SB2017052220 - Fedora 25 update for kernel
Published: May 22, 2017 Updated: April 24, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 secuirty vulnerabilities.
1) Denial of service (CVE-ID: CVE-2017-9077)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to an error in the tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c. A local attacker can use specially crafted system calls to cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
2) Denial of service (CVE-ID: CVE-2017-9076)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to an error in the dccp_v6_request_recv_sock function in net/dccp/ipv6.c.A local attacker can use specially crafted system calls and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
3) Denial of service (CVE-ID: CVE-2017-9075)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to an error in sctp_v6_create_accept_sk function in net/sctp/ipv6.c.A local attacker can use specially crafted system calls and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
4) Out-of-bounds read (CVE-ID: CVE-2017-9074)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to the the failure to consider that the nexthdr field may be associated with an invalid option by the IPv6 fragmentation implementation. A local attacker can use a specially-crafted socket or system call to trigger out-of-bounds read and cause the system to crash.
Successful exploitation of the vulnerability results in denial of service.
5) Double free error (CVE-ID: CVE-2017-8890)
The vulnerability allows a remote attacker to perform a denial of service attack.The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call.
6) Improper resource shutdown or release (CVE-ID: CVE-2017-9059)
The vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to improper resource shutdown or release error within the svc_rdma_destroy_ctxts(), svc_rdma_wc_send(), rdma_create_xprt(), svc_rdma_accept() and __svc_rdma_free() functions in net/sunrpc/xprtrdma/svc_rdma_transport.c, within the xdr_padsize(), svc_rdma_get_write_arrays(), svc_rdma_prep_reply_hdr() and svc_rdma_sendto() functions in net/sunrpc/xprtrdma/svc_rdma_sendto.c, within the rdma_read_complete() and svc_rdma_recvfrom() functions in net/sunrpc/xprtrdma/svc_rdma_recvfrom.c, within the dprintk() function in net/sunrpc/xprtrdma/svc_rdma_marshal.c, within the svc_rdma_handle_bc_reply(), svc_rdma_send() and svc_rdma_bc_sendto() functions in net/sunrpc/xprtrdma/svc_rdma_backchannel.c, within the svc_rdma_init() function in net/sunrpc/xprtrdma/svc_rdma.c, within the rpcrdma-$() function in net/sunrpc/xprtrdma/makefile, within the svc_create_pooled() and svc_set_num_threads() functions in net/sunrpc/svc.c, within the nfsd_cross_mnt() and nfsd_lookup_parent() functions in fs/nfsd/vfs.c, within the nfssvc_decode_readargs(), nfssvc_decode_readlinkargs() and nfssvc_decode_readdirargs() functions in fs/nfsd/nfsxdr.c, within the nfsd4_encode_getdeviceinfo() and nfsd4_encode_layoutget() functions in fs/nfsd/nfs4xdr.c, within the copy_clid() function in fs/nfsd/nfs4state.c, within the nfsd4_layout_verify() function in fs/nfsd/nfs4proc.c, within the nfs3svc_decode_readargs(), nfs3svc_decode_readlinkargs(), nfs3svc_decode_readdirargs() and nfs3svc_decode_readdirplusargs() functions in fs/nfsd/nfs3xdr.c, within the nfs4_callback_svc(), nfs41_callback_svc(), defined() and nfs_callback_create_svc() functions in fs/nfs/callback.c, within the nlmsvc_grant_reply() function in fs/lockd/svclock.c, within the lockd() and lockd_down_net() functions in fs/lockd/svc.c. A local user can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.