SB2017091430 - Fedora 26 update for kernel
Published: September 14, 2017 Updated: April 24, 2025
Security Bulletin ID
SB2017091430
Severity
Low
Patch available
YES
Number of vulnerabilities
3
Exploitation vector
Adjecent network
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2017-1000251)
The vulnerability allows an adjacent attacker to execute arbitrary code on the host system.The weakness exists due to a stack-based buffer overflow in the processing of L2CAP configuration. An adjacent attacker can submit a specially crafted Bluetooth protocol, trigger memory corruption in the Bluetooth stack and execute arbitrary code in kernel space.
Successful exploitation of the vulnerability may result in host system compromise.
2) NULL pointer dereference (CVE-ID: CVE-2017-12153)
The vulnerability allows a local user to perform a denial of service (DoS) attack.A security flaw was discovered in the nl80211_set_rekey_data() function in net/wireless/nl80211.c in the Linux kernel through 4.13.3. This function does not check whether the required attributes are present in a Netlink request. This request can be issued by a user with the CAP_NET_ADMIN capability and may result in a NULL pointer dereference and system crash.
3) Improper privilege management (CVE-ID: CVE-2017-12154)
The vulnerability allows a local user to perform a denial of service (DoS) attack.The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel through 4.13.3 does not ensure that the "CR8-load exiting" and "CR8-store exiting" L0 vmcs02 controls exist in cases where L1 omits the "use TPR shadow" vmcs12 control, which allows KVM L2 guest OS users to obtain read and write access to the hardware CR8 register.
Remediation
Install update from vendor's website.