Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Debian: DSA-4308-1 Critical: Linux Kernel Privilege Escalation Risks

debian
Calendar Grey October 1, 2018
Debian Logo
- ------------------------------------------------------------------------- Debian Security Advisory
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks

Summary

CVE-2018-6554

A memory leak in the irda_bind function in the irda subsystem was
discovered. A local user can take advantage of this flaw to cause a
denial of service (memory consumption).

CVE-2018-6555

A flaw was discovered in the irda_setsockopt function in the irda
subsystem, allowing a local user to cause a denial of service
(use-after-free and system crash).

CVE-2018-7755

Brian Belleville discovered a flaw in the fd_locked_ioctl function
in the floppy driver in the Linux kernel. The floppy driver copies a
kernel pointer to user memory in response to the FDGETPRM ioctl. A
local user with access to a floppy drive device can take advantage
of this flaw to discover the location kernel code and data.

CVE-2018-9363

It was discovered that the Bluetooth HIDP implementation did not
correctly check the length of received report messages. A paired
HIDP device could use this to cause a buffer overflow, leading to
denial of service (memory corruption...

Read the Full Advisory

Severity
critical
Lowest
Low
Medium
High
Critical

Package: linux
CVE ID: CVE-2018-6554 CVE-2018-6555 CVE-2018-7755 CVE-2018-9363

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.