101768

https://github.com/torvalds/linux/commit/ea04efee7635c9120d015dcdeeeb6988130cb67a

https://groups.google.com/d/msg/syzkaller/q6jjr1OhqO8/WcA99AVFBAAJ

USN-3617-1

USN-3617-2

USN-3617-3

USN-3619-1

USN-3619-2

USN-3754-1

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The ims_pcu_get_cdc_union_desc function in     drivers/input/misc/ims-pcu.c in the Linux kernel,     through 4.13.11, allows local users to cause a denial     of service (ims_pcu_parse_cdc_data out-of-bounds read     and system crash) or possibly have unspecified other     impact via a crafted USB device.(CVE-2017-16645i1/4%0

  - It was found that due to excessive files_lock locking,     a soft lockup could be triggered in the Linux kernel     when performing asynchronous I/O operations. A local,     unprivileged user could use this flaw to crash the     system.(CVE-2014-8172i1/4%0

  - A flaw was discovered in the kernel's collect_mounts     function. If the kernel's audit subsystem called     collect_mounts to audit an unmounted path, it could     panic the system. With this flaw, an unprivileged user     could call umount(MNT_DETACH) to launch a     denial-of-service attack.(CVE-2015-4177i1/4%0

  - A flaw was found in the way the Linux kernel's floppy     driver handled user space provided data in certain     error code paths while processing FDRAWCMD IOCTL     commands. A local user with write access to /dev/fdX     could use this flaw to free (using the kfree()     function) arbitrary kernel memory. (CVE-2014-1737,     Important) was found that the Linux kernel's floppy     driver leaked internal kernel memory addresses to user     space during the processing of the FDRAWCMD IOCTL     command. A local user with write access to /dev/fdX     could use this flaw to obtain information about the     kernel heap arrangement. (CVE-2014-1738, Low)Note: A     local user with write access to /dev/fdX could use     these two flaws (CVE-2014-1737 in combination with     CVE-2014-1738) to escalate their privileges on the     system.(CVE-2014-1738i1/4%0

  - A reference counter leak in Linux kernel in     ipxitf_ioctl function was found which results in a use     after free vulnerability that's triggerable from     unprivileged userspace when IPX interface is     configured.(CVE-2017-7487i1/4%0

  - The x25_recvmsg function in net/x25/af_x25.c in the     Linux kernel before 3.12.4 updates a certain length     value without ensuring that an associated data     structure has been initialized, which allows local     users to obtain sensitive information from kernel     memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg     system call.(CVE-2013-7271i1/4%0

  - An inode data validation error was found in Linux     kernels built with UDF file system (CONFIG_UDF_FS)     support. An attacker able to mount a     corrupted/malicious UDF file system image could cause     the kernel to crash.(CVE-2015-4167i1/4%0

  - Double free vulnerability in the ioctx_alloc function     in fs/aio.c in the Linux kernel before 3.12.4 allows     local users to cause a denial of service (system crash)     or possibly have unspecified other impact via vectors     involving an error condition in the aio_setup_ring     function.(CVE-2013-7348i1/4%0

  - A flaw was found in the Linux kernel's implementation     of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()     system call. Users with non-namespace CAP_NET_ADMIN are     able to trigger this call and create a situation in     which the sockets sendbuff data size could be negative.
    This could adversely affect memory allocations and     create situations where the system could crash or cause     memory corruption.(CVE-2016-9793i1/4%0

  - Use-after-free vulnerability in the     ffs_user_copy_worker function in     drivers/usb/gadget/function/f_fs.c in the Linux kernel     before 4.5.3 allows local users to gain privileges by     accessing an I/O data structure after a certain     callback call. Due to the nature of the flaw, privilege     escalation cannot be fully ruled out, although we     believe it is unlikely.(CVE-2016-7912i1/4%0

  - A flaw was found in the way the get_dumpable() function     return value was interpreted in the ptrace subsystem of     the Linux kernel. When 'fs.suid_dumpable' was set to 2,     a local, unprivileged local user could use this flaw to     bypass intended ptrace restrictions and obtain     potentially sensitive information.(CVE-2013-2929i1/4%0

  - A DoS flaw was found for a Linux kernel built for the     x86 architecture which had the KVM virtualization     support(CONFIG_KVM) enabled. The kernel would be     vulnerable to a NULL pointer dereference flaw in Linux     kernel's kvm_apic_has_events() function while doing an     ioctl. An unprivileged user able to access the     '/dev/kvm' device could use this flaw to crash the     system kernel.(CVE-2015-4692i1/4%0

  - The intr function in sound/oss/msnd_pinnacle.c in the     Linux kernel through 4.11.7 allows local users to cause     a denial of service (over-boundary access) or possibly     have unspecified other impact by changing the value of     a message queue head pointer between two kernel reads     of that value, aka a 'double fetch'     vulnerability.(CVE-2017-9986i1/4%0

  - sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the     MSM QDSP6 audio driver for the Linux kernel 3.x, as     used in Qualcomm Innovation Center (QuIC) Android     contributions for MSM devices and other products,     allows attackers to cause a denial of service (buffer     over-read) or possibly have unspecified other impact     via a crafted application that makes an ioctl call     specifying many commands.(CVE-2016-2064i1/4%0

  - The digi_port_init function in     drivers/usb/serial/digi_acceleport.c in the Linux     kernel before 4.5.1 allows physically proximate     attackers to cause a denial of service (NULL pointer     dereference and system crash) via a crafted endpoints     value in a USB device descriptor.(CVE-2016-3140i1/4%0

  - In the Linux kernel through 4.14.13, the     rds_cmsg_atomic function in net/rds/rdma.c mishandles     cases where page pinning fails or an invalid address is     supplied, leading to an rds_atomic_free_op NULL pointer     dereference.(CVE-2018-5333i1/4%0

  - Multiple buffer underflows in the XFS implementation in     the Linux kernel through 3.12.1 allow local users to     cause a denial of service (memory corruption) or     possibly have unspecified other impact by leveraging     the CAP_SYS_ADMIN capability for a (1)     XFS_IOC_ATTRLIST_BY_HANDLE or (2)     XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted     length value, related to the xfs_attrlist_by_handle     function in fs/xfs/xfs_ioctl.c and the     xfs_compat_attrlist_by_handle function in     fs/xfs/xfs_ioctl32.c.(CVE-2013-6382i1/4%0

  - In the Linux kernel through 5.0.2, the function     inotify_update_existing_watch() in     fs/notify/inotify/inotify_user.c neglects to call     fsnotify_put_mark() with IN_MASK_CREATE after     fsnotify_find_mark(), which will cause a memory leak     (aka refcount leak). Finally, this will cause a denial     of service.(CVE-2019-9857i1/4%0

  - It was found that stacking a file system over procfs in     the Linux kernel could lead to a kernel stack overflow     due to deep nesting, as demonstrated by mounting     ecryptfs over procfs and creating a recursion by     mapping /proc/environ. An unprivileged, local user     could potentially use this flaw to escalate their     privileges on the system.(CVE-2016-1583i1/4%0

  - A heap-based buffer overflow vulnerability was found in     the Linux kernel's hiddev driver. This flaw could allow     a local attacker to corrupt kernel memory, possible     privilege escalation or crashing the     system.(CVE-2016-5829i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - The usbhid_parse function in     drivers/hid/usbhid/hid-core.c in the Linux kernel,     before 4.13.8, allows local users to cause a denial of     service (out-of-bounds read and system crash) or     possibly have unspecified other impact via a crafted     USB device.(CVE-2017-16533)

  - The cdc_parse_cdc_header() function in     'drivers/usb/core/message.c' in the Linux kernel,     before 4.13.6, allows local users to cause a denial of     service (out-of-bounds read and system crash) or     possibly have unspecified other impact via a crafted     USB device. Due to the nature of the flaw, privilege     escalation cannot be fully ruled out, although we     believe it is unlikely.(CVE-2017-16534)

  - The usb_get_bos_descriptor function in     drivers/usb/core/config.c in the Linux kernel can allow     a local users to cause a denial of service     (out-of-bounds read and system crash) or possibly have     unspecified other impact via a crafted USB     device.(CVE-2017-16535)

  - The cx231xx_usb_probe function in     drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux     kernel through 4.13.11 allows local users to cause a     denial of service (NULL pointer dereference and system     crash) or possibly have unspecified other impact via a     crafted USB device.(CVE-2017-16536)

  - The imon_probe function in drivers/media/rc/imon.c in     the Linux kernel through 4.13.11 allows local users to     cause a denial of service (NULL pointer dereference and     system crash) or possibly have unspecified other impact     via a crafted USB device.(CVE-2017-16537)

  - The drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux     kernel, through 4.13.11, allows local users to cause a     denial of service (general protection fault and system     crash) or possibly have unspecified other impact via a     crafted USB device, related to a missing warm-start     check and incorrect attach timing     (dm04_lme2510_frontend_attach versus     dm04_lme2510_tuner).(CVE-2017-16538)

  - The parse_hid_report_descriptor function in     drivers/input/tablet/gtco.c in the Linux kernel before     4.13.11 allows local users to cause a denial of service     (out-of-bounds read and system crash) or possibly have     unspecified other impact via a crafted USB     device.(CVE-2017-16643)

  - The hdpvr_probe function in     drivers/media/usb/hdpvr/hdpvr-core.c in the Linux     kernel through 4.13.11 allows local users to cause a     denial of service (improper error handling and system     crash) or possibly have unspecified other impact via a     crafted USB device.(CVE-2017-16644)

  - The ims_pcu_get_cdc_union_desc function in     drivers/input/misc/ims-pcu.c in the Linux kernel,     through 4.13.11, allows local users to cause a denial     of service (ims_pcu_parse_cdc_data out-of-bounds read     and system crash) or possibly have unspecified other     impact via a crafted USB device.(CVE-2017-16645)

  - The usbnet_generic_cdc_bind function in     drivers/net/usb/cdc_ether.c in the Linux kernel through     4.13.11 allows local users to cause a denial of service     (divide-by-zero error and system crash) or possibly     have unspecified other impact via a crafted USB     device.(CVE-2017-16649)

  - The qmi_wwan_bind function in     drivers/net/usb/qmi_wwan.c in the Linux kernel through     4.13.11 allows local users to cause a denial of service     (divide-by-zero error and system crash) or possibly     have unspecified other impact via a crafted USB     device.(CVE-2017-16650)

  - The Linux kernel is vulerable to a use-after-free flaw     when Transformation User configuration     interface(CONFIG_XFRM_USER) compile-time configuration     were enabled. This vulnerability occurs while closing a     xfrm netlink socket in xfrm_dump_policy_done. A     user/process could abuse this flaw to potentially     escalate their privileges on a system.(CVE-2017-16939)

  - The net/netfilter/nfnetlink_cthelper.c function in the     Linux kernel through 4.14.4 does not require the     CAP_NET_ADMIN capability for new, get, and del     operations. This allows local users to bypass intended     access restrictions because the nfnl_cthelper_list data     structure is shared across all net     namespaces.(CVE-2017-17448)

  - The __netlink_deliver_tap_skb function in     net/netlink/af_netlink.c in the Linux kernel, through     4.14.4, does not restrict observations of Netlink     messages to a single net namespace, when CONFIG_NLMON     is enabled. This allows local users to obtain sensitive     information by leveraging the CAP_NET_ADMIN capability     to sniff an nlmon interface for all Netlink activity on     the system.(CVE-2017-17449)

  - net/netfilter/xt_osf.c in the Linux kernel through     4.14.4 does not require the CAP_NET_ADMIN capability     for add_callback and remove_callback operations. This     allows local users to bypass intended access     restrictions because the xt_osf_fingers data structure     is shared across all network     namespaces.(CVE-2017-17450)

  - The usb_destroy_configuration() function, in     'drivers/usb/core/config.c' in the USB core subsystem,     in the Linux kernel through 4.14.5 does not consider     the maximum number of configurations and interfaces     before attempting to release resources. This allows     local users to cause a denial of service, due to     out-of-bounds write access, or possibly have     unspecified other impact via a crafted USB device. Due     to the nature of the flaw, privilege escalation cannot     be fully ruled out, although we believe it is     unlikely.(CVE-2017-17558)

  - The Salsa20 encryption algorithm in the Linux kernel,     before 4.14.8, does not correctly handle zero-length     inputs. This allows a local attacker the ability to use     the AF_ALG-based skcipher interface to cause a denial     of service (uninitialized-memory free and kernel crash)     or have an unspecified other impact by executing a     crafted sequence of system calls that use the     blkcipher_walk API. Both the generic implementation     (crypto/salsa20_generic.c) and x86 implementation     (arch/x86/crypto/salsa20_glue.c) of Salsa20 are     vulnerable.(CVE-2017-17805)

  - The HMAC implementation (crypto/hmac.c) in the Linux     kernel, before 4.14.8, does not validate that the     underlying cryptographic hash algorithm is unkeyed.
    This allows a local attacker, able to use the     AF_ALG-based hash interface     (CONFIG_CRYPTO_USER_API_HASH) and the SHA-3 hash     algorithm (CONFIG_CRYPTO_SHA3), to cause a kernel stack     buffer overflow by executing a crafted sequence of     system calls that encounter a missing SHA-3     initialization.(CVE-2017-17806)

  - The KEYS subsystem in the Linux kernel omitted an     access-control check when writing a key to the current     task's default keyring, allowing a local user to bypass     security checks to the keyring. This compromises the     validity of the keyring for those who rely on     it.(CVE-2017-17807)

  - A flaw was found in the Linux kernel's implementation     of i8042 serial ports. An attacker could cause a kernel     panic if they are able to add and remove devices as the     module is loaded.(CVE-2017-18079)

  - The Linux kernel, before version 4.14.3, is vulnerable     to a denial of service in     drivers/md/dm.c:dm_get_from_kobject() which can be     caused by local users leveraging a race condition with
    __dm_destroy() during creation and removal of DM     devices. Only privileged local users (with     CAP_SYS_ADMIN capability) can directly perform the     ioctl operations for dm device creation and removal and     this would typically be outside the direct control of     the unprivileged attacker.(CVE-2017-18203)

  - The madvise_willneed function in the Linux kernel     allows local users to cause a denial of service     (infinite loop) by triggering use of MADVISE_WILLNEED     for a DAX mapping.(CVE-2017-18208)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service (system crash). (CVE-2016-10208)

It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)

It was discovered that a buffer overflow existed in the ACPI table parsing implementation in the Linux kernel. A local attacker could use this to construct a malicious ACPI table that, when loaded, caused a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-11473)

It was discovered that the generic SCSI driver in the Linux kernel did not properly initialize data returned to user space in some situations. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-14991)

It was discovered that a race condition existed in the packet fanout implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15649)

Andrey Konovalov discovered that the Ultra Wide Band driver in the Linux kernel did not properly check for an error condition. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16526)

Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel contained a use-after-free vulnerability. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16527)

Andrey Konovalov discovered that the ALSA subsystem in the Linux kernel did not properly validate USB audio buffer descriptors. A physically proximate attacker could use this cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16529)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB interface association descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16531)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB HID descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16533)

Andrey Konovalov discovered that the USB subsystem in the Linux kernel did not properly validate USB BOS metadata. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16535)

Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

It was discovered that the DM04/QQBOX USB driver in the Linux kernel did not properly handle device attachment and warm-start. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16538)

Andrey Konovalov discovered an out-of-bounds read in the GTCO digitizer USB driver for the Linux kernel. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16643)

Andrey Konovalov discovered that the video4linux driver for Hauppauge HD PVR USB devices in the Linux kernel did not properly handle some error conditions. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16644)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash).
(CVE-2017-16914)

It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device.
A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)

It was discovered that an integer overflow existed in the perf subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18255)

It was discovered that the keyring subsystem in the Linux kernel did not properly prevent a user from creating keyrings for other users. A local attacker could use this cause a denial of service or expose sensitive information. (CVE-2017-18270)

Andy Lutomirski and Willy Tarreau discovered that the KVM implementation in the Linux kernel did not properly emulate instructions on the SS segment register. A local attacker in a guest virtual machine could use this to cause a denial of service (guest OS crash) or possibly gain administrative privileges in the guest OS.
(CVE-2017-2583)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel improperly emulated certain instructions. A local attacker could use this to obtain sensitive information (kernel memory).
(CVE-2017-2584)

It was discovered that the KLSI KL5KUSB105 serial-to-USB device driver in the Linux kernel did not properly initialize memory related to logging. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2017-5549)

Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)

Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash).
(CVE-2017-6345)

Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348)

Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm.
(CVE-2017-7518)

Tuomas Haanpaa and Ari Kauppi discovered that the NFSv2 and NFSv3 server implementations in the Linux kernel did not properly handle certain long RPC replies. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-7645)

Pengfei Wang discovered that a race condition existed in the NXP SAA7164 TV Decoder driver for the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-8831)

Pengfei Wang discovered that the Turtle Beach MultiSound audio device driver in the Linux kernel contained race conditions when fetching from the ring-buffer. A local attacker could use this to cause a denial of service (infinite loop). (CVE-2017-9984, CVE-2017-9985)

It was discovered that the wait4() system call in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service.
(CVE-2018-10087)

It was discovered that the kill() system call implementation in the Linux kernel did not properly validate its arguments in some situations. A local attacker could possibly use this to cause a denial of service. (CVE-2018-10124)

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly validate meta-data information. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10323)

Zhong Jiang discovered that a use-after-free vulnerability existed in the NUMA memory policy implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10675)

Wen Xu discovered that a buffer overflow existed in the ext4 filesystem implementation in the Linux kernel. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-10877)

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly keep meta-data information consistent in some situations. An attacker could use this to construct a malicious ext4 image that, when mounted, could cause a denial of service (system crash). (CVE-2018-10881)

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations.
An attacker could use this to specially craft an ext4 file system that caused a denial of service (system crash) when mounted.
(CVE-2018-1092)

Wen Xu discovered that the ext4 filesystem implementation in the Linux kernel did not properly handle corrupted meta data in some situations.
An attacker could use this to specially craft an ext4 filesystem that caused a denial of service (system crash) when mounted.
(CVE-2018-1093)

It was discovered that the cdrom driver in the Linux kernel contained an incorrect bounds check. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-10940)

Shankara Pailoor discovered that the JFS filesystem implementation in the Linux kernel contained a buffer overflow when handling extended attributes. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-12233)

Wen Xu discovered that the XFS filesystem implementation in the Linux kernel did not properly handle an error condition with a corrupted xfs image. An attacker could use this to construct a malicious xfs image that, when mounted, could cause a denial of service (system crash).
(CVE-2018-13094)

It was discovered that the Linux kernel did not properly handle setgid file creation when performed by a non-member of the group. A local attacker could use this to gain elevated privileges. (CVE-2018-13405)

Silvio Cesare discovered that the generic VESA frame buffer driver in the Linux kernel contained an integer overflow. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-13406)

Daniel Jiang discovered that a race condition existed in the ipv4 ping socket implementation in the Linux kernel. A local privileged attacker could use this to cause a denial of service (system crash).
(CVE-2017-2671)

It was discovered that an information leak existed in the generic SCSI driver in the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory). (CVE-2018-1000204)

It was discovered that a memory leak existed in the Serial Attached SCSI (SAS) implementation in the Linux kernel. A physically proximate attacker could use this to cause a denial of service (memory exhaustion). (CVE-2018-10021).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote OracleVM system is missing necessary patches to address critical security updates :

  - scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data     digest enabled (Jianchao Wang) [Orabug: 27726302]

  - block: fix bio_will_gap for first bvec with offset (Ming     Lei) 

  - block: relax check on sg gap (Ming Lei) [Orabug:
    27775588]

  - block: don't optimize for non-cloned bio in     bio_get_last_bvec (Ming Lei) [Orabug: 27775588]

  - block: merge: get the 1st and last bvec via helpers     (Ming Lei) 

  - block: get the 1st and last bvec via helpers (Ming Lei)     [Orabug: 27775588]

  - block: check virt boundary in bio_will_gap (Ming Lei)     [Orabug: 27775588]

  - block: bio: introduce helpers to get the 1st and last     bvec (Ming Lei) 

  - Failing to send a CLOSE if file is opened WRONLY and     server reboots on a 4.x mount (Olga Kornievskaia)     [Orabug: 27848303]

  - ext4: add validity checks for bitmap block numbers     (Theodore Ts'o) [Orabug: 27854373] (CVE-2018-1093)     (CVE-2018-1093)

  - ocfs2: Take inode cluster lock before moving reflinked     inode from orphan dir (Ashish Samant) [Orabug: 27869411]

  - Input: gtco - fix potential out-of-bound access (Dmitry     Torokhov) [Orabug: 27869844] (CVE-2017-16643)

  - Input: ims-psu - check if CDC union descriptor is sane     (Dmitry Torokhov) [Orabug: 27870333] (CVE-2017-16645)

  - vfio/pci: Virtualize Maximum Payload Size (Alex     Williamson)

  - vfio-pci: Virtualize PCIe & AF FLR (Alex Williamson)

  - uek-rpm: Disable DMA CMA (Jianchao Wang) [Orabug:
    27892359]

  - nvme-pci: fix multiple ctrl removal scheduling (Rakesh     Pandit) 

  - nvme-pci: Fix nvme queue cleanup if IRQ setup fails     (Jianchao Wang) 

  - nvme/pci: Fix stuck nvme reset (Keith Busch) [Orabug:
    27892359]

  - nvme: don't schedule multiple resets (Keith Busch)     [Orabug: 27892359]

  - blk-mq: fix use-after-free in blk_mq_free_tag_set     (Junichi Nomura) 

  - USB: core: prevent malicious bNumInterfaces overflow     (Alan Stern) 

  - driver core: platform: fix race condition with     driver_override (Adrian Salido) [Orabug: 27897874]     (CVE-2017-12146)

  - usb/core: usb_alloc_dev: fix setting of ->portnum     (Nicolai Stange)

Description of changes:

[4.1.12-124.14.2.el7uek]
- scsi: iscsi_tcp: set BDI_CAP_STABLE_WRITES when data digest enabled (Jianchao Wang)  [Orabug: 27726302]
- block: fix bio_will_gap() for first bvec with offset (Ming Lei) [Orabug: 27775588]
- block: relax check on sg gap (Ming Lei)  [Orabug: 27775588]
- block: don't optimize for non-cloned bio in bio_get_last_bvec() (Ming Lei)  [Orabug: 27775588]
- block: merge: get the 1st and last bvec via helpers (Ming Lei) [Orabug: 27775588]
- block: get the 1st and last bvec via helpers (Ming Lei)  [Orabug: 27775588]
- block: check virt boundary in bio_will_gap() (Ming Lei)  [Orabug: 27775588]
- block: bio: introduce helpers to get the 1st and last bvec (Ming Lei) [Orabug: 27775588]
- Failing to send a CLOSE if file is opened WRONLY and server reboots on a 4.x mount (Olga Kornievskaia)  [Orabug: 27848303]
- ext4: add validity checks for bitmap block numbers (Theodore Ts'o) [Orabug: 27854373]  {CVE-2018-1093} {CVE-2018-1093}
- ocfs2: Take inode cluster lock before moving reflinked inode from orphan dir (Ashish Samant)  [Orabug: 27869411]
- Input: gtco - fix potential out-of-bound access (Dmitry Torokhov) [Orabug: 27869844]  {CVE-2017-16643}
- Input: ims-psu - check if CDC union descriptor is sane (Dmitry Torokhov)  [Orabug: 27870333]  {CVE-2017-16645}
- vfio/pci: Virtualize Maximum Payload Size (Alex Williamson)
- vfio-pci: Virtualize PCIe   AF FLR (Alex Williamson)
- uek-rpm: Disable DMA CMA (Jianchao Wang)  [Orabug: 27892359]
- nvme-pci: fix multiple ctrl removal scheduling (Rakesh Pandit) [Orabug: 27892359]
- nvme-pci: Fix nvme queue cleanup if IRQ setup fails (Jianchao Wang) [Orabug: 27892359]
- nvme/pci: Fix stuck nvme reset (Keith Busch)  [Orabug: 27892359]
- nvme: don't schedule multiple resets (Keith Busch)  [Orabug: 27892359]
- blk-mq: fix use-after-free in blk_mq_free_tag_set() (Junichi Nomura) [Orabug: 27892359]
- USB: core: prevent malicious bNumInterfaces overflow (Alan Stern) [Orabug: 27895909]
- driver core: platform: fix race condition with driver_override (Adrian Salido)  [Orabug: 27897874]  {CVE-2017-12146}
- usb/core: usb_alloc_dev(): fix setting of ->portnum (Nicolai Stange) [Orabug: 27908746]

USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16995)

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash).
(CVE-2017-16914)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).
(CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device.
A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)

It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075)

It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)

Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm.
(CVE-2017-7518)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332)

Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

Fan Long Fei  discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16995)

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash).
(CVE-2017-16914)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).
(CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device.
A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's' default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)

It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075)

It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)

Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm.
(CVE-2017-7518)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332)

Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

Fan Long Fei  discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).
(CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks' default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332)

Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

Fan Long Fei  discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3617-1 fixed vulnerabilities in the Linux kernel for Ubuntu 17.10.
This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).
(CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks' default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332)

Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

Fan Long Fei  discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the ASIX Ethernet USB driver in the Linux kernel did not properly handle suspend and resume events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16647)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).
(CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a tasks' default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332)

Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

Fan Long Fei  discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.103 to receive various security and bugfixes. This update enables SMB encryption in the CIFS support in the Linux Kernel (fate#324404) The following security bugs were fixed :

  - CVE-2017-1000410: The Linux kernel was affected by an     information leak in the processing of incoming L2CAP     commands - ConfigRequest, and ConfigResponse messages.
    (bnc#1070535).

  - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux     kernel did not ensure that the dir value of     xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which     allowed local users to cause a denial of service     (out-of-bounds access) or possibly have unspecified     other impact via an XFRM_MSG_MIGRATE xfrm Netlink     message (bnc#1050231).

  - CVE-2017-12193: The     assoc_array_insert_into_terminal_node function in     lib/assoc_array.c in the Linux kernel mishandled node     splitting, which allowed local users to cause a denial     of service (NULL pointer dereference and panic) via a     crafted application, as demonstrated by the keyring key     type, and key addition and link creation operations     (bnc#1066192).

  - CVE-2017-15115: The sctp_do_peeloff function in     net/sctp/socket.c in the Linux kernel did not check     whether the intended netns is used in a peel-off action,     which allowed local users to cause a denial of service     (use-after-free and system crash) or possibly have     unspecified other impact via crafted system calls     (bnc#1068671).

  - CVE-2017-15265: Race condition in the ALSA subsystem in     the Linux kernel allowed local users to cause a denial     of service (use-after-free) or possibly have unspecified     other impact via crafted /dev/snd/seq ioctl calls,     related to sound/core/seq/seq_clientmgr.c and     sound/core/seq/seq_ports.c (bnc#1062520).

  - CVE-2017-16528: sound/core/seq_device.c in the Linux     kernel allowed local users to cause a denial of service     (snd_rawmidi_dev_seq_free use-after-free and system     crash) or possibly have unspecified other impact via a     crafted USB device (bnc#1066629).

  - CVE-2017-16536: The cx231xx_usb_probe function in     drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux     kernel allowed local users to cause a denial of service     (NULL pointer dereference and system crash) or possibly     have unspecified other impact via a crafted USB device     (bnc#1066606).

  - CVE-2017-16537: The imon_probe function in     drivers/media/rc/imon.c in the Linux kernel allowed     local users to cause a denial of service (NULL pointer     dereference and system crash) or possibly have     unspecified other impact via a crafted USB device     (bnc#1066573).

  - CVE-2017-16645: The ims_pcu_get_cdc_union_desc function     in drivers/input/misc/ims-pcu.c in the Linux kernel     allowed local users to cause a denial of service     (ims_pcu_parse_cdc_data out-of-bounds read and system     crash) or possibly have unspecified other impact via a     crafted USB device (bnc#1067132).

  - CVE-2017-16646:
    drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux     kernel allowed local users to cause a denial of service     (BUG and system crash) or possibly have unspecified     other impact via a crafted USB device (bnc#1067105).

  - CVE-2017-16994: The walk_hugetlb_range function in     mm/pagewalk.c in the Linux kernel mishandled holes in     hugetlb ranges, which allowed local users to obtain     sensitive information from uninitialized kernel memory     via crafted use of the mincore() system call     (bnc#1069996).

  - CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in     the Linux kernel did not require the CAP_NET_ADMIN     capability for new, get, and del operations, which     allowed local users to bypass intended access     restrictions because the nfnl_cthelper_list data     structure is shared across all net namespaces     (bnc#1071693).

  - CVE-2017-17449: The __netlink_deliver_tap_skb function     in net/netlink/af_netlink.c in the Linux kernel through     4.14.4, when CONFIG_NLMON is enabled, did not restrict     observations of Netlink messages to a single net     namespace, which allowed local users to obtain sensitive     information by leveraging the CAP_NET_ADMIN capability     to sniff an nlmon interface for all Netlink activity on     the system (bnc#1071694).

  - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux     kernel did not require the CAP_NET_ADMIN capability for     add_callback and remove_callback operations, which     allowed local users to bypass intended access     restrictions because the xt_osf_fingers data structure     is shared across all net namespaces (bnc#1071695).

  - CVE-2017-7482: Fixed an overflow when decoding a krb5     principal. (bnc#1046107).

  - CVE-2017-8824: The dccp_disconnect function in     net/dccp/proto.c in the Linux kernel allowed local users     to gain privileges or cause a denial of service     (use-after-free) via an AF_UNSPEC connect system call     during the DCCP_LISTEN state (bnc#1070771).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.103 to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2017-1000410: The Linux kernel was affected by an     information lea that lies in the processing of incoming     L2CAP commands - ConfigRequest, and ConfigResponse     messages. (bnc#1070535).

  - CVE-2017-11600: net/xfrm/xfrm_policy.c in the Linux     kernel did not ensure that the dir value of     xfrm_userpolicy_id is XFRM_POLICY_MAX or less, which     allowed local users to cause a denial of service     (out-of-bounds access) or possibly have unspecified     other impact via an XFRM_MSG_MIGRATE xfrm Netlink     message (bnc#1050231).

  - CVE-2017-12193: The     assoc_array_insert_into_terminal_node function in     lib/assoc_array.c in the Linux kernel mishandled node     splitting, which allowed local users to cause a denial     of service (NULL pointer dereference and panic) via a     crafted application, as demonstrated by the keyring key     type, and key addition and link creation operations     (bnc#1066192).

  - CVE-2017-15115: The sctp_do_peeloff function in     net/sctp/socket.c in the Linux kernel did not check     whether the intended netns is used in a peel-off action,     which allowed local users to cause a denial of service     (use-after-free and system crash) or possibly have     unspecified other impact via crafted system calls     (bnc#1068671).

  - CVE-2017-16528: sound/core/seq_device.c in the Linux     kernel allowed local users to cause a denial of service     (snd_rawmidi_dev_seq_free use-after-free and system     crash) or possibly have unspecified other impact via a     crafted USB device (bnc#1066629).

  - CVE-2017-16536: The cx231xx_usb_probe function in     drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux     kernel allowed local users to cause a denial of service     (NULL pointer dereference and system crash) or possibly     have unspecified other impact via a crafted USB device     (bnc#1066606).

  - CVE-2017-16537: The imon_probe function in     drivers/media/rc/imon.c in the Linux kernel allowed     local users to cause a denial of service (NULL pointer     dereference and system crash) or possibly have     unspecified other impact via a crafted USB device     (bnc#1066573).

  - CVE-2017-16645: The ims_pcu_get_cdc_union_desc function     in drivers/input/misc/ims-pcu.c in the Linux kernel     allowed local users to cause a denial of service     (ims_pcu_parse_cdc_data out-of-bounds read and system     crash) or possibly have unspecified other impact via a     crafted USB device (bnc#1067132).

  - CVE-2017-16646:
    drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux     kernel allowed local users to cause a denial of service     (BUG and system crash) or possibly have unspecified     other impact via a crafted USB device (bnc#1067105).

  - CVE-2017-16994: The walk_hugetlb_range function in     mm/pagewalk.c in the Linux kernel mishandled holes in     hugetlb ranges, which allowed local users to obtain     sensitive information from uninitialized kernel memory     via crafted use of the mincore() system call     (bnc#1069996).

  - CVE-2017-17448: net/netfilter/nfnetlink_cthelper.c in     the Linux kernel did not require the CAP_NET_ADMIN     capability for new, get, and del operations, which     allowed local users to bypass intended access     restrictions because the nfnl_cthelper_list data     structure is shared across all net namespaces     (bnc#1071693).

  - CVE-2017-17449: The __netlink_deliver_tap_skb function     in net/netlink/af_netlink.c in the Linux kernel did not     restrict observations of Netlink messages to a single     net namespace, which allowed local users to obtain     sensitive information by leveraging the CAP_NET_ADMIN     capability to sniff an nlmon interface for all Netlink     activity on the system (bnc#1071694).

  - CVE-2017-17450: net/netfilter/xt_osf.c in the Linux     kernel did not require the CAP_NET_ADMIN capability for     add_callback and remove_callback operations, which     allowed local users to bypass intended access     restrictions because the xt_osf_fingers data structure     is shared across all net namespaces (bnc#1071695).

  - CVE-2017-7482: Fixed an overflow when decoding a krb5     principal. (bnc#1046107).

  - CVE-2017-8824: The dccp_disconnect function in     net/dccp/proto.c in the Linux kernel allowed local users     to gain privileges or cause a denial of service     (use-after-free) via an AF_UNSPEC connect system call     during the DCCP_LISTEN state (bnc#1070771).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A flaw was found in the patches used to fix the 'dirtycow' vulnerability (CVE-2016-5195). An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages. (CVE-2017-1000405)

Linux kernel Virtualization Module (CONFIG_KVM) for the Intel processor family (CONFIG_KVM_INTEL) is vulnerable to a DoS issue. It could occur if a guest was to flood the I/O port 0x80 with write requests. A guest user could use this flaw to crash the host kernel resulting in DoS. (CVE-2017-1000407)

A BUG in drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16647)

A BUG in drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (BUG and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16646)

The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (ims_pcu_parse_cdc_data out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device.
(CVE-2017-16645)

The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c in the Linux kernel before 4.13.11 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16643)

The walk_hugetlb_range() function in 'mm/pagewalk.c' file in the Linux kernel from v4.0-rc1 through v4.15-rc1 mishandles holes in hugetlb ranges. This allows local users to obtain sensitive information from uninitialized kernel memory via crafted use of the mincore() system call. (CVE-2017-16994)

The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16650)

The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in the Linux kernel through 4.13.11 allows local users to cause a denial of service (divide-by-zero error and system crash) or possibly have unspecified other impact via a crafted USB device. (CVE-2017-16649)

A vulnerability was found in the Linux kernel when peeling off an association to the socket in another network namespace. All transports in this association are not to be rehashed and keep using the old key in hashtable, thus removing transports from hashtable when closing the socket, all transports are being freed. Later on a use-after-free issue could be caused when looking up an association and dereferencing the transports. (CVE-2017-15115)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A flaw was found in the processing of incoming L2CAP     bluetooth commands. Uninitialized stack variables can     be sent to an attacker leaking data in kernel address     space.(CVE-2017-1000410)

  - The qmi_wwan_bind function in     drivers/net/usb/qmi_wwan.c in the Linux kernel through     4.13.11 allows local users to cause a denial of service     (divide-by-zero error and system crash) or possibly     have unspecified other impact via a crafted USB     device.(CVE-2017-16650)

  - The usbnet_generic_cdc_bind function in     drivers/net/usb/cdc_ether.c in the Linux kernel through     4.13.11 allows local users to cause a denial of service     (divide-by-zero error and system crash) or possibly     have unspecified other impact via a crafted USB     device.(CVE-2017-16649)

  - The ims_pcu_get_cdc_union_desc function in     drivers/input/misc/ims-pcu.c in the Linux kernel     through 4.13.11 allows local users to cause a denial of     service (ims_pcu_parse_cdc_data out-of-bounds read and     system crash) or possibly have unspecified other impact     via a crafted USB device.(CVE-2017-16645)

  - The hdpvr_probe function in     drivers/media/usb/hdpvr/hdpvr-core.c in the Linux     kernel through 4.13.11 allows local users to cause a     denial of service (improper error handling and system     crash) or possibly have unspecified other impact via a     crafted USB device.(CVE-2017-16644)

  - The parse_hid_report_descriptor function in     drivers/input/tablet/gtco.c in the Linux kernel before     4.13.11 allows local users to cause a denial of service     (out-of-bounds read and system crash) or possibly have     unspecified other impact via a crafted USB     device.(CVE-2017-16643)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  - A vulnerability was found in the key management     subsystem of the Linux kernel. An update on an     uninstantiated key could cause a kernel panic, leading     to denial of service (DoS).(CVE-2017-15299)

  - The usb_serial_console_disconnect function in     drivers/usb/serial/console.c in the Linux kernel before     4.13.8 allows local users to cause a denial of service     (use-after-free and system crash) or possibly have     unspecified other impact via a crafted USB device,     related to disconnection and failed     setup.(CVE-2017-16525)

  - drivers/uwb/uwbd.c in the Linux kernel before 4.13.6     allows local users to cause a denial of service     (general protection fault and system crash) or possibly     have unspecified other impact via a crafted USB     device.(CVE-2017-16526)

  - drivers/usb/core/config.c in the Linux kernel before     4.13.6 allows local users to cause a denial of service     (out-of-bounds read and system crash) or possibly have     unspecified other impact via a crafted USB device,     related to the USB_DT_INTERFACE_ASSOCIATION     descriptor.(CVE-2017-16531)

  - The get_endpoints function in     drivers/usb/misc/usbtest.c in the Linux kernel through     4.13.11 allows local users to cause a denial of service     (NULL pointer dereference and system crash) or possibly     have unspecified other impact via a crafted USB     device.(CVE-2017-16532)

  - The usbhid_parse function in     drivers/hid/usbhid/hid-core.c in the Linux kernel     before 4.13.8 allows local users to cause a denial of     service (out-of-bounds read and system crash) or     possibly have unspecified other impact via a crafted     USB device.(CVE-2017-16533)

  - The uas driver in the Linux kernel before 4.13.6 allows     local users to cause a denial of service (out-of-bounds     read and system crash) or possibly have unspecified     other impact via a crafted USB device, related to     drivers/usb/storage/uas-detect.h and     drivers/usb/storage/uas.c.(CVE-2017-16530)

  - The usb_get_bos_descriptor function in     drivers/usb/core/config.c in the Linux kernel before     4.13.10 allows local users to cause a denial of service     (out-of-bounds read and system crash) or possibly have     unspecified other impact via a crafted USB     device.(CVE-2017-16535)

  - A flaw was found that sound/core/timer.c in the Linux     kernel before 4.11.5 is vulnerable to a data race in     the ALSA /dev/snd/timer driver resulting in local users     being able to read information belonging to other     users. Uninitialized memory contents may be disclosed     when a read and an ioctl happen at the same     time.(CVE-2017-1000380)

  - The imon_probe function in drivers/media/rc/imon.c in     the Linux kernel through 4.13.11 allows local users to     cause a denial of service (NULL pointer dereference and     system crash) or possibly have unspecified other impact     via a crafted USB device.(CVE-2017-16537)

  - drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux     kernel through 4.13.11 allows local users to cause a     denial of service (general protection fault and system     crash) or possibly have unspecified other impact via a     crafted USB device, related to a missing warm-start     check and incorrect attach timing     (dm04_lme2510_frontend_attach versus     dm04_lme2510_tuner).(CVE-2017-16538)

  - The cx231xx_usb_probe function in     drivers/media/usb/cx231xx/cx231xx-cards.c in the Linux     kernel through 4.13.11 allows local users to cause a     denial of service (NULL pointer dereference and system     crash) or possibly have unspecified other impact via a     crafted USB device.(CVE-2017-16536)

  - The ims_pcu_get_cdc_union_desc function in     drivers/input/misc/ims-pcu.c in the Linux kernel     through 4.13.11 allows local users to cause a denial of     service (ims_pcu_parse_cdc_data out-of-bounds read and     system crash) or possibly have unspecified other impact     via a crafted USB device.(CVE-2017-16645)

  - The parse_hid_report_descriptor function in     drivers/input/tablet/gtco.c in the Linux kernel before     4.13.11 allows local users to cause a denial of service     (out-of-bounds read and system crash) or possibly have     unspecified other impact via a crafted USB     device.(CVE-2017-16643)

  - The hdpvr_probe function in     drivers/media/usb/hdpvr/hdpvr-core.c in the Linux     kernel through 4.13.11 allows local users to cause a     denial of service (improper error handling and system     crash) or possibly have unspecified other impact via a     crafted USB device.(CVE-2017-16644)

  - The cdc_parse_cdc_header function in     drivers/usb/core/message.c in the Linux kernel before     4.13.6 allows local users to cause a denial of service     (out-of-bounds read and system crash) or possibly have     unspecified other impact via a crafted USB     device.(CVE-2017-16534)

  - The qmi_wwan_bind function in     drivers/net/usb/qmi_wwan.c in the Linux kernel through     4.13.11 allows local users to cause a denial of service     (divide-by-zero error and system crash) or possibly     have unspecified other impact via a crafted USB     device.(CVE-2017-16650)

  - The usbnet_generic_cdc_bind function in     drivers/net/usb/cdc_ether.c in the Linux kernel through     4.13.11 allows local users to cause a denial of service     (divide-by-zero error and system crash) or possibly     have unspecified other impact via a crafted USB     device.(CVE-2017-16649)

  - The snd_usb_create_streams function in sound/usb/card.c     in the Linux kernel before 4.13.6 allows local users to     cause a denial of service (out-of-bounds read and     system crash) or possibly have unspecified other impact     via a crafted USB device.(CVE-2017-16529)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
124988	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1535)	Nessus	Huawei Local Security Checks	high
124824	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1501)	Nessus	Huawei Local Security Checks	high
112113	Ubuntu 14.04 LTS : linux vulnerabilities (USN-3754-1)	Nessus	Ubuntu Local Security Checks	high
109426	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0037)	Nessus	OracleVM Local Security Checks	high
109386	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4084)	Nessus	Oracle Linux Local Security Checks	high
108878	Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2)	Nessus	Ubuntu Local Security Checks	high
108842	Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1)	Nessus	Ubuntu Local Security Checks	high
108840	Ubuntu 17.10 : linux-raspi2 vulnerabilities (USN-3617-3)	Nessus	Ubuntu Local Security Checks	high
108835	Ubuntu 16.04 LTS : linux-hwe, linux-gcp, linux-oem vulnerabilities (USN-3617-2)	Nessus	Ubuntu Local Security Checks	high
108834	Ubuntu 17.10 : linux vulnerabilities (USN-3617-1)	Nessus	Ubuntu Local Security Checks	high
105461	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3410-1)	Nessus	SuSE Local Security Checks	high
105460	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:3398-1)	Nessus	SuSE Local Security Checks	high
105422	Amazon Linux AMI : kernel (ALAS-2017-937) (Dirty COW)	Nessus	Amazon Linux Local Security Checks	high
105364	openSUSE Security Update : the Linux Kernel (openSUSE-2017-1391) (Dirty COW)	Nessus	SuSE Local Security Checks	high
105344	openSUSE Security Update : the Linux Kernel (openSUSE-2017-1390) (Dirty COW)	Nessus	SuSE Local Security Checks	high
105047	EulerOS 2.0 SP2 : kernel (EulerOS-SA-2017-1319)	Nessus	Huawei Local Security Checks	high
104910	EulerOS 2.0 SP1 : kernel (EulerOS-SA-2017-1291)	Nessus	Huawei Local Security Checks	high

CVE-2017-16645

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins