MEDIUM5.5
Уязвимость операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HCVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:C
ALT-PU-2018-1991-3Обновление пакета kernel-image-std-def в ветке sisyphus
Серьёзность:
Закрытые проблемы (135)
MEDIUM6.4
Уязвимость функции saa7164_bus_get операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 6.4
CVSS:3.x/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:CСсылки
HIGH7.4
Уязвимость в реализации механизма Stack Guard-Page ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xВЫСОКАЯ 7.4
CVSS:3.x/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.2
CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:C/A:CСсылки
HIGH7.8
Уязвимость функции intr (sound/oss/msnd_pinnacle.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CMEDIUM6.6
Уязвимость ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CСсылки
MEDIUM6.6
Уязвимость функции imon_probe ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CСсылки
MEDIUM6.6
Уязвимость функции cx231xx_usb_probe ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CСсылки
MEDIUM6.6
Уязвимость функции usb_get_bos_descriptor ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CСсылки
MEDIUM5.5
Уязвимость драйвера ALSA/dev/snd/timer (sound/core/timer.c) ядра операционной системы Linux, позволяющая нарушителю получить конфиденциальную информацию
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NCVSS 2.0НИЗКАЯ 1.7
CVSS:2.0/AV:L/AC:L/Au:S/C:P/I:N/A:NСсылки
MEDIUM6.6
Уязвимость функции qmi_wwan_bind (drivers/net/usb/qmi_wwan.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CMEDIUM6.6
Уязвимость функции usbnet_generic_cdc_bind (drivers/net/usb/cdc_ether.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CMEDIUM6.6
Уязвимость функции dvb_frontend_free (drivers/media/dvb-core/dvb_frontend.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CMEDIUM6.6
Уязвимость функции asix_suspend (drivers/net/usb/asix_devices.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CMEDIUM6.6
Уязвимость функции ims_pcu_get_cdc_union_desc (drivers/input/misc/ims-pcu.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CMEDIUM6.6
Уязвимость функции hdpvr_probe (drivers/media/usb/hdpvr/hdpvr-core.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CMEDIUM6.6
Уязвимость функции parse_hid_report_descriptor (drivers/input/tablet/gtco.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании или оказать другое воздействие
CVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CMEDIUM6.5
Уязвимость функции setup_ntlmv2_rsp() (fs/cifs/cifsencrypt.c) ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HCVSS 2.0ВЫСОКАЯ 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:CСсылки
HIGH7.5
Уязвимость реализации стека протоколов SCTP ядра операционной системы Linux, позволяющая нарушителю вызвать утечку памяти
CVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NCVSS 2.0ВЫСОКАЯ 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:NСсылки
MEDIUM5.5
Уязвимость подсистемы cleancache ядра операционной системы Linux, позволяющая нарушителю раскрыть защищаемую информацию
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NCVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NСсылки
MEDIUM5.5
Уязвимость функции __netlink_ns_capable () ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HCVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CСсылки
MEDIUM5.5
Уязвимость функции pcpu_embed_first_chunk() ядра операционной системы Linux, позволяющая нарушителю получить несанкционированный доступ к информации
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NCVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:N/A:NСсылки
MEDIUM5.5
Уязвимость функции dev_get_valid_name подсистемы TUN ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HCVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CСсылки
HIGH8.1
Уязвимость ядра операционной системы Linux, связанная с чтением данных за границами буфера в памяти, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
CVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HCVSS 2.0ВЫСОКАЯ 7.6
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:C/A:CСсылки
HIGH7.8
Уязвимость функции do_shmat компонента ipc/shm.c ядра операционной системы Linux, связанная с недостаточной проверкой входных данных, позволяющая привилегированному пользователю обойти существующие ограничения безопасности
CVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS 2.0СРЕДНЯЯ 6.8
CVSS:2.0/AV:L/AC:L/Au:S/C:C/I:C/A:CСсылки
MEDIUM5.5
Уязвимость подсистемы KEYS ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HCVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CСсылки
MEDIUM5.3
Уязвимость функции exynos_drm_crtc_atomic_disable() в модуле drivers/gpu/drm/exynos/exynos_drm_crtc.c драйвера Samsung SoC Exynos ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 5.3
CVSS:3.x/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:HCVSS 2.0НИЗКАЯ 3.8
CVSS:2.0/AV:L/AC:H/Au:S/C:N/I:N/A:CСсылки
MEDIUM5.5
Уязвимость функции sync_print_obj() драйвера dma-buf ядра операционной системы Linux, позволяющая нарушителю вызвать отказ в обслуживании
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HCVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:S/C:N/I:N/A:CСсылки
MEDIUM4.4
It was discovered in the Linux kernel before 4.11-rc8 that root can gain direct access to an internal keyring, such as '.dns_resolver' in RHEL-7 or '.builtin_trusted_keys' upstream, by joining it as its session keyring. This allows root to bypass module signature verification by adding a new public key of its own devising to the keyring.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:NCVSS 3.xСРЕДНЯЯ 4.4
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:NСсылки
- http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html
- http://www.securityfocus.com/bid/102135
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://access.redhat.com/errata/RHSA-2017:2669
- https://bugzilla.novell.com/show_bug.cgi?id=1035576
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2f
- http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9604.html
- http://www.securityfocus.com/bid/102135
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://access.redhat.com/errata/RHSA-2017:2669
- https://bugzilla.novell.com/show_bug.cgi?id=1035576
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9604
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=ee8f844e3c5a73b999edf733df1c529d6503ec2f
HIGH7.4
An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be "jumped" over (the stack guard page is bypassed), this affects Linux Kernel versions 4.11.5 and earlier (the stackguard page was introduced in 2010).
CVSS 2.0СРЕДНЯЯ 6.2
CVSS:2.0/AV:L/AC:H/Au:N/C:C/I:C/A:CCVSS 3.xВЫСОКАЯ 7.4
CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.debian.org/security/2017/dsa-3886
- http://www.securityfocus.com/bid/99130
- http://www.securitytracker.com/id/1038724
- https://access.redhat.com/errata/RHSA-2017:1482
- https://access.redhat.com/errata/RHSA-2017:1483
- https://access.redhat.com/errata/RHSA-2017:1484
- https://access.redhat.com/errata/RHSA-2017:1485
- https://access.redhat.com/errata/RHSA-2017:1486
- https://access.redhat.com/errata/RHSA-2017:1487
- https://access.redhat.com/errata/RHSA-2017:1488
- https://access.redhat.com/errata/RHSA-2017:1489
- https://access.redhat.com/errata/RHSA-2017:1490
- https://access.redhat.com/errata/RHSA-2017:1491
- https://access.redhat.com/errata/RHSA-2017:1567
- https://access.redhat.com/errata/RHSA-2017:1616
- https://access.redhat.com/errata/RHSA-2017:1647
- https://access.redhat.com/errata/RHSA-2017:1712
- https://access.redhat.com/security/cve/CVE-2017-1000364
- https://kc.mcafee.com/corporate/index?page=content&id=SB10205
- https://kc.mcafee.com/corporate/index?page=content&id=SB10207
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
- https://www.exploit-db.com/exploits/45625/
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- https://www.suse.com/security/cve/CVE-2017-1000364/
- https://www.suse.com/support/kb/doc/?id=7020973
- http://www.debian.org/security/2017/dsa-3886
- http://www.securityfocus.com/bid/99130
- http://www.securitytracker.com/id/1038724
- https://access.redhat.com/errata/RHSA-2017:1482
- https://access.redhat.com/errata/RHSA-2017:1483
- https://access.redhat.com/errata/RHSA-2017:1484
- https://access.redhat.com/errata/RHSA-2017:1485
- https://access.redhat.com/errata/RHSA-2017:1486
- https://access.redhat.com/errata/RHSA-2017:1487
- https://access.redhat.com/errata/RHSA-2017:1488
- https://access.redhat.com/errata/RHSA-2017:1489
- https://access.redhat.com/errata/RHSA-2017:1490
- https://access.redhat.com/errata/RHSA-2017:1491
- https://access.redhat.com/errata/RHSA-2017:1567
- https://access.redhat.com/errata/RHSA-2017:1616
- https://access.redhat.com/errata/RHSA-2017:1647
- https://access.redhat.com/errata/RHSA-2017:1712
- https://access.redhat.com/security/cve/CVE-2017-1000364
- https://kc.mcafee.com/corporate/index?page=content&id=SB10205
- https://kc.mcafee.com/corporate/index?page=content&id=SB10207
- https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03800en_us
- https://www.exploit-db.com/exploits/45625/
- https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
- https://www.suse.com/security/cve/CVE-2017-1000364/
- https://www.suse.com/support/kb/doc/?id=7020973
MEDIUM5.5
sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a data race in the ALSA /dev/snd/timer driver resulting in local users being able to read information belonging to other users, i.e., uninitialized memory contents may be disclosed when a read and an ioctl happen at the same time.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378
- http://www.debian.org/security/2017/dsa-3981
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5
- http://www.openwall.com/lists/oss-security/2017/06/12/2
- http://www.securityfocus.com/bid/99121
- https://access.redhat.com/errata/RHSA-2017:3295
- https://access.redhat.com/errata/RHSA-2017:3315
- https://access.redhat.com/errata/RHSA-2017:3322
- https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728
- https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378
- https://source.android.com/security/bulletin/pixel/2017-12-01
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ba3021b2c79b2fa9114f92790a99deb27a65b728
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d11662f4f798b50d8c8743f433842c3e40fe3378
- http://www.debian.org/security/2017/dsa-3981
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5
- http://www.openwall.com/lists/oss-security/2017/06/12/2
- http://www.securityfocus.com/bid/99121
- https://access.redhat.com/errata/RHSA-2017:3295
- https://access.redhat.com/errata/RHSA-2017:3315
- https://access.redhat.com/errata/RHSA-2017:3322
- https://github.com/torvalds/linux/commit/ba3021b2c79b2fa9114f92790a99deb27a65b728
- https://github.com/torvalds/linux/commit/d11662f4f798b50d8c8743f433842c3e40fe3378
- https://source.android.com/security/bulletin/pixel/2017-12-01
MEDIUM6.5
The make_response function in drivers/block/xen-blkback/blkback.c in the Linux kernel before 4.11.8 allows guest OS users to obtain sensitive information from host OS (or other guest OS) kernel memory by leveraging the copying of uninitialized padding fields in Xen block-interface response structures, aka XSA-216.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:NCVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341
- http://www.debian.org/security/2017/dsa-3920
- http://www.debian.org/security/2017/dsa-3927
- http://www.debian.org/security/2017/dsa-3945
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8
- http://www.securityfocus.com/bid/99162
- http://www.securitytracker.com/id/1038720
- https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201708-03
- https://xenbits.xen.org/xsa/advisory-216.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=089bc0143f489bd3a4578bdff5f4ca68fb26f341
- http://www.debian.org/security/2017/dsa-3920
- http://www.debian.org/security/2017/dsa-3927
- http://www.debian.org/security/2017/dsa-3945
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.8
- http://www.securityfocus.com/bid/99162
- http://www.securitytracker.com/id/1038720
- https://github.com/torvalds/linux/commit/089bc0143f489bd3a4578bdff5f4ca68fb26f341
- https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html
- https://security.gentoo.org/glsa/201708-03
- https://xenbits.xen.org/xsa/advisory-216.html
HIGH7.1
The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in the Linux kernel before 4.12 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
CVSS 2.0НИЗКАЯ 3.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:NCVSS 3.xВЫСОКАЯ 7.1
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f
- https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6
- https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3b2d69114fefa474fca542e51119036dceb4aa6f
- https://github.com/acpica/acpica/commit/a23325b2e583556eae88ed3f764e457786bf4df6
- https://github.com/torvalds/linux/commit/3b2d69114fefa474fca542e51119036dceb4aa6f
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
MEDIUM6.5
The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the Linux kernel before 4.13.8 do unbalanced refcounting when a SCSI I/O vector has small consecutive buffers belonging to the same page. The bio_add_pc_page function merges them into one, but the page reference is never dropped. This causes a memory leak and possible system lockup (exploitable against the host OS by a guest OS user, if a SCSI disk is passed through to a virtual machine) due to an out-of-memory condition.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467
- http://seclists.org/oss-sec/2017/q4/52
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
- http://www.securityfocus.com/bid/101911
- https://access.redhat.com/errata/RHSA-2018:0654
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2018:1854
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://bugzilla.redhat.com/show_bug.cgi?id=1495089
- https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058
- https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://support.f5.com/csp/article/K93472064?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/3582-1/
- https://usn.ubuntu.com/3582-2/
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95d78c28b5a85bacbc29b8dba7c04babb9b0d467
- http://seclists.org/oss-sec/2017/q4/52
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.8
- http://www.securityfocus.com/bid/101911
- https://access.redhat.com/errata/RHSA-2018:0654
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2018:1854
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://bugzilla.redhat.com/show_bug.cgi?id=1495089
- https://github.com/torvalds/linux/commit/2b04e8f6bbb196cab4b232af0f8d48ff2c7a8058
- https://github.com/torvalds/linux/commit/95d78c28b5a85bacbc29b8dba7c04babb9b0d467
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://support.f5.com/csp/article/K93472064?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/3582-1/
- https://usn.ubuntu.com/3582-2/
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
MEDIUM5.5
The keyctl_read_key function in security/keys/keyctl.c in the Key Management subcomponent in the Linux kernel before 4.13.5 does not properly consider that a key may be possessed but negatively instantiated, which allows local users to cause a denial of service (OOPS and system crash) via a crafted KEYCTL_READ operation.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
- https://access.redhat.com/errata/RHSA-2018:0151
- https://bugzilla.redhat.com/show_bug.cgi?id=1493435
- https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678
- https://lkml.org/lkml/2017/9/18/764
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=37863c43b2c6464f252862bf2e9768264e961678
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
- https://access.redhat.com/errata/RHSA-2018:0151
- https://bugzilla.redhat.com/show_bug.cgi?id=1493435
- https://github.com/torvalds/linux/commit/37863c43b2c6464f252862bf2e9768264e961678
- https://lkml.org/lkml/2017/9/18/764
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
MEDIUM5.5
The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://www.securityfocus.com/bid/100502
- https://github.com/acpica/acpica/pull/295
- https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732
- https://patchwork.kernel.org/patch/9919053/
- http://www.securityfocus.com/bid/100502
- https://github.com/acpica/acpica/pull/295/commits/987a3b5cf7175916e2a4b6ea5b8e70f830dfe732
- https://patchwork.kernel.org/patch/9919053/
MEDIUM5.5
The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://www.securityfocus.com/bid/100500
- https://github.com/acpica/acpica/pull/278
- https://github.com/acpica/acpica/pull/278/commits/4a0243ecb4c94e2d73510d096c5ea4d0711fc6c0
- https://patchwork.kernel.org/patch/9806085/
- http://www.securityfocus.com/bid/100500
- https://github.com/acpica/acpica/pull/278/commits/4a0243ecb4c94e2d73510d096c5ea4d0711fc6c0
- https://patchwork.kernel.org/patch/9806085/
MEDIUM5.5
The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://www.securityfocus.com/bid/100497
- https://github.com/acpica/acpica/pull/296/commits/37f2c716f2c6ab14c3ba557a539c3ee3224931b5
- https://patchwork.kernel.org/patch/9850567/
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://usn.ubuntu.com/3762-1/
- https://usn.ubuntu.com/3762-2/
- http://www.securityfocus.com/bid/100497
- https://github.com/acpica/acpica/pull/296/commits/37f2c716f2c6ab14c3ba557a539c3ee3224931b5
- https://patchwork.kernel.org/patch/9850567/
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://usn.ubuntu.com/3762-1/
- https://usn.ubuntu.com/3762-2/
MEDIUM4.4
An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.c in the Linux kernel through 4.12.10 allows local users to cause a denial of service (memory corruption and system crash) by leveraging root access.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 4.4
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HСсылки
- http://www.securityfocus.com/bid/100571
- https://bugzilla.kernel.org/show_bug.cgi?id=194061
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://patchwork.kernel.org/patch/9929625/
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- http://www.securityfocus.com/bid/100571
- https://bugzilla.kernel.org/show_bug.cgi?id=194061
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://patchwork.kernel.org/patch/9929625/
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
MEDIUM5.5
The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel before 4.12 allows local users to cause a denial of service (__tcp_select_window divide-by-zero error and system crash) by triggering a disconnect within a certain tcp_recvmsg code path.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=499350a5a6e7512d9ed369ed63a4244b6536f4f8
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/100878
- http://www.securitytracker.com/id/1039549
- https://access.redhat.com/errata/RHSA-2017:2918
- https://access.redhat.com/errata/RHSA-2017:2930
- https://access.redhat.com/errata/RHSA-2017:2931
- https://access.redhat.com/errata/RHSA-2017:3200
- https://access.redhat.com/errata/RHSA-2018:2172
- https://github.com/torvalds/linux/commit/499350a5a6e7512d9ed369ed63a4244b6536f4f8
- https://www.mail-archive.com/netdev%40vger.kernel.org/msg186255.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=499350a5a6e7512d9ed369ed63a4244b6536f4f8
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/100878
- http://www.securitytracker.com/id/1039549
- https://access.redhat.com/errata/RHSA-2017:2918
- https://access.redhat.com/errata/RHSA-2017:2930
- https://access.redhat.com/errata/RHSA-2017:2931
- https://access.redhat.com/errata/RHSA-2017:3200
- https://access.redhat.com/errata/RHSA-2018:2172
- https://github.com/torvalds/linux/commit/499350a5a6e7512d9ed369ed63a4244b6536f4f8
- https://www.mail-archive.com/netdev%40vger.kernel.org/msg186255.html
MEDIUM5.5
The move_pages system call in mm/migrate.c in the Linux kernel before 4.12.9 doesn't check the effective uid of the target process, enabling a local attacker to learn the memory layout of a setuid executable despite ASLR.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197e7e521384a23b9e585178f3f11c9fa08274b9
- http://www.debian.org/security/2017/dsa-3981
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9
- http://www.securityfocus.com/bid/100876
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://github.com/torvalds/linux/commit/197e7e521384a23b9e585178f3f11c9fa08274b9
- https://source.android.com/security/bulletin/pixel/2018-01-01
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=197e7e521384a23b9e585178f3f11c9fa08274b9
- http://www.debian.org/security/2017/dsa-3981
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.9
- http://www.securityfocus.com/bid/100876
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://github.com/torvalds/linux/commit/197e7e521384a23b9e585178f3f11c9fa08274b9
- https://source.android.com/security/bulletin/pixel/2018-01-01
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
MEDIUM5.5
The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the Linux kernel through 4.12.10 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory by reading locations associated with padding bytes.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/100634
- https://github.com/torvalds/linux/pull/441
- https://marc.info/?l=linux-kernel&m=150401461613306&w=2
- https://marc.info/?l=linux-kernel&m=150453196710422&w=2
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/100634
- https://github.com/torvalds/linux/pull/441
- https://marc.info/?l=linux-kernel&m=150401461613306&w=2
- https://marc.info/?l=linux-kernel&m=150453196710422&w=2
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
MEDIUM5.5
The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux kernel before 4.13.2 does not verify that a filesystem has a realtime device, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via vectors related to setting an RHINHERIT flag on a directory.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b31ff3cdf540110da4572e3e29bd172087af65cc
- http://seclists.org/oss-sec/2017/q3/436
- http://www.debian.org/security/2017/dsa-3981
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.2
- http://www.securityfocus.com/bid/100851
- https://access.redhat.com/errata/RHSA-2017:2918
- https://bugzilla.redhat.com/show_bug.cgi?id=1491344
- https://github.com/torvalds/linux/commit/b31ff3cdf540110da4572e3e29bd172087af65cc
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b31ff3cdf540110da4572e3e29bd172087af65cc
- http://seclists.org/oss-sec/2017/q3/436
- http://www.debian.org/security/2017/dsa-3981
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.2
- http://www.securityfocus.com/bid/100851
- https://access.redhat.com/errata/RHSA-2017:2918
- https://bugzilla.redhat.com/show_bug.cgi?id=1491344
- https://github.com/torvalds/linux/commit/b31ff3cdf540110da4572e3e29bd172087af65cc
MEDIUM5.5
The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the Linux kernel through 4.13.2 allows local users to cause a denial of service (panic) by leveraging incorrect length validation.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/101011
- https://bugzilla.redhat.com/show_bug.cgi?id=1490421
- https://patchwork.kernel.org/patch/9923803/
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- https://www.exploit-db.com/exploits/42932/
- http://www.debian.org/security/2017/dsa-3981
- http://www.securityfocus.com/bid/101011
- https://bugzilla.redhat.com/show_bug.cgi?id=1490421
- https://patchwork.kernel.org/patch/9923803/
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- https://www.exploit-db.com/exploits/42932/
MEDIUM5.5
The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass the KASLR protection mechanism, via a crafted system call.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
- https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
- https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c
- https://twitter.com/_argp/status/914021130712870912
- https://twitter.com/grsecurity/status/914079864478666753
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
- https://github.com/torvalds/linux/commit/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
- https://grsecurity.net/~spender/exploits/wait_for_kaslr_to_be_effective.c
- https://twitter.com/_argp/status/914021130712870912
- https://twitter.com/grsecurity/status/914079864478666753
MEDIUM5.5
The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before 4.13.4 allows local users to obtain sensitive information from uninitialized kernel heap-memory locations via an SG_GET_REQUEST_TABLE ioctl call for /dev/sg0.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e0097499839e0fe3af380410eababe5a47c4cf9
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4
- http://www.securityfocus.com/bid/101187
- https://github.com/torvalds/linux/commit/3e0097499839e0fe3af380410eababe5a47c4cf9
- https://usn.ubuntu.com/3754-1/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e0097499839e0fe3af380410eababe5a47c4cf9
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.4
- http://www.securityfocus.com/bid/101187
- https://github.com/torvalds/linux/commit/3e0097499839e0fe3af380410eababe5a47c4cf9
- https://usn.ubuntu.com/3754-1/
MEDIUM5.5
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13. A superfluous implicit page unlock for VM_SHARED hugetlbfs mapping could trigger a local denial of service (BUG).
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995
- http://www.securityfocus.com/bid/102517
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/security/cve/CVE-2017-15127
- https://bugzilla.redhat.com/show_bug.cgi?id=1525218
- https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5af10dfd0afc559bb4b0f7e3e8227a1578333995
- http://www.securityfocus.com/bid/102517
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/security/cve/CVE-2017-15127
- https://bugzilla.redhat.com/show_bug.cgi?id=1525218
- https://github.com/torvalds/linux/commit/5af10dfd0afc559bb4b0f7e3e8227a1578333995
MEDIUM5.5
A flaw was found in the hugetlb_mcopy_atomic_pte function in mm/hugetlb.c in the Linux kernel before 4.13.12. A lack of size check could cause a denial of service (BUG).
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df
- https://access.redhat.com/security/cve/CVE-2017-15128
- https://bugzilla.redhat.com/show_bug.cgi?id=1525222
- https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e3921471354244f70fe268586ff94a97a6dd4df
- https://access.redhat.com/security/cve/CVE-2017-15128
- https://bugzilla.redhat.com/show_bug.cgi?id=1525222
- https://github.com/torvalds/linux/commit/1e3921471354244f70fe268586ff94a97a6dd4df
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.12
MEDIUM4.7
A use-after-free vulnerability was found in network namespaces code affecting the Linux kernel before 4.14.11. The function get_net_ns_by_id() in net/core/net_namespace.c does not check for the net::count value after it has found a peer network in netns_ids idr, which could lead to double free and memory corruption. This vulnerability could allow an unprivileged local user to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is thought to be unlikely.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 4.7
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0
- http://seclists.org/oss-sec/2018/q1/7
- http://www.securityfocus.com/bid/102485
- https://access.redhat.com/errata/RHSA-2018:0654
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2019:1946
- https://access.redhat.com/security/cve/CVE-2017-15129
- https://bugzilla.redhat.com/show_bug.cgi?id=1531174
- https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0
- https://marc.info/?l=linux-netdev&m=151370451121029&w=2
- https://marc.info/?t=151370468900001&r=1&w=2
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3632-1/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21b5944350052d2583e82dd59b19a9ba94a007f0
- http://seclists.org/oss-sec/2018/q1/7
- http://www.securityfocus.com/bid/102485
- https://access.redhat.com/errata/RHSA-2018:0654
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2019:1946
- https://access.redhat.com/security/cve/CVE-2017-15129
- https://bugzilla.redhat.com/show_bug.cgi?id=1531174
- https://github.com/torvalds/linux/commit/21b5944350052d2583e82dd59b19a9ba94a007f0
- https://marc.info/?l=linux-netdev&m=151370451121029&w=2
- https://marc.info/?t=151370468900001&r=1&w=2
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3632-1/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11
MEDIUM5.5
security/keys/keyctl.c in the Linux kernel before 4.11.5 does not consider the case of a NULL payload in conjunction with a nonzero length value, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a crafted add_key or keyctl system call, a different vulnerability than CVE-2017-12192.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5649645d725c73df4302428ee4e02c869248b4c5
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5
- http://www.securityfocus.com/bid/101292
- https://access.redhat.com/errata/RHSA-2019:1946
- https://bugzilla.suse.com/show_bug.cgi?id=1045327
- https://github.com/torvalds/linux/commit/5649645d725c73df4302428ee4e02c869248b4c5
- https://patchwork.kernel.org/patch/9781573/
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5649645d725c73df4302428ee4e02c869248b4c5
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.5
- http://www.securityfocus.com/bid/101292
- https://access.redhat.com/errata/RHSA-2019:1946
- https://bugzilla.suse.com/show_bug.cgi?id=1045327
- https://github.com/torvalds/linux/commit/5649645d725c73df4302428ee4e02c869248b4c5
- https://patchwork.kernel.org/patch/9781573/
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
MEDIUM5.5
The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of add_key for a key that already exists but is uninstantiated, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted system call.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- https://access.redhat.com/errata/RHSA-2018:0654
- https://bugzilla.redhat.com/show_bug.cgi?id=1498016
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://marc.info/?t=150654188100001&r=1&w=2
- https://marc.info/?t=150783958600011&r=1&w=2
- https://usn.ubuntu.com/3798-1/
- https://usn.ubuntu.com/3798-2/
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1499828.html
- https://access.redhat.com/errata/RHSA-2018:0654
- https://bugzilla.redhat.com/show_bug.cgi?id=1498016
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://marc.info/?t=150654188100001&r=1&w=2
- https://marc.info/?t=150783958600011&r=1&w=2
- https://usn.ubuntu.com/3798-1/
- https://usn.ubuntu.com/3798-2/
- https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1499828.html
MEDIUM5.5
The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a KVM_CHECK_EXTENSION KVM_CAP_PPC_HTM ioctl call to /dev/kvm.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac64115a66c18c01745bbd3c47a36b124e5fd8c0
- http://openwall.com/lists/oss-security/2017/11/06/6
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
- http://www.securityfocus.com/bid/101693
- https://github.com/torvalds/linux/commit/ac64115a66c18c01745bbd3c47a36b124e5fd8c0
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ac64115a66c18c01745bbd3c47a36b124e5fd8c0
- http://openwall.com/lists/oss-security/2017/11/06/6
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
- http://www.securityfocus.com/bid/101693
- https://github.com/torvalds/linux/commit/ac64115a66c18c01745bbd3c47a36b124e5fd8c0
MEDIUM5.5
The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before 4.13.5, when a processor supports the xsave feature but not the xsaves feature, does not correctly handle attempts to set reserved bits in the xstate header via the ptrace() or rt_sigreturn() system call, allowing local users to read the FPU registers of other processes on the system, related to arch/x86/kernel/fpu/regset.c and arch/x86/kernel/fpu/signal.c.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
- https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e
- https://source.android.com/security/bulletin/pixel/2018-01-01
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=814fb7bb7db5433757d76f4c4502c96fc53b0b5e
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
- https://github.com/torvalds/linux/commit/814fb7bb7db5433757d76f4c4502c96fc53b0b5e
- https://source.android.com/security/bulletin/pixel/2018-01-01
HIGH7.8
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local users to gain privileges via crafted system calls that trigger mishandling of packet_fanout data structures, because of a race condition (involving fanout_add and packet_do_bind) that leads to a use-after-free, a different vulnerability than CVE-2017-6346.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e
- http://patchwork.ozlabs.org/patch/813945/
- http://patchwork.ozlabs.org/patch/818726/
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6
- http://www.securityfocus.com/bid/101573
- https://access.redhat.com/errata/RHSA-2018:0151
- https://access.redhat.com/errata/RHSA-2018:0152
- https://access.redhat.com/errata/RHSA-2018:0181
- https://blogs.securiteam.com/index.php/archives/3484
- https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110
- https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://usn.ubuntu.com/3754-1/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=008ba2a13f2d04c947adc536d19debb8fe66f110
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4971613c1639d8e5f102c4e797c3bf8f83a5a69e
- http://patchwork.ozlabs.org/patch/813945/
- http://patchwork.ozlabs.org/patch/818726/
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.6
- http://www.securityfocus.com/bid/101573
- https://access.redhat.com/errata/RHSA-2018:0151
- https://access.redhat.com/errata/RHSA-2018:0152
- https://access.redhat.com/errata/RHSA-2018:0181
- https://blogs.securiteam.com/index.php/archives/3484
- https://github.com/torvalds/linux/commit/008ba2a13f2d04c947adc536d19debb8fe66f110
- https://github.com/torvalds/linux/commit/4971613c1639d8e5f102c4e797c3bf8f83a5a69e
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://usn.ubuntu.com/3754-1/
MEDIUM6.6
The usb_get_bos_descriptor function in drivers/usb/core/config.c in the Linux kernel before 4.13.10 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.securityfocus.com/bid/102022
- https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e
- https://groups.google.com/d/msg/syzkaller/tzdz2fTB1K0/OvjIgLSTAgAJ
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://usn.ubuntu.com/3754-1/
- http://www.securityfocus.com/bid/102022
- https://github.com/torvalds/linux/commit/1c0edc3633b56000e18d82fc241e3995ca18a69e
- https://groups.google.com/d/msg/syzkaller/tzdz2fTB1K0/OvjIgLSTAgAJ
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://usn.ubuntu.com/3754-1/
MEDIUM6.6
The cx231xx_usb_probe function in drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://patchwork.kernel.org/patch/9963527/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
- https://groups.google.com/d/msg/syzkaller/WlUAVfDvpRk/1V1xuEA4AgAJ
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://patchwork.kernel.org/patch/9963527/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
MEDIUM6.6
The imon_probe function in drivers/media/rc/imon.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://patchwork.kernel.org/patch/9994017/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
- https://groups.google.com/d/msg/syzkaller/bBFN8imrjjo/-5jCl8EiCQAJ
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://patchwork.kernel.org/patch/9994017/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
MEDIUM6.6
drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (general protection fault and system crash) or possibly have unspecified other impact via a crafted USB device, related to a missing warm-start check and incorrect attach timing (dm04_lme2510_frontend_attach versus dm04_lme2510_tuner).
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ
- https://patchwork.linuxtv.org/patch/44566/
- https://patchwork.linuxtv.org/patch/44567/
- https://usn.ubuntu.com/3631-1/
- https://usn.ubuntu.com/3631-2/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- https://groups.google.com/d/msg/syzkaller/XwNidsl4X04/ti6I2IaRBAAJ
- https://patchwork.linuxtv.org/patch/44566/
- https://patchwork.linuxtv.org/patch/44567/
- https://usn.ubuntu.com/3631-1/
- https://usn.ubuntu.com/3631-2/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
MEDIUM6.6
The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
- http://www.securityfocus.com/bid/101769
- https://github.com/torvalds/linux/commit/a50829479f58416a013a4ccca791336af3c584c7
- https://groups.google.com/d/msg/syzkaller/McWFcOsA47Y/3bjtBBgaBAAJ
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://usn.ubuntu.com/3754-1/
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.11
- http://www.securityfocus.com/bid/101769
- https://github.com/torvalds/linux/commit/a50829479f58416a013a4ccca791336af3c584c7
- https://groups.google.com/d/msg/syzkaller/McWFcOsA47Y/3bjtBBgaBAAJ
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://usn.ubuntu.com/3754-1/
MEDIUM6.6
The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (improper error handling and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.securityfocus.com/bid/101842
- https://groups.google.com/d/msg/syzkaller/ngC5SLvxPm4/gduhCARhAwAJ
- https://patchwork.kernel.org/patch/9966135/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2017/dsa-4073
- http://www.securityfocus.com/bid/101842
- https://groups.google.com/d/msg/syzkaller/ngC5SLvxPm4/gduhCARhAwAJ
- https://patchwork.kernel.org/patch/9966135/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2017/dsa-4073
MEDIUM6.6
The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.securityfocus.com/bid/101768
- https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a
- https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
- http://www.securityfocus.com/bid/101768
- https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a
- https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
MEDIUM6.6
drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.securityfocus.com/bid/101846
- https://groups.google.com/d/msg/syzkaller/-d6ilzbVu_g/OBy8_62mAwAJ
- https://patchwork.linuxtv.org/patch/45291/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- http://www.securityfocus.com/bid/101846
- https://groups.google.com/d/msg/syzkaller/-d6ilzbVu_g/OBy8_62mAwAJ
- https://patchwork.linuxtv.org/patch/45291/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
MEDIUM6.6
drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.securityfocus.com/bid/101767
- https://groups.google.com/d/msg/syzkaller/_9a6pd-p_0E/OnmnplQuAgAJ
- https://patchwork.ozlabs.org/patch/834686/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- http://www.securityfocus.com/bid/101767
- https://groups.google.com/d/msg/syzkaller/_9a6pd-p_0E/OnmnplQuAgAJ
- https://patchwork.ozlabs.org/patch/834686/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
MEDIUM6.6
The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (use-after-free and system crash) or possibly have unspecified other impact via a crafted USB device. NOTE: the function was later renamed __dvb_frontend_free.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.securityfocus.com/bid/101758
- https://access.redhat.com/errata/RHSA-2018:2948
- https://groups.google.com/d/msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ
- https://patchwork.kernel.org/patch/10046189/
- http://www.securityfocus.com/bid/101758
- https://access.redhat.com/errata/RHSA-2018:2948
- https://groups.google.com/d/msg/syzkaller/0HJQqTm0G_g/T931ItskBAAJ
- https://patchwork.kernel.org/patch/10046189/
MEDIUM6.6
The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.securityfocus.com/bid/101761
- https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://patchwork.ozlabs.org/patch/834771/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3822-1/
- https://usn.ubuntu.com/3822-2/
- http://www.securityfocus.com/bid/101761
- https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://patchwork.ozlabs.org/patch/834771/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3822-1/
- https://usn.ubuntu.com/3822-2/
MEDIUM6.6
The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.securityfocus.com/bid/101791
- https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ
- https://patchwork.ozlabs.org/patch/834770/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
- http://www.securityfocus.com/bid/101791
- https://groups.google.com/d/msg/syzkaller/0e0gmaX9R0g/9Me9JcY2BQAJ
- https://patchwork.ozlabs.org/patch/834770/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
MEDIUM5.5
The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel before 4.14.2 mishandles holes in hugetlb ranges, which allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
- http://www.securityfocus.com/bid/101969
- https://access.redhat.com/errata/RHSA-2018:0502
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1431
- https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3632-1/
- https://www.exploit-db.com/exploits/43178/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=373c4557d2aa362702c4c2d41288fb1e54990b7c
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
- http://www.securityfocus.com/bid/101969
- https://access.redhat.com/errata/RHSA-2018:0502
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1431
- https://github.com/torvalds/linux/commit/373c4557d2aa362702c4c2d41288fb1e54990b7c
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3632-1/
- https://www.exploit-db.com/exploits/43178/
HIGH7.8
net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across all net namespaces.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.securityfocus.com/bid/102117
- https://access.redhat.com/errata/RHSA-2018:0654
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://patchwork.kernel.org/patch/10089373/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3620-1/
- https://usn.ubuntu.com/3620-2/
- https://usn.ubuntu.com/3632-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
- http://www.securityfocus.com/bid/102117
- https://access.redhat.com/errata/RHSA-2018:0654
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://patchwork.kernel.org/patch/10089373/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3620-1/
- https://usn.ubuntu.com/3620-2/
- https://usn.ubuntu.com/3632-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
MEDIUM4.7
The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in the Linux kernel through 4.14.4, when CONFIG_NLMON is enabled, does not restrict observations of Netlink messages to a single net namespace, which allows local users to obtain sensitive information by leveraging the CAP_NET_ADMIN capability to sniff an nlmon interface for all Netlink activity on the system.
CVSS 2.0НИЗКАЯ 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 4.7
CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://www.securityfocus.com/bid/102122
- https://access.redhat.com/errata/RHSA-2018:0654
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2018:1130
- https://access.redhat.com/errata/RHSA-2018:1170
- https://lkml.org/lkml/2017/12/5/950
- https://source.android.com/security/bulletin/pixel/2018-04-01
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3653-1/
- https://usn.ubuntu.com/3653-2/
- https://usn.ubuntu.com/3655-1/
- https://usn.ubuntu.com/3655-2/
- https://usn.ubuntu.com/3657-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
- http://www.securityfocus.com/bid/102122
- https://access.redhat.com/errata/RHSA-2018:0654
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2018:1130
- https://access.redhat.com/errata/RHSA-2018:1170
- https://lkml.org/lkml/2017/12/5/950
- https://source.android.com/security/bulletin/pixel/2018-04-01
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3653-1/
- https://usn.ubuntu.com/3653-2/
- https://usn.ubuntu.com/3655-1/
- https://usn.ubuntu.com/3655-2/
- https://usn.ubuntu.com/3657-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
HIGH7.8
net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all net namespaces.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://www.securityfocus.com/bid/102110
- https://lkml.org/lkml/2017/12/5/982
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3632-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://www.securityfocus.com/bid/102110
- https://lkml.org/lkml/2017/12/5/982
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3632-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
MEDIUM6.6
The usb_destroy_configuration function in drivers/usb/core/config.c in the USB core subsystem in the Linux kernel through 4.14.5 does not consider the maximum number of configurations and interfaces before attempting to release resources, which allows local users to cause a denial of service (out-of-bounds write access) or possibly have unspecified other impact via a crafted USB device.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://openwall.com/lists/oss-security/2017/12/12/7
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.spinics.net/lists/linux-usb/msg163644.html
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://openwall.com/lists/oss-security/2017/12/12/7
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2019:1170
- https://access.redhat.com/errata/RHSA-2019:1190
- https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
- https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
- https://www.spinics.net/lists/linux-usb/msg163644.html
LOW3.3
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding a key to the current task's "default request-key keyring" via the request_key() system call, allowing a local user to use a sequence of crafted system calls to add keys to a keyring with only Search permission (not Write permission) to that keyring, related to construct_get_dest_keyring() in security/keys/request_key.c.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:NCVSS 3.xНИЗКАЯ 3.3
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b
- http://www.securityfocus.com/bid/102301
- https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b
- https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3620-1/
- https://usn.ubuntu.com/3620-2/
- https://usn.ubuntu.com/3632-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4dca6ea1d9432052afb06baf2e3ae78188a4410b
- http://www.securityfocus.com/bid/102301
- https://github.com/torvalds/linux/commit/4dca6ea1d9432052afb06baf2e3ae78188a4410b
- https://lists.debian.org/debian-lts-announce/2018/01/msg00004.html
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3620-1/
- https://usn.ubuntu.com/3620-2/
- https://usn.ubuntu.com/3632-1/
- https://www.debian.org/security/2017/dsa-4073
- https://www.debian.org/security/2018/dsa-4082
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.6
MEDIUM5.5
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores unreachable code, even though it would still be processed by JIT compilers. This behavior, also considered an improper branch-pruning logic issue, could possibly be used by local users for denial of service.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e9a4ef805168467
- http://www.securityfocus.com/bid/102325
- http://www.securitytracker.com/id/1040057
- https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch?h=stretch-security
- https://github.com/torvalds/linux/commit/c131187db2d3fa2f8bf32fdf4e9a4ef805168467
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/usn/usn-3523-2/
- https://www.debian.org/security/2017/dsa-4073
- https://www.spinics.net/lists/stable/msg206984.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c131187db2d3fa2f8bf32fdf4e9a4ef805168467
- http://www.securityfocus.com/bid/102325
- http://www.securitytracker.com/id/1040057
- https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-fix-branch-pruning-logic.patch?h=stretch-security
- https://github.com/torvalds/linux/commit/c131187db2d3fa2f8bf32fdf4e9a4ef805168467
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/usn/usn-3523-2/
- https://www.debian.org/security/2017/dsa-4073
- https://www.spinics.net/lists/stable/msg206984.html
LOW3.3
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles states_equal comparisons between the pointer data type and the UNKNOWN_VALUE data type, which allows local users to obtain potentially sensitive address information, aka a "pointer leak."
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xНИЗКАЯ 3.3
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NСсылки
- http://www.securityfocus.com/bid/102320
- http://www.securitytracker.com/id/1040059
- https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=stretch-security&id=ad775f6ff7eebb93eedc2f592bc974260e7757b0
- https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch?h=stretch-security
- https://usn.ubuntu.com/usn/usn-3523-2/
- https://www.debian.org/security/2017/dsa-4073
- http://www.securityfocus.com/bid/102320
- http://www.securitytracker.com/id/1040059
- https://anonscm.debian.org/cgit/kernel/linux.git/commit/?h=stretch-security&id=ad775f6ff7eebb93eedc2f592bc974260e7757b0
- https://anonscm.debian.org/cgit/kernel/linux.git/tree/debian/patches/bugfix/all/bpf-verifier-fix-states_equal-comparison-of-pointer-and-unknown.patch?h=stretch-security
- https://usn.ubuntu.com/usn/usn-3523-2/
- https://www.debian.org/security/2017/dsa-4073
MEDIUM5.5
Use-after-free in the usbtv_probe function in drivers/media/usb/usbtv/usbtv-core.c in the Linux kernel through 4.14.10 allows attackers to cause a denial of service (system crash) or possibly have unspecified other impact by triggering failure of audio registration, because a kfree of the usbtv data structure occurs during a usbtv_video_free call, but the usbtv_video_fail label's code attempts to both access and free this data structure.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html
- http://www.securityfocus.com/bid/102330
- https://usn.ubuntu.com/3653-1/
- https://usn.ubuntu.com/3653-2/
- https://usn.ubuntu.com/3654-1/
- https://usn.ubuntu.com/3654-2/
- https://usn.ubuntu.com/3656-1/
- https://usn.ubuntu.com/3657-1/
- https://www.debian.org/security/2018/dsa-4188
- http://linuxtesting.org/pipermail/ldv-project/2017-November/001008.html
- http://www.securityfocus.com/bid/102330
- https://usn.ubuntu.com/3653-1/
- https://usn.ubuntu.com/3653-2/
- https://usn.ubuntu.com/3654-1/
- https://usn.ubuntu.com/3654-2/
- https://usn.ubuntu.com/3656-1/
- https://usn.ubuntu.com/3657-1/
- https://www.debian.org/security/2018/dsa-4188
MEDIUM5.5
fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles extent trees, which allows local users to cause a denial of service (BUG) via an application with multiple threads.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0
- http://www.securityfocus.com/bid/103147
- https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
- https://usn.ubuntu.com/3654-1/
- https://usn.ubuntu.com/3654-2/
- https://usn.ubuntu.com/3656-1/
- https://www.debian.org/security/2018/dsa-4188
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dad48e73127ba10279ea33e6dbc8d3905c4d31c0
- http://www.securityfocus.com/bid/103147
- https://github.com/torvalds/linux/commit/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
- https://usn.ubuntu.com/3654-1/
- https://usn.ubuntu.com/3654-2/
- https://usn.ubuntu.com/3656-1/
- https://www.debian.org/security/2018/dsa-4188
MEDIUM5.5
The f2fs implementation in the Linux kernel before 4.14 mishandles reference counts associated with f2fs_wait_discard_bios calls, which allows local users to cause a denial of service (BUG), as demonstrated by fstrim.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=638164a2718f337ea224b747cf5977ef143166a4
- https://github.com/torvalds/linux/commit/638164a2718f337ea224b747cf5977ef143166a4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=638164a2718f337ea224b747cf5977ef143166a4
- https://github.com/torvalds/linux/commit/638164a2718f337ea224b747cf5977ef143166a4
MEDIUM4.7
The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel before 4.14.3 allow local users to cause a denial of service (BUG) by leveraging a race condition with __dm_destroy during creation and removal of DM devices.
CVSS 2.0НИЗКАЯ 1.9
CVSS:2.0/AV:L/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 4.7
CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed
- http://www.securityfocus.com/bid/103184
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2018:1854
- https://access.redhat.com/errata/RHSA-2019:4154
- https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3653-1/
- https://usn.ubuntu.com/3653-2/
- https://usn.ubuntu.com/3655-1/
- https://usn.ubuntu.com/3655-2/
- https://usn.ubuntu.com/3657-1/
- https://www.debian.org/security/2018/dsa-4187
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a41d21dceadf8104812626ef85dc56ee8a60ed
- http://www.securityfocus.com/bid/103184
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2018:1854
- https://access.redhat.com/errata/RHSA-2019:4154
- https://github.com/torvalds/linux/commit/b9a41d21dceadf8104812626ef85dc56ee8a60ed
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3653-1/
- https://usn.ubuntu.com/3653-2/
- https://usn.ubuntu.com/3655-1/
- https://usn.ubuntu.com/3655-2/
- https://usn.ubuntu.com/3657-1/
- https://www.debian.org/security/2018/dsa-4187
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.3
MEDIUM5.5
The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel before 4.14.2 allows local users to cause a denial of service (deadlock) via DIO requests.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300
- http://www.securityfocus.com/bid/103183
- https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3655-1/
- https://usn.ubuntu.com/3655-2/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=28f5a8a7c033cbf3e32277f4cc9c6afd74f05300
- http://www.securityfocus.com/bid/103183
- https://github.com/torvalds/linux/commit/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3655-1/
- https://usn.ubuntu.com/3655-2/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.2
MEDIUM5.5
The madvise_willneed function in mm/madvise.c in the Linux kernel before 4.14.4 allows local users to cause a denial of service (infinite loop) by triggering use of MADVISE_WILLNEED for a DAX mapping.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://access.redhat.com/errata/RHSA-2019:3967
- https://access.redhat.com/errata/RHSA-2019:4057
- https://access.redhat.com/errata/RHSA-2019:4058
- https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3653-1/
- https://usn.ubuntu.com/3653-2/
- https://usn.ubuntu.com/3655-1/
- https://usn.ubuntu.com/3655-2/
- https://usn.ubuntu.com/3657-1/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://access.redhat.com/errata/RHSA-2019:3967
- https://access.redhat.com/errata/RHSA-2019:4057
- https://access.redhat.com/errata/RHSA-2019:4058
- https://github.com/torvalds/linux/commit/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3653-1/
- https://usn.ubuntu.com/3653-2/
- https://usn.ubuntu.com/3655-1/
- https://usn.ubuntu.com/3655-2/
- https://usn.ubuntu.com/3657-1/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.4
MEDIUM5.5
The __munlock_pagevec function in mm/mlock.c in the Linux kernel before 4.11.4 allows local users to cause a denial of service (NR_MLOCK accounting corruption) via crafted use of mlockall and munlockall system calls.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc
- http://www.securityfocus.com/bid/103321
- https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc
- https://usn.ubuntu.com/3655-1/
- https://usn.ubuntu.com/3655-2/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=70feee0e1ef331b22cc51f383d532a0d043fbdcc
- http://www.securityfocus.com/bid/103321
- https://github.com/torvalds/linux/commit/70feee0e1ef331b22cc51f383d532a0d043fbdcc
- https://usn.ubuntu.com/3655-1/
- https://usn.ubuntu.com/3655-2/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.4
HIGH7.8
In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does not consider the ETH_SS_PRIV_FLAGS case when retrieving sset_count data, which allows local users to cause a denial of service (buffer overflow and memory corruption) or possibly have unspecified other impact, as demonstrated by incompatibility between hns_get_sset_count and ethtool_get_strings.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c
- http://www.securityfocus.com/bid/103349
- https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c
- https://usn.ubuntu.com/3654-1/
- https://usn.ubuntu.com/3654-2/
- https://usn.ubuntu.com/3656-1/
- https://www.debian.org/security/2018/dsa-4188
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=412b65d15a7f8a93794653968308fc100f2aa87c
- http://www.securityfocus.com/bid/103349
- https://github.com/torvalds/linux/commit/412b65d15a7f8a93794653968308fc100f2aa87c
- https://usn.ubuntu.com/3654-1/
- https://usn.ubuntu.com/3654-2/
- https://usn.ubuntu.com/3656-1/
- https://www.debian.org/security/2018/dsa-4188
MEDIUM5.5
fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to cause a denial of service (NULL pointer dereference and panic) by using a noflush_merge option that triggers a NULL value for a flush_cmd_control data structure.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4fdf8ba0e5808ba9ad6b44337783bd9935e0982
- https://github.com/torvalds/linux/commit/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982
- https://usn.ubuntu.com/3910-1/
- https://usn.ubuntu.com/3910-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.debian.org/security/2018/dsa-4188
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d4fdf8ba0e5808ba9ad6b44337783bd9935e0982
- https://github.com/torvalds/linux/commit/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982
- https://usn.ubuntu.com/3910-1/
- https://usn.ubuntu.com/3910-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.debian.org/security/2018/dsa-4188
HIGH7.0
The add_free_nid function in fs/f2fs/node.c in the Linux kernel before 4.12 does not properly track an allocated nid, which allows local users to cause a denial of service (race condition) or possibly have unspecified other impact via concurrent threads.
CVSS 2.0СРЕДНЯЯ 4.4
CVSS:2.0/AV:L/AC:M/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.0
CVSS:3.x/CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295e1233eaa9629a94ca3
- http://www.securitytracker.com/id/1041432
- https://github.com/torvalds/linux/commit/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://usn.ubuntu.com/3932-1/
- https://usn.ubuntu.com/3932-2/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30a61ddf8117c26ac5b295e1233eaa9629a94ca3
- http://www.securitytracker.com/id/1041432
- https://github.com/torvalds/linux/commit/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://usn.ubuntu.com/3932-1/
- https://usn.ubuntu.com/3932-2/
HIGH7.8
The perf_cpu_time_max_percent_handler function in kernel/events/core.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow) or possibly have unspecified other impact via a large value, as demonstrated by an incorrect sample-rate calculation.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d
- http://www.securityfocus.com/bid/103607
- https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d
- https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://usn.ubuntu.com/3754-1/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1572e45a924f254d9570093abde46430c3172e3d
- http://www.securityfocus.com/bid/103607
- https://github.com/torvalds/linux/commit/1572e45a924f254d9570093abde46430c3172e3d
- https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://usn.ubuntu.com/3754-1/
MEDIUM5.5
The __get_data_block function in fs/f2fs/data.c in the Linux kernel before 4.11 allows local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143
- https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://www.debian.org/security/2018/dsa-4188
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b86e33075ed1909d8002745b56ecf73b833db143
- https://github.com/torvalds/linux/commit/b86e33075ed1909d8002745b56ecf73b833db143
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://www.debian.org/security/2018/dsa-4188
MEDIUM5.5
The arch_timer_reg_read_stable macro in arch/arm64/include/asm/arch_timer.h in the Linux kernel before 4.13 allows local users to cause a denial of service (infinite recursion) by writing to a file under /sys/kernel/debug in certain circumstances, as demonstrated by a scenario involving debugfs, ftrace, PREEMPT_TRACER, and FUNCTION_GRAPH_TRACER.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4
- https://github.com/torvalds/linux/commit/adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4
- https://github.com/torvalds/linux/commit/adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4
HIGH7.1
In the Linux kernel before 4.13.5, a local user could create keyrings for other users via keyctl commands, setting unwanted defaults or causing a denial of service.
CVSS 2.0НИЗКАЯ 3.6
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:P/A:PCVSS 3.xВЫСОКАЯ 7.1
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3
- http://www.securityfocus.com/bid/104254
- https://bugzilla.redhat.com/show_bug.cgi?id=1580979
- https://bugzilla.redhat.com/show_bug.cgi?id=1856774#c11
- https://bugzilla.redhat.com/show_bug.cgi?id=1856774#c9
- https://github.com/torvalds/linux/commit/237bbd29f7a049d310d907f4b2716a7feef9abf3
- https://support.f5.com/csp/article/K37301725
- https://usn.ubuntu.com/3754-1/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=237bbd29f7a049d310d907f4b2716a7feef9abf3
- http://www.securityfocus.com/bid/104254
- https://bugzilla.redhat.com/show_bug.cgi?id=1580979
- https://bugzilla.redhat.com/show_bug.cgi?id=1856774#c11
- https://bugzilla.redhat.com/show_bug.cgi?id=1856774#c9
- https://github.com/torvalds/linux/commit/237bbd29f7a049d310d907f4b2716a7feef9abf3
- https://support.f5.com/csp/article/K37301725
- https://usn.ubuntu.com/3754-1/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
MEDIUM5.5
The timer_create syscall implementation in kernel/time/posix-timers.c in the Linux kernel before 4.14.8 doesn't properly validate the sigevent->sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://www.securityfocus.com/bid/104909
- http://www.securitytracker.com/id/1041414
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://access.redhat.com/errata/RHSA-2018:3459
- https://access.redhat.com/errata/RHSA-2018:3540
- https://access.redhat.com/errata/RHSA-2018:3586
- https://access.redhat.com/errata/RHSA-2018:3590
- https://access.redhat.com/errata/RHSA-2018:3591
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
- https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe
- https://usn.ubuntu.com/3742-1/
- https://usn.ubuntu.com/3742-2/
- https://www.exploit-db.com/exploits/45175/
- http://www.securityfocus.com/bid/104909
- http://www.securitytracker.com/id/1041414
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://access.redhat.com/errata/RHSA-2018:3459
- https://access.redhat.com/errata/RHSA-2018:3540
- https://access.redhat.com/errata/RHSA-2018:3586
- https://access.redhat.com/errata/RHSA-2018:3590
- https://access.redhat.com/errata/RHSA-2018:3591
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.8
- https://github.com/torvalds/linux/commit/cef31d9af908243421258f1df35a4a644604efbe
- https://usn.ubuntu.com/3742-1/
- https://usn.ubuntu.com/3742-2/
- https://www.exploit-db.com/exploits/45175/
MEDIUM5.5
In change_port_settings in drivers/usb/serial/io_ti.c in the Linux kernel before 4.11.3, local users could cause a denial of service by division-by-zero in the serial device layer by trying to set very high baud rates.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b
- http://www.securityfocus.com/bid/106802
- https://bugzilla.suse.com/show_bug.cgi?id=1123706
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3
- https://github.com/torvalds/linux/commit/6aeb75e6adfaed16e58780309613a578fe1ee90b
- https://usn.ubuntu.com/3933-1/
- https://usn.ubuntu.com/3933-2/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6aeb75e6adfaed16e58780309613a578fe1ee90b
- http://www.securityfocus.com/bid/106802
- https://bugzilla.suse.com/show_bug.cgi?id=1123706
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.3
- https://github.com/torvalds/linux/commit/6aeb75e6adfaed16e58780309613a578fe1ee90b
- https://usn.ubuntu.com/3933-1/
- https://usn.ubuntu.com/3933-2/
HIGH7.8
An issue was discovered in net/ipv6/ip6mr.c in the Linux kernel before 4.11. By setting a specific socket option, an attacker can control a pointer in kernel land and cause an inet_csk_listen_stop general protection fault, or potentially execute arbitrary code under certain circumstances. The issue can be triggered as root (e.g., inside a default LXC container or with the CAP_NET_ADMIN capability) or after namespace unsharing. This occurs because sk_type and protocol are not checked in the appropriate part of the ip6_mroute_* functions. NOTE: this affects Linux distributions that use 4.9.x longterm kernels before 4.9.187.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99253eb750fda6a644d5188fb26c43bad8d5a745
- https://github.com/torvalds/linux/commit/99253eb750fda6a644d5188fb26c43bad8d5a745
- https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
- https://lists.openwall.net/netdev/2017/12/04/40
- https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf
- https://salsa.debian.org/kernel-team/linux/commit/baefcdc2f29923e7325ce4e1a72c3ff0a9800f32
- https://seclists.org/bugtraq/2019/Aug/26
- https://support.f5.com/csp/article/K41582535
- https://support.f5.com/csp/article/K41582535?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4145-1/
- https://www.debian.org/security/2019/dsa-4497
- http://packetstormsecurity.com/files/154059/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=99253eb750fda6a644d5188fb26c43bad8d5a745
- https://github.com/torvalds/linux/commit/99253eb750fda6a644d5188fb26c43bad8d5a745
- https://lists.debian.org/debian-lts-announce/2019/08/msg00016.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
- https://lists.openwall.net/netdev/2017/12/04/40
- https://pulsesecurity.co.nz/advisories/linux-kernel-4.9-inetcsklistenstop-gpf
- https://salsa.debian.org/kernel-team/linux/commit/baefcdc2f29923e7325ce4e1a72c3ff0a9800f32
- https://seclists.org/bugtraq/2019/Aug/26
- https://support.f5.com/csp/article/K41582535
- https://support.f5.com/csp/article/K41582535?utm_source=f5support&%3Butm_medium=RSS
- https://usn.ubuntu.com/4145-1/
- https://www.debian.org/security/2019/dsa-4497
MEDIUM5.5
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NMEDIUM5.5
An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NMEDIUM6.7
An issue was discovered in drivers/i2c/i2c-core-smbus.c in the Linux kernel before 4.14.15. There is an out of bounds write in the function i2c_smbus_xfer_emulated.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xСРЕДНЯЯ 6.7
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HСсылки
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c6efa61f5709327ecfa24bff18e57a4e80c7fa
- https://support.f5.com/csp/article/K48073202?utm_source=f5support&%3Butm_medium=RSS
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00064.html
- http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00066.html
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=89c6efa61f5709327ecfa24bff18e57a4e80c7fa
- https://support.f5.com/csp/article/K48073202?utm_source=f5support&%3Butm_medium=RSS
HIGH7.8
An issue was discovered in net/rds/af_rds.c in the Linux kernel before 4.11. There is an out of bounds write and read in the function rds_recv_track_latency.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=780e982905bef61d13496d9af5310bf4af3a64d3
- https://support.f5.com/csp/article/K02460950
- https://support.f5.com/csp/article/K02460950?utm_source=f5support&%3Butm_medium=RSS
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=780e982905bef61d13496d9af5310bf4af3a64d3
- https://support.f5.com/csp/article/K02460950
- https://support.f5.com/csp/article/K02460950?utm_source=f5support&%3Butm_medium=RSS
MEDIUM5.5
The ping_unhash function in net/ipv4/ping.c in the Linux kernel through 4.10.8 is too late in obtaining a certain lock and consequently cannot ensure that disconnect function calls are safe, which allows local users to cause a denial of service (panic) by leveraging access to the protocol value of IPPROTO_ICMP in a socket system call.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://openwall.com/lists/oss-security/2017/04/04/8
- http://www.securityfocus.com/bid/97407
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://access.redhat.com/errata/RHSA-2017:2669
- https://access.redhat.com/errata/RHSA-2018:1854
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6684519ab0a6c52024b5e25322476cabad893
- https://github.com/danieljiang0415/android_kernel_crash_poc
- https://github.com/torvalds/linux/commit/43a6684519ab0a6c52024b5e25322476cabad893
- https://twitter.com/danieljiang0415/status/845116665184497664
- https://usn.ubuntu.com/3754-1/
- https://www.exploit-db.com/exploits/42135/
- http://openwall.com/lists/oss-security/2017/04/04/8
- http://www.securityfocus.com/bid/97407
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://access.redhat.com/errata/RHSA-2017:2669
- https://access.redhat.com/errata/RHSA-2018:1854
- https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/net/ipv4/ping.c?id=43a6684519ab0a6c52024b5e25322476cabad893
- https://github.com/danieljiang0415/android_kernel_crash_poc
- https://github.com/torvalds/linux/commit/43a6684519ab0a6c52024b5e25322476cabad893
- https://twitter.com/danieljiang0415/status/845116665184497664
- https://usn.ubuntu.com/3754-1/
- https://www.exploit-db.com/exploits/42135/
HIGH7.8
The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 does not restrict the address calculated by a certain rounding operation, which allows local users to map page zero, and consequently bypass a protection mechanism that exists for the mmap system call, by making crafted shmget and shmat system calls in a privileged context.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.debian.org/security/2017/dsa-3804
- http://www.securityfocus.com/bid/96754
- http://www.securitytracker.com/id/1037918
- https://bugzilla.kernel.org/show_bug.cgi?id=192931
- https://github.com/torvalds/linux/commit/95e91b831f87ac8e1f8ed50c14d709089b4e01b8
- https://github.com/torvalds/linux/commit/e1d35d4dc7f089e6c9c080d556feedf9c706f0c7
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- http://www.debian.org/security/2017/dsa-3804
- http://www.securityfocus.com/bid/96754
- http://www.securitytracker.com/id/1037918
- https://bugzilla.kernel.org/show_bug.cgi?id=192931
- https://github.com/torvalds/linux/commit/95e91b831f87ac8e1f8ed50c14d709089b4e01b8
- https://github.com/torvalds/linux/commit/e1d35d4dc7f089e6c9c080d556feedf9c706f0c7
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
MEDIUM5.5
net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly restrict association peel-off operations during certain wait states, which allows local users to cause a denial of service (invalid unlock and double free) via a multithreaded application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2017-5986.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfcb9f4f99f1e9a49e43398a7bfbf56927544af1
- http://www.debian.org/security/2017/dsa-3804
- http://www.openwall.com/lists/oss-security/2017/02/27/2
- http://www.securityfocus.com/bid/96473
- https://github.com/torvalds/linux/commit/dfcb9f4f99f1e9a49e43398a7bfbf56927544af1
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dfcb9f4f99f1e9a49e43398a7bfbf56927544af1
- http://www.debian.org/security/2017/dsa-3804
- http://www.openwall.com/lists/oss-security/2017/02/27/2
- http://www.securityfocus.com/bid/96473
- https://github.com/torvalds/linux/commit/dfcb9f4f99f1e9a49e43398a7bfbf56927544af1
MEDIUM5.5
The vmw_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.5 does not check for a zero value of certain levels data, which allows local users to cause a denial of service (ZERO_SIZE_PTR dereference, and GPF and possibly panic) via a crafted ioctl call for a /dev/dri/renderD* device.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://marc.info/?t=149037004200005&r=1&w=2
- http://www.securityfocus.com/bid/97096
- https://bugzilla.redhat.com/show_bug.cgi?id=1435719
- https://lists.freedesktop.org/archives/dri-devel/2017-March/136814.html
- http://marc.info/?t=149037004200005&r=1&w=2
- http://www.securityfocus.com/bid/97096
- https://bugzilla.redhat.com/show_bug.cgi?id=1435719
- https://lists.freedesktop.org/archives/dri-devel/2017-March/136814.html
HIGH7.1
The TCP stack in the Linux kernel through 4.10.6 mishandles the SCM_TIMESTAMPING_OPT_STATS feature, which allows local users to obtain sensitive information from the kernel's internal socket data structures or cause a denial of service (out-of-bounds read) via crafted system calls, related to net/core/skbuff.c and net/socket.c.
CVSS 2.0СРЕДНЯЯ 6.6
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:CCVSS 3.xВЫСОКАЯ 7.1
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc
- http://www.securityfocus.com/bid/97141
- https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a
- https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc
- https://lkml.org/lkml/2017/3/15/485
- https://patchwork.ozlabs.org/patch/740636/
- https://patchwork.ozlabs.org/patch/740639/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ef1b2869447411ad3ef91ad7d4891a83c1a509a
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8605330aac5a5785630aec8f64378a54891937cc
- http://www.securityfocus.com/bid/97141
- https://github.com/torvalds/linux/commit/4ef1b2869447411ad3ef91ad7d4891a83c1a509a
- https://github.com/torvalds/linux/commit/8605330aac5a5785630aec8f64378a54891937cc
- https://lkml.org/lkml/2017/3/15/485
- https://patchwork.ozlabs.org/patch/740636/
- https://patchwork.ozlabs.org/patch/740639/
MEDIUM5.5
The vmw_gb_surface_define_ioctl function in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.10.7 does not validate certain levels data, which allows local users to cause a denial of service (system hang) via a crafted ioctl call for a /dev/dri/renderD* device.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://marc.info/?l=linux-kernel&m=149086968410117&w=2
- http://www.debian.org/security/2017/dsa-3927
- http://www.debian.org/security/2017/dsa-3945
- http://www.securityfocus.com/bid/97257
- https://bugzilla.redhat.com/show_bug.cgi?id=1437431
- https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html
- http://marc.info/?l=linux-kernel&m=149086968410117&w=2
- http://www.debian.org/security/2017/dsa-3927
- http://www.debian.org/security/2017/dsa-3945
- http://www.securityfocus.com/bid/97257
- https://bugzilla.redhat.com/show_bug.cgi?id=1437431
- https://lists.freedesktop.org/archives/dri-devel/2017-March/137429.html
MEDIUM5.5
The KEYS subsystem in the Linux kernel before 4.10.13 allows local users to cause a denial of service (memory consumption) via a series of KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://openwall.com/lists/oss-security/2017/05/11/1
- http://www.securityfocus.com/bid/98422
- http://www.securitytracker.com/id/1038471
- https://access.redhat.com/errata/RHSA-2018:0151
- https://access.redhat.com/errata/RHSA-2018:0152
- https://access.redhat.com/errata/RHSA-2018:0181
- https://bugzilla.novell.com/show_bug.cgi?id=1034862
- https://bugzilla.redhat.com/show_bug.cgi?id=1442086
- https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b
- https://lkml.org/lkml/2017/4/1/235
- https://lkml.org/lkml/2017/4/3/724
- https://www.exploit-db.com/exploits/42136/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c9f838d104fed6f2f61d68164712e3204bf5271b
- http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html
- http://openwall.com/lists/oss-security/2017/05/11/1
- http://www.securityfocus.com/bid/98422
- http://www.securitytracker.com/id/1038471
- https://access.redhat.com/errata/RHSA-2018:0151
- https://access.redhat.com/errata/RHSA-2018:0152
- https://access.redhat.com/errata/RHSA-2018:0181
- https://bugzilla.novell.com/show_bug.cgi?id=1034862
- https://bugzilla.redhat.com/show_bug.cgi?id=1442086
- https://github.com/torvalds/linux/commit/c9f838d104fed6f2f61d68164712e3204bf5271b
- https://lkml.org/lkml/2017/4/1/235
- https://lkml.org/lkml/2017/4/3/724
- https://www.exploit-db.com/exploits/42136/
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.13
HIGH7.8
A flaw was found in the Linux kernel before version 4.12 in the way the KVM module processed the trap flag(TF) bit in EFLAGS during emulation of the syscall instruction, which leads to a debug exception(#DB) being raised in the guest stack. A user/process inside a guest could use this flaw to potentially escalate their privileges inside the guest. Linux guests are not affected by this.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.openwall.com/lists/oss-security/2017/06/23/5
- http://www.securityfocus.com/bid/99263
- http://www.securitytracker.com/id/1038782
- https://access.redhat.com/articles/3290921
- https://access.redhat.com/errata/RHSA-2018:0395
- https://access.redhat.com/errata/RHSA-2018:0412
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2017/dsa-3981
- https://www.spinics.net/lists/kvm/msg151817.html
- http://www.openwall.com/lists/oss-security/2017/06/23/5
- http://www.securityfocus.com/bid/99263
- http://www.securitytracker.com/id/1038782
- https://access.redhat.com/articles/3290921
- https://access.redhat.com/errata/RHSA-2018:0395
- https://access.redhat.com/errata/RHSA-2018:0412
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7518
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3754-1/
- https://www.debian.org/security/2017/dsa-3981
- https://www.spinics.net/lists/kvm/msg151817.html
MEDIUM5.5
The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux kernel through 4.12.3 allows local users to cause a denial of service (integer overflow and infinite loop) by leveraging the ability to open a raw socket.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6399f1fae4ec29fab5ec76070435555e256ca3a6
- http://www.debian.org/security/2017/dsa-3927
- http://www.debian.org/security/2017/dsa-3945
- http://www.securityfocus.com/bid/99953
- https://access.redhat.com/errata/RHSA-2017:2918
- https://access.redhat.com/errata/RHSA-2017:2930
- https://access.redhat.com/errata/RHSA-2017:2931
- https://access.redhat.com/errata/RHSA-2018:0169
- https://github.com/torvalds/linux/commit/6399f1fae4ec29fab5ec76070435555e256ca3a6
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6399f1fae4ec29fab5ec76070435555e256ca3a6
- http://www.debian.org/security/2017/dsa-3927
- http://www.debian.org/security/2017/dsa-3945
- http://www.securityfocus.com/bid/99953
- https://access.redhat.com/errata/RHSA-2017:2918
- https://access.redhat.com/errata/RHSA-2017:2930
- https://access.redhat.com/errata/RHSA-2017:2931
- https://access.redhat.com/errata/RHSA-2018:0169
- https://github.com/torvalds/linux/commit/6399f1fae4ec29fab5ec76070435555e256ca3a6
- https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
HIGH7.5
A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace.
CVSS 2.0СРЕДНЯЯ 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xВЫСОКАЯ 7.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NСсылки
- http://seclists.org/oss-sec/2017/q3/338
- http://www.securityfocus.com/bid/100466
- http://www.securitytracker.com/id/1039221
- https://access.redhat.com/errata/RHSA-2017:2918
- https://access.redhat.com/errata/RHSA-2017:2930
- https://access.redhat.com/errata/RHSA-2017:2931
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558
- https://marc.info/?l=linux-netdev&m=150348777122761&w=2
- https://www.debian.org/security/2017/dsa-3981
- http://seclists.org/oss-sec/2017/q3/338
- http://www.securityfocus.com/bid/100466
- http://www.securitytracker.com/id/1039221
- https://access.redhat.com/errata/RHSA-2017:2918
- https://access.redhat.com/errata/RHSA-2017:2930
- https://access.redhat.com/errata/RHSA-2017:2931
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7558
- https://marc.info/?l=linux-netdev&m=150348777122761&w=2
- https://www.debian.org/security/2017/dsa-3981
MEDIUM5.5
Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c in the Linux kernel through 4.10.9 allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf01fb9985e8deb25ccf0ea54d916b8871ae0e62
- http://www.securityfocus.com/bid/97527
- http://www.securitytracker.com/id/1038503
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://access.redhat.com/errata/RHSA-2018:1854
- https://github.com/torvalds/linux/commit/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62
- https://source.android.com/security/bulletin/2017-09-01
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf01fb9985e8deb25ccf0ea54d916b8871ae0e62
- http://www.securityfocus.com/bid/97527
- http://www.securitytracker.com/id/1038503
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://access.redhat.com/errata/RHSA-2018:1854
- https://github.com/torvalds/linux/commit/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62
- https://source.android.com/security/bulletin/2017-09-01
MEDIUM6.4
The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c in the Linux kernel through 4.11.5 allows local users to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact by changing a certain sequence-number value, aka a "double fetch" vulnerability.
CVSS 2.0СРЕДНЯЯ 6.9
CVSS:2.0/AV:L/AC:M/Au:N/C:C/I:C/A:CCVSS 3.xСРЕДНЯЯ 6.4
CVSS:3.x/CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HСсылки
- http://www.securityfocus.com/archive/1/540770/30/0/threaded
- http://www.securityfocus.com/bid/99619
- https://bugzilla.kernel.org/show_bug.cgi?id=195559
- https://github.com/stoth68000/media-tree/commit/354dd3924a2e43806774953de536257548b5002c
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://usn.ubuntu.com/3754-1/
- http://www.securityfocus.com/archive/1/540770/30/0/threaded
- http://www.securityfocus.com/bid/99619
- https://bugzilla.kernel.org/show_bug.cgi?id=195559
- https://github.com/stoth68000/media-tree/commit/354dd3924a2e43806774953de536257548b5002c
- https://lists.debian.org/debian-lts-announce/2017/12/msg00004.html
- https://usn.ubuntu.com/3754-1/
MEDIUM4.6
The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information (in the dmesg ringbuffer and syslog) from uninitialized kernel memory by using a crafted USB device (posing as an io_ti USB serial device) to trigger an integer underflow.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 4.6
CVSS:3.x/CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=654b404f2a222f918af9b0cd18ad469d0c941a8e
- http://www.debian.org/security/2017/dsa-3886
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4
- http://www.securityfocus.com/bid/98451
- https://github.com/torvalds/linux/commit/654b404f2a222f918af9b0cd18ad469d0c941a8e
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=654b404f2a222f918af9b0cd18ad469d0c941a8e
- http://www.debian.org/security/2017/dsa-3886
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4
- http://www.securityfocus.com/bid/98451
- https://github.com/torvalds/linux/commit/654b404f2a222f918af9b0cd18ad469d0c941a8e
MEDIUM5.5
The omninet_open function in drivers/usb/serial/omninet.c in the Linux kernel before 4.10.4 allows local users to cause a denial of service (tty exhaustion) by leveraging reference count mishandling.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30572418b445d85fcfe6c8fe84c947d2606767d8
- http://www.debian.org/security/2017/dsa-3886
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4
- http://www.securityfocus.com/bid/98462
- https://github.com/torvalds/linux/commit/30572418b445d85fcfe6c8fe84c947d2606767d8
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=30572418b445d85fcfe6c8fe84c947d2606767d8
- http://www.debian.org/security/2017/dsa-3886
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.4
- http://www.securityfocus.com/bid/98462
- https://github.com/torvalds/linux/commit/30572418b445d85fcfe6c8fe84c947d2606767d8
MEDIUM5.5
The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a "module reference and kernel daemon" leak.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1
- http://www.securityfocus.com/bid/98551
- https://bugzilla.redhat.com/show_bug.cgi?id=1451386
- https://github.com/torvalds/linux/commit/c70422f760c120480fee4de6c38804c72aa26bc1
- https://www.spinics.net/lists/linux-nfs/msg63334.html
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1
- http://www.securityfocus.com/bid/98551
- https://bugzilla.redhat.com/show_bug.cgi?id=1451386
- https://github.com/torvalds/linux/commit/c70422f760c120480fee4de6c38804c72aa26bc1
- https://www.spinics.net/lists/linux-nfs/msg63334.html
MEDIUM5.5
The do_check function in kernel/bpf/verifier.c in the Linux kernel before 4.11.1 does not make the allow_ptr_leaks value available for restricting the output of the print_bpf_insn function, which allows local users to obtain sensitive address information via crafted bpf system calls.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1
- http://www.securityfocus.com/bid/98635
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1251
- https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07
- https://source.android.com/security/bulletin/2017-09-01
- https://www.exploit-db.com/exploits/42048/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0e57697f162da4aa218b5feafe614fb666db07
- http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.11.1
- http://www.securityfocus.com/bid/98635
- https://bugs.chromium.org/p/project-zero/issues/detail?id=1251
- https://github.com/torvalds/linux/commit/0d0e57697f162da4aa218b5feafe614fb666db07
- https://source.android.com/security/bulletin/2017-09-01
- https://www.exploit-db.com/exploits/42048/
MEDIUM5.5
The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux kernel through 4.11.2 relies on a setkey function that lacks a key-size check, which allows local users to cause a denial of service (NULL pointer dereference) via a crafted application.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9933e113c2e87a9f46a40fde8dafbf801dca1ab9
- https://github.com/torvalds/linux/commit/9933e113c2e87a9f46a40fde8dafbf801dca1ab9
- https://patchwork.kernel.org/patch/9718933/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9933e113c2e87a9f46a40fde8dafbf801dca1ab9
- https://github.com/torvalds/linux/commit/9933e113c2e87a9f46a40fde8dafbf801dca1ab9
- https://patchwork.kernel.org/patch/9718933/
MEDIUM5.5
The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a
- http://www.debian.org/security/2017/dsa-3886
- http://www.securityfocus.com/bid/98731
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a
- https://patchwork.ozlabs.org/patch/764880/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=232cd35d0804cc241eb887bb8d4d9b3b9881c64a
- http://www.debian.org/security/2017/dsa-3886
- http://www.securityfocus.com/bid/98731
- https://access.redhat.com/errata/RHSA-2017:1842
- https://access.redhat.com/errata/RHSA-2017:2077
- https://github.com/torvalds/linux/commit/232cd35d0804cc241eb887bb8d4d9b3b9881c64a
- https://patchwork.ozlabs.org/patch/764880/
MEDIUM5.5
The vmw_gb_surface_define_ioctl function (accessible via DRM_IOCTL_VMW_GB_SURFACE_CREATE) in drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux kernel through 4.11.4 defines a backup_handle variable but does not give it an initial value. If one attempts to create a GB surface, with a previously allocated DMA buffer to be used as a backup buffer, the backup_handle variable does not get written to and is then later returned to user space, allowing local users to obtain sensitive information from uninitialized kernel memory via a crafted ioctl call.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07678eca2cf9c9a18584e546c2b2a0d0c9a3150c
- http://www.debian.org/security/2017/dsa-3927
- http://www.debian.org/security/2017/dsa-3945
- http://www.securityfocus.com/bid/99095
- https://github.com/torvalds/linux/commit/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=07678eca2cf9c9a18584e546c2b2a0d0c9a3150c
- http://www.debian.org/security/2017/dsa-3927
- http://www.debian.org/security/2017/dsa-3945
- http://www.securityfocus.com/bid/99095
- https://github.com/torvalds/linux/commit/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c
HIGH7.8
The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel through 4.11.7 allows local users to cause a denial of service (over-boundary access) or possibly have unspecified other impact by changing the value of a message queue head pointer between two kernel reads of that value, aka a "double fetch" vulnerability.
CVSS 2.0ВЫСОКАЯ 7.2
CVSS:2.0/AV:L/AC:L/Au:N/C:C/I:C/A:CCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HMEDIUM5.5
The kernel_wait4 function in kernel/exit.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service by triggering an attempted use of the -INT_MIN value.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4
- http://www.securityfocus.com/bid/103774
- https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4
- https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
- https://news.ycombinator.com/item?id=2972021
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://usn.ubuntu.com/3754-1/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd83c161fbcc5d8be637ab159c0de015cbff5ba4
- http://www.securityfocus.com/bid/103774
- https://github.com/torvalds/linux/commit/dd83c161fbcc5d8be637ab159c0de015cbff5ba4
- https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
- https://news.ycombinator.com/item?id=2972021
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://usn.ubuntu.com/3754-1/
MEDIUM5.5
The kill_something_info function in kernel/signal.c in the Linux kernel before 4.13, when an unspecified architecture and compiler is used, might allow local users to cause a denial of service via an INT_MIN argument.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea77014af0d6205b05503d1c7aac6eace11d473
- http://www.securitytracker.com/id/1040684
- https://github.com/torvalds/linux/commit/4ea77014af0d6205b05503d1c7aac6eace11d473
- https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
- https://news.ycombinator.com/item?id=2972021
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://usn.ubuntu.com/3754-1/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ea77014af0d6205b05503d1c7aac6eace11d473
- http://www.securitytracker.com/id/1040684
- https://github.com/torvalds/linux/commit/4ea77014af0d6205b05503d1c7aac6eace11d473
- https://lists.debian.org/debian-lts-announce/2018/07/msg00020.html
- https://news.ycombinator.com/item?id=2972021
- https://usn.ubuntu.com/3696-1/
- https://usn.ubuntu.com/3696-2/
- https://usn.ubuntu.com/3754-1/
MEDIUM6.5
The Linux kernel before version 4.11 is vulnerable to a NULL pointer dereference in fs/cifs/cifsencrypt.c:setup_ntlmv2_rsp() that allows an attacker controlling a CIFS server to kernel panic a client that has this server mounted, because an empty TargetInfo field in an NTLMSSP setup negotiation response is mishandled during session recovery.
CVSS 2.0ВЫСОКАЯ 7.1
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cabfb3680f78981d26c078a26e5c748531257ebb
- http://www.securityfocus.com/bid/103378
- https://bugzilla.redhat.com/show_bug.cgi?id=1539599
- https://github.com/torvalds/linux/commit/cabfb3680f78981d26c078a26e5c748531257ebb
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://patchwork.kernel.org/patch/10187633/
- https://usn.ubuntu.com/3880-1/
- https://usn.ubuntu.com/3880-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.debian.org/security/2018/dsa-4188
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cabfb3680f78981d26c078a26e5c748531257ebb
- http://www.securityfocus.com/bid/103378
- https://bugzilla.redhat.com/show_bug.cgi?id=1539599
- https://github.com/torvalds/linux/commit/cabfb3680f78981d26c078a26e5c748531257ebb
- https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html
- https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html
- https://patchwork.kernel.org/patch/10187633/
- https://usn.ubuntu.com/3880-1/
- https://usn.ubuntu.com/3880-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.debian.org/security/2018/dsa-4188
MEDIUM5.5
In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c in the Linux kernel before 4.13.5, a guest kernel crash can be triggered from unprivileged userspace during a core dump on a POWER host due to a missing processor feature check and an erroneous use of transactional memory (TM) instructions in the core dump path, leading to a denial of service.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70
- http://openwall.com/lists/oss-security/2018/03/27/4
- https://access.redhat.com/errata/RHSA-2018:1318
- https://access.redhat.com/security/cve/cve-2018-1091
- https://bugzilla.redhat.com/show_bug.cgi?id=1558149
- https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70
- https://marc.info/?l=linuxppc-embedded&m=150535531910494&w=2
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c1fa0768a8713b135848f78fd43ffc208d8ded70
- http://openwall.com/lists/oss-security/2018/03/27/4
- https://access.redhat.com/errata/RHSA-2018:1318
- https://access.redhat.com/security/cve/cve-2018-1091
- https://bugzilla.redhat.com/show_bug.cgi?id=1558149
- https://github.com/torvalds/linux/commit/c1fa0768a8713b135848f78fd43ffc208d8ded70
- https://marc.info/?l=linuxppc-embedded&m=150535531910494&w=2
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.5
MEDIUM5.5
The etm_setup_aux function in drivers/hwtracing/coresight/coresight-etm-perf.c in the Linux kernel before 4.10.2 allows attackers to cause a denial of service (panic) because a parameter is incorrectly used as a local variable.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f09444639099584bc4784dfcd85ada67c6f33e0f
- https://github.com/torvalds/linux/commit/f09444639099584bc4784dfcd85ada67c6f33e0f
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.2
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f09444639099584bc4784dfcd85ada67c6f33e0f
- https://github.com/torvalds/linux/commit/f09444639099584bc4784dfcd85ada67c6f33e0f
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.2
MEDIUM5.5
An issue was discovered in fs/f2fs/super.c in the Linux kernel through 4.14. A denial of service (out-of-bounds memory access and BUG) can occur upon encountering an abnormal bitmap size when mounting a crafted f2fs image.
CVSS 2.0СРЕДНЯЯ 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:PCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HСсылки
- http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
- http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://bugzilla.kernel.org/show_bug.cgi?id=200167
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=e34438c903b653daca2b2a7de95aed46226f8ed3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e34438c903b653daca2b2a7de95aed46226f8ed3
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://seclists.org/bugtraq/2019/Jan/52
- https://usn.ubuntu.com/3821-1/
- https://usn.ubuntu.com/3821-2/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4118-1/
- http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00033.html
- http://packetstormsecurity.com/files/151420/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html
- https://bugzilla.kernel.org/show_bug.cgi?id=200167
- https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/commit/?id=e34438c903b653daca2b2a7de95aed46226f8ed3
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e34438c903b653daca2b2a7de95aed46226f8ed3
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://seclists.org/bugtraq/2019/Jan/52
- https://usn.ubuntu.com/3821-1/
- https://usn.ubuntu.com/3821-2/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4118-1/
MEDIUM5.5
The Linux kernel before 4.15-rc8 was found to be vulnerable to a NULL pointer dereference bug in the __netlink_ns_capable() function in the net/netlink/af_netlink.c file. A local attacker could exploit this when a net namespace with a netnsid is assigned to cause a kernel panic and a denial of service.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- https://access.redhat.com/errata/RHSA-2018:3651
- https://access.redhat.com/errata/RHSA-2018:3666
- https://access.redhat.com/errata/RHSA-2018:3843
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee
- https://marc.info/?l=linux-netdev&m=151500466401174&w=2
- https://access.redhat.com/errata/RHSA-2018:3651
- https://access.redhat.com/errata/RHSA-2018:3666
- https://access.redhat.com/errata/RHSA-2018:3843
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14646
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f428fe4a04cc339166c8bbd489789760de3a0cee
- https://marc.info/?l=linux-netdev&m=151500466401174&w=2
MEDIUM5.5
A security flaw was found in the Linux kernel in a way that the cleancache subsystem clears an inode after the final file truncation (removal). The new file created with the same inode may contain leftover pages from cleancache and the old file data instead of the new one.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://www.securityfocus.com/bid/106009
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- https://lore.kernel.org/patchwork/patch/1011367/
- https://seclists.org/oss-sec/2018/q4/169
- https://usn.ubuntu.com/3879-1/
- https://usn.ubuntu.com/3879-2/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4118-1/
- http://www.securityfocus.com/bid/106009
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16862
- https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- https://lore.kernel.org/patchwork/patch/1011367/
- https://seclists.org/oss-sec/2018/q4/169
- https://usn.ubuntu.com/3879-1/
- https://usn.ubuntu.com/3879-2/
- https://usn.ubuntu.com/4094-1/
- https://usn.ubuntu.com/4118-1/
LOW3.3
drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus ICANON confusion in TIOCINQ.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:PCVSS 3.xНИЗКАЯ 3.3
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348
- https://access.redhat.com/errata/RHSA-2019:0831
- https://bugzilla.suse.com/show_bug.cgi?id=1094825
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11
- https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348
- https://usn.ubuntu.com/3849-1/
- https://usn.ubuntu.com/3849-2/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=966031f340185eddd05affcf72b740549f056348
- https://access.redhat.com/errata/RHSA-2019:0831
- https://bugzilla.suse.com/show_bug.cgi?id=1094825
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.11
- https://github.com/torvalds/linux/commit/966031f340185eddd05affcf72b740549f056348
- https://usn.ubuntu.com/3849-1/
- https://usn.ubuntu.com/3849-2/
HIGH7.8
An issue was discovered in the Linux kernel before 4.14.16. There is a use-after-free in net/sctp/socket.c for a held lock after a peel off, aka CID-a0ff660058b8.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.16
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0ff660058b88d12625a783ce9e5c1371c87951f
- https://security.netapp.com/advisory/ntap-20210720-0002/
- https://sites.google.com/view/syzscope/warning-held-lock-freed
- https://syzkaller.appspot.com/bug?id=a8d38d1b68ffc744c53bd9b9fc1dbd6c86b1afe2
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.16
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a0ff660058b88d12625a783ce9e5c1371c87951f
- https://security.netapp.com/advisory/ntap-20210720-0002/
- https://sites.google.com/view/syzscope/warning-held-lock-freed
- https://syzkaller.appspot.com/bug?id=a8d38d1b68ffc744c53bd9b9fc1dbd6c86b1afe2
MEDIUM5.5
In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in net/rds/rdma.c mishandles cases where page pinning fails or an invalid address is supplied, leading to an rds_atomic_free_op NULL pointer dereference.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737
- http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html
- http://www.securityfocus.com/bid/102510
- https://access.redhat.com/errata/RHSA-2018:0470
- https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3632-1/
- https://www.debian.org/security/2018/dsa-4187
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d11f77f84b27cef452cee332f4e469503084737
- http://packetstormsecurity.com/files/156053/Reliable-Datagram-Sockets-RDS-rds_atomic_free_op-Privilege-Escalation.html
- http://www.securityfocus.com/bid/102510
- https://access.redhat.com/errata/RHSA-2018:0470
- https://github.com/torvalds/linux/commit/7d11f77f84b27cef452cee332f4e469503084737
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3632-1/
- https://www.debian.org/security/2018/dsa-4187
HIGH7.8
In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
- http://www.securityfocus.com/bid/102503
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3632-1/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
- http://www.securityfocus.com/bid/102503
- https://access.redhat.com/errata/RHSA-2018:2948
- https://access.redhat.com/errata/RHSA-2018:3083
- https://access.redhat.com/errata/RHSA-2018:3096
- https://github.com/torvalds/linux/commit/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
- https://usn.ubuntu.com/3583-1/
- https://usn.ubuntu.com/3583-2/
- https://usn.ubuntu.com/3617-1/
- https://usn.ubuntu.com/3617-2/
- https://usn.ubuntu.com/3617-3/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3632-1/
MEDIUM5.5
The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux kernel through 4.14.15 allows local users to obtain sensitive address information by reading dmesg data from an SBS HC printk call.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://www.securitytracker.com/id/1040319
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2018:2948
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://patchwork.kernel.org/patch/10174835/
- https://usn.ubuntu.com/3631-1/
- https://usn.ubuntu.com/3631-2/
- https://usn.ubuntu.com/3697-1/
- https://usn.ubuntu.com/3697-2/
- https://usn.ubuntu.com/3698-1/
- https://usn.ubuntu.com/3698-2/
- https://www.debian.org/security/2018/dsa-4120
- https://www.debian.org/security/2018/dsa-4187
- http://www.securitytracker.com/id/1040319
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://access.redhat.com/errata/RHSA-2018:2948
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://patchwork.kernel.org/patch/10174835/
- https://usn.ubuntu.com/3631-1/
- https://usn.ubuntu.com/3631-2/
- https://usn.ubuntu.com/3697-1/
- https://usn.ubuntu.com/3697-2/
- https://usn.ubuntu.com/3698-1/
- https://usn.ubuntu.com/3698-2/
- https://www.debian.org/security/2018/dsa-4120
- https://www.debian.org/security/2018/dsa-4187
MEDIUM5.5
The swiotlb_print_info function in lib/swiotlb.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "software IO TLB" printk call.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://www.securityfocus.com/bid/105045
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7d63fb3af87aa67aa7d24466e792f9d7c57d8e79
- https://github.com/johnsonwangqize/cve-linux/blob/master/%20CVE-2018-5953.md
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
- http://www.securityfocus.com/bid/105045
- https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7d63fb3af87aa67aa7d24466e792f9d7c57d8e79
- https://github.com/johnsonwangqize/cve-linux/blob/master/%20CVE-2018-5953.md
- https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html
- https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html
MEDIUM5.5
The pcpu_embed_first_chunk function in mm/percpu.c in the Linux kernel through 4.14.14 allows local users to obtain sensitive address information by reading dmesg data from a "pages/cpu" printk call.
CVSS 2.0НИЗКАЯ 2.1
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:N/A:NCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NСсылки
- http://www.securityfocus.com/bid/105049
- https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
- https://seclists.org/bugtraq/2019/Aug/18
- https://www.debian.org/security/2019/dsa-4497
- http://www.securityfocus.com/bid/105049
- https://github.com/johnsonwangqize/cve-linux/blob/master/CVE-2018-5995.md
- https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html
- https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html
- https://lists.debian.org/debian-lts-announce/2019/08/msg00017.html
- https://seclists.org/bugtraq/2019/Aug/18
- https://www.debian.org/security/2019/dsa-4497
HIGH7.8
The futex_requeue function in kernel/futex.c in the Linux kernel before 4.14.15 might allow attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact by triggering a negative wake or requeue value.
CVSS 2.0СРЕДНЯЯ 4.6
CVSS:2.0/AV:L/AC:L/Au:N/C:P/I:P/A:PCVSS 3.xВЫСОКАЯ 7.8
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
- http://www.securityfocus.com/bid/103023
- https://access.redhat.com/errata/RHSA-2018:0654
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3697-1/
- https://usn.ubuntu.com/3697-2/
- https://usn.ubuntu.com/3698-1/
- https://usn.ubuntu.com/3698-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
- http://www.securityfocus.com/bid/103023
- https://access.redhat.com/errata/RHSA-2018:0654
- https://access.redhat.com/errata/RHSA-2018:0676
- https://access.redhat.com/errata/RHSA-2018:1062
- https://github.com/torvalds/linux/commit/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3697-1/
- https://usn.ubuntu.com/3697-2/
- https://usn.ubuntu.com/3698-1/
- https://usn.ubuntu.com/3698-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.15
MEDIUM5.5
In the tun subsystem in the Linux kernel before 4.13.14, dev_get_valid_name is not called before register_netdevice. This allows local users to cause a denial of service (NULL pointer dereference and panic) via an ioctl(TUNSETIFF) call with a dev name containing a / character. This is similar to CVE-2013-4343.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
- http://www.securityfocus.com/bid/108380
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1743792
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748846
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.14
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ad646c81b2182f7fa67ec0c8c825e0ee165696d
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c25f65fd1e42685f7ccd80e0621829c105785d9
- https://github.com/torvalds/linux/commit/0ad646c81b2182f7fa67ec0c8c825e0ee165696d
- https://github.com/torvalds/linux/commit/5c25f65fd1e42685f7ccd80e0621829c105785d9
- http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00071.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00039.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00048.html
- http://www.securityfocus.com/bid/108380
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1743792
- https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1748846
- https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.13.14
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ad646c81b2182f7fa67ec0c8c825e0ee165696d
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c25f65fd1e42685f7ccd80e0621829c105785d9
- https://github.com/torvalds/linux/commit/0ad646c81b2182f7fa67ec0c8c825e0ee165696d
- https://github.com/torvalds/linux/commit/5c25f65fd1e42685f7ccd80e0621829c105785d9
MEDIUM5.5
A NULL pointer dereference was found in the net/rds/rdma.c __rds_rdma_map() function in the Linux kernel before 4.14.7 allowing local attackers to cause a system panic and a denial-of-service, related to RDS_GET_MR and RDS_GET_MR_FOR_DEST.
CVSS 2.0СРЕДНЯЯ 4.9
CVSS:2.0/AV:L/AC:L/Au:N/C:N/I:N/A:CCVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca
- http://www.securityfocus.com/bid/103185
- https://bugzilla.redhat.com/show_bug.cgi?id=1527393
- https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://patchwork.kernel.org/patch/10096441/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3674-1/
- https://usn.ubuntu.com/3674-2/
- https://usn.ubuntu.com/3677-1/
- https://usn.ubuntu.com/3677-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7
- https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3069c6d33f6ae63a1668737bc78aaaa51bff7ca
- http://www.securityfocus.com/bid/103185
- https://bugzilla.redhat.com/show_bug.cgi?id=1527393
- https://github.com/torvalds/linux/commit/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca
- https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html
- https://patchwork.kernel.org/patch/10096441/
- https://usn.ubuntu.com/3619-1/
- https://usn.ubuntu.com/3619-2/
- https://usn.ubuntu.com/3674-1/
- https://usn.ubuntu.com/3674-2/
- https://usn.ubuntu.com/3677-1/
- https://usn.ubuntu.com/3677-2/
- https://www.debian.org/security/2018/dsa-4187
- https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.7
- https://xorl.wordpress.com/2017/12/18/linux-kernel-rdma-null-pointer-dereference/
HIGH8.1
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
CVSS 2.0ВЫСОКАЯ 8.3
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:CCVSS 3.xВЫСОКАЯ 8.1
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HСсылки
- https://bugs.openvz.org/browse/OVZ-7188
- https://bugzilla.redhat.com/show_bug.cgi?id=1850716
- https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com/
- https://security.netapp.com/advisory/ntap-20201210-0004/
- https://bugs.openvz.org/browse/OVZ-7188
- https://bugzilla.redhat.com/show_bug.cgi?id=1850716
- https://patchwork.ozlabs.org/project/netfilter-devel/patch/c2385b5c-309c-cc64-2e10-a0ef62897502%40virtuozzo.com/
- https://security.netapp.com/advisory/ntap-20201210-0004/
MEDIUM4.7
A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
CVSS 3.xСРЕДНЯЯ 4.7
CVSS:3.x/CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HMEDIUM5.5
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite sync_print_obj() is called from sync_debugfs_show(), lockdep complains inconsistent lock state warning. Use plain spin_{lock,unlock}() for sync_print_obj(), for sync_debugfs_show() is already using spin_{lock,unlock}_irq().
CVSS 3.xСРЕДНЯЯ 5.5
CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HСсылки
- https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed
- https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a
- https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a
- https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e
- https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878
- https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef
- https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8
- https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39
- https://git.kernel.org/stable/c/165b25e3ee9333f7b04f8db43895beacb51582ed
- https://git.kernel.org/stable/c/1ff116f68560a25656933d5a18e7619cb6773d8a
- https://git.kernel.org/stable/c/242b30466879e6defa521573c27e12018276c33a
- https://git.kernel.org/stable/c/8a283cdfc8beeb14024387a925247b563d614e1e
- https://git.kernel.org/stable/c/9d75fab2c14a25553a1664586ed122c316bd1878
- https://git.kernel.org/stable/c/a4ee78244445ab73af22bfc5a5fc543963b25aef
- https://git.kernel.org/stable/c/ae6fc4e6a3322f6d1c8ff59150d8469487a73dd8
- https://git.kernel.org/stable/c/b794918961516f667b0c745aebdfebbb8a98df39
- https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html