EulerOS 2.0 SP2 : kernel (EulerOS-SA-2018-1296)
High Nessus Plugin ID 117740
SynopsisThe remote EulerOS host is missing multiple security updates.
DescriptionAccording to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
- A an integer overflow vulnerability was discovered in
the Linux kernel, from version 3.4 through 4.15, in the
drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() function. An
attacker with access to the udldrmfb driver could
exploit this to obtain full read and write permissions
on kernel physical pages, resulting in a code execution
in kernel space.(CVE-2018-8781)
- ALSA sequencer core initializes the event pool on
demand by invoking snd_seq_pool_init() when the first
write happens and the pool is empty. A user can reset
the pool size manually via ioctl concurrently, and this
may lead to UAF or out-of-bound access.(CVE-2018-7566)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
SolutionUpdate the affected kernel packages.