SB2017052512 - Red Hat Linux update for kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017052512

SB2017052512 - Red Hat Linux update for kernel

Published: May 25, 2017

Security Bulletin ID SB2017052512
Severity
Low
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Local access
Highest impact Code execution

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 secuirty vulnerabilities.


1) Out-of-bounds read (CVE-ID: CVE-2016-10208)

The vulnerability allows a local attacker to cause DoS condition on the target systsem.

The weakness exists due to memory corruption when validating meta block groups by the ext4_fill_super function. A local attacker can use a specially crafted EXT4 image to trigger an out-of-bounds read and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Use-after-free error (CVE-ID: CVE-2016-7910)

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to use-after-free error in the disk_seqf_stop function in block/genhd.c. a local attacker can leverage the execution of a certain stop operation and execute arbitrary code on the system with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) Null pointer dereference (CVE-ID: CVE-2016-8646)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to NULL pointer dereference in the hash_accept function in crypto/algif_hash.c. A local attacker can trigger use of in-kernel hash algorithms for a socket that has received zero bytes of data and cause a kernel oops.

Successful exploitation of the vulnerability results in denial of service.

4) Assertion failure (CVE-ID: CVE-2017-5986)

The vulnerability allows a local user to cause kernel panic.

The vulnerability exists due to a race condition in the sctp_wait_for_sndbuf() function in net/sctp/socket.c in the Linux kernel before 4.9.11. A local user can use userspace application to trigger a BUG_ON() system call if the socket tx buffer is full and cause kernel panic.

Successful exploitation of this vulnerability may result in denial of service condition.



Remediation

Install update from vendor's website.

References