http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1b53cf9815bb4744958d41f3795d5d5a1d365e2d

97308

https://github.com/torvalds/linux/commit/1b53cf9815bb4744958d41f3795d5d5a1d365e2d

https://source.android.com/security/bulletin/2017-10-01

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.10.7

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The kernel package contains the Linux kernel (vmlinuz),     the core of any Linux operating system. The kernel     handles the basic functions of the operating system:
    memory allocation, process allocation, device input and     output, etc.Security Fix(es):A flaw named FragmentSmack     was found in the way the Linux kernel handled     reassembly of fragmented IPv4 and IPv6 packets. A     remote attacker could use this flaw to trigger time and     calculation expensive fragment reassembly algorithm by     sending specially crafted packets which could lead to a     CPU saturation and hence a denial of service on the     system.(CVE-2018-5391)Multiple out-of-bounds write     flaws were found in the way the Cherry Cymotion     keyboard driver, KYE/Genius device drivers, Logitech     device drivers, Monterey Genius KB29E keyboard driver,     Petalynx Maxter remote control driver, and Sunplus     wireless desktop driver handled HID reports with an     invalid report descriptor size. An attacker with     physical access to the system could use either of these     flaws to write data past an allocated memory     buffer.(CVE-2014-3184)The __get_data_block function in     fs/f2fs/data.c in the Linux kernel before 4.11 allows     local users to cause a denial of service (integer     overflow and loop) via crafted use of the open and     fallocate system calls with an FS_IOC_FIEMAP     ioctl.(CVE-2017-18257)netetfilter/xt_osf.c in the Linux     kernel through 4.14.4 does not require the     CAP_NET_ADMIN capability for add_callback and     remove_callback operations. This allows local users to     bypass intended access restrictions because the     xt_osf_fingers data structure is shared across all     network namespaces.(CVE-2017-17450)A denial of service     flaw was discovered in the Linux kernel, where a race     condition caused a NULL pointer dereference in the RDS     socket-creation code. A local attacker could use this     flaw to create a situation in which a NULL pointer     crashed the kernel.(CVE-2015-7990)An issue was     discovered in the Linux kernel before 4.19.9. The USB     subsystem mishandles size checks during the reading of     an extra descriptor, related to
    __usb_get_extra_descriptor in     drivers/usb/core/usb.c.(CVE-2018-20169)mm/memory.c in     the Linux kernel before 4.1.4 mishandles anonymous     pages, which allows local users to gain privileges or     cause a denial of service (page tainting) via a crafted     application that triggers writing to page     zero.(CVE-2015-3288)The ovl_setattr function in     fs/overlayfs/inode.c in the Linux kernel through 4.3.3     attempts to merge distinct setattr operations, which     allows local users to bypass intended access     restrictions and modify the attributes of arbitrary     overlay files via a crafted     application.(CVE-2015-8660)A flaw was found in the     Linux kernel where a local user with a shell account     can abuse the userfaultfd syscall when using hugetlbfs.
    A missing size check in hugetlb_mcopy_atomic_pte could     create an invalid inode variable, leading to a kernel     panic.(CVE-2017-15128)An integer overflow flaw was     found in the way the lzo1x_decompress_safe() function     of the Linux kernel's LZO implementation processed     Literal Runs. A local attacker could, in extremely rare     cases, use this flaw to crash the system or,     potentially, escalate their privileges on the     system.(CVE-2014-4608)It was found that Linux kernel's     ptrace subsystem did not properly sanitize the     address-space-control bits when the program-status word     (PSW) was being set. On IBM S/390 systems, a local,     unprivileged user could use this flaw to set     address-space-control bits to the kernel space, and     thus gain read and write access to kernel     memory.(CVE-2014-3534)A use-after-free flaw was found     in the Linux kernel's file system encryption     implementation. A local user could revoke keyring keys     being used for ext4, f2fs, or ubifs encryption, causing     a denial of service on the system.(CVE-2017-7374)The     usbip_recv_xbuff function in     drivers/usb/usbip/usbip_common.c in the Linux kernel     before 4.5.3 allows remote attackers to cause a denial     of service (out-of-bounds write) or possibly have     unspecified other impact via a crafted length value in     a USB/IP packet.(CVE-2016-3955)A flaw was found in the     patches used to fix the 'dirtycow' vulnerability     (CVE-2016-5195). An attacker, able to run local code,     can exploit a race condition in transparent huge pages     to modify usually read-only huge     pages.(CVE-2017-1000405)The aio_mount function in     fs/aio.c in the Linux kernel does not properly restrict     execute access, which makes it easier for local users     to bypass intended SELinux W^X policy     restrictions.(CVE-2016-10044)The Serial Attached SCSI     (SAS) implementation in the Linux kernel mishandles a     mutex within libsas. This allows local users to cause a     denial of service (deadlock) by triggering certain     error-handling code.(CVE-2017-18232)A use-after-free     vulnerability was found in tcp_xmit_retransmit_queue     and other tcp_* functions. This condition could allow     an attacker to send an incorrect selective     acknowledgment to existing connections, possibly     resetting a connection.(CVE-2016-6828)The instruction     decoder in arch/x86/kvm/emulate.c in the KVM subsystem     in the Linux kernel before 3.18-rc2 does not properly     handle invalid instructions, which allows guest OS     users to cause a denial of service (NULL pointer     dereference and host OS crash) via a crafted     application that triggers (1) an improperly fetched     instruction or (2) an instruction that occupies too     many bytes. NOTE: this vulnerability exists because of     an incomplete fix for CVE-2014-8480.(CVE-2014-8481)The     snd_compress_check_input function in     sound/core/compress_offload.c in the ALSA subsystem in     the Linux kernel before 3.17 does not properly check     for an integer overflow, which allows local users to     cause a denial of service (insufficient memory     allocation) or possibly have unspecified other impact     via a crafted SNDRV_COMPRESS_SET_PARAMS ioctl     call.(CVE-2014-9904)The resv_map_release function in     mm/hugetlb.c in the Linux kernel, through 4.15.7,     allows local users to cause a denial of service (BUG)     via a crafted application that makes mmap system calls     and has a large pgoff argument to the remap_file_pages     system call.(CVE-2018-7740)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3342-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.10.
This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.10 for Ubuntu 16.04 LTS.

USN-3333-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)

Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)

Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7294)

It was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.
(CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.
(CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN 3326-1 fixed a vulnerability in the Linux kernel. However, that fix introduced regressions for some Java applications. This update addresses the issue. We apologize for the inconvenience.

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)

Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)

Li Qiang discovered that an integer overflow vulnerability existed in the Direct Rendering Manager (DRM) driver for VMware devices in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-7294)

It was discovered that a double-free vulnerability existed in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.
(CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.
(CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

It was discovered that the IPv6 stack in the Linux kernel was performing its over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2017-9242).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)

It was discovered that the stack guard page for processes in the Linux kernel was not sufficiently large enough to prevent overlapping with the heap. An attacker could leverage this with another vulnerability to execute arbitrary code and gain administrative privileges (CVE-2017-1000364)

Roee Hay discovered that the parallel port printer driver in the Linux kernel did not properly bounds check passed arguments. A local attacker with write access to the kernel command line arguments could use this to execute arbitrary code. (CVE-2017-1000363)

Ingo Molnar discovered that the VideoCore DRM driver in the Linux kernel did not return an error after detecting certain overflows. A local attacker could exploit this issue to cause a denial of service (OOPS). (CVE-2017-5577)

A double free bug was discovered in the IPv4 stack of the Linux kernel. An attacker could use this to cause a denial of service (system crash). (CVE-2017-8890)

Andrey Konovalov discovered an IPv6 out-of-bounds read error in the Linux kernel's IPv6 stack. A local attacker could cause a denial of service or potentially other unspecified problems. (CVE-2017-9074)

Andrey Konovalov discovered a flaw in the handling of inheritance in the Linux kernel's IPv6 stack. A local user could exploit this issue to cause a denial of service or possibly other unspecified problems.
(CVE-2017-9075)

It was discovered that dccp v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems.
(CVE-2017-9076)

It was discovered that the transmission control protocol (tcp) v6 in the Linux kernel mishandled inheritance. A local attacker could exploit this issue to cause a denial of service or potentially other unspecified problems. (CVE-2017-9077)

It was discovered that the IPv6 stack was doing over write consistency check after the data was actually overwritten. A local attacker could exploit this flaw to cause a denial of service (system crash).
(CVE-2017-9242).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP2 kernel was updated to 4.4.58 to receive various security and bugfixes. Notable new/improved features :

  - Improved support for Hyper-V

  - Support for Matrox G200eH3

  - Support for tcp_westwood The following security bugs     were fixed :

  - CVE-2017-2671: The ping_unhash function in     net/ipv4/ping.c in the Linux kernel was too late in     obtaining a certain lock and consequently could not     ensure that disconnect function calls are safe, which     allowed local users to cause a denial of service (panic)     by leveraging access to the protocol value of     IPPROTO_ICMP in a socket system call (bnc#1031003).

  - CVE-2017-7308: The packet_set_ring function in     net/packet/af_packet.c in the Linux kernel did not     properly validate certain block-size data, which allowed     local users to cause a denial of service (overflow) or     possibly have unspecified other impact via crafted     system calls (bnc#1031579).

  - CVE-2017-7294: The vmw_surface_define_ioctl function in     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux     kernel did not validate addition of certain levels data,     which allowed local users to trigger an integer overflow     and out-of-bounds write, and cause a denial of service     (system hang or crash) or possibly gain privileges, via     a crafted ioctl call for a /dev/dri/renderD* device     (bnc#1031440).

  - CVE-2017-7261: The vmw_surface_define_ioctl function in     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux     kernel did not check for a zero value of certain levels     data, which allowed local users to cause a denial of     service (ZERO_SIZE_PTR dereference, and GPF and possibly     panic) via a crafted ioctl call for a /dev/dri/renderD*     device (bnc#1031052).

  - CVE-2017-7187: The sg_ioctl function in     drivers/scsi/sg.c in the Linux kernel allowed local     users to cause a denial of service (stack-based buffer     overflow) or possibly have unspecified other impact via     a large command size in an SG_NEXT_CMD_LEN ioctl call,     leading to out-of-bounds write access in the sg_write     function (bnc#1030213).

  - CVE-2017-7374: Use-after-free vulnerability in     fs/crypto/ in the Linux kernel allowed local users to     cause a denial of service (NULL pointer dereference) or     possibly gain privileges by revoking keyring keys being     used for ext4, f2fs, or ubifs encryption, causing     cryptographic transform objects to be freed prematurely     (bnc#1032006).

  - CVE-2016-10200: Race condition in the L2TPv3 IP     Encapsulation feature in the Linux kernel allowed local     users to gain privileges or cause a denial of service     (use-after-free) by making multiple bind system calls     without properly ascertaining whether a socket has the     SOCK_ZAPPED status, related to net/l2tp/l2tp_ip.c and     net/l2tp/l2tp_ip6.c (bnc#1028415).

  - CVE-2017-6345: The LLC subsystem in the Linux kernel did     not ensure that a certain destructor exists in required     circumstances, which allowed local users to cause a     denial of service (BUG_ON) or possibly have unspecified     other impact via crafted system calls (bnc#1027190).

  - CVE-2017-6346: Race condition in net/packet/af_packet.c     in the Linux kernel allowed local users to cause a     denial of service (use-after-free) or possibly have     unspecified other impact via a multithreaded application     that made PACKET_FANOUT setsockopt system calls     (bnc#1027189).

  - CVE-2017-6353: net/sctp/socket.c in the Linux kernel did     not properly restrict association peel-off operations     during certain wait states, which allowed local users to     cause a denial of service (invalid unlock and double     free) via a multithreaded application. NOTE: this     vulnerability exists because of an incorrect fix for     CVE-2017-5986 (bnc#1027066).

  - CVE-2017-6214: The tcp_splice_read function in     net/ipv4/tcp.c in the Linux kernel allowed remote     attackers to cause a denial of service (infinite loop     and soft lockup) via vectors involving a TCP packet with     the URG flag (bnc#1026722).

  - CVE-2016-2117: The atl2_probe function in     drivers/net/ethernet/atheros/atlx/atl2.c in the Linux     kernel incorrectly enables scatter/gather I/O, which     allowed remote attackers to obtain sensitive information     from kernel memory by reading packet data (bnc#968697).

  - CVE-2017-6347: The ip_cmsg_recv_checksum function in     net/ipv4/ip_sockglue.c in the Linux kernel had incorrect     expectations about skb data layout, which allowed local     users to cause a denial of service (buffer over-read) or     possibly have unspecified other impact via crafted     system calls, as demonstrated by use of the MSG_MORE     flag in conjunction with loopback UDP transmission     (bnc#1027179).

  - CVE-2016-9191: The cgroup offline implementation in the     Linux kernel mishandled certain drain operations, which     allowed local users to cause a denial of service (system     hang) by leveraging access to a container environment     for executing a crafted application (bnc#1008842).

  - CVE-2017-2596: The nested_vmx_check_vmptr function in     arch/x86/kvm/vmx.c in the Linux kernel improperly     emulated the VMXON instruction, which allowed KVM L1     guest OS users to cause a denial of service (host OS     memory consumption) by leveraging the mishandling of     page references (bnc#1022785).

  - CVE-2017-6074: The dccp_rcv_state_process function in     net/dccp/input.c in the Linux kernel mishandled     DCCP_PKT_REQUEST packet data structures in the LISTEN     state, which allowed local users to obtain root     privileges or cause a denial of service (double free)     via an application that made an IPV6_RECVPKTINFO     setsockopt system call (bnc#1026024).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The openSUSE Leap 42.2 kernel was updated to 4.4.62 to receive various security and bugfixes.

The following security bugs were fixed :

  - CVE-2017-7618: crypto/ahash.c in the Linux kernel     allowed attackers to cause a denial of service (API     operation calling its own callback, and infinite     recursion) by triggering EBUSY on a full queue     (bnc#1033340).

  - CVE-2016-4997: The compat IPT_SO_SET_REPLACE and     IP6T_SO_SET_REPLACE setsockopt implementations in the     netfilter subsystem in the Linux kernel allowed local     users to gain privileges or cause a denial of service     (memory corruption) by leveraging in-container root     access to provide a crafted offset value that triggers     an unintended decrement (bnc#986362).

  - CVE-2016-4998: The IPT_SO_SET_REPLACE setsockopt     implementation in the netfilter subsystem in the Linux     kernel allowed local users to cause a denial of service     (out-of-bounds read) or possibly obtain sensitive     information from kernel heap memory by leveraging     in-container root access to provide a crafted offset     value that leads to crossing a ruleset blob boundary     (bnc#986365).

  - CVE-2017-7616: Incorrect error handling in the     set_mempolicy and mbind compat syscalls in     mm/mempolicy.c in the Linux kernel allowed local users     to obtain sensitive information from uninitialized stack     data by triggering failure of a certain bitmap operation     (bnc#1033336).

  - CVE-2017-2671: The ping_unhash function in     net/ipv4/ping.c in the Linux kernel was too late in     obtaining a certain lock and consequently cannot ensure     that disconnect function calls are safe, which allowed     local users to cause a denial of service (panic) by     leveraging access to the protocol value of IPPROTO_ICMP     in a socket system call (bnc#1031003).

  - CVE-2017-7308: The packet_set_ring function in     net/packet/af_packet.c in the Linux kernel did not     properly validate certain block-size data, which allowed     local users to cause a denial of service (overflow) or     possibly have unspecified other impact via crafted     system calls (bnc#1031579).

  - CVE-2017-7294: The vmw_surface_define_ioctl function in     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux     kernel did not validate addition of certain levels data,     which allowed local users to trigger an integer overflow     and out-of-bounds write, and cause a denial of service     (system hang or crash) or possibly gain privileges, via     a crafted ioctl call for a /dev/dri/renderD* device     (bnc#1031440).

  - CVE-2017-7261: The vmw_surface_define_ioctl function in     drivers/gpu/drm/vmwgfx/vmwgfx_surface.c in the Linux     kernel did not check for a zero value of certain levels     data, which allowed local users to cause a denial of     service (ZERO_SIZE_PTR dereference, and GPF and possibly     panic) via a crafted ioctl call for a /dev/dri/renderD*     device (bnc#1031052).

  - CVE-2017-7187: The sg_ioctl function in     drivers/scsi/sg.c in the Linux kernel allowed local     users to cause a denial of service (stack-based buffer     overflow) or possibly have unspecified other impact via     a large command size in an SG_NEXT_CMD_LEN ioctl call,     leading to out-of-bounds write access in the sg_write     function (bnc#1030213).

  - CVE-2017-7374: Use-after-free vulnerability in     fs/crypto/ in the Linux kernel allowed local users to     cause a denial of service (NULL pointer dereference) or     possibly gain privileges by revoking keyring keys being     used for ext4, f2fs, or ubifs encryption, causing     cryptographic transform objects to be freed prematurely     (bnc#1032006).

The following non-security bugs were fixed :

  - acpi, nfit: fix acpi_nfit_flush_probe() crash     (bsc#1031717).

  - acpi, nfit: fix extended status translations for ACPI     DSMs (bsc#1031717).

  - arm64: hugetlb: fix the wrong address for several     functions (bsc#1032681).

  - arm64: hugetlb: fix the wrong return value for     huge_ptep_set_access_flags (bsc#1032681).

  - arm64: hugetlb: remove the wrong pmd check in     find_num_contig() (bsc#1032681).

  - arm64: Use full path in KBUILD_IMAGE definition     (bsc#1010032).

  - arm: Use full path in KBUILD_IMAGE definition     (bsc#1010032).

  - blacklist.conf: 73667e31a153 x86/hyperv: Hide unused     label

  - blacklist.conf: Add ed10858 ('scsi: smartpqi: fix time     handling') to blacklist

  - blacklist.conf: blacklist 9770404a which was     subsequently reverted

  - blacklist.conf: Blacklist f2fs fix

  - blacklist.conf: Blacklist unneeded commit, because of a     partial backport.

  - blacklist.conf: Split SP2 and SP3 entries to ease     merging

  - blacklist: Fix blacklisting of 0c313cb20732

  - block: copy NOMERGE flag from bio to request     (bsc#1030070).

  - bonding: fix 802.3ad aggregator reselection     (bsc#1029514).

  - btrfs: add transaction space reservation tracepoints     (bsc#1012452).

  - btrfs: allow unlink to exceed subvolume quota     (bsc#1019614).

  - btrfs: avoid uninitialized variable warning     (bsc#1012452).

  - btrfs: __btrfs_buffered_write: Reserve/release extents     aligned to block size (bsc#1012452).

  - btrfs: btrfs_ioctl_clone: Truncate complete page after     performing clone operation (bsc#1012452).

  - btrfs: btrfs_page_mkwrite: Reserve space in sectorsized     units (bsc#1012452).

  - btrfs: btrfs_submit_direct_hook: Handle map_length < bio     vector length (bsc#1012452).

  - btrfs: change how we update the global block rsv     (bsc#1012452).

  - btrfs: Change qgroup_meta_rsv to 64bit (bsc#1019614).

  - btrfs: check reserved when deciding to background flush     (bsc#1012452).

  - btrfs: Clean pte corresponding to page straddling i_size     (bsc#1012452).

  - btrfs: Compute and look up csums based on sectorsized     blocks (bsc#1012452).

  - btrfs: csum_tree_block: return proper errno value     (bsc#1012452).

  - btrfs: device add and remove: use GFP_KERNEL     (bsc#1012452).

  - btrfs: Direct I/O read: Work on sectorsized blocks     (bsc#1012452).

  - btrfs: do not write corrupted metadata blocks to disk     (bsc#1012452).

  - btrfs: extent same: use GFP_KERNEL for page array     allocations (bsc#1012452).

  - btrfs: fallback to vmalloc in btrfs_compare_tree     (bsc#1012452).

  - btrfs: fallocate: use GFP_KERNEL (bsc#1012452).

  - btrfs: fallocate: Work with sectorsized blocks     (bsc#1012452).

  - btrfs: Fix block size returned to user space     (bsc#1012452).

  - btrfs: fix build warning (bsc#1012452).

  - btrfs: fix delalloc accounting after copy_from_user     faults (bsc#1012452).

  - btrfs: fix extent_same allowing destination offset     beyond i_size (bsc#1012452).

  - btrfs: fix handling of faults from btrfs_copy_from_user     (bsc#1012452).

  - btrfs: fix invalid reference in replace_path     (bsc#1012452).

  - btrfs: fix listxattrs not listing all xattrs packed in     the same item (bsc#1012452).

  - btrfs: fix lockdep deadlock warning due to dev_replace     (bsc#1012452).

  - btrfs: fix truncate_space_check (bsc#1012452).

  - btrfs: Improve FL_KEEP_SIZE handling in fallocate     (bsc#1012452).

  - btrfs: let callers of btrfs_alloc_root pass gfp flags     (bsc#1012452).

  - btrfs: Limit inline extents to root->sectorsize     (bsc#1012452).

  - btrfs: make sure we stay inside the bvec during
    __btrfs_lookup_bio_sums (bsc#1012452).

  - btrfs: Output more info for enospc_debug mount option     (bsc#1012452).

  - btrfs: Print Warning only if ENOSPC_DEBUG is enabled     (bsc#1012452).

  - btrfs: qgroups: Retry after commit on getting EDQUOT     (bsc#1019614).

  - btrfs: reada: add all reachable mirrors into reada     device list (bsc#1012452).

  - btrfs: reada: Add missed segment checking in     reada_find_zone (bsc#1012452).

  - btrfs: reada: Avoid many times of empty loop     (bsc#1012452).

  - btrfs: reada: avoid undone reada extents in     btrfs_reada_wait (bsc#1012452).

  - btrfs: reada: bypass adding extent when all zone failed     (bsc#1012452).

  - btrfs: reada: Fix a debug code typo (bsc#1012452).

  - btrfs: reada: Fix in-segment calculation for reada     (bsc#1012452).

  - btrfs: reada: ignore creating reada_extent for a     non-existent device (bsc#1012452).

  - btrfs: reada: Jump into cleanup in direct way for
    __readahead_hook() (bsc#1012452).

  - btrfs: reada: limit max works count (bsc#1012452).

  - btrfs: reada: Move is_need_to_readahead contition     earlier (bsc#1012452).

  - btrfs: reada: move reada_extent_put to place after
    __readahead_hook() (bsc#1012452).

  - btrfs: reada: Pass reada_extent into __readahead_hook     directly (bsc#1012452).

  - btrfs: reada: reduce additional fs_info->reada_lock in     reada_find_zone (bsc#1012452).

  - btrfs: reada: Remove level argument in severial     functions (bsc#1012452).

  - btrfs: reada: simplify dev->reada_in_flight processing     (bsc#1012452).

  - btrfs: reada: Use fs_info instead of root in
    __readahead_hook's argument (bsc#1012452).

  - btrfs: reada: use GFP_KERNEL everywhere (bsc#1012452).

  - btrfs: readdir: use GFP_KERNEL (bsc#1012452).

  - btrfs: remove redundant error check (bsc#1012452).

  - btrfs: Reset IO error counters before start of device     replacing (bsc#1012452).

  - btrfs: scrub: use GFP_KERNEL on the submission path     (bsc#1012452).

  - btrfs: Search for all ordered extents that could span     across a page (bsc#1012452).

  - btrfs: send: use GFP_KERNEL everywhere (bsc#1012452).

  - btrfs: switch to kcalloc in btrfs_cmp_data_prepare     (bsc#1012452).

  - btrfs: Use (eb->start, seq) as search key for tree     modification log (bsc#1012452).

  - btrfs: use proper type for failrec in extent_state     (bsc#1012452).

  - ceph: fix recursively call between ceph_set_acl and
    __ceph_setattr (bsc#1034902).

  - cgroup/pids: remove spurious suspicious RCU usage     warning (bnc#1031831).

  - cxgb4: Add control net_device for configuring PCIe VF     (bsc#1021424).

  - cxgb4: Add llseek operation for flash debugfs entry     (bsc#1021424).

  - cxgb4: add new routine to get adapter info     (bsc#1021424).

  - cxgb4: Add PCI device ID for new adapter (bsc#1021424).

  - cxgb4: Add port description for new cards (bsc#1021424).

  - cxgb4: Add support to enable logging of firmware mailbox     commands (bsc#1021424).

  - cxgb4: Check for firmware errors in the mailbox command     loop (bsc#1021424).

  - cxgb4: correct device ID of T6 adapter (bsc#1021424).

  - cxgb4/cxgb4vf: Add set VF mac address support     (bsc#1021424).

  - cxgb4/cxgb4vf: Allocate more queues for 25G and 100G     adapter (bsc#1021424).

  - cxgb4/cxgb4vf: Assign netdev->dev_port with port ID     (bsc#1021424).

  - cxgb4/cxgb4vf: Display 25G and 100G link speed     (bsc#1021424).

  - cxgb4/cxgb4vf: Remove deprecated module parameters     (bsc#1021424).

  - cxgb4: DCB message handler needs to use correct portid     to netdev mapping (bsc#1021424).

  - cxgb4: Decode link down reason code obtained from     firmware (bsc#1021424).

  - cxgb4: Do not assume FW_PORT_CMD reply is always port     info msg (bsc#1021424).

  - cxgb4: do not call napi_hash_del() (bsc#1021424).

  - cxgb4: Do not sleep when mbox cmd is issued from     interrupt context (bsc#1021424).

  - cxgb4: Enable SR-IOV configuration via PCI sysfs     interface (bsc#1021424).

  - cxgb4: Fix issue while re-registering VF mgmt netdev     (bsc#1021424).

  - cxgb4: MU requested by Chelsio (bsc#1021424).

  - cxgb4: Properly decode port module type (bsc#1021424).

  - cxgb4: Refactor t4_port_init function (bsc#1021424).

  - cxgb4: Reset dcb state machine and tx queue prio only if     dcb is enabled (bsc#1021424).

  - cxgb4: Support compressed error vector for T6     (bsc#1021424).

  - cxgb4: Synchronize access to mailbox (bsc#1021424).

  - cxgb4: update latest firmware version supported     (bsc#1021424).

  - device-dax: fix private mapping restriction, permit     read-only (bsc#1031717).

  - drivers: hv: util: do not forget to init host_ts.lock     (bsc#1031206).

  - drivers: hv: vmbus: Raise retry/wait limits in     vmbus_post_msg() (fate#320485, bsc#1023287,     bsc#1028217).

  - drm/i915: Fix crash after S3 resume with DP MST mode     change (bsc#1029634).

  - drm/i915: Introduce Kabypoint PCH for Kabylake H/DT     (bsc#1032581).

  - drm/i915: Only enable hotplug interrupts if the display     interrupts are enabled (bsc#1031717).

  - ext4: fix use-after-iput when fscrypt contexts are     inconsistent (bsc#1012829).

  - hid: usbhid: Quirk a AMI virtual mouse and keyboard with     ALWAYS_POLL (bsc#1022340).

  - hv: export current Hyper-V clocksource (bsc#1031206).

  - hv_utils: implement Hyper-V PTP source (bsc#1031206).

  - ibmvnic: Allocate number of rx/tx buffers agreed on by     firmware (fate#322021, bsc#1031512).

  - ibmvnic: Call napi_disable instead of napi_enable in     failure path (fate#322021, bsc#1031512).

  - ibmvnic: Correct ibmvnic handling of device open/close     (fate#322021, bsc#1031512).

  - ibmvnic: Fix endian errors in error reporting output     (fate#322021, bsc#1031512).

  - ibmvnic: Fix endian error when requesting device     capabilities (fate#322021, bsc#1031512).

  - ibmvnic: Fix initial MTU settings (bsc#1031512).

  - ibmvnic: Fix overflowing firmware/hardware TX queue     (fate#322021, bsc#1031512).

  - ibmvnic: Free tx/rx scrq pointer array when releasing     sub-crqs (fate#322021, bsc#1031512).

  - ibmvnic: Handle processing of CRQ messages in a tasklet     (fate#322021, bsc#1031512).

  - ibmvnic: Initialize completion variables before starting     work (fate#322021, bsc#1031512).

  - ibmvnic: Make CRQ interrupt tasklet wait for all     capabilities crqs (fate#322021, bsc#1031512).

  - ibmvnic: Move ibmvnic adapter intialization to its own     routine (fate#322021, bsc#1031512).

  - ibmvnic: Move login and queue negotiation into     ibmvnic_open (fate#322021, bsc#1031512).

  - ibmvnic: Move login to its own routine (fate#322021,     bsc#1031512).

  - ibmvnic: Use common counter for capabilities checks     (fate#322021, bsc#1031512).

  - ibmvnic: use max_mtu instead of req_mtu for MTU range     check (bsc#1031512).

  - iommu/vt-d: Make sure IOMMUs are off when     intel_iommu=off (bsc#1031208).

  - iscsi-target: Return error if unable to add network     portal (bsc#1032803).

  - kABI: restore ttm_ref_object_add parameters (kabi).

  - kgr: Mark eeh_event_handler() kthread safe using a     timeout (bsc#1031662).

  - kvm: svm: add support for RDTSCP (bsc#1033117).

  - l2tp: hold tunnel socket when handling control frames in     l2tp_ip and l2tp_ip6 (bsc#1028415).

  - libcxgb: add library module for Chelsio drivers     (bsc#1021424).

  - libnvdimm, pfn: fix memmap reservation size versus 4K     alignment (bsc#1031717).

  - locking/semaphore: Add down_interruptible_timeout()     (bsc#1031662).

  - md: handle read-only member devices better     (bsc#1033281).

  - mem-hotplug: fix node spanned pages when we have a     movable node (bnc#1034671).

  - mm/huge_memory.c: respect FOLL_FORCE/FOLL_COW for thp     (bnc#1030118).

  - mm/memblock.c: fix memblock_next_valid_pfn()     (bnc#1031200).

  - mm: page_alloc: skip over regions of invalid pfns where     possible (bnc#1031200).

  - netfilter: allow logging from non-init namespaces     (bsc#970083).

  - net: ibmvnic: Remove unused net_stats member from struct     ibmvnic_adapter (fate#322021, bsc#1031512).

  - nfs: flush out dirty data on file fput() (bsc#1021762).

  - nvme: Delete created IO queues on reset (bsc#1031717).

  - overlayfs: compat, fix incorrect dentry use in     ovl_rename2 (bsc#1032400).

  - overlayfs: compat, use correct dentry to detect compat     mode in ovl_compat_is_whiteout (bsc#1032400).

  - ping: implement proper locking (bsc#1031003).

  - powerpc/fadump: Reserve memory at an offset closer to     bottom of RAM (bsc#1032141).

  - powerpc/fadump: Update fadump documentation     (bsc#1032141).

  - Revert 'btrfs: qgroup: Move half of the qgroup     accounting time out of' (bsc#1017461 bsc#1033885).

  - Revert 'btrfs: qgroup: Move half of the qgroup     accounting time out of' This reverts commit     f69c1d0f6254c73529a48fd2f87815d047ad7288.

  - Revert 'Revert 'btrfs: qgroup: Move half of the qgroup     accounting time' This reverts commit     8567943ca56d937acfc417947cba917de653b09c.

  - sbp-target: Fix second argument of percpu_ida_alloc()     (bsc#1032803).

  - scsi: cxgb4i: libcxgbi: cxgb4: add T6 iSCSI completion     feature (bsc#1021424).

  - scsi_error: count medium access timeout only once per EH     run (bsc#993832, bsc#1032345).

  - scsi: ipr: do not set DID_PASSTHROUGH on CHECK CONDITION     (bsc#1034419).

  - scsi: ipr: Driver version 2.6.4 (bsc#1031555,     fate#321595).

  - scsi: ipr: Error path locking fixes (bsc#1031555,     fate#321595).

  - scsi: ipr: Fix abort path race condition (bsc#1031555,     fate#321595).

  - scsi: ipr: Fix missed EH wakeup (bsc#1031555,     fate#321595).

  - scsi: ipr: Fix SATA EH hang (bsc#1031555, fate#321595).

  - scsi: ipr: Remove redundant initialization (bsc#1031555,     fate#321595).

  - scsi_transport_fc: do not call queue_work under lock     (bsc#1013887).

  - scsi_transport_fc: fixup race condition in     fc_rport_final_delete() (bsc#1013887).

  - scsi_transport_fc: return -EBUSY for deleted vport     (bsc#1013887).

  - sysfs: be careful of error returns from ops->show()     (bsc#1028883).

  - thp: fix MADV_DONTNEED vs. numa balancing race     (bnc#1027974).

  - thp: reduce indentation level in change_huge_pmd()     (bnc#1027974).

  - tpm: fix checks for policy digest existence in     tpm2_seal_trusted() (bsc#1034048, Pending fixes     2017-04-10).

  - tpm: fix RC value check in tpm2_seal_trusted     (bsc#1034048, Pending fixes 2017-04-10).

  - tpm: fix: set continueSession attribute for the unseal     operation (bsc#1034048, Pending fixes 2017-04-10).

  - vmxnet3: segCnt can be 1 for LRO packets (bsc#988065).

  - x86/CPU/AMD: Fix Zen SMT topology (bsc#1027512).

  - x86/ioapic: Change prototype of acpi_ioapic_add()     (bsc#1027153, bsc#1027616).

  - x86/ioapic: Fix incorrect pointers in     ioapic_setup_resources() (bsc#1027153, bsc#1027616).

  - x86/ioapic: Fix IOAPIC failing to request resource     (bsc#1027153, bsc#1027616).

  - x86/ioapic: fix kABI (hide added include) (bsc#1027153,     bsc#1027616).

  - x86/ioapic: Fix lost IOAPIC resource after hot-removal     and hotadd (bsc#1027153, bsc#1027616).

  - x86/ioapic: Fix setup_res() failing to get resource     (bsc#1027153, bsc#1027616).

  - x86/ioapic: Ignore root bridges without a companion ACPI     device (bsc#1027153, bsc#1027616).

  - x86/ioapic: Simplify ioapic_setup_resources()     (bsc#1027153, bsc#1027616).

  - x86/ioapic: Support hot-removal of IOAPICs present     during boot (bsc#1027153, bsc#1027616).

  - x86/mce: Fix copy/paste error in exception table entries     (fate#319858).

  - x86/platform/uv: Fix calculation of Global Physical     Address (bsc#1031147).

  - x86/ras/therm_throt: Do not log a fake MCE for thermal     events (bsc#1028027).

  - xen: Use machine addresses in /sys/kernel/vmcoreinfo     when PV (bsc#1014136)

  - xgene_enet: remove bogus forward declarations     (bsc#1032673).

USN-3265-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)

Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)

Andrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations.
An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)

Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669)

Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5986)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)

Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash).
(CVE-2017-6345)

It was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)

Andrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6347)

Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that a use-after-free flaw existed in the filesystem encryption subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-7374)

Andrey Konovalov discovered an out-of-bounds access in the IPv6 Generic Routing Encapsulation (GRE) tunneling implementation in the Linux kernel. An attacker could use this to possibly expose sensitive information. (CVE-2017-5897)

Andrey Konovalov discovered that the IPv4 implementation in the Linux kernel did not properly handle invalid IP options in some situations.
An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2017-5970)

Gareth Evans discovered that the shm IPC subsystem in the Linux kernel did not properly restrict mapping page zero. A local privileged attacker could use this to execute arbitrary code. (CVE-2017-5669)

Alexander Popov discovered that a race condition existed in the Stream Control Transmission Protocol (SCTP) implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-5986)

Dmitry Vyukov discovered that the Linux kernel did not properly handle TCP packets with the URG flag. A remote attacker could use this to cause a denial of service. (CVE-2017-6214)

Andrey Konovalov discovered that the LLC subsytem in the Linux kernel did not properly set up a destructor in certain situations. A local attacker could use this to cause a denial of service (system crash).
(CVE-2017-6345)

It was discovered that a race condition existed in the AF_PACKET handling code in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-6346)

Andrey Konovalov discovered that the IP layer in the Linux kernel made improper assumptions about internal data layout when performing checksums. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-6347)

Dmitry Vyukov discovered race conditions in the Infrared (IrDA) subsystem in the Linux kernel. A local attacker could use this to cause a denial of service (deadlock). (CVE-2017-6348).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
124828	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1505)	Nessus	Huawei Local Security Checks	critical
101151	Ubuntu 16.04 LTS : linux-hwe vulnerabilities (USN-3342-2)	Nessus	Ubuntu Local Security Checks	high
101150	Ubuntu 16.10 : linux, linux-raspi2 vulnerabilities (USN-3342-1)	Nessus	Ubuntu Local Security Checks	high
100931	Ubuntu 16.04 LTS : linux-hwe, linux-meta-hwe vulnerabilities (USN-3333-1) (Stack Clash)	Nessus	Ubuntu Local Security Checks	high
100925	Ubuntu 16.10 : linux-meta-raspi2, linux-raspi2 vulnerabilities (USN-3327-1) (Stack Clash)	Nessus	Ubuntu Local Security Checks	high
100924	Ubuntu 16.10 : linux, linux-meta vulnerabilities (USN-3326-1) (Stack Clash)	Nessus	Ubuntu Local Security Checks	high
100023	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2017:1183-1)	Nessus	SuSE Local Security Checks	high
99927	openSUSE Security Update : the Linux Kernel (openSUSE-2017-532)	Nessus	SuSE Local Security Checks	high
99658	Ubuntu 14.04 LTS : linux-lts-xenial vulnerabilities (USN-3265-2)	Nessus	Ubuntu Local Security Checks	high
99657	Ubuntu 16.04 LTS : linux, linux-aws, linux-gke, linux-raspi2, linux-snapdragon vulnerabilities (USN-3265-1)	Nessus	Ubuntu Local Security Checks	high

CVE-2017-7374

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins