Debian: DLA-1099-1 Critical: Linux Kernel Denial Of Service Threat
debian lts
September 20, 2017
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Topics Covered
Summary
Shi Lei discovered that RxRPC Kerberos 5 ticket handling code does
not properly verify metadata, leading to information disclosure,
denial of service or potentially execution of arbitrary code.
CVE-2017-7542
An integer overflow vulnerability in the ip6_find_1stfragopt()
function was found allowing a local attacker with privileges to open
raw sockets to cause a denial of service.
CVE-2017-7889
Tommi Rantala and Brad Spengler reported that the mm subsystem does
not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism,
allowing a local attacker with access to /dev/mem to obtain
sensitive information or potentially execute arbitrary code.
CVE-2017-10661
Dmitry Vyukov of Google reported that the timerfd facility does
not properly handle certain concurrent operations on a single file
descriptor. This allows a local attacker to cause a denial of
service or potentially to execute arbitrary code.
CVE-2017-10911 / XSA-216
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: linux
Version: 3.2.93-1
CVE ID: CVE-2017-7482 CVE-2017-7542 CVE-2017-7889 CVE-2017-10661
Debian Bug: #866511 #875881
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!