, related to the packet_set_ring and packet_setsockopt functions.
Severity: HIGH (7.2)
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html
- http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html
- http://rhn.redhat.com/errata/RHSA-2017-0386.html
- http://rhn.redhat.com/errata/RHSA-2017-0387.html
- http://rhn.redhat.com/errata/RHSA-2017-0402.html
- http://www.openwall.com/lists/oss-security/2016/12/06/1
- http://www.securityfocus.com/bid/94692
- http://www.securitytracker.com/id/1037403
- http://www.securitytracker.com/id/1037968
- http://www.ubuntu.com/usn/USN-3149-1
- http://www.ubuntu.com/usn/USN-3149-2
- http://www.ubuntu.com/usn/USN-3150-1
- http://www.ubuntu.com/usn/USN-3150-2
- http://www.ubuntu.com/usn/USN-3151-1
- http://www.ubuntu.com/usn/USN-3151-2
- http://www.ubuntu.com/usn/USN-3151-3
- http://www.ubuntu.com/usn/USN-3151-4
- http://www.ubuntu.com/usn/USN-3152-1
- http://www.ubuntu.com/usn/USN-3152-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1400019
- https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c
- https://source.android.com/security/bulletin/2017-03-01.html
- https://www.exploit-db.com/exploits/40871/
- https://www.exploit-db.com/exploits/44696/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00044.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00054.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00055.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00056.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00067.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00070.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00073.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00076.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00077.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00087.html
- http://packetstormsecurity.com/files/140063/Linux-Kernel-4.4.0-AF_PACKET-Race-Condition-Privilege-Escalation.html
- http://rhn.redhat.com/errata/RHSA-2017-0386.html
- http://rhn.redhat.com/errata/RHSA-2017-0387.html
- http://rhn.redhat.com/errata/RHSA-2017-0402.html
- http://www.openwall.com/lists/oss-security/2016/12/06/1
- http://www.securityfocus.com/bid/94692
- http://www.securitytracker.com/id/1037403
- http://www.securitytracker.com/id/1037968
- http://www.ubuntu.com/usn/USN-3149-1
- http://www.ubuntu.com/usn/USN-3149-2
- http://www.ubuntu.com/usn/USN-3150-1
- http://www.ubuntu.com/usn/USN-3150-2
- http://www.ubuntu.com/usn/USN-3151-1
- http://www.ubuntu.com/usn/USN-3151-2
- http://www.ubuntu.com/usn/USN-3151-3
- http://www.ubuntu.com/usn/USN-3151-4
- http://www.ubuntu.com/usn/USN-3152-1
- http://www.ubuntu.com/usn/USN-3152-2
- https://bugzilla.redhat.com/show_bug.cgi?id=1400019
- https://github.com/torvalds/linux/commit/84ac7260236a49c79eede91617700174c2c19b0c
- https://source.android.com/security/bulletin/2017-03-01.html
- https://www.exploit-db.com/exploits/40871/
- https://www.exploit-db.com/exploits/44696/
Published: 2016-12-28
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-9576
The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 4.8.14 does not properly restrict the type of iterator, which allows local users to read or write to arbitrary kernel memory locations or cause a denial of service (use-after-free) by leveraging access to a /dev/sg device.
Severity: HIGH (7.2)
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ac402cfcdc904f9772e1762b3fda112dcc56a0
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html
- http://rhn.redhat.com/errata/RHSA-2017-0817.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
- http://www.openwall.com/lists/oss-security/2016/12/08/19
- http://www.securityfocus.com/bid/94821
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://access.redhat.com/errata/RHSA-2017:2669
- https://bugzilla.redhat.com/show_bug.cgi?id=1403145
- https://github.com/torvalds/linux/commit/a0ac402cfcdc904f9772e1762b3fda112dcc56a0
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a0ac402cfcdc904f9772e1762b3fda112dcc56a0
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00040.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00041.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00057.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00062.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00072.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00075.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00081.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00088.html
- http://lists.opensuse.org/opensuse-security-announce/2016-12/msg00091.html
- http://rhn.redhat.com/errata/RHSA-2017-0817.html
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
- http://www.openwall.com/lists/oss-security/2016/12/08/19
- http://www.securityfocus.com/bid/94821
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://access.redhat.com/errata/RHSA-2017:2669
- https://bugzilla.redhat.com/show_bug.cgi?id=1403145
- https://github.com/torvalds/linux/commit/a0ac402cfcdc904f9772e1762b3fda112dcc56a0
Published: 2016-12-28
Modified: 2025-04-12
Modified: 2025-04-12
CVE-2016-9793
The sock_setsockopt function in net/core/sock.c in the Linux kernel before 4.8.14 mishandles negative values of sk_sndbuf and sk_rcvbuf, which allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability for a crafted setsockopt system call with the (1) SO_SNDBUFFORCE or (2) SO_RCVBUFFORCE option.
Severity: HIGH (7.2)
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
- http://www.openwall.com/lists/oss-security/2016/12/03/1
- http://www.securityfocus.com/bid/94655
- http://www.securitytracker.com/id/1037968
- https://access.redhat.com/errata/RHSA-2017:0931
- https://access.redhat.com/errata/RHSA-2017:0932
- https://access.redhat.com/errata/RHSA-2017:0933
- https://bugzilla.redhat.com/show_bug.cgi?id=1402013
- https://github.com/torvalds/linux/commit/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
- https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793
- https://source.android.com/security/bulletin/2017-03-01.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.14
- http://www.openwall.com/lists/oss-security/2016/12/03/1
- http://www.securityfocus.com/bid/94655
- http://www.securitytracker.com/id/1037968
- https://access.redhat.com/errata/RHSA-2017:0931
- https://access.redhat.com/errata/RHSA-2017:0932
- https://access.redhat.com/errata/RHSA-2017:0933
- https://bugzilla.redhat.com/show_bug.cgi?id=1402013
- https://github.com/torvalds/linux/commit/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
- https://github.com/xairy/kernel-exploits/tree/master/CVE-2016-9793
- https://source.android.com/security/bulletin/2017-03-01.html