SB2017062829 - Red Hat update for kernel 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2017062829

SB2017062829 - Red Hat update for kernel

Published: June 28, 2017

Security Bulletin ID SB2017062829
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 60% Low 40%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Denial of service (CVE-ID: CVE-2017-2583)

The vulnerability allows an adjacent attacker to cause DoS condition.

The weakness exists due to improper emulation of "MOV SS, NULL selector" instruction by the load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel. A quest OS user can use a specially crafted and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

2) Infinite loop (CVE-ID: CVE-2017-6214)

The vulnerability allows a remote attacker to perform denial of service (DoS) attack.

The vulnerability exists due to an error in tcp_splice_read() function in net/ipv4/tcp.c in Linux kernel before 4.9.11. A remote attacker can send a specially crafted TCP packet with the URG flag and trigger infinite loop.

Successful exploitation of the vulnerability may allow an attacker to perform denial of service (DoS) attack.

3) Heap-based buffer overflow (CVE-ID: CVE-2017-7477)

The vulnerability allows a remote attacker on the local network execute arbitrary code on the target system.

The weakness exists due to heap-based buffer overflow in the skb_to_sgvec() function in the MACsec driver. A remote attacker can use a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, trigger memory corruption and execute arbitrary code with root privileges.

Successful exploitation of the vulnerability results in arbitrary code execution.

4) Denial of service (CVE-ID: CVE-2017-7645)

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a flaw in the NFSv2/NFSv3 server in the nfsd subsystem. A remote attacker can use a long RPC reply related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c, and fs/nfsd/nfsxdr.c. and cause the system to crash.

Successful exploitation of the vulnerability results in denial of service.

5) Security restrictions bypass (CVE-ID: CVE-2017-7895)

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists due to boundary error when handling a user-supplied input. A remote attacker can send a specially crafted request, trigger pointer-arithmetic errors or possibly have unspecified other impact related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c.

Successful exploitation of the vulnerability results in access to the system.

Remediation

Install update from vendor's website.

References