SB2017090829 - Fedora 25 update for kernel

Description

This security bulletin contains information about 4 secuirty vulnerabilities.

1) Information disclosure (CVE-ID: CVE-2017-13695)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in the Linux kernel's ACPI subsystem where a function does not flush the operand cache and causes a kernel stack dump. A local user can pass a specially crafted ACPI table to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism.

2) Information exposure (CVE-ID: CVE-2017-13694)

The vulnerability allows a local user to gain access to sensitive information.

The acpi_ps_complete_final_op() function in drivers/acpi/acpica/psobject.c in the Linux kernel through 4.12.9 does not flush the node and node_ext caches and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

3) Information exposure (CVE-ID: CVE-2017-13693)

The vulnerability allows a local user to gain access to sensitive information.

The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c in the Linux kernel through 4.12.9 does not flush the operand cache and causes a kernel stack dump, which allows local users to obtain sensitive information from kernel memory and bypass the KASLR protection mechanism (in the kernel through 4.9) via a crafted ACPI table.

4) Integer overflow (CVE-ID: CVE-2017-14051)

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists in the qla2x00_sysfs_write_optrom_ctl function in drivers/scsi/qla2xxx/qla_attr.ct due to an integer overflow. A local attacker can gain root access and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://bodhi.fedoraproject.org/updates/FEDORA-2017-a3a8638a60