All errata/sisyphus/ALT-PU-2017-2378-1
ALT-PU-2017-2378-1

Package update kernel-image-un-def in branch sisyphus

Version4.13.5-alt1
Task#190301
Published2017-10-05
Max severityHIGH
Severity:

Closed issues (8)

CVE-2017-1000252
MEDIUM5.5

The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS users to cause a denial of service (assertion failure, and hypervisor hang or crash) via an out-of bounds guest_irq value, related to arch/x86/kvm/vmx.c and virt/kvm/eventfd.c.

Published: 2017-09-26Modified: 2025-04-20
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:P
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2017-12153
MEDIUM4.4

A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.

Published: 2017-09-21Modified: 2025-04-20
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS 3.xMEDIUM 4.4
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
References
CVE-2017-12154
HIGH7.1

The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.

Published: 2017-09-26Modified: 2025-04-20
CVSS 2.0LOW 3.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:N
CVSS 3.xHIGH 7.1
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
References
CVE-2017-12192
MEDIUM5.5

The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.

Published: 2017-10-12Modified: 2025-04-20
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References
CVE-2017-14954
MEDIUM5.5

The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.

Published: 2017-10-02Modified: 2025-04-20
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
CVE-2017-15537
MEDIUM5.5

The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.

Published: 2017-10-17Modified: 2025-04-20
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References
CVE-2017-18270
HIGH7.1

In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.

Published: 2018-05-18Modified: 2024-11-21
CVSS 2.0LOW 3.6
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:P
CVSS 3.xHIGH 7.1
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
References
CVE-2018-1091
MEDIUM5.5

In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.

Published: 2018-03-27Modified: 2024-11-21
CVSS 2.0MEDIUM 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
References