All errata/c8.1/ALT-PU-2018-2519-1
ALT-PU-2018-2519-1

Package update kernel-image-std-def in branch c8.1

Version4.9.133-alt0.M80C.1
Task#215004
Published2018-10-20
Max severityHIGH
Severity:

Closed issues (8)

BDU:2019-01057
HIGH7.8

Уязвимость функции ext4_xattr_set_entry() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-03-13Modified: 2024-06-18
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
References
BDU:2019-01058
MEDIUM5.5

Уязвимость функции ext4_update_inline_data() ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2019-03-13Modified: 2024-06-18
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C
References
BDU:2019-03459
MEDIUM5.5

Уязвимость функции fd_locked_ioctl ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию

Published: 2019-10-03Modified: 2024-06-04
CVSS 3.xMEDIUM 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N
References
BDU:2020-00735
HIGH7.8

Уязвимость функции xenvif_set_hash_mapping гипервизора Xen, позволяющая нарушителю получить несанкционированный доступ к информации и нарушить ее целостность и доступность

Published: 2020-02-27Modified: 2024-05-29
CVSS 3.xHIGH 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
References
CVE-2018-10879
HIGH7.8

A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.

Published: 2018-07-26Modified: 2024-11-21
CVSS 2.0MEDIUM 6.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:C
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2018-10880
MEDIUM5.5

Linux kernel is vulnerable to a stack-out-of-bounds write in the ext4 filesystem code when mounting and writing to a crafted ext4 image in ext4_update_inline_data(). An attacker could use this to cause a system crash and a denial of service.

Published: 2018-07-25Modified: 2024-11-21
CVSS 2.0HIGH 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:C
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References
CVE-2018-15471
HIGH7.8

An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.

Published: 2018-08-17Modified: 2024-11-21
CVSS 2.0MEDIUM 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:C
CVSS 3.xHIGH 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
CVE-2018-7755
MEDIUM5.5

An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the location of kernel code and data and bypass kernel security protections such as KASLR.

Published: 2018-03-08Modified: 2024-11-21
CVSS 2.0LOW 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS 3.xMEDIUM 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
References