SB2016033108 - Fedora 23 update for kernel

Description

This security bulletin contains information about 10 secuirty vulnerabilities.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-3157)

The vulnerability allows a local authenticated user to execute arbitrary code.

The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause a denial of service (guest OS crash), or obtain sensitive information by leveraging I/O port access.

2) NULL pointer dereference (CVE-ID: CVE-2016-3136)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the mct_u232_msr_to_state() function in drivers/usb/serial/mct_u232.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.

3) NULL pointer dereference (CVE-ID: CVE-2016-2187)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the gtco_probe() function in drivers/input/tablet/gtco.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.

4) NULL pointer dereference (CVE-ID: CVE-2016-3140)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the digi_port_init() function in drivers/usb/serial/digi_acceleport.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.

5) NULL pointer dereference (CVE-ID: CVE-2016-3138)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the acm_probe() function in drivers/usb/class/cdc-acm.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.

6) NULL pointer dereference (CVE-ID: CVE-2016-2185)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the ati_remote2_probe() function in drivers/input/misc/ati_remote2.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.

7) NULL pointer dereference (CVE-ID: CVE-2016-2188)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the iowarrior_probe() function in drivers/usb/misc/iowarrior.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.

8) NULL pointer dereference (CVE-ID: CVE-2016-2186)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the powermate_probe() function in drivers/input/misc/powermate.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.

9) NULL pointer dereference (CVE-ID: CVE-2016-3137)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the cypress_generic_port_probe() and cypress_open() functions in drivers/usb/serial/cypress_m8.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.

10) NULL pointer dereference (CVE-ID: CVE-2016-2184)

The vulnerability allows a local non-authenticated attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to NULL pointer dereference within the create_fixed_stream_quirk() function in sound/usb/quirks.c. A local non-authenticated attacker can perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2016-7e602c0e5e