http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=60a2362f769cf549dc466134efe71c8bf9fbaaba

DSA-3945

98195

https://github.com/torvalds/linux/commit/60a2362f769cf549dc466134efe71c8bf9fbaaba

https://source.android.com/security/bulletin/2017-05-01

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The Linux kernel, before version 4.14.3, is vulnerable     to a denial of service in     drivers/md/dm.c:dm_get_from_kobject() which can be     caused by local users leveraging a race condition with
    __dm_destroy() during creation and removal of DM     devices. Only privileged local users (with     CAP_SYS_ADMIN capability) can directly perform the     ioctl operations for dm device creation and removal and     this would typically be outside the direct control of     the unprivileged attacker.(CVE-2017-18203)

  - The batadv_frag_merge_packets function in     net/batman-adv/fragmentation.c in the B.A.T.M.A.N.
    implementation in the Linux kernel through 3.18.1 uses     an incorrect length field during a calculation of an     amount of memory, which allows remote attackers to     cause a denial of service (mesh-node system crash) via     fragmented packets.(CVE-2014-9428)

  - The regulator_ena_gpio_free function in     drivers/regulator/core.c in the Linux kernel allows     local users to gain privileges or cause a denial of     service (use-after-free) via a crafted     application.(CVE-2014-9940)

  - The Linux kernel before 3.12, when UDP Fragmentation     Offload (UFO) is enabled, does not properly initialize     certain data structures, which allows local users to     cause a denial of service (memory corruption and system     crash) or possibly gain privileges via a crafted     application that uses the UDP_CORK option in a     setsockopt system call and sends both short and long     packets, related to the ip_ufo_append_data function in     net/ipv4/ip_output.c and the ip6_ufo_append_data     function in net/ipv6/ip6_output.c.(CVE-2013-4470)

  - A use-after-free flaw was found in the way the Linux     kernel's Datagram Congestion Control Protocol (DCCP)     implementation freed SKB (socket buffer) resources for     a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO     option is set on the socket. A local, unprivileged user     could use this flaw to alter the kernel memory,     allowing them to escalate their privileges on the     system.(CVE-2017-6074)

  - A NULL-pointer dereference vulnerability was found in     the Linux kernel's TCP stack, in     net/netfilter/nf_nat_redirect.c in the     nf_nat_redirect_ipv4() function. A remote,     unauthenticated user could exploit this flaw to create     a system crash (denial of service).(CVE-2015-8787)

  - A use-after-free flaw was found in the CXGB3 kernel     driver when the network was considered to be congested.
    The kernel incorrectly misinterpreted the congestion as     an error condition and incorrectly freed or cleaned up     the socket buffer (skb). When the device then sent the     skb's queued data, these structures were referenced. A     local attacker could use this flaw to panic the system     (denial of service) or, with a local account, escalate     their privileges.(CVE-2015-8812)

  - A flaw was found in the way the Linux kernel's     networking implementation handled UDP packets with     incorrect checksum values. A remote attacker could     potentially use this flaw to trigger an infinite loop     in the kernel, resulting in a denial of service on the     system, or cause a denial of service in applications     using the edge triggered epoll     functionality.(CVE-2015-5364)

  - The timer_create syscall implementation in     kernel/time/posix-timers.c in the Linux kernel doesn't     properly validate the sigevent->sigev_notify field,     which leads to out-of-bounds access in the show_timer     function.(CVE-2017-18344)

  - A flaw was discovered in the way the Linux kernel dealt     with paging structures. When the kernel invalidated a     paging structure that was not in use locally, it could,     in principle, race against another CPU that is     switching to a process that uses the paging structure     in question. A local user could use a thread running     with a stale cached virtual->physical translation to     potentially escalate their privileges if the     translation in question were writable and the physical     page got reused for something critical (for example, a     page table).(CVE-2016-2069)

  - Use after free vulnerability was found in percpu using     previously allocated memory in bpf. First
    __alloc_percpu_gfp() is called, then the memory is     freed with free_percpu() which triggers async     pcpu_balance_work and then pcpu_extend_area_map could     use a chunk after it has been freed.(CVE-2016-4794)

  - A missing authorization check in the     fscrypt_process_policy function in fs/crypto/policy.c     in the ext4 and f2fs filesystem encryption support in     the Linux kernel allows a user to assign an encryption     policy to a directory owned by a different user,     potentially creating a denial of     service.(CVE-2016-10318)

  - The security_context_to_sid_core function in     security/selinux/ss/services.c in the Linux kernel     before 3.13.4 allows local users to cause a denial of     service (system crash) by leveraging the CAP_MAC_ADMIN     capability to set a zero-length security     context.(CVE-2014-1874)

  - The vfe31_proc_general function in     drivers/media/video/msm/vfe/msm_vfe31.c in the     MSM-VFE31 driver for the Linux kernel 3.x, as used in     Qualcomm Innovation Center (QuIC) Android contributions     for MSM devices and other products, does not validate a     certain id value, which allows attackers to gain     privileges or cause a denial of service (memory     corruption) via an application that makes a crafted     ioctl call.(CVE-2014-9410)

  - A vulnerability was found in the Key Management sub     component of the Linux kernel, where when trying to     issue a KEYTCL_READ on a negative key would lead to a     NULL pointer dereference. A local attacker could use     this flaw to crash the kernel.(CVE-2017-12192)

  - Out-of-bounds memory read in the x509_decode_time     function in x509_cert_parser.c in Linux kernels 4.3-rc1     and after.(CVE-2015-5327)

  - It was found that the espfix functionality does not     work for 32-bit KVM paravirtualized guests. A local,     unprivileged guest user could potentially use this flaw     to leak kernel stack addresses.(CVE-2014-8134)

  - An out-of-bounds write flaw was found in the way the     Apple Magic Mouse/Trackpad multi-touch driver handled     Human Interface Device (HID) reports with an invalid     size. An attacker with physical access to the system     could use this flaw to crash the system or,     potentially, escalate their privileges on the     system.(CVE-2014-3181)

  - A use-after-free flaw was found in the way the Linux     kernel's key management subsystem handled keyring     object reference counting in certain error path of the     join_session_keyring() function. A local, unprivileged     user could use this flaw to escalate their privileges     on the system.(CVE-2016-0728)

  - Use-after-free vulnerability in the skb_segment     function in net/core/skbuff.c in the Linux kernel     through 3.13.6 allows attackers to obtain sensitive     information from kernel memory by leveraging the     absence of a certain orphaning     operation.(CVE-2014-0131)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A flaw was found in the way the Linux kernel's Crypto     subsystem handled automatic loading of kernel modules.
    A local user could use this flaw to load any installed     kernel module, and thus increase the attack surface of     the running kernel.(CVE-2014-9644)

  - The Btrfs implementation in the Linux kernel before     3.19 does not ensure that the visible xattr state is     consistent with a requested replacement, which allows     local users to bypass intended ACL settings and gain     privileges via standard filesystem operations (1)     during an xattr-replacement time window, related to a     race condition, or (2) after an xattr-replacement     attempt that fails because the data does not     fit.(CVE-2014-9710)

  - An integer overflow flaw was found in the way the Linux     kernel's netfilter connection tracking implementation     loaded extensions. An attacker on a local network could     potentially send a sequence of specially crafted     packets that would initiate the loading of a large     number of extensions, causing the targeted system in     that network to crash.(CVE-2014-9715)

  - A symlink size validation was missing in Linux kernels     built with UDF file system (CONFIG_UDF_FS) support,     allowing the corruption of kernel memory. An attacker     able to mount a corrupted/malicious UDF file system     image could cause the kernel to crash.(CVE-2014-9728)

  - A symlink size validation was missing in Linux kernels     built with UDF file system (CONFIG_UDF_FS) support,     allowing the corruption of kernel memory. An attacker     able to mount a corrupted/malicious UDF file system     image could cause the kernel to crash.(CVE-2014-9729)

  - A symlink size validation was missing in Linux kernels     built with UDF file system (CONFIG_UDF_FS) support,     allowing the corruption of kernel memory. An attacker     able to mount a corrupted/malicious UDF file system     image could cause the kernel to crash.(CVE-2014-9730)

  - A path length checking flaw was found in Linux kernels     built with UDF file system (CONFIG_UDF_FS) support. An     attacker able to mount a corrupted/malicious UDF file     system image could use this flaw to leak kernel memory     to user-space.(CVE-2014-9731)

  - The snd_compr_tstamp function in     sound/core/compress_offload.c in the Linux kernel     through 4.7, as used in Android before 2016-08-05 on     Nexus 5 and 7 (2013) devices, does not properly     initialize a timestamp data structure, which allows     attackers to obtain sensitive information via a crafted     application, aka Android internal bug 28770164 and     Qualcomm internal bug CR568717.(CVE-2014-9892)

  - drivers/media/media-device.c in the Linux kernel before     3.11, as used in Android before 2016-08-05 on Nexus 5     and 7 (2013) devices, does not properly initialize     certain data structures, which allows local users to     obtain sensitive information via a crafted application,     aka Android internal bug 28750150 and Qualcomm internal     bug CR570757, a different vulnerability than     CVE-2014-1739.(CVE-2014-9895)

  - The ethtool_get_wol function in net/core/ethtool.c in     the Linux kernel through 4.7, as used in Android before     2016-08-05 on Nexus 5 and 7 (2013) devices, does not     initialize a certain data structure, which allows local     users to obtain sensitive information via a crafted     application, aka Android internal bug 28803952 and     Qualcomm internal bug CR570754.(CVE-2014-9900)

  - The snd_compress_check_input function in     sound/core/compress_offload.c in the ALSA subsystem in     the Linux kernel before 3.17 does not properly check     for an integer overflow, which allows local users to     cause a denial of service (insufficient memory     allocation) or possibly have unspecified other impact     via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl     call.(CVE-2014-9904)

  - A race condition in the ip4_datagram_release_cb     function in net/ipv4/datagram.c in the Linux kernel     allows local users to gain privileges or cause a denial     of service (use-after-free) by leveraging incorrect     expectations about locking during multithreaded access     to internal data structures for IPv4 UDP     sockets.(CVE-2014-9914)

  - A flaw was discovered in the way the kernel allows     stackable filesystems to overlay. A local attacker who     is able to mount filesystems can abuse this flaw to     escalate privileges.(CVE-2014-9922)

  - The regulator_ena_gpio_free function in     drivers/regulator/core.c in the Linux kernel allows     local users to gain privileges or cause a denial of     service (use-after-free) via a crafted     application.(CVE-2014-9940)

  - It was found that the Linux kernel KVM subsystem's     sysenter instruction emulation was not sufficient. An     unprivileged guest user could use this flaw to escalate     their privileges by tricking the hypervisor to emulate     a SYSENTER instruction in 16-bit mode, if the guest OS     did not initialize the SYSENTER model-specific     registers (MSRs). Note: Certified guest operating     systems for Red Hat Enterprise Linux with KVM do     initialize the SYSENTER MSRs and are thus not     vulnerable to this issue when running on a KVM     hypervisor.(CVE-2015-0239)

  - A flaw was found in the way the Linux kernel's XFS file     system handled replacing of remote attributes under     certain conditions. A local user with access to XFS     file system mount could potentially use this flaw to     escalate their privileges on the system.(CVE-2015-0274)

  - A flaw was found in the way the Linux kernel's ext4     file system handled the 'page size > block size'     condition when the fallocate zero range functionality     was used. A local attacker could use this flaw to crash     the system.(CVE-2015-0275)

  - It was found that the Linux kernel's keyring     implementation would leak memory when adding a key to a     keyring via the add_key() function. A local attacker     could use this flaw to exhaust all available memory on     the system.(CVE-2015-1333)

  - Race condition in the handle_to_path function in     fs/fhandle.c in the Linux kernel through 3.19.1 allows     local users to bypass intended size restrictions and     trigger read operations on additional memory locations     by changing the handle_bytes value of a file handle     during the execution of this function.(CVE-2015-1420)

  - A use-after-free flaw was found in the way the Linux     kernel's SCTP implementation handled authentication key     reference counting during INIT collisions. A remote     attacker could use this flaw to crash the system or,     potentially, escalate their privileges on the     system.(CVE-2015-1421)

  - The IPv4 implementation in the Linux kernel before     3.18.8 does not properly consider the length of the     Read-Copy Update (RCU) grace period for redirecting     lookups in the absence of caching, which allows remote     attackers to cause a denial of service (memory     consumption or system crash) via a flood of     packets.(CVE-2015-1465)

  - A flaw was found in the way the nft_flush_table()     function of the Linux kernel's netfilter tables     implementation flushed rules that were referencing     deleted chains. A local user who has the CAP_NET_ADMIN     capability could use this flaw to crash the     system.(CVE-2015-1573)

  - An integer overflow flaw was found in the way the Linux     kernel randomized the stack for processes on certain     64-bit architecture systems, such as x86-64, causing     the stack entropy to be reduced by four.(CVE-2015-1593)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks.

  - CVE-2014-9940     A use-after-free flaw in the voltage and current     regulator driver could allow a local user to cause a     denial of service or potentially escalate privileges.

  - CVE-2017-7346     Li Qiang discovered that the DRM driver for VMware     virtual GPUs does not properly check user-controlled     values in the vmw_surface_define_ioctl() functions for     upper limits. A local user can take advantage of this     flaw to cause a denial of service.

  - CVE-2017-7482     Shi Lei discovered that RxRPC Kerberos 5 ticket handling     code does not properly verify metadata, leading to     information disclosure, denial of service or potentially     execution of arbitrary code.

  - CVE-2017-7533     Fan Wu and Shixiong Zhao discovered a race condition     between inotify events and VFS rename operations     allowing an unprivileged local attacker to cause a     denial of service or escalate privileges.

  - CVE-2017-7541     A buffer overflow flaw in the Broadcom IEEE802.11n PCIe     SoftMAC WLAN driver could allow a local user to cause     kernel memory corruption, leading to a denial of service     or potentially privilege escalation.

  - CVE-2017-7542     An integer overflow vulnerability in the     ip6_find_1stfragopt() function was found allowing a     local attacker with privileges to open raw sockets to     cause a denial of service.

  - CVE-2017-7889     Tommi Rantala and Brad Spengler reported that the mm     subsystem does not properly enforce the     CONFIG_STRICT_DEVMEM protection mechanism, allowing a     local attacker with access to /dev/mem to obtain     sensitive information or potentially execute arbitrary     code.

  - CVE-2017-9605     Murray McAllister discovered that the DRM driver for     VMware virtual GPUs does not properly initialize memory,     potentially allowing a local attacker to obtain     sensitive information from uninitialized kernel memory     via a crafted ioctl call.

  - CVE-2017-10911     / XSA-216

  Anthony Perard of Citrix discovered an information leak flaw in Xen   blkif response handling, allowing a malicious unprivileged guest to   obtain sensitive information from the host or other guests.

  - CVE-2017-11176     It was discovered that the mq_notify() function does not     set the sock pointer to NULL upon entry into the retry     logic. An attacker can take advantage of this flaw     during a userspace close of a Netlink socket to cause a     denial of service or potentially cause other impact.

  - CVE-2017-1000363     Roee Hay reported that the lp driver does not properly     bounds-check passed arguments, allowing a local attacker     with write access to the kernel command line arguments     to execute arbitrary code.

  - CVE-2017-1000365     It was discovered that argument and environment pointers     are not taken properly into account to the imposed size     restrictions on arguments and environmental strings     passed through RLIMIT_STACK/RLIMIT_INFINITY. A local     attacker can take advantage of this flaw in conjunction     with other flaws to execute arbitrary code.

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - The regulator_ena_gpio_free function in     drivers/regulator/core.c in the Linux kernel allows     local users to gain privileges or cause a denial of     service (use-after-free) via a crafted     application.(CVE-2014-9940)

  - Race condition in the sctp_wait_for_sndbuf function in     net/sctp/socket.c in the Linux kernel before 4.9.11     allows local users to cause a denial of service     (assertion failure and panic) via a multithreaded     application that peels off an association in a certain     buffer-full state.(CVE-2017-5986)

  - net/sctp/socket.c in the Linux kernel through 4.10.1     does not properly restrict association peel-off     operations during certain wait states, which allows     local users to cause a denial of service (invalid     unlock and double free) via a multithreaded     application. NOTE: this vulnerability exists because of     an incorrect fix for CVE-2017-5986.(CVE-2017-6353)

  - The ipxitf_ioctl function in net/ipx/af_ipx.c in the     Linux kernel through 4.11.1 mishandles reference     counts, which allows local users to cause a denial of     service (use-after-free) or possibly have unspecified     other impact via a failed SIOCGIFADDR ioctl call for an     IPX interface.(CVE-2017-7487)

  - fs/ext4/inode.c in the Linux kernel before 4.6.2, when     ext4 data=ordered mode is used, mishandles a     needs-flushing-before-commit list, which allows local     users to obtain sensitive information from other users'     files in opportunistic circumstances by waiting for a     hardware reset, creating a new file, making write     system calls, and reading this file.(CVE-2017-7495)

  - The NFSv2/NFSv3 server in the nfsd subsystem in the     Linux kernel through 4.10.11 allows remote attackers to     cause a denial of service (system crash) via a long RPC     reply, related to net/sunrpc/svc.c, fs/nfsd/nfs3xdr.c,     and fs/nfsd/nfsxdr.c.(CVE-2017-7645)

  - The inet_csk_clone_lock function in     net/ipv4/inet_connection_sock.c in the Linux kernel     through 4.10.15 allows attackers to cause a denial of     service (double free) or possibly have unspecified     other impact by leveraging use of the accept system     call.(CVE-2017-8890)

  - The edge_bulk_in_callback function in     drivers/usb/serial/io_ti.c in the Linux kernel before     4.10.4 allows local users to obtain sensitive     information (in the dmesg ringbuffer and syslog) from     uninitialized kernel memory by using a crafted USB     device (posing as an io_ti USB serial device) to     trigger an integer underflow.(CVE-2017-8924)

  - The IPv6 fragmentation implementation in the Linux     kernel through 4.11.1 does not consider that the     nexthdr field may be associated with an invalid option,     which allows local users to cause a denial of service     (out-of-bounds read and BUG) or possibly have     unspecified other impact via crafted socket and send     system calls.(CVE-2017-9074)

  - The sctp_v6_create_accept_sk function in     net/sctp/ipv6.c in the Linux kernel through 4.11.1     mishandles inheritance, which allows local users to     cause a denial of service or possibly have unspecified     other impact via crafted system calls, a related issue     to CVE-2017-8890.(CVE-2017-9075)

  - The tcp_v6_syn_recv_sock function in     net/ipv6/tcp_ipv6.c in the Linux kernel through 4.11.1     mishandles inheritance, which allows local users to     cause a denial of service or possibly have unspecified     other impact via crafted system calls, a related issue     to CVE-2017-8890.(CVE-2017-9077)

  - The __ip6_append_data function in net/ipv6/ip6_output.c     in the Linux kernel through 4.11.3 is too late in     checking whether an overwrite of an skb data structure     may occur, which allows local users to cause a denial     of service (system crash) via crafted system     calls.(CVE-2017-9242)

  - The ext4_fill_super function in fs/ext4/super.c in the     Linux kernel through 4.9.8 does not properly validate     meta block groups, which allows physically proximate     attackers to cause a denial of service (out-of-bounds     read and system crash) via a crafted ext4     image.(CVE-2016-10208)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN 3343-1 fixed vulnerabilities in the Linux kernel for Ubuntu 14.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 14.04 LTS for Ubuntu 12.04 ESM.

USN 3335-2 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.

It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)

Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7294)

It was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.
(CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.
(CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN 3335-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.

It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)

Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7294)

It was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.
(CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.
(CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

It was discovered that a use-after-free vulnerability in the core voltage regulator driver of the Linux kernel. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2014-9940)

Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7294)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.
(CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.
(CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
124980	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1527)	Nessus	Huawei Local Security Checks	critical
124809	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1485)	Nessus	Huawei Local Security Checks	critical
102550	Debian DSA-3945-1 : linux - security update (Stack Clash)	Nessus	Debian Local Security Checks	high
101853	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1123)	Nessus	Huawei Local Security Checks	high
101852	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1122)	Nessus	Huawei Local Security Checks	high
101153	Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-3343-2)	Nessus	Ubuntu Local Security Checks	critical
101152	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3343-1)	Nessus	Ubuntu Local Security Checks	high
100933	Ubuntu 14.04 LTS : linux, linux-meta vulnerabilities (USN-3335-1) (Stack Clash)	Nessus	Ubuntu Local Security Checks	high

CVE-2014-9940

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins