http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0

http://seclists.org/oss-sec/2017/q3/345

100517

https://github.com/torvalds/linux/commit/a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The hi3660_stub_clk_probe function in     drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux     kernel before 4.16 allows local users to cause a denial     of service (NULL pointer dereference) by triggering a     failure of resource retrieval.(CVE-2018-10074i1/4%0

  - An information leak flaw was found in the RAM Disks     Memory Copy (rd_mcp) backend driver of the iSCSI Target     subsystem of the Linux kernel. A privileged user could     use this flaw to leak the contents of kernel memory to     an iSCSI initiator remote client.(CVE-2014-4027i1/4%0

  - It was found that in the Linux kernel version 4.2-rc1     to 4.3-rc1, a use of uninitialized 'n_proto',     'ip_proto', and 'thoff' variables in
    __skb_flow_dissect() function can lead to a remote     denial-of-service via malformed MPLS     packet.(CVE-2017-13715i1/4%0

  - It was found that the packet_set_ring() function of the     Linux kernel's networking implementation did not     properly validate certain block-size data. A local     attacker with CAP_NET_RAW capability could use this     flaw to trigger a buffer overflow, resulting in the     crash of the system. Due to the nature of the flaw,     privilege escalation cannot be fully ruled     out.(CVE-2017-7308i1/4%0

  - A weakness was found in the Linux ASLR implementation.
    Any user able to running 32-bit applications in a x86     machine can disable ASLR by setting the RLIMIT_STACK     resource to unlimited.(CVE-2016-3672i1/4%0

  - sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the     MSM QDSP6 audio driver for the Linux kernel 3.x, as     used in Qualcomm Innovation Center (QuIC) Android     contributions for MSM devices and other products,     allows attackers to cause a denial of service     (out-of-bounds write and memory corruption) or possibly     have unspecified other impact via a crafted application     that makes an ioctl call triggering incorrect use of a     parameters pointer.(CVE-2016-2065i1/4%0

  - A race condition flaw was found in the ioctl_send_fib()     function in the Linux kernel's aacraid implementation.
    A local attacker could use this flaw to cause a denial     of service (out-of-bounds access or system crash) by     changing a certain size value.(CVE-2016-6480i1/4%0

  - The omninet_open function in     drivers/usb/serial/omninet.c in the Linux kernel before     4.10.4 allows local users to cause a denial of service     (tty exhaustion) by leveraging reference count     mishandling.(CVE-2017-8925i1/4%0

  - The tower_probe function in     drivers/usb/misc/legousbtower.c in the Linux kernel     before 4.8.1 allows local users (who are physically     proximate for inserting a crafted USB device) to gain     privileges by leveraging a write-what-where condition     that occurs after a race condition and a NULL pointer     dereference.(CVE-2017-15102i1/4%0

  - The rtnl_fill_link_ifmap function in     net/core/rtnetlink.c in the Linux kernel before 4.5.5     does not initialize a certain data structure, which     allows local users to obtain sensitive information from     kernel stack memory by reading a Netlink     message.(CVE-2016-4486i1/4%0

  - A vulnerability was found in the Linux kernel's     lp_setup() function where it doesn't apply any bounds     checking when passing 'lp=none'. This can result into     overflow of the parport_nr array. An attacker with     control over kernel command line can overwrite kernel     code and data with fixed (0xff)     values.(CVE-2017-1000363i1/4%0

  - sound/core/hrtimer.c in the Linux kernel before 4.4.1     does not prevent recursive callback access, which     allows local users to cause a denial of service     (deadlock) via a crafted ioctl call.(CVE-2016-2549i1/4%0

  - The pn_recvmsg function in net/phonet/datagram.c in the     Linux kernel before 3.12.4 updates a certain length     value before ensuring that an associated data structure     has been initialized, which allows local users to     obtain sensitive information from kernel stack memory     via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system     call.(CVE-2013-7265i1/4%0

  - A NULL pointer dereference flaw was found in the SCTP     implementation. A local user could use this flaw to     cause a denial of service on the system by triggering a     kernel panic when creating multiple sockets in parallel     while the system did not have the SCTP module     loaded.(CVE-2015-5283i1/4%0

  - It was found that in Linux kernel the mount table     expands by a power-of-two with each bind mount command.
    If a system is configured to allow non-privileged user     to do bind mounts, or allows to do so in a container or     unprivileged mount namespace, then non-privileged user     is able to cause a local DoS by overflowing the mount     table, which causes a deadlock for the whole     system.(CVE-2016-6213i1/4%0

  - The cifs_iovec_write function in fs/cifs/file.c in the     Linux kernel through 3.13.5 does not properly handle     uncached write operations that copy fewer than the     requested number of bytes, which allows local users to     obtain sensitive information from kernel memory, cause     a denial of service (memory corruption and system     crash), or possibly gain privileges via a writev system     call with a crafted pointer.(CVE-2014-0069i1/4%0

  - A flaw was found in the Linux kernel's implementation     of XFS file attributes. Two memory leaks were detected     in xfs_attr_shortform_list and xfs_attr3_leaf_list_int     when running a docker container backed by xfs/overlay2.
    A dedicated attacker could possible exhaust all memory     and create a denial of service     situation.(CVE-2016-9685i1/4%0

  - Multiple integer overflows in the MDSS driver for the     Linux kernel 3.x, as used in Qualcomm Innovation Center     (QuIC) Android contributions for MSM devices and other     products, allow attackers to cause a denial of service     or possibly have unspecified other impact via a large     size value, related to mdss_compat_utils.c, mdss_fb.c,     and mdss_rotator.c.(CVE-2016-5344i1/4%0

  - kernel/bpf/verifier.c in the Linux kernel through     4.14.8 ignores unreachable code, even though it would     still be processed by JIT compilers. This behavior,     also considered an improper branch-pruning logic issue,     could possibly be used by local users for denial of     service.(CVE-2017-17862i1/4%0

  - A flaw was found in the Linux kernel's implementation     of the SCTP protocol. A remote attacker could trigger     an out-of-bounds read with an offset of up to 64kB     potentially causing the system to     crash.(CVE-2016-9555i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

CVE-2017-13715

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins