http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=15d3042a937c13f5d9244241c7a9c8416ff6e82a

http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.12.4

100215

https://bugzilla.redhat.com/show_bug.cgi?id=1481149

https://github.com/torvalds/linux/commit/15d3042a937c13f5d9244241c7a9c8416ff6e82a

https://source.android.com/security/bulletin/2017-08-01

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The snd_msndmidi_input_read function in     sound/isa/msnd/msnd_midi.c in the Linux kernel through     4.11.7 allows local users to cause a denial of service     (over-boundary access) or possibly have unspecified     other impact by changing the value of a message queue     head pointer between two kernel reads of that value,     aka a 'double fetch' vulnerability.(CVE-2017-9985i1/4%0

  - An assertion failure issue was found in the Linux     kernel's KVM hypervisor module built to support     visualization on ARM64 architecture platforms. The     failure could occur while accessing Performance     Monitors Cycle Count Register (PMCCNTR) from a guest. A     privileged guest user could use this flaw to crash the     host kernel resulting in denial of     service.(CVE-2017-12168i1/4%0

  - The iscsi_if_rx() function in     'drivers/scsi/scsi_transport_iscsi.c' in the Linux     kernel from v2.6.24-rc1 through 4.13.2 allows local     users to cause a denial of service (a system panic) by     making a number of certain syscalls by leveraging     incorrect length validation in the kernel     code.(CVE-2017-14489i1/4%0

  - The hdpvr_probe function in     drivers/media/usb/hdpvr/hdpvr-core.c in the Linux     kernel through 4.13.11 allows local users to cause a     denial of service (improper error handling and system     crash) or possibly have unspecified other impact via a     crafted USB device.(CVE-2017-16644i1/4%0

  - The dvb frontend management subsystem in the Linux     kernel contains a use-after-free which can allow a     malicious user to write to memory that may be assigned     to another kernel structure. This could create memory     corruption, panic, or possibly other side     affects.(CVE-2017-16648i1/4%0

  - It was found that the Linux kernel's IPv6     implementation mishandled socket options. A local     attacker could abuse concurrent access to the socket     options to escalate their privileges, or cause a denial     of service (use-after-free and system crash) via a     crafted sendmsg system call.(CVE-2016-3841i1/4%0

  - A flaw was found in the Linux kernel's ext4 filesystem.
    A local user can cause a use-after-free in     ext4_xattr_set_entry function and a denial of service     or unspecified other impact may occur by renaming a     file in a crafted ext4 filesystem     image.(CVE-2018-10879i1/4%0

  - A race condition was found in the Linux kernel, present     since v3.14-rc1 through v4.12. The race happens between     threads of inotify_handle_event() and vfs_rename()     while running the rename operation against the same     file. As a result of the race the next slab data or the     slab's free list pointer can be corrupted with     attacker-controlled data, which may lead to the     privilege escalation.(CVE-2017-7533i1/4%0

  - A privilege-escalation vulnerability was discovered in     the Linux kernel built with User Namespace     (CONFIG_USER_NS) support. The flaw occurred when the     ptrace() system call was used on a root-owned process     to enter a user namespace. A privileged namespace user     could exploit this flaw to potentially escalate their     privileges on the system, outside the original     namespace.(CVE-2015-8709i1/4%0

  - Use-after-free vulnerability in     drivers/net/ppp/ppp_generic.c in the Linux kernel     before 4.5.2 allows local users to cause a denial of     service (memory corruption and system crash, or     spinlock) or possibly have unspecified other impact by     removing a network namespace, related to the     ppp_register_net_channel and ppp_unregister_channel     functions.(CVE-2016-4805i1/4%0

  - A flaw was found in the way the Linux kernel's     kvm_iommu_map_pages() function handled IOMMU mapping     failures. A privileged user in a guest with an assigned     host device could use this flaw to crash the     host.(CVE-2014-3601i1/4%0

  - A flaw was found in the Linux kernel's implementation     of associative arrays introduced in 3.13. This     functionality was backported to the 3.10 kernels in Red     Hat Enterprise Linux 7. The flaw involved a null     pointer dereference in assoc_array_apply_edit() due to     incorrect node-splitting in assoc_array implementation.
    This affects the keyring key type and thus key addition     and link creation operations may cause the kernel to     panic.(CVE-2017-12193i1/4%0

  - Multiple race conditions in drivers/char/adsprpc.c and     drivers/char/adsprpc_compat.c in the ADSPRPC driver for     the Linux kernel 3.x, as used in Qualcomm Innovation     Center (QuIC) Android contributions for MSM devices and     other products, allow attackers to cause a denial of     service (zero-value write) or possibly have unspecified     other impact via a COMPAT_FASTRPC_IOCTL_INVOKE_FD ioctl     call.(CVE-2015-0572i1/4%0

  - The sanity_check_ckpt function in fs/f2fs/super.c in     the Linux kernel before version 4.12.4 does not     validate the blkoff and segno arrays. This allows an     unprivileged, local user to cause a system panic and     DoS. Due to the nature of the flaw, privilege     escalation cannot be fully ruled out, although we     believe it is unlikely.(CVE-2017-10663i1/4%0

  - A stack overflow flaw caused by infinite recursion was     found in the way the Linux kernel's Universal Disk     Format (UDF) file system implementation processed     indirect Information Control Blocks (ICBs). An attacker     with physical access to the system could use a     specially crafted UDF image to crash the     system.(CVE-2014-6410i1/4%0

  - Race condition in the ion_ioctl function in     drivers/staging/android/ion/ion.c in the Linux kernel     before 4.6 allows local users to gain privileges or     cause a denial of service (use-after-free) by calling     ION_IOC_FREE on two CPUs at the same     time.(CVE-2016-9120i1/4%0

  - drivers/hid/hid-picolcd_core.c in the Human Interface     Device (HID) subsystem in the Linux kernel through     3.11, when CONFIG_HID_PICOLCD is enabled, allows     physically proximate attackers to cause a denial of     service (NULL pointer dereference and OOPS) via a     crafted device.(CVE-2013-2899i1/4%0

  - A flaw was found in the Linux kernel's implementation     of overlayfs. An attacker can leak file resources in     the system by opening a large file with write     permissions on a overlay filesystem that is     insufficient to deal with the size of the write.When     unmounting the underlying device, the system is unable     to free an inode and this will consume resources.
    Repeating this for all available inodes and memory will     create a denial of service situation.(CVE-2015-8953i1/4%0

  - Buffer overflow in the mp_override_legacy_irq()     function in arch/x86/kernel/acpi/boot.c in the Linux     kernel through 4.12.2 allows local users to gain     privileges via a crafted ACPI table.(CVE-2017-11473i1/4%0

  - Use-after-free vulnerability in the     kvm_ioctl_create_device function in virt/kvm/kvm_main.c     in the Linux kernel before 4.8.13 allows host OS users     to cause a denial of service (host OS crash) or     possibly gain privileges via crafted ioctl calls on the     /dev/kvm device.(CVE-2016-10150i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Qian Zhang discovered a heap-based buffer overflow in the tipc_msg_build() function in the Linux kernel. A local attacker could use to cause a denial of service (system crash) or possibly execute arbitrary code with administrative privileges. (CVE-2016-8632)

Dmitry Vyukov discovered that a race condition existed in the timerfd subsystem of the Linux kernel when handling might_cancel queuing. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-10661)

It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-10662, CVE-2017-10663)

Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
(CVE-2017-10911)

It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)

Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash).
(CVE-2017-1000252)

It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-10663)

Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
(CVE-2017-10911)

It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)

Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3468-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.04.
This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.04 for Ubuntu 16.04 LTS.

It was discovered that the KVM subsystem in the Linux kernel did not properly bound guest IRQs. A local attacker in a guest VM could use this to cause a denial of service (host system crash).
(CVE-2017-1000252)

It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-10663)

Anthony Perard discovered that the Xen virtual block driver did not properly initialize some data structures before passing them to user space. A local attacker in a guest VM could use this to expose sensitive information from the host OS or other guest VMs.
(CVE-2017-10911)

It was discovered that a use-after-free vulnerability existed in the POSIX message queue implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11176)

Dave Chinner discovered that the XFS filesystem did not enforce that the realtime inode flag was settable only on filesystems on a realtime device. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-14340).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3420-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses.
A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251)

It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-10663)

It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762)

Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that a buffer overflow existed in the Bluetooth stack of the Linux kernel when handling L2CAP configuration responses.
A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-1000251)

It was discovered that the Flash-Friendly File System (f2fs) implementation in the Linux kernel did not properly validate superblock metadata. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-10663)

It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762)

Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
124976	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1523)	Nessus	Huawei Local Security Checks	critical
104322	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3470-1)	Nessus	Ubuntu Local Security Checks	high
104319	Ubuntu 16.04 LTS : linux-gcp vulnerabilities (USN-3468-3)	Nessus	Ubuntu Local Security Checks	high
104318	Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3468-2)	Nessus	Ubuntu Local Security Checks	high
104317	Ubuntu 17.04 : linux, linux-raspi2 vulnerabilities (USN-3468-1)	Nessus	Ubuntu Local Security Checks	high
103324	Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3420-2) (BlueBorne)	Nessus	Ubuntu Local Security Checks	critical
103323	Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3420-1) (BlueBorne)	Nessus	Ubuntu Local Security Checks	critical

CVE-2017-10663

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins