http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c70422f760c120480fee4de6c38804c72aa26bc1

98551

https://bugzilla.redhat.com/show_bug.cgi?id=1451386

https://github.com/torvalds/linux/commit/c70422f760c120480fee4de6c38804c72aa26bc1

https://www.spinics.net/lists/linux-nfs/msg63334.html

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The walk_hugetlb_range() function in 'mm/pagewalk.c'     file in the Linux kernel from v4.0-rc1 through     v4.15-rc1 mishandles holes in hugetlb ranges. This     allows local users to obtain sensitive information from     uninitialized kernel memory via crafted use of the     mincore() system call.(CVE-2017-16994i1/4%0

  - In the Linux kernel before 4.7, the amd_gpio_remove     function in drivers/pinctrl/pinctrl-amd.c calls the     pinctrl_unregister function, leading to a double     free.(CVE-2017-18174i1/4%0

  - In the Linux kernel through 4.20.11, af_alg_release()     in crypto/af_alg.c neglects to set a NULL value for a     certain structure member, which leads to a     use-after-free in sockfs_setattr.(CVE-2019-8912i1/4%0

  - A security flaw was found in the Linux kernel that an     attempt to move page mapped by AIO ring buffer to the     other node triggers NULL pointer dereference at     trace_writeback_dirty_page(), because     aio_fs_backing_dev_info.dev is 0.(CVE-2016-3070i1/4%0

  - The NFSv4 implementation in the Linux kernel through     4.11.1 allows local users to cause a denial of service     (resource consumption) by leveraging improper channel     callback shutdown when unmounting an NFSv4 filesystem,     aka a 'module reference and kernel daemon'     leak.(CVE-2017-9059i1/4%0

  - When creating audit records for parameters to executed     children processes, an attacker can convince the Linux     kernel audit subsystem can create corrupt records which     may allow an attacker to misrepresent or evade logging     of executing commands.(CVE-2016-6136i1/4%0

  - A use-after-free vulnerability was found in a network     namespaces code affecting the Linux kernel since     v4.0-rc1 through v4.15-rc5. The function     get_net_ns_by_id() does not check for the net::count     value after it has found a peer network in netns_ids     idr which could lead to double free and memory     corruption. This vulnerability could allow an     unprivileged local user to induce kernel memory     corruption on the system, leading to a crash. Due to     the nature of the flaw, privilege escalation cannot be     fully ruled out, although it is thought to be     unlikely.(CVE-2017-15129i1/4%0

  - A NULL pointer dereference flaw was found in the     rds_ib_laddr_check() function in the Linux kernel's     implementation of Reliable Datagram Sockets (RDS). A     local, unprivileged user could use this flaw to crash     the system.(CVE-2013-7339i1/4%0

  - A flaw was found in the Linux kernel key management     subsystem in which a local attacker could crash the     kernel or corrupt the stack and additional memory     (denial of service) by supplying a specially crafted     RSA key. This flaw panics the machine during the     verification of the RSA key.(CVE-2016-8650i1/4%0

  - The uio_mmap_physical function in drivers/uio/uio.c in     the Linux kernel before 3.12 does not validate the size     of a memory block, which allows local users to cause a     denial of service (memory corruption) or possibly gain     privileges via crafted mmap operations, a different     vulnerability than CVE-2013-4511.(CVE-2013-6763i1/4%0

  - In the Linux kernel before 4.20.5, attackers can     trigger a drivers/char/ipmi/ipmi_msghandler.c     use-after-free and OOPS by arranging for certain     simultaneous execution of the code, as demonstrated by     a 'service ipmievd restart' loop.(CVE-2019-9003i1/4%0

  - An integer overflow flaw was found in the way the Linux     kernel randomized the stack for processes on certain     64-bit architecture systems, such as x86-64, causing     the stack entropy to be reduced by     four.(CVE-2015-1593i1/4%0

  - The compat_sys_recvmmsg function in net/compat.c in the     Linux kernel before 3.13.2, when CONFIG_X86_X32 is     enabled, allows local users to gain privileges via a     recvmmsg system call with a crafted timeout pointer     parameter.(CVE-2014-0038i1/4%0

  - The kill_something_info function in kernel/signal.c in     the Linux kernel before 4.13, when an unspecified     architecture and compiler is used, might allow local     users to cause a denial of service via an INT_MIN     argument.(CVE-2018-10124i1/4%0

  - arch/s390/kernel/head64.S in the Linux kernel before     3.13.5 on the s390 platform does not properly handle     attempted use of the linkage stack, which allows local     users to cause a denial of service (system crash) by     executing a crafted instruction.(CVE-2014-2039i1/4%0

  - A flaw was found in the Linux kernel in that the     aoedisk_debugfs_show() function in     drivers/block/aoe/aoeblk.c allows local users to obtain     some kernel address information by reading a debugfs     file. This address is not useful to commit a further     attack.(CVE-2018-7754i1/4%0

  - ALSA sequencer core initializes the event pool on     demand by invoking snd_seq_pool_init() when the first     write happens and the pool is empty. A user can reset     the pool size manually via ioctl concurrently, and this     may lead to UAF or out-of-bound access.(CVE-2018-7566)

  - In the function wmi_set_ie() in the Linux kernel the     length validation code does not handle unsigned integer     overflow properly. As a result, a large value of the     aEUR~ie_lenaEURtm argument can cause a buffer overflow and     thus a memory corruption leading to a system crash or     other or unspecified impact. Due to the nature of the     flaw, privilege escalation cannot be fully ruled out,     although we believe it is unlikely.(CVE-2018-5848)

  - The Linux kernel does not properly initialize memory in     messages passed between virtual guests and the host     operating system in the vhost/vhost.c:vhost_new_msg()     function. This can allow local privileged users to read     some kernel memory contents when reading from the     /dev/vhost-net device file.(CVE-2018-1118)

  - Systems with microprocessors utilizing speculative     execution and speculative execution of memory reads     before the addresses of all prior memory writes are     known may allow unauthorized disclosure of information     to an attacker with local user access via a     side-channel analysis, aka Speculative Store Bypass     (SSB), Variant 4.(CVE-2018-3639)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of [linux,libxlt] packages for PhotonOS has been released.

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2018-0015 for details.

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0174 for details.

The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0145 for details.

The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0126 for details.

Module reference leak due to improper shut down of callback channel on umount :

The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service (resource consumption) by leveraging improper channel callback shutdown when unmounting an NFSv4 filesystem, aka a 'module reference and kernel daemon' leak.
(CVE-2017-9059)

Incorrect overwrite check in __ip6_append_data() :

The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux kernel through 4.11.3 is too late in checking whether an overwrite of an skb data structure may occur, which allows local users to cause a denial of service (system crash) via crafted system calls.
(CVE-2017-9242)

Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c :

The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in the Linux kernel allows attackers to cause a denial of service (double free) or possibly have unspecified other impact by leveraging use of the accept system call. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash.
Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-8890)

net: tcp_v6_syn_recv_sock function mishandles inheritance :

The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9077)

net: IPv6 DCCP implementation mishandles inheritance

The IPv6 DCCP implementation in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9076)

net: sctp_v6_create_accept_sk function mishandles inheritance :

The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux kernel mishandles inheritance, which allows local users to cause a denial of service or possibly have unspecified other impact via crafted system calls, a related issue to CVE-2017-8890 . An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely.(CVE-2017-9075)

net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option :

The IPv6 fragmentation implementation in the Linux kernel does not consider that the nexthdr field may be associated with an invalid option, which allows local users to cause a denial of service (out-of-bounds read and BUG) or possibly have unspecified other impact via crafted socket and send system calls. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is unlikely. (CVE-2017-9074)

The 4.10.17 stable kernel update contains a number of important fixes across the tree.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
124991	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1538)	Nessus	Huawei Local Security Checks	high
111867	Photon OS 1.0: Linux PHSA-2017-0018 (deprecated)	Nessus	PhotonOS Local Security Checks	high
106469	OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0015) (BlueBorne) (Meltdown) (Spectre) (Stack Clash)	Nessus	OracleVM Local Security Checks	critical
105248	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0174) (BlueBorne) (Dirty COW) (Stack Clash)	Nessus	OracleVM Local Security Checks	high
105247	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3659) (BlueBorne) (Dirty COW) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	high
102774	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0145) (Stack Clash)	Nessus	OracleVM Local Security Checks	critical
102773	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3609) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	critical
102064	OracleVM 3.4 : Unbreakable / etc (OVMSA-2017-0126) (Stack Clash)	Nessus	OracleVM Local Security Checks	critical
102059	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2017-3595) (Stack Clash)	Nessus	Oracle Linux Local Security Checks	critical
100999	Amazon Linux AMI : kernel (ALAS-2017-846)	Nessus	Amazon Linux Local Security Checks	high
100491	Fedora 24 : kernel (2017-85744f8aa9)	Nessus	Fedora Local Security Checks	high
100435	Fedora 25 : kernel (2017-273b67d5ee)	Nessus	Fedora Local Security Checks	high

CVE-2017-9059

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Tenable Plugins