Debian 7 Wheezy DLA-1200-1 Critical: Kernel Escalation and DoS Threats
debian lts
December 10, 2017
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks
Summary
Sergej Schumilo and Ralf Spenneberg discovered that a crafted ext4
filesystem could trigger memory corruption when it is mounted. A
user that can provide a device or filesystem image to be mounted
could use this for denial of service (crash or data corruption) or
possibly for privilege escalation.
CVE-2017-8824
Mohamed Ghannam discovered that the DCCP implementation did not
correctly manage resources when a socket is disconnected and
reconnected, potentially leading to a use-after-free. A local
user could use this for denial of service (crash or data
corruption) or possibly for privilege escalation. On systems that
do not already have the dccp module loaded, this can be mitigated
by disabling it:
echo >> /etc/modprobe.d/disable-dccp.conf install dccp false
CVE-2017-8831
Pengfei Wang discovered that the saa7164 video capture driver
re-reads data from a PCI device after validating it. A physically
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: linux
Version: 3.2.96-2
CVE ID: CVE-2016-10208 CVE-2017-8824 CVE-2017-8831 CVE-2017-12190
Debian Bug: 865303 865416
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!