Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Debian 9 DSA-3981-1 Moderate: Linux Kernel Security Issues

debian
Calendar Grey September 20, 2017
Debian Logo
- ------------------------------------------------------------------------- Debian Security Advisory
Several vulnerabilities have been discovered in the Linux kernel that may lead to privilege escalation, denial of service or information leaks

Summary

CVE-2017-7518

Andy Lutomirski discovered that KVM is prone to an incorrect debug
exception (#DB) error occurring while emulating a syscall
instruction. A process inside a guest can take advantage of this
flaw for privilege escalation inside a guest.

CVE-2017-7558 (stretch only)

Stefano Brivio of Red Hat discovered that the SCTP subsystem is
prone to a data leak vulnerability due to an out-of-bounds read
flaw, allowing to leak up to 100 uninitialized bytes to userspace.

CVE-2017-10661 (jessie only)

Dmitry Vyukov of Google reported that the timerfd facility does
not properly handle certain concurrent operations on a single file
descriptor. This allows a local attacker to cause a denial of
service or potentially execute arbitrary code.

CVE-2017-11600

Bo Zhang reported that the xfrm subsystem does not properly
validate one of the parameters to a netlink message. Local users with the CAP_NET_ADMIN capability can use this to cause a denial
of ser...

Read the Full Advisory

Package: linux
CVE ID: CVE-2017-7518 CVE-2017-7558 CVE-2017-10661 CVE-2017-11600

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.