Debian: DSA-3886-1 Critical Linux Kernel Privilege Escalation Threat
debian
June 19, 2017
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
CVE-2017-0605
A buffer overflow flaw was discovered in the trace subsystem.
CVE-2017-7487
Li Qiang reported a reference counter leak in the ipxitf_ioctl
function which may result into a use-after-free vulnerability,
triggerable when a IPX interface is configured.
CVE-2017-7645
Tuomas Haanpaa and Matti Kamunen from Synopsys Ltd discovered that
the NFSv2 and NFSv3 server implementations are vulnerable to an
out-of-bounds memory access issue while processing arbitrarily long
arguments sent by NFSv2/NFSv3 PRC clients, leading to a denial of
service.
CVE-2017-7895
Ari Kauppi from Synopsys Ltd discovered that the NFSv2 and NFSv3
server implementations do not properly handle payload bounds
checking of WRITE requests. A remote attacker with write access to a
NFS mount can take advantage of this flaw to read chunks of
arbitrary memory from both kernel-space and user-space.
CVE-2017-8064
Arnd Bergmann found that the DVB-USB core misused the device
l...
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux
CVE ID: CVE-2017-0605 CVE-2017-7487 CVE-2017-7645 CVE-2017-7895
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!