https://source.android.com/security/bulletin/pixel/2017-11-01

USN-3620-1

USN-3620-2

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - Integer signedness error in the oz_hcd_get_desc_cnf function in drivers/staging/ozwpan/ozhcd.c in the     OZWPAN driver in the Linux kernel through 4.0.5 allows remote attackers to cause a denial of service     (system crash) or possibly execute arbitrary code via a crafted packet. (CVE-2015-4001)

  - drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux kernel through 4.0.5 does not ensure     that certain length values are sufficiently large, which allows remote attackers to cause a denial of     service (system crash or large loop) or possibly execute arbitrary code via a crafted packet, related to     the (1) oz_usb_rx and (2) oz_usb_handle_ep_data functions. (CVE-2015-4002)

  - The oz_usb_handle_ep_data function in drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux     kernel through 4.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and system     crash) via a crafted packet. (CVE-2015-4003)

  - The OZWPAN driver in the Linux kernel through 4.0.5 relies on an untrusted length field during packet     parsing, which allows remote attackers to obtain sensitive information from kernel memory or cause a     denial of service (out-of-bounds read and system crash) via a crafted packet. (CVE-2015-4004)

  - arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the 'strict page     permissions' protection mechanism and modify the system-call table, and consequently gain privileges, by     leveraging write access. (CVE-2015-8967)

  - The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows     local users to gain privileges or cause a denial of service (stack memory consumption) via vectors     involving crafted mmap calls for /proc pathnames, leading to recursive pagefault handling. (CVE-2016-1583)

  - In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux     kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute     NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes (CVE-2017-11089)

  - In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due     to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should     fail. (CVE-2017-9725)

  - A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-free     which might lead to privilege escalations. (CVE-2020-25670)

  - A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-after-     free which might lead to privilege escalations. (CVE-2020-25671)

  - A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak     and eventually hanging-up the system. (CVE-2020-25673)

  - An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-     free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is     called, aka CID-f5449e74802c. (CVE-2020-36385)

  - Improper access control in BlueZ may allow an authenticated user to potentially enable information     disclosure via adjacent access. (CVE-2021-0129)

  - There is a flaw reported in the Linux kernel in versions before 5.9 in     drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue     results from the lack of validating the existence of an object prior to performing operations on the     object. An attacker with a local account with a root privilege, can leverage this vulnerability to     escalate privileges and execute code in the context of the kernel. (CVE-2021-20292)

  - A heap out-of-bounds write affecting Linux since v2.6.19-rc1 was discovered in net/netfilter/x_tables.c.
    This allows an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name     space (CVE-2021-22555)

  - A race condition was discovered in get_old_root in fs/btrfs/ctree.c in the Linux kernel through 5.11.8. It     allows attackers to cause a denial of service (BUG) because of a lack of locking on an extent buffer     before a cloning operation, aka CID-dbcc7d57bffc. (CVE-2021-28964)

  - BPF JIT compilers in the Linux kernel through 5.11.12 have incorrect computation of branch displacements,     allowing them to execute arbitrary code within the kernel context. This affects     arch/x86/net/bpf_jit_comp.c and arch/x86/net/bpf_jit_comp32.c. (CVE-2021-29154)

  - An issue was discovered in the Linux kernel before 5.11.7. usbip_sockfd_store in     drivers/usb/usbip/stub_dev.c allows attackers to cause a denial of service (GPF) because the stub-up     sequence has race conditions during an update of the local and shared status, aka CID-9380afd6df70.
    (CVE-2021-29265)

  - An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-     device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with     special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a system crash or     a leak of internal kernel information. The highest threat from this vulnerability is to system     availability. (CVE-2021-31916)

  - net/bluetooth/hci_request.c in the Linux kernel through 5.12.2 has a race condition for removal of the HCI     controller. (CVE-2021-32399)

  - The Linux kernel before 5.11.14 has a use-after-free in cipso_v4_genopt in net/ipv4/cipso_ipv4.c because     the CIPSO and CALIPSO refcounting for the DOI definitions is mishandled, aka CID-ad5d07f4a9cd. This leads     to writing an arbitrary value. (CVE-2021-33033)

  - An issue was discovered in the Linux kernel through 5.10.11. PI futexes have a kernel stack use-after-free     during fault handling, allowing local users to execute code in the kernel, aka CID-34b1a1ce1458.
    (CVE-2021-3347)

  - fs/seq_file.c in the Linux kernel 3.16 through 5.13.x before 5.13.4 does not properly restrict seq buffer     allocations, leading to an integer overflow, an Out-of-bounds Write, and escalation to root by an     unprivileged user, aka CID-8cae8cd89f05. (CVE-2021-33909)

  - net/can/bcm.c in the Linux kernel through 5.12.10 allows local users to obtain sensitive information from     kernel stack memory because parts of a data structure are uninitialized. (CVE-2021-34693)

  - A flaw was found in the Nosy driver in the Linux kernel. This issue allows a device to be inserted twice     into a doubly-linked list, leading to a use-after-free when one of these devices is removed. The highest     threat from this vulnerability is to confidentiality, integrity, as well as system availability. Versions     before kernel 5.12-rc6 are affected (CVE-2021-3483)

  - A flaw double-free memory corruption in the Linux kernel HCI device initialization subsystem was found in     the way user attach malicious HCI TTY Bluetooth device. A local user could use this flaw to crash the     system. This flaw affects all the Linux kernel versions starting from 3.13. (CVE-2021-3564)

  - A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way     user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev()     together with one of the calls hci_sock_blacklist_add(), hci_sock_blacklist_del(), hci_get_conn_info(),     hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their     privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5. (CVE-2021-3573)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote OracleVM system is missing necessary patches to address critical security updates :

  - ocfs2: subsystem.su_mutex is required while accessing     the item->ci_parent (alex chen) [Orabug: 29184589]     (CVE-2017-18216)

  - bcache: fix potential deadlock problem in     btree_gc_coalesce (Zhiqiang Liu) (CVE-2020-12771)

  - filldir[64]: remove WARN_ON_ONCE for bad directory     entries (Linus Torvalds) [Orabug: 31351271]     (CVE-2019-10220)

  - Make filldir[64] verify the directory entry filename is     valid (Linus Torvalds) [Orabug: 31351271]     (CVE-2019-10220)

  - ath9k: release allocated buffer if timed out (Navid     Emamdoost) [Orabug: 31351559] (CVE-2019-19074)

  - scsi: bfa: release allocated memory in case of error     (Navid Emamdoost) [Orabug: 31351615] (CVE-2019-19066)

  - rtlwifi: prevent memory leak in rtl_usb_probe (Navid     Emamdoost) [Orabug: 31351626] (CVE-2019-19063)

  - perf/core: Fix perf_event_open vs. execve race (Peter     Zijlstra) [Orabug: 31351766] (CVE-2019-3901)

  - l2tp: pass tunnel pointer to ->session_create (Guillaume     Nault) [Orabug: 31352004] (CVE-2018-9517)

  - net: bonding: add new option arp_allslaves for     arp_ip_target (Venkat Venkatsubra) [Orabug: 33039295]

  - Revert 'uek-rpm: mark /etc/ld.so.conf.d/ files as     %config' (aloktiw) [Orabug: 33359684]

  - ksplice: Fix build warning with ksplice_sysctls (John     Donnelly) [Orabug: 33365274]

  - kvm:vmx Fix build error in kvm/vmx.c (John Donnelly)     [Orabug: 33375485]

  - vmscan: Fix build error in mm/vmscan.c (John Donnelly)     [Orabug: 33375931]

  - constify iov_iter_count and iter_is_iovec (Al Viro)     [Orabug: 33381741]

  - fs/namespace.c: fix mountpoint reference counter race     (Piotr Krysiuk) [Orabug: 31350976] (CVE-2020-12114)     (CVE-2020-12114)

  - btrfs: only search for left_info if there is no     right_info in try_merge_free_space (Josef Bacik)     [Orabug: 31351025] (CVE-2019-19448) (CVE-2019-19448)

  - cfg80211: wext: avoid copying malformed SSIDs (Will     Deacon) [Orabug: 31351800] (CVE-2019-17133)

  - vhost_net: fix possible infinite loop (Jason Wang)     [Orabug: 31351950] (CVE-2019-3900) (CVE-2019-3900)

  - vhost: introduce vhost_exceeds_weight (Jason Wang)     [Orabug: 31351950] (CVE-2019-3900)

  - vhost_net: introduce vhost_exceeds_weight (Jason Wang)     [Orabug: 31351950] (CVE-2019-3900)

  - vhost_net: use packet weight for rx handler, too (Paolo     Abeni) [Orabug: 31351950] (CVE-2019-3900)

  - vhost-net: set packet weight of tx polling to 2 * vq     size (haibinzhang(&#x5F20 &#x6D77 &#x658C )) [Orabug:
    31351950] (CVE-2019-3900)

  - mac80211: extend protection against mixed key and     fragment cache attacks (Wen Gong) [Orabug: 33009788]     (CVE-2020-24586) (CVE-2020-26139) (CVE-2020-24587)     (CVE-2020-24588) (CVE-2020-26139) (CVE-2020-26140)     (CVE-2020-26141) (CVE-2020-26142) (CVE-2020-26143)     (CVE-2020-26144) (CVE-2020-26145) (CVE-2020-26146)     (CVE-2020-26147) (CVE-2020-24586) (CVE-2020-24587)

  - mac80211: do not accept/forward invalid EAPOL frames     (Johannes Berg) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)

  - mac80211: prevent attacks on TKIP/WEP as well (Johannes     Berg) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)

  - mac80211: check defrag PN against current frame     (Johannes Berg) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)

  - mac80211: add fragment cache to sta_info (Johannes Berg)     [Orabug: 33009788] (CVE-2020-24586) (CVE-2020-26139)     (CVE-2020-24587) (CVE-2020-24588) (CVE-2020-26139)     (CVE-2020-26140) (CVE-2020-26141) (CVE-2020-26142)     (CVE-2020-26143) (CVE-2020-26144) (CVE-2020-26145)     (CVE-2020-26146) (CVE-2020-26147)

  - mac80211: drop A-MSDUs on old ciphers (Johannes Berg)     [Orabug: 33009788] (CVE-2020-24586) (CVE-2020-26139)     (CVE-2020-24587) (CVE-2020-24588) (CVE-2020-26139)     (CVE-2020-26140) (CVE-2020-26141) (CVE-2020-26142)     (CVE-2020-26143) (CVE-2020-26144) (CVE-2020-26145)     (CVE-2020-26146) (CVE-2020-26147) (CVE-2020-24588)

  - cfg80211: mitigate A-MSDU aggregation attacks (Mathy     Vanhoef) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)     (CVE-2020-24588)

  - mac80211: properly handle A-MSDUs that start with an RFC     1042 header (Mathy Vanhoef) [Orabug: 33009788]     (CVE-2020-24586) (CVE-2020-26139) (CVE-2020-24587)     (CVE-2020-24588) (CVE-2020-26139) (CVE-2020-26140)     (CVE-2020-26141) (CVE-2020-26142) (CVE-2020-26143)     (CVE-2020-26144) (CVE-2020-26145) (CVE-2020-26146)     (CVE-2020-26147)

  - mac80211: prevent mixed key and fragment cache attacks     (Mathy Vanhoef) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)     (CVE-2020-24587) (CVE-2020-24586)

  - mac80211: assure all fragments are encrypted (Mathy     Vanhoef) [Orabug: 33009788] (CVE-2020-24586)     (CVE-2020-26139) (CVE-2020-24587) (CVE-2020-24588)     (CVE-2020-26139) (CVE-2020-26140) (CVE-2020-26141)     (CVE-2020-26142) (CVE-2020-26143) (CVE-2020-26144)     (CVE-2020-26145) (CVE-2020-26146) (CVE-2020-26147)     (CVE-2020-26147)

  - sctp: validate from_addr_param return (Marcelo Ricardo     Leitner) [Orabug: 33198409] (CVE-2021-3655)

  - virtio_console: Assure used length from device is     limited (Xie Yongji) [Orabug: 33209274] (CVE-2021-38160)

  - net_sched: cls_route: remove the right filter from     hashtable (Cong Wang) [Orabug: 33326887] (CVE-2021-3715)

  - HID: make arrays usage and value to be the same (Will     McVicker) [Orabug: 33326939] (CVE-2021-0512)

  - ext4: fix race writing to an inline_data file while its     xattrs are changing (Theodore Ts'o) [Orabug: 33327200]     (CVE-2021-40490)

  - x86/mm: Fix compiler warning in pageattr.c (John     Donnelly) [Orabug: 33332673]

  - security: Make inode argument of inode_getsecid     non-const (Andreas Gruenbacher) [Orabug: 33337179]

  - security: Make inode argument of inode_getsecurity     non-const (Andreas Gruenbacher) [Orabug: 33337179]

  - cfg80211: Define nla_policy for     NL80211_ATTR_LOCAL_MESH_POWER_MODE (Srinivas Dasari)     [Orabug: 31351335] (CVE-2017-11089)

  - ocfs2: issue zeroout to EOF blocks (Junxiao Bi) [Orabug:
    32974989]

  - ocfs2: fix zero out valid data (Junxiao Bi) [Orabug:
    32974989]

  - ocfs2: fix data corruption by fallocate (Junxiao Bi)     [Orabug: 32974989]

  - l2tp: fix l2tp_eth module loading (Guillaume Nault)     [Orabug: 33114384] (CVE-2020-27067)

  - af_key: pfkey_dump needs parameter validation (Mark     Salyzyn) [Orabug: 33114539] (CVE-2021-0605)

  - af_key: Add lock to key dump (Yuejie Shi) [Orabug:
    33114539] (CVE-2021-0605)

  - Input: joydev - prevent use of not validated data in     JSIOCSBTNMAP ioctl (Alexander Larkin) [Orabug: 33114989]     (CVE-2021-3612)

  - Input: joydev - prevent potential read overflow in ioctl     (Dan Carpenter) [Orabug: 33114989] (CVE-2021-3612)

  - tracing: Fix bug in rb_per_cpu_empty that might cause     deadloop. (Haoran Luo) [Orabug: 33198437]     (CVE-2021-3679)

  - dtrace: Corrects - warning: assignment makes pointer     from integer without a cast (John Donnelly) [Orabug:
    33314947]

The SUSE Linux Enterprise 12 GA LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2018-1087: And an unprivileged KVM guest user could     use this flaw to potentially escalate their privileges     inside a guest. (bsc#1087088)

  - CVE-2018-8897: An unprivileged system user could use     incorrect set up interrupt stacks to crash the Linux     kernel resulting in DoS issue. (bsc#1087088)

  - CVE-2018-8781: The udl_fb_mmap function in     drivers/gpu/drm/udl/udl_fb.c had an integer-overflow     vulnerability allowing local users with access to the     udldrmfb driver to obtain full read and write     permissions on kernel physical pages, resulting in a     code execution in kernel space (bnc#1090643).

  - CVE-2018-10124: The kill_something_info function in     kernel/signal.c might allow local users to cause a     denial of service via an INT_MIN argument (bnc#1089752).

  - CVE-2018-10087: The kernel_wait4 function in     kernel/exit.c might allow local users to cause a denial     of service by triggering an attempted use of the
    -INT_MIN value (bnc#1089608).

  - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events     function in drivers/scsi/libsas/sas_expander.c allowed     local users to cause a denial of service (memory     consumption) via many read accesses to files in the     /sys/class/sas_phy directory, as demonstrated by the     /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file     (bnc#1084536 1087209).

  - CVE-2017-13220: An elevation of privilege vulnerability     in the Upstream kernel bluez was fixed. (bnc#1076537).

  - CVE-2017-11089: A buffer overread was observed in     nl80211_set_station when user space application sends     attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data     of size less than 4 bytes (bnc#1088261).

  - CVE-2017-0861: Use-after-free vulnerability in the     snd_pcm_info function in the ALSA subsystem allowed     attackers to gain privileges via unspecified vectors     (bnc#1088260).

  - CVE-2018-8822: Incorrect buffer length handling in the     ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c     could be exploited by malicious NCPFS servers to crash     the kernel or execute code (bnc#1086162).

  - CVE-2017-18203: The dm_get_from_kobject function in     drivers/md/dm.c allow local users to cause a denial of     service (BUG) by leveraging a race condition with
    __dm_destroy during creation and removal of DM devices     (bnc#1083242).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP1 LTSS kernel was updated to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2018-1087: And an unprivileged KVM guest user could     use this flaw to potentially escalate their privileges     inside a guest. (bsc#1087088)

  - CVE-2018-8897: An unprivileged system user could use     incorrect set up interrupt stacks to crash the Linux     kernel resulting in DoS issue. (bsc#1087088)

  - CVE-2018-8781: The udl_fb_mmap function in     drivers/gpu/drm/udl/udl_fb.c had an integer-overflow     vulnerability allowing local users with access to the     udldrmfb driver to obtain full read and write     permissions on kernel physical pages, resulting in a     code execution in kernel space (bnc#1090643).

  - CVE-2018-10124: The kill_something_info function in     kernel/signal.c might allow local users to cause a     denial of service via an INT_MIN argument (bnc#1089752).

  - CVE-2018-10087: The kernel_wait4 function in     kernel/exit.c in might allow local users to cause a     denial of service by triggering an attempted use of the
    -INT_MIN value (bnc#1089608).

  - CVE-2018-7757: Memory leak in the sas_smp_get_phy_events     function in drivers/scsi/libsas/sas_expander.c allowed     local users to cause a denial of service (memory     consumption) via many read accesses to files in the     /sys/class/sas_phy directory, as demonstrated by the     /sys/class/sas_phy/phy-1:0:12/invalid_dword_count file     (bnc#1084536).

  - CVE-2017-13220: An elevation of privilege vulnerability     in the Upstream kernel bluez was fixed. (bnc#1076537).

  - CVE-2017-11089: A buffer overread is observed in     nl80211_set_station when user space application sends     attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data     of size less than 4 bytes (bnc#1088261).

  - CVE-2017-0861: Use-after-free vulnerability in the     snd_pcm_info function in the ALSA subsystem allowed     attackers to gain privileges via unspecified vectors     (bnc#1088260).

  - CVE-2018-8822: Incorrect buffer length handling in the     ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c     could be exploited by malicious NCPFS servers to crash     the kernel or execute code (bnc#1086162).

  - CVE-2017-18203: The dm_get_from_kobject function in     drivers/md/dm.c allowed local users to cause a denial of     service (BUG) by leveraging a race condition with
    __dm_destroy during creation and removal of DM devices     (bnc#1083242).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the netlink 802.11 configuration interface in the Linux kernel did not properly validate some attributes passed from userspace. A local attacker with the CAP_NET_ADMIN privilege could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-11089)

It was discovered that a buffer overflow existed in the ioctl handling code in the ISDN subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-12762)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's' default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
154404	EulerOS 2.0 SP3 : kernel (EulerOS-SA-2021-2588)	Nessus	Huawei Local Security Checks	high
154016	OracleVM 3.4 : Unbreakable / etc (OVMSA-2021-0035)	Nessus	OracleVM Local Security Checks	high
131845	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-2353)	Nessus	Huawei Local Security Checks	critical
109758	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1221-1)	Nessus	SuSE Local Security Checks	high
109757	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1220-1)	Nessus	SuSE Local Security Checks	high
108843	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3620-1)	Nessus	Ubuntu Local Security Checks	critical

CVE-2017-11089

high

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Tenable Plugins

high

high

critical

high

high

critical