Debian 7 Wheezy DLA-922-1 Moderate: Privilege Escalation And DoS Risks
debian lts
April 28, 2017
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or have other impacts
Topics Covered
Summary
Ralf Spenneberg of OpenSource Security reported that the iowarrior
device driver did not sufficiently validate USB descriptors. This
allowed a physically present user with a specially designed USB
device to cause a denial of service (crash).
CVE-2016-9604
It was discovered that the keyring subsystem allowed a process to
set a special internal keyring as its session keyring. The
security impact in this version of the kernel is unknown.
CVE-2016-10200
Baozeng Ding and Andrey Konovalov reported a race condition in the
L2TP implementation which could corrupt its table of bound
sockets. A local user could use this to cause a denial of service
(crash) or possibly for privilege escalation.
CVE-2017-2647 / CVE-2017-6951
idl3r reported that the keyring subsystem would allow a process
to search for 'dead' keys, causing a null pointer dereference.
A local user could use this to cause a denial of service (crash).
CVE-2017-2671
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
<pre><font face="Courier">Package: linux
Version: 3.2.88-1
CVE ID: CVE-2016-2188 CVE-2016-9604 CVE-2016-10200 CVE-2017-2647
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!