http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5

1040749

https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5

USN-3619-1

USN-3619-2

USN-3630-1

USN-3630-2

USN-3632-1

New kernel packages are available for Slackware 14.2 to fix security issues.

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1480 advisory.

  - The Serial Attached SCSI (SAS) implementation in the Linux kernel through 4.15.9 mishandles a mutex within     libsas, which allows local users to cause a denial of service (deadlock) by triggering certain error-     handling code. (CVE-2017-18232)

  - The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8     does not validate certain resource availability, which allows local users to cause a denial of service     (NULL pointer dereference). (CVE-2018-8043)

  - A memory leak in the ccp_run_sha_cmd() function in drivers/crypto/ccp/ccp-ops.c in the Linux kernel     through 5.3.9 allows attackers to cause a denial of service (memory consumption), aka CID-128c66429247.
    (CVE-2019-18808)

  - A memory leak in the cx23888_ir_probe() function in drivers/media/pci/cx23885/cx23888-ir.c in the Linux     kernel through 5.3.11 allows attackers to cause a denial of service (memory consumption) by triggering     kfifo_alloc() failures, aka CID-a7b2df76b42b. (CVE-2019-19054)

  - A memory leak in the adis_update_scan_mode_burst() function in drivers/iio/imu/adis_buffer.c in the Linux     kernel before 5.3.9 allows attackers to cause a denial of service (memory consumption), aka     CID-9c0530e898f3. (CVE-2019-19061)

  - Memory leaks in drivers/net/wireless/ath/ath9k/htc_hst.c in the Linux kernel through 5.3.11 allow     attackers to cause a denial of service (memory consumption) by triggering wait_for_completion_timeout()     failures. This affects the htc_config_pipe_credits() function, the htc_setup_complete() function, and the     htc_connect_service() function, aka CID-853acf7caf10. (CVE-2019-19073)

  - A memory leak in the ath9k_wmi_cmd() function in drivers/net/wireless/ath/ath9k/wmi.c in the Linux kernel     through 5.3.11 allows attackers to cause a denial of service (memory consumption), aka CID-728c1e2a05e4.
    (CVE-2019-19074)

  - In a Linux KVM guest that has PV TLB enabled, a process in the guest kernel may be able to read memory     locations from another process in the same guest. This problem is limit to the host running linux kernel     4.10 with a guest running linux kernel 4.16 or later. The problem mainly affects AMD processors but Intel     CPUs cannot be ruled out. (CVE-2019-3016)

  - In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check.
    This could lead to local information disclosure with system execution privileges needed. User interaction     is not needed for exploitation. (CVE-2019-9445)

  - An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10.
    Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka     CID-d0c7feaf8767. (CVE-2020-12655)

  - In the Linux kernel through 5.7.6, usbtest_disconnect in drivers/usb/misc/usbtest.c has a memory leak, aka     CID-28ebeb8db770. (CVE-2020-15393)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - An out-of-bounds memory access flaw was found in the     Linux kernel's system call auditing implementation. On     a system with existing audit rules defined, a local,     unprivileged user could use this flaw to leak kernel     memory to user space or, potentially, crash the     system.(CVE-2014-3917i1/4%0

  - The net/netfilter/nfnetlink_cthelper.c function in the     Linux kernel through 4.14.4 does not require the     CAP_NET_ADMIN capability for new, get, and del     operations. This allows local users to bypass intended     access restrictions because the nfnl_cthelper_list data     structure is shared across all net     namespaces.(CVE-2017-17448i1/4%0

  - A race condition flaw was found between the chown and     execve system calls. When changing the owner of a     setuid user binary to root, the race condition could     momentarily make the binary setuid root. A local,     unprivileged user could potentially use this flaw to     escalate their privileges on the     system.(CVE-2015-3339i1/4%0

  - Keberos 5 tickets being decoded when using the RXRPC     keys incorrectly assumes the size of a field. This     could lead to the size-remaining variable wrapping and     the data pointer going over the end of the buffer. This     could possibly lead to memory corruption and possible     privilege escalation.(CVE-2017-7482i1/4%0

  - The nfs_can_extend_write function in fs/nfs/write.c in     the Linux kernel before 3.13.3 relies on a write     delegation to extend a write operation without a     certain up-to-date verification, which allows local     users to obtain sensitive information from kernel     memory in opportunistic circumstances by writing to a     file in an NFS filesystem and then reading the same     file.(CVE-2014-2038i1/4%0

  - KVM in the Linux kernel before 4.8.12, when I/O APIC is     enabled, does not properly restrict the VCPU index,     which allows guest OS users to gain host OS privileges     or cause a denial of service (out-of-bounds array     access and host OS crash) via a crafted interrupt     request, related to arch/x86/kvm/ioapic.c and     arch/x86/kvm/ioapic.h.(CVE-2016-9777i1/4%0

  - The instruction decoder in arch/x86/kvm/emulate.c in     the KVM subsystem in the Linux kernel before 3.18-rc2     lacks intended decoder-table flags for certain     RIP-relative instructions, which allows guest OS users     to cause a denial of service (NULL pointer dereference     and host OS crash) via a crafted     application.(CVE-2014-8480i1/4%0

  - arch/x86/kernel/entry_32.S in the Linux kernel through     3.15.1 on 32-bit x86 platforms, when syscall auditing     is enabled and the sep CPU feature flag is set, allows     local users to cause a denial of service (OOPS and     system crash) via an invalid syscall number, as     demonstrated by number 1000.(CVE-2014-4508i1/4%0

  - The overlayfs implementation in the Linux kernel     through 4.5.2 does not properly restrict the mount     namespace, which allows local users to gain privileges     by mounting an overlayfs filesystem on top of a FUSE     filesystem, and then executing a crafted setuid     program.(CVE-2016-1576i1/4%0

  - A use-after-free vulnerability was found when issuing     an ioctl to a sound device. This could allow a user to     exploit a race condition and create memory corruption     or possibly privilege escalation.(CVE-2017-15265i1/4%0

  - The drivers/uwb/uwbd.c in the Linux kernel, before     4.13.6, allows local users to cause a denial of service     (general protection fault and system crash) or possibly     have unspecified other impact via a crafted USB     device.(CVE-2017-16526i1/4%0

  - The Linux kernel was found vulnerable to a NULL pointer     dereference in the     drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe()     function caused by an unchecked return value from the     platform_get_resource() function. A successful flaw     exploitation can cause a system panic and a denial of     service. This flaw is believed not to be an attacker     triggerable as bad return value can be caused by     hardware misconfiguration.(CVE-2018-8043i1/4%0

  - A flaw was found in the Linux kernel SCSI subsystem,     which allowed a local user to gain privileges or cause     a denial of service (memory corruption and system     crash) by issuing an SG_IO ioctl call while a device     was being detached.(CVE-2015-8962i1/4%0

  - The xc2028_set_config function in     drivers/media/tuners/tuner-xc2028.c in the Linux kernel     before 4.6 allows local users to gain privileges or     cause a denial of service (use-after-free) via vectors     involving omission of the firmware name from a certain     data structure. Due to the nature of the flaw,     privilege escalation cannot be fully ruled out,     although we believe it is unlikely.(CVE-2016-7913i1/4%0

  - drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver     in the Linux kernel through 4.0.5 does not ensure that     certain length values are sufficiently large, which     allows remote attackers to cause a denial of service     (system crash or large loop) or possibly execute     arbitrary code via a crafted packet, related to the (1)     oz_usb_rx and (2) oz_usb_handle_ep_data     functions.(CVE-2015-4002i1/4%0

  - Race condition in the environ_read() function in     'fs/proc/base.c' in the Linux kernel before 4.5.4     allows local users to obtain sensitive information from     kernel memory by reading a '/proc/*/environ' file     during a process-setup time interval in which     environment-variable copying is     incomplete.(CVE-2016-7916i1/4%0

  - Integer signedness error in the oz_hcd_get_desc_cnf     function in drivers/staging/ozwpan/ozhcd.c in the     OZWPAN driver in the Linux kernel through 4.0.5 allows     remote attackers to cause a denial of service (system     crash) or possibly execute arbitrary code via a crafted     packet.(CVE-2015-4001i1/4%0

  - A vulnerability was found in the Linux kernel when     peeling off an association to the socket in another     network namespace. All transports in this association     are not to be rehashed and keep using the old key in     hashtable, thus removing transports from hashtable when     closing the socket, all transports are being freed.
    Later on a use-after-free issue could be caused when     looking up an association and dereferencing the     transports.(CVE-2017-15115i1/4%0

  - The evm_verify_hmac function in     security/integrity/evm/evm_main.c in the Linux kernel     before 4.5 does not properly copy data, which makes it     easier for local users to forge MAC values via a timing     side-channel attack.(CVE-2016-2085i1/4%0

  - A flaw was discovered in processing setsockopt for 32     bit processes on 64 bit systems. This flaw will allow     attackers to alter arbitrary kernel memory when     unloading a kernel module. This action is usually     restricted to root-privileged users but can also be     leveraged if the kernel is compiled with CONFIG_USER_NS     and CONFIG_NET_NS and the user is granted elevated     privileges.(CVE-2016-4997i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of the linux package has been released.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-4509 advisory.

  - In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow     properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android     releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel.
    (CVE-2018-5848)

  - The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel through 4.16.3 allows     local users to cause a denial of service (xfs_ilock_attr_map_shared invalid pointer dereference) via a     crafted xfs image. (CVE-2018-10322)

  - An issue was discovered in the fd_locked_ioctl function in drivers/block/floppy.c in the Linux kernel     through 4.15.7. The floppy driver will copy a kernel pointer to user memory in response to the FDGETPRM     ioctl. An attacker can send the FDGETPRM ioctl and use the obtained kernel pointer to discover the     location of kernel code and data and bypass kernel security protections such as KASLR. (CVE-2018-7755)

  - The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8     does not validate certain resource availability, which allows local users to cause a denial of service     (NULL pointer dereference). (CVE-2018-8043)

  - In the Linux kernel through 4.19.6, a local user could exploit a use-after-free in the ALSA driver by     supplying a malicious USB Sound device (with zero interfaces) that is mishandled in usb_audio_probe in     sound/usb/card.c. (CVE-2018-19824)

  - The vcpu_scan_ioapic function in arch/x86/kvm/x86.c in the Linux kernel through 4.19.2 allows local users     to cause a denial of service (NULL pointer dereference and BUG) via crafted system calls that reach a     situation where ioapic is uninitialized. (CVE-2018-19407)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-4307 advisory.

  - In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a race condition vulnerability exists in     the sound system, this can lead to a deadlock and denial of service condition. (CVE-2018-1000004)

  - The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux kernel through 4.15.8     does not validate certain resource availability, which allows local users to cause a denial of service     (NULL pointer dereference). (CVE-2018-8043)

  - drivers/tty/n_tty.c in the Linux kernel before 4.14.11 allows local attackers (who are able to access     pseudo terminals) to hang/block further usage of any pseudo terminal devices due to an EXTPROC versus     ICANON confusion in TIOCINQ. (CVE-2018-18386)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes.

The following security bugs were fixed :

CVE-2018-8781: The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c had an integer-overflow vulnerability that allowed local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space (bnc#1090643).

CVE-2018-10124: The kill_something_info function in kernel/signal.c might have allowed local users to cause a denial of service via an INT_MIN argument (bnc#1089752).

CVE-2018-10087: The kernel_wait4 function in kernel/exit.c might have allowed local users to cause a denial of service by triggering an attempted use of the -INT_MIN value (bnc#1089608).

CVE-2017-18257: The __get_data_block function in fs/f2fs/data.c in the Linux kernel allowed local users to cause a denial of service (integer overflow and loop) via crafted use of the open and fallocate system calls with an FS_IOC_FIEMAP ioctl. (bnc#1088241)

CVE-2018-8822: Incorrect buffer length handling in the ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c could be exploited by malicious NCPFS servers to crash the kernel or execute code (bnc#1086162).

CVE-2018-8043: The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c did not validate certain resource availability, which allowed local users to cause a denial of service (NULL pointer dereference) (bnc#1084829).

CVE-2018-7740: The resv_map_release function in mm/hugetlb.c allowed local users to cause a denial of service (BUG) via a crafted application that made mmap system calls and has a large pgoff argument to the remap_file_pages system call (bnc#1084353).

CVE-2018-1087: And an unprivileged KVM guest user could use this flaw to potentially escalate their privileges inside a guest. (bsc#1087088)

CVE-2018-8897: An unprivileged system user could use incorrect set up interrupt stacks to crash the Linux kernel resulting in DoS issue.
(bsc#1087088)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An update of 'linux', 'linux-esx' packages of Photon OS has been released.

The SUSE Linux Enterprise 12 SP2 LTSS kernel was updated to 4.4.121 to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2018-8781: The udl_fb_mmap function in     drivers/gpu/drm/udl/udl_fb.c had an integer-overflow     vulnerability that allowed local users with access to     the udldrmfb driver to obtain full read and write     permissions on kernel physical pages, resulting in a     code execution in kernel space (bnc#1090643).

  - CVE-2018-10124: The kill_something_info function in     kernel/signal.c might have allowed local users to cause     a denial of service via an INT_MIN argument     (bnc#1089752).

  - CVE-2018-10087: The kernel_wait4 function in     kernel/exit.c might have allowed local users to cause a     denial of service by triggering an attempted use of the
    -INT_MIN value (bnc#1089608).

  - CVE-2017-18257: The __get_data_block function in     fs/f2fs/data.c in the Linux kernel allowed local users     to cause a denial of service (integer overflow and loop)     via crafted use of the open and fallocate system calls     with an FS_IOC_FIEMAP ioctl. (bnc#1088241)

  - CVE-2018-8822: Incorrect buffer length handling in the     ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c     could be exploited by malicious NCPFS servers to crash     the kernel or execute code (bnc#1086162).

  - CVE-2018-8043: The unimac_mdio_probe function in     drivers/net/phy/mdio-bcm-unimac.c did not validate     certain resource availability, which allowed local users     to cause a denial of service (NULL pointer dereference)     (bnc#1084829).

  - CVE-2018-7740: The resv_map_release function in     mm/hugetlb.c allowed local users to cause a denial of     service (BUG) via a crafted application that made mmap     system calls and has a large pgoff argument to the     remap_file_pages system call (bnc#1084353).

  - CVE-2018-1087: And an unprivileged KVM guest user could     use this flaw to potentially escalate their privileges     inside a guest. (bsc#1087088)

  - CVE-2018-8897: An unprivileged system user could use     incorrect set up interrupt stacks to crash the Linux     kernel resulting in DoS issue. (bsc#1087088)

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).
(CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332)

Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

ee3/4ePS discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3630-1 fixed a vulnerability in the Linux kernel for Ubuntu 17.10.
This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 17.10 for Ubuntu 16.04 LTS.

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 SP3 kernel was updated to 4.4.126 to receive various security and bugfixes. The following security bugs were fixed :

  - CVE-2018-1091: In the flush_tmregs_to_thread function in     arch/powerpc/kernel/ptrace.c, a guest kernel crash can     be triggered from unprivileged userspace during a core     dump on a POWER host due to a missing processor feature     check and an erroneous use of transactional memory (TM)     instructions in the core dump path, leading to a denial     of service (bnc#1087231).

  - CVE-2018-7740: The resv_map_release function in     mm/hugetlb.c allowed local users to cause a denial of     service (BUG) via a crafted application that made mmap     system calls and has a large pgoff argument to the     remap_file_pages system call (bnc#1084353).

  - CVE-2018-8043: The unimac_mdio_probe function in     drivers/net/phy/mdio-bcm-unimac.c did not validate     certain resource availability, which allowed local users     to cause a denial of service (NULL pointer dereference)     (bnc#1084829).

  - CVE-2017-18257: The __get_data_block function in     fs/f2fs/data.c allowed local users to cause a denial of     service (integer overflow and loop) via crafted use of     the open and fallocate system calls with an     FS_IOC_FIEMAP ioctl. (bnc#1088241)

  - CVE-2018-8822: Incorrect buffer length handling in the     ncp_read_kernel function in fs/ncpfs/ncplib_kernel.c     could be exploited by malicious NCPFS servers to crash     the kernel or execute code (bnc#1086162).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-3619-1 fixed vulnerabilities in the Linux kernel for Ubuntu 16.04 LTS. This update provides the corresponding updates for the Linux Hardware Enablement (HWE) kernel from Ubuntu 16.04 LTS for Ubuntu 14.04 LTS.

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16995)

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash).
(CVE-2017-16914)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).
(CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device.
A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)

It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075)

It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)

Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm.
(CVE-2017-7518)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332)

Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

Fan Long Fei  discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Jann Horn discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel improperly performed sign extension in some situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2017-16995)

It was discovered that a race condition leading to a use-after-free vulnerability existed in the ALSA PCM subsystem of the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-0861)

It was discovered that the KVM implementation in the Linux kernel allowed passthrough of the diagnostic I/O port 0x80. An attacker in a guest VM could use this to cause a denial of service (system crash) in the host OS. (CVE-2017-1000407)

It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information (kernel memory addresses).
(CVE-2017-11472)

It was discovered that a use-after-free vulnerability existed in the network namespaces implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-15129)

It was discovered that the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel contained a use-after-free when handling device removal. A physically proximate attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-16528)

Andrey Konovalov discovered that the usbtest device driver in the Linux kernel did not properly validate endpoint metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16532)

Andrey Konovalov discovered that the Conexant cx231xx USB video capture driver in the Linux kernel did not properly validate interface descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16536)

Andrey Konovalov discovered that the SoundGraph iMON USB driver in the Linux kernel did not properly validate device metadata. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16537)

Andrey Konovalov discovered that the IMS Passenger Control Unit USB driver in the Linux kernel did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16645)

Andrey Konovalov discovered that the DiBcom DiB0700 USB DVB driver in the Linux kernel did not properly handle detach events. A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-16646)

Andrey Konovalov discovered that the CDC USB Ethernet driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16649)

Andrey Konovalov discovered that the QMI WWAN USB driver did not properly validate device descriptors. A physically proximate attacker could use this to cause a denial of service (system crash).
(CVE-2017-16650)

It was discovered that the USB Virtual Host Controller Interface (VHCI) driver in the Linux kernel contained an information disclosure vulnerability. A physically proximate attacker could use this to expose sensitive information (kernel memory). (CVE-2017-16911)

It was discovered that the USB over IP implementation in the Linux kernel did not validate endpoint numbers. A remote attacker could use this to cause a denial of service (system crash). (CVE-2017-16912)

It was discovered that the USB over IP implementation in the Linux kernel did not properly validate CMD_SUBMIT packets. A remote attacker could use this to cause a denial of service (excessive memory consumption). (CVE-2017-16913)

It was discovered that the USB over IP implementation in the Linux kernel contained a NULL pointer dereference error. A remote attacker could use this to cause a denial of service (system crash).
(CVE-2017-16914)

It was discovered that the HugeTLB component of the Linux kernel did not properly handle holes in hugetlb ranges. A local attacker could use this to expose sensitive information (kernel memory).
(CVE-2017-16994)

It was discovered that the netfilter component of the Linux did not properly restrict access to the connection tracking helpers list. A local attacker could use this to bypass intended access restrictions.
(CVE-2017-17448)

It was discovered that the netlink subsystem in the Linux kernel did not properly restrict observations of netlink messages to the appropriate net namespace. A local attacker could use this to expose sensitive information (kernel netlink traffic). (CVE-2017-17449)

It was discovered that the netfilter passive OS fingerprinting (xt_osf) module did not properly perform access control checks. A local attacker could improperly modify the system-wide OS fingerprint list. (CVE-2017-17450)

It was discovered that the core USB subsystem in the Linux kernel did not validate the number of configurations and interfaces in a device.
A physically proximate attacker could use this to cause a denial of service (system crash). (CVE-2017-17558)

Dmitry Vyukov discovered that the KVM implementation in the Linux kernel contained an out-of-bounds read when handling memory-mapped I/O. A local attacker could use this to expose sensitive information.
(CVE-2017-17741)

It was discovered that the Salsa20 encryption algorithm implementations in the Linux kernel did not properly handle zero-length inputs. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-17805)

It was discovered that the HMAC implementation did not validate the state of the underlying cryptographic hash algorithm. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-17806)

It was discovered that the keyring implementation in the Linux kernel did not properly check permissions when a key request was performed on a task's' default keyring. A local attacker could use this to add keys to unauthorized keyrings. (CVE-2017-17807)

Alexei Starovoitov discovered that the Berkeley Packet Filter (BPF) implementation in the Linux kernel contained a branch-pruning logic issue around unreachable code. A local attacker could use this to cause a denial of service. (CVE-2017-17862)

It was discovered that the parallel cryptography component of the Linux kernel incorrectly freed kernel memory. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2017-18075)

It was discovered that a race condition existed in the Device Mapper component of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2017-18203)

It was discovered that a race condition existed in the OCFS2 file system implementation in the Linux kernel. A local attacker could use this to cause a denial of service (kernel deadlock). (CVE-2017-18204)

It was discovered that an infinite loop could occur in the the madvise(2) implementation in the Linux kernel in certain circumstances. A local attacker could use this to cause a denial of service (system hang). (CVE-2017-18208)

Andy Lutomirski discovered that the KVM implementation in the Linux kernel was vulnerable to a debug exception error when single-stepping through a syscall. A local attacker in a non-Linux guest vm could possibly use this to gain administrative privileges in the guest vm.
(CVE-2017-7518)

It was discovered that the Broadcom NetXtremeII ethernet driver in the Linux kernel did not properly validate Generic Segment Offload (GSO) packet sizes. An attacker could use this to cause a denial of service (interface unavailability). (CVE-2018-1000026)

It was discovered that the Reliable Datagram Socket (RDS) implementation in the Linux kernel contained an out-of-bounds write during RDMA page allocation. An attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2018-5332)

Mohamed Ghannam discovered a NULL pointer dereference in the RDS (Reliable Datagram Sockets) protocol implementation of the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-5333)

Fan Long Fei  discovered that a race condition existed in loop block device implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2018-5344)

It was discovered that an integer overflow error existed in the futex implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-6927)

It was discovered that a NULL pointer dereference existed in the RDS (Reliable Datagram Sockets) protocol implementation in the Linux kernel. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-7492)

It was discovered that the Broadcom UniMAC MDIO bus controller driver in the Linux kernel did not properly validate device resources. A local attacker could use this to cause a denial of service (system crash). (CVE-2018-8043).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The 4.15.9 update contains a number of important fixes across the tree.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
141789	Slackware 14.2 : Slackware 14.2 kernel (SSA:2020-295-01)	Nessus	Slackware Local Security Checks	high
139858	Amazon Linux 2 : kernel (ALAS-2020-1480)	Nessus	Amazon Linux Local Security Checks	medium
124981	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1528)	Nessus	Huawei Local Security Checks	high
121841	Photon OS 1.0: Linux PHSA-2018-1.0-0135	Nessus	PhotonOS Local Security Checks	medium
121201	Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2019-4509)	Nessus	Oracle Linux Local Security Checks	high
119639	Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2018-4307)	Nessus	Oracle Linux Local Security Checks	medium
118252	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-2)	Nessus	SuSE Local Security Checks	high
111937	Photon OS 1.0: Linux PHSA-2018-1.0-0135 (deprecated)	Nessus	PhotonOS Local Security Checks	medium
109647	SUSE SLES12 Security Update : kernel (SUSE-SU-2018:1173-1)	Nessus	SuSE Local Security Checks	high
109316	Ubuntu 16.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3632-1)	Nessus	Ubuntu Local Security Checks	high
109313	Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerability (USN-3630-2)	Nessus	Ubuntu Local Security Checks	medium
109312	Ubuntu 17.10 : Linux kernel vulnerability (USN-3630-1)	Nessus	Ubuntu Local Security Checks	medium
109310	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2018:1048-1)	Nessus	SuSE Local Security Checks	high
109103	openSUSE Security Update : the Linux Kernel (openSUSE-2018-377)	Nessus	SuSE Local Security Checks	medium
108878	Ubuntu 14.04 LTS : linux-lts-xenial, linux-aws vulnerabilities (USN-3619-2)	Nessus	Ubuntu Local Security Checks	high
108842	Ubuntu 16.04 LTS : linux, linux-aws, linux-kvm, linux-raspi2, linux-snapdragon vulnerabilities (USN-3619-1)	Nessus	Ubuntu Local Security Checks	high
108428	Fedora 27 : kernel (2018-cf76003e1f)	Nessus	Fedora Local Security Checks	medium
108427	Fedora 26 : kernel (2018-bf60ec1389)	Nessus	Fedora Local Security Checks	medium

CVE-2018-8043

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

medium

high

medium

high

medium

high

medium

high

high

medium

medium

high

medium

high

high

medium

medium