ALT-PU-2018-1826-1 — kernel-image-std-def

CVE-2018-5814

HIGH7.0

In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.

Опубликовано: 2018-06-12Изменено: 2024-11-21

CVSS 2.0СРЕДНЯЯ 6.9

CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS 3.xВЫСОКАЯ 7.0

CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
http://www.securitytracker.com/id/1041050
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
https://secuniaresearch.flexerasoftware.com/advisories/81540/
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/
https://usn.ubuntu.com/3696-1/
https://usn.ubuntu.com/3696-2/
https://usn.ubuntu.com/3752-1/
https://usn.ubuntu.com/3752-2/
https://usn.ubuntu.com/3752-3/
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00043.html
http://www.securitytracker.com/id/1041050
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.43
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.16.11
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.4.133
https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.9.102
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=22076557b07c12086eeb16b8ce2b0b735f7a27e7
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c171654caa875919be3c533d3518da8be5be966e
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
https://secuniaresearch.flexerasoftware.com/advisories/81540/
https://secuniaresearch.flexerasoftware.com/secunia_research/2018-8/
https://usn.ubuntu.com/3696-1/
https://usn.ubuntu.com/3696-2/
https://usn.ubuntu.com/3752-1/
https://usn.ubuntu.com/3752-2/
https://usn.ubuntu.com/3752-3/

Обновление пакета kernel-image-std-def в ветке sisyphus

Закрытые проблемы (2)

In the Linux Kernel before version 4.16.11, 4.14.43, 4.9.102, and 4.4.133, multiple race condition errors when handling probe, disconnect, and rebind operations can be exploited to trigger a use-after-free condition or a NULL pointer dereference by sending multiple USB over IP packets.

In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c in the Linux kernel through 4.15, an integer signedness error allows arbitrary information leakage for the FBIOPUTCMAP_SPARC and FBIOGETCMAP_SPARC commands.