ALT-PU-2017-1313-1
Package kernel-image-un-def updated to version 4.10.4-alt1 for branch sisyphus in task 180516.
Closed vulnerabilities
BDU:2017-01090
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
Modified: 2024-11-21
CVE-2017-6874
Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via crafted system calls that leverage certain decrement behavior that causes incorrect interaction between put_ucounts and get_ucounts.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=040757f738e13caaa9c5078bca79aa97e11dde88
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=040757f738e13caaa9c5078bca79aa97e11dde88
- 96856
- 96856
- https://github.com/torvalds/linux/commit/040757f738e13caaa9c5078bca79aa97e11dde88
- https://github.com/torvalds/linux/commit/040757f738e13caaa9c5078bca79aa97e11dde88
Modified: 2024-11-21
CVE-2017-8062
drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and 4.10.x before 4.10.4 interacts incorrectly with the CONFIG_VMAP_STACK option, which allows local users to cause a denial of service (system crash or memory corruption) or possibly have unspecified other impact by leveraging use of more than one virtual page for a DMA scatterlist.
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4
- [oss-security] 20170416 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass
- [oss-security] 20170416 Silently (or obliviously) partially-fixed CONFIG_STRICT_DEVMEM bypass
- 97973
- 97973
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=606142af57dad981b78707234cfbd15f9f7b7125
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=606142af57dad981b78707234cfbd15f9f7b7125
- https://github.com/torvalds/linux/commit/606142af57dad981b78707234cfbd15f9f7b7125
- https://github.com/torvalds/linux/commit/606142af57dad981b78707234cfbd15f9f7b7125
Modified: 2024-11-21
CVE-2017-8924
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=654b404f2a222f918af9b0cd18ad469d0c941a8e
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=654b404f2a222f918af9b0cd18ad469d0c941a8e
- DSA-3886
- DSA-3886
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4
- 98451
- 98451
- https://github.com/torvalds/linux/commit/654b404f2a222f918af9b0cd18ad469d0c941a8e
- https://github.com/torvalds/linux/commit/654b404f2a222f918af9b0cd18ad469d0c941a8e
Modified: 2024-11-21
CVE-2017-8925
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30572418b445d85fcfe6c8fe84c947d2606767d8
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30572418b445d85fcfe6c8fe84c947d2606767d8
- DSA-3886
- DSA-3886
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4
- 98462
- 98462
- https://github.com/torvalds/linux/commit/30572418b445d85fcfe6c8fe84c947d2606767d8
- https://github.com/torvalds/linux/commit/30572418b445d85fcfe6c8fe84c947d2606767d8